From 77d7f402643b360d21eee717b85d19b41ce68272 Mon Sep 17 00:00:00 2001 From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com> Date: Mon, 30 Mar 2020 16:41:45 -0600 Subject: [PATCH 001/346] Update metadata descriptions 3_30 3 --- .../set-up-mdt-for-bitlocker.md | 3 +- ...compatibility-administrator-users-guide.md | 3 +- ...se-management-strategies-and-deployment.md | 9 +- windows/deployment/update/waas-morenews.md | 6 +- windows/deployment/upgrade/log-files.md | 2 +- windows/deployment/usmt/usmt-log-files.md | 12 +- ...ivate-using-key-management-service-vamt.md | 290 +++++++++--------- ...t-to-microsoft-during-activation-client.md | 144 ++++----- .../monitor-activation-client.md | 90 +++--- .../windows-10-deployment-tools-reference.md | 4 +- .../deployment/windows-10-deployment-tools.md | 4 +- 11 files changed, 289 insertions(+), 278 deletions(-) diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md index d54f06dc77..e68b815828 100644 --- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md +++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md @@ -4,7 +4,7 @@ ms.assetid: 386e6713-5c20-4d2a-a220-a38d94671a38 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. keywords: disk, encryption, TPM, configure, secure, script ms.prod: w10 ms.mktglfcycl: deploy @@ -14,6 +14,7 @@ ms.pagetype: mdt audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Set up MDT for BitLocker diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md index afbb20379c..30dcd0de23 100644 --- a/windows/deployment/planning/compatibility-administrator-users-guide.md +++ b/windows/deployment/planning/compatibility-administrator-users-guide.md @@ -4,7 +4,7 @@ ms.assetid: 0ce05f66-9009-4739-a789-60f3ce380e76 ms.reviewer: manager: laurawi ms.author: greglin -description: +description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -12,6 +12,7 @@ ms.sitesec: library audience: itpro author: greg-lindsay ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Administrator User's Guide diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md index 162ad2c153..18f52b5803 100644 --- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md +++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md @@ -4,7 +4,7 @@ ms.assetid: fdfbf02f-c4c4-4739-a400-782204fd3c6c ms.reviewer: manager: laurawi ms.author: greglin -description: +description: Learn about deploying your compatibility fixes as part of an application-installation package or through a centralized compatibility-fix database. ms.prod: w10 ms.mktglfcycl: plan ms.pagetype: appcompat @@ -13,6 +13,7 @@ audience: itpro author: greg-lindsay ms.date: 04/19/2017 ms.topic: article +ms.custom: seo-marvel-mar2020 --- # Compatibility Fix Database Management Strategies and Deployment @@ -88,7 +89,7 @@ This approach tends to work best for organizations that have a well-developed de ### Merging Centralized Compatibility-Fix Databases -If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. +If you decide to use the centralized compatibility-fix database deployment strategy, you can merge any of your individual compatibility-fix databases. This enables you to create a single custom compatibility-fix database that can be used to search for and determine whether Windows® should apply a fix to a specific executable (.exe) file. We recommend merging your databases based on the following process. **To merge your custom-compatibility databases** @@ -113,7 +114,7 @@ If you decide to use the centralized compatibility-fix database deployment strat Deploying your custom compatibility-fix database into your organization requires you to perform the following actions: -1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization’s computers. +1. Store your custom compatibility-fix database (.sdb file) in a location that is accessible to all of your organization's computers. 2. Use the Sdbinst.exe command-line tool to install the custom compatibility-fix database locally. @@ -124,7 +125,7 @@ In order to meet the two requirements above, we recommend that you use one of th You can package your .sdb file and a custom deployment script into an .msi file, and then deploy the .msi file into your organization. > [!IMPORTANT] - > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: + > You must ensure that you mark your custom script so that it does not impersonate the calling user. For example, if you use Microsoft® Visual Basic® Scripting Edition (VBScript), the custom action type would be: >`msidbCustomActionTypeVBScript + msidbCustomActionTypeInScript + msidbCustomActionTypeNoImpersonate = 0x0006 + 0x0400 + 0x0800 = 0x0C06 = 3078 decimal)` diff --git a/windows/deployment/update/waas-morenews.md b/windows/deployment/update/waas-morenews.md index b23dfbb017..28ac9a4c6c 100644 --- a/windows/deployment/update/waas-morenews.md +++ b/windows/deployment/update/waas-morenews.md @@ -11,6 +11,8 @@ ms.reviewer: manager: laurawi ms.localizationpriority: high ms.topic: article +description: Read news articles about Windows as a service, including Windows 10, Windows 10 Enterprise, Windows 10 Pro. +ms.custom: seo-marvel-mar2020 --- # Windows as a service - More news @@ -19,8 +21,8 @@ Here's more news about [Windows as a service](windows-as-a-service.md):

You can either:

    -

  1. Specify up to three <role> elements within a <component> — one “Binaries” role element, one “Settings” role element and one “Data” role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    2. -

  2. Specify one “Container” <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

    3. +

  3. Specify up to three <role> elements within a <component> — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these <role> elements, but each nested element must be of the same role parameter.

    4. +

  4. Specify one "Container" <role> element within a <component> element. In this case, you cannot specify any child <rules> elements, only other <component> elements. And each child <component> element must have the same type as that of parent <component> element. For example:

<component context="UserAndSystem" type="Application">
   <displayName _locID="migapp.msoffice2003">Microsoft Office 2003</displayName> 
@@ -3847,7 +3845,7 @@ See the last component in the MigUser.xml file for an example of this element.
 ~~~
 **Example:**
 
-If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X’s profile.
+If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile.
 
 The following is example code for this scenario. The first <rules> element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second <rules> elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second <rules> element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
@@ -4104,12 +4102,12 @@ Syntax:
 
 
name

 
Yes

-
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component’s name to avoid namespace collisions. For example, if your component’s name is MyComponent, and you want a variable that is your component’s install path, you could specify MyComponent.InstallPath.

+
ID is a string value that is the name used to reference the environment variable. We recommend that ID start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify MyComponent.InstallPath.

 
 
 
remap

 
No, default = FALSE

-
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable’s value are automatically moved to where the environment variable points on the destination computer.

+
Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.

 
 
 
@@ -4228,27 +4226,27 @@ The following functions are for internal USMT use only. Do not use them in an .x
 
 You can use the following version tags with various helper functions:
 
--   “CompanyName”
+-   "CompanyName"
 
--   “FileDescription”
+-   "FileDescription"
 
--   “FileVersion”
+-   "FileVersion"
 
--   “InternalName”
+-   "InternalName"
 
--   “LegalCopyright”
+-   "LegalCopyright"
 
--   “OriginalFilename”
+-   "OriginalFilename"
 
--   “ProductName”
+-   "ProductName"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 The following version tags contain values that can be compared:
 
--   “FileVersion”
+-   "FileVersion"
 
--   “ProductVersion”
+-   "ProductVersion"
 
 ## Related topics
 
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index 06e514f5b7..e9f8587729 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section contains topics that you can use to work with and to customize the migration XML files.
 
-## In This Section
+## In this section
 
 
 
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index e5c224c42c..88176e8e84 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -23,7 +23,7 @@ When you migrate files and settings during a typical PC-refresh migration, the u
 
 -   All of the files being migrated.
 
--   The user’s settings.
+-   The user's settings.
 
 -   A catalog file that contains metadata for all files in the migration store.
 
@@ -37,7 +37,7 @@ When you use the **/verify** option, you can specify what type of information to
 
 -   **Failure only**: Displays only the files that are corrupted.
 
-## In This Topic
+## In this topic
 
 
 The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index d35f96bdc7..b86f415221 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index fe9b3114ee..21bedde961 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -21,7 +21,7 @@ ms.topic: article
 
 This section describes how to install and configure the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 72013798ef..646d92f8a9 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -18,12 +18,12 @@ ms.topic: article
 
 # Introduction to VAMT
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office®, and select other Microsoft products volume and retail activation process. VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in and can be installed on any computer that has one of the following Windows operating systems: Windows® 7, Windows 8, Windows 8.1, Windows 10,Windows Server 2008 R2, or Windows Server 2012.
 
 **Note**  
 VAMT can be installed on, and can manage, physical or virtual instances. VAMT cannot detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
 
-## In this Topic
+## In this topic
 -   [Managing Multiple Activation Key (MAK) and Retail Activation](#bkmk-managingmak)
 -   [Managing Key Management Service (KMS) Activation](#bkmk-managingkms)
 -   [Enterprise Environment](#bkmk-enterpriseenvironment)
@@ -46,7 +46,7 @@ VAMT is commonly implemented in enterprise environments. The following illustrat
 
 ![VAMT in the enterprise](images/dep-win8-l-vamt-image001-enterprise.jpg)
 
-In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
+In the Core Network environment, all computers are within a common network managed by Active Directory® Domain Services (AD DS). The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
 The Isolated Lab environment is a workgroup that is physically separate from the Core Network, and its computers do not have Internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the Isolated Lab.
 
 ## VAMT User Interface
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index f1f3ce5baf..a2699960b3 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to activate a client computer, by using a variety of activation methods.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 64027a69f0..c363018e6d 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -19,7 +19,7 @@ ms.topic: article
 # Manage Product Keys
 
 This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 889a9d6975..1d0a211e37 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -20,7 +20,7 @@ ms.topic: article
 
 This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 |Topic |Description |
 |------|------------|
 |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 75c2d8b3f0..c203fe7ea5 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -14,7 +14,7 @@ audience: itpro
 author: greg-lindsay
 ms.localizationpriority: medium
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Monitor activation
@@ -41,6 +41,6 @@ You can monitor the success of the activation process for a computer running Win
 - See [Troubleshooting activation error codes](https://docs.microsoft.com/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
 - The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
 
-## See also
+## Related topics
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 61096c7c82..4ce4e78992 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -28,7 +28,7 @@ The Secure Zone represents higher-security Core Network computers that have addi
 
 ![VAMT firewall configuration for multiple subnets](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
 
-## In This Topic
+## In this topic
 -   [Install and start VAMT on a networked host computer](#bkmk-partone)
 -   [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
 -   [Connect to VAMT database](#bkmk-partthree)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index a99e7fd10a..98bc193c4f 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -20,13 +20,13 @@ ms.topic: article
 
 This section provides step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; the scenarios in this section describe some of the most common to get you started.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
 |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
 |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers — the first one with Internet access and a second computer within an isolated workgroup — as proxies to perform MAK volume activation for workgroup computers that do not have Internet access. |
-|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+|[Scenario 3: KMS Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
 
 ## Related topics
 - [Introduction to VAMT](introduction-vamt.md)
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index c73cbc4546..23c0a83614 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -13,13 +13,14 @@ audience: itpro
 author: greg-lindsay
 ms.date: 04/25/2017
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Volume Activation Management Tool (VAMT) Technical Reference
 
-The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
+The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows®, Microsoft® Office, and select other Microsoft products volume and retail-activation process.
 VAMT can manage volume activation using Multiple Activation Keys (MAKs) or the Windows Key Management Service (KMS). VAMT is a standard Microsoft Management Console (MMC) snap-in that requires the Microsoft Management Console (MMC) 3.0. VAMT can be installed on any computer that has one of the following Windows operating systems:
--   Windows® 7 or above
+-   Windows® 7 or above
 -   Windows Server 2008 R2 or above
 
 
@@ -28,7 +29,7 @@ VAMT is designed to manage volume activation for: Windows 7, Windows 8, Window
 
 VAMT is only available in an EN-US (x86) package.
 
-## In this Section
+## In this section
 
 |Topic |Description |
 |------|------------|
diff --git a/windows/deployment/windows-autopilot/bitlocker.md b/windows/deployment/windows-autopilot/bitlocker.md
index 234ae17fcc..02790d704c 100644
--- a/windows/deployment/windows-autopilot/bitlocker.md
+++ b/windows/deployment/windows-autopilot/bitlocker.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -49,6 +50,6 @@ Note: It is also recommended to set Windows Encryption -> Windows Settings -> En
 
 Windows 10, version 1809 or later.
 
-## See also
+## Related topics
 
 [Bitlocker overview](https://docs.microsoft.com/windows/security/information-protection/bitlocker/bitlocker-overview)

From 6c8fd18af3a5b910770b227e871ad90f20a68e90 Mon Sep 17 00:00:00 2001
From: jdmartinez36 <62392619+jdmartinez36@users.noreply.github.com>
Date: Mon, 27 Apr 2020 17:00:35 -0600
Subject: [PATCH 014/346] Description and anchorlink text edits

Description and anchorlink text edits.
---
 ...-custom-windows-pe-boot-image-with-configuration-manager.md | 3 ++-
 .../upgrade-to-windows-10-with-configuraton-manager.md         | 3 ++-
 windows/deployment/windows-autopilot/autopilot-mbr.md          | 2 +-
 .../windows-autopilot/demonstrate-deployment-on-vm.md          | 2 +-
 windows/deployment/windows-autopilot/registration-auth.md      | 3 ++-
 windows/deployment/windows-autopilot/self-deploying.md         | 3 ++-
 .../windows-autopilot/windows-autopilot-scenarios.md           | 3 ++-
 7 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 82fdff74b3..772a703dd2 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
 ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 ms.reviewer: 
 manager: laurawi
@@ -13,6 +13,7 @@ ms.sitesec: library
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
index 553be3b239..e4b97b8f74 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuraton-manager.md
@@ -1,6 +1,6 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: In-place upgrades make upgrading Windows 7, Windows 8, and Windows 8.1 to Windows 10 easy -- you can even automate the whole process with a Microsoft Endpoint Configuration Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Configuration Manager task sequence.
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 ms.reviewer: 
 manager: laurawi
@@ -12,6 +12,7 @@ ms.mktglfcycl: deploy
 audience: itpro
 author: greg-lindsay
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
diff --git a/windows/deployment/windows-autopilot/autopilot-mbr.md b/windows/deployment/windows-autopilot/autopilot-mbr.md
index 24cf4eb654..dc01756f7c 100644
--- a/windows/deployment/windows-autopilot/autopilot-mbr.md
+++ b/windows/deployment/windows-autopilot/autopilot-mbr.md
@@ -70,7 +70,7 @@ To deregister an Autopilot device from Intune, an IT Admin would:
 
 The deregistration process will take about 15 minutes.  You can accelerate the process by clicking the "Sync" button, then "Refresh" the display until the device is no longer present.
 
-More details on deregistering devices from Intune can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
+More details on deregistering devices from Intune can be found at [Enroll Windows devices in Intune by using the Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group).
 
 ### Deregister from MPC
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index c2481e9f46..93415f3702 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -571,7 +571,7 @@ Windows Autopilot will now take over to automatically join your device into Azur
 
 ## Remove devices from Autopilot
 
-To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found [here](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [here](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
+To use the device (or VM) for other purposes after completion of this lab, you will need to remove (deregister) it from Autopilot via either Intune or MSfB, and then reset it.  Instructions for deregistering devices can be found at [Enroll Windows devices in Intune by using Windows Autopilot](https://docs.microsoft.com/intune/enrollment-autopilot#create-an-autopilot-device-group) and [Remove devices by using wipe, retire, or manually unenrolling the device](https://docs.microsoft.com/intune/devices-wipe#delete-devices-from-the-azure-active-directory-portal) and below.
 
 ### Delete (deregister) Autopilot device
 
diff --git a/windows/deployment/windows-autopilot/registration-auth.md b/windows/deployment/windows-autopilot/registration-auth.md
index a91c17be27..ff5a02322e 100644
--- a/windows/deployment/windows-autopilot/registration-auth.md
+++ b/windows/deployment/windows-autopilot/registration-auth.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -45,7 +46,7 @@ For a CSP to register Windows Autopilot devices on behalf of a customer, the cus
     ![Request a reseller relationship](images/csp1.png)
     - Select the checkbox indicating whether or not you want delegated admin rights:
     ![Delegated rights](images/csp2.png)
-    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal:  https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges
+    - NOTE: Depending on your partner, they might request Delegated Admin Permissions (DAP) when requesting this consent.  You should ask them to use the newer DAP-free process (shown in this document) if possible. If not, you can easily remove their DAP status either from Microsoft Store for Business or the Office 365 admin portal by going to [Customers delegate administration privileges to partners](https://docs.microsoft.com/partner-center/customers_revoke_admin_privileges).
     - Send the template above to the customer via email.
 2. Customer with global administrator privileges in Microsoft Store for Business (MSfB) clicks the link in the body of the email once they receive it from the CSP, which takes them directly to the following MSfB page:
 
diff --git a/windows/deployment/windows-autopilot/self-deploying.md b/windows/deployment/windows-autopilot/self-deploying.md
index 4bdb15131d..32a9fc9283 100644
--- a/windows/deployment/windows-autopilot/self-deploying.md
+++ b/windows/deployment/windows-autopilot/self-deploying.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Autopilot Self-Deploying mode
-description: Self-deploying mode allows a device to be deployed with little to no user interaction. This mode mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device.
+description: Self-deploying mode allows a device to be deployed with little user interaction and deploys Windows 10 as a kiosk, digital signage device, or a shared device.
 keywords: mdm, setup, windows, windows 10, oobe, manage, deploy, autopilot, ztd, zero-touch, partner, msfb, intune
 ms.reviewer: mniehaus
 manager: laurawi
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Autopilot Self-Deploying mode
diff --git a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
index ab95bacbee..307d43a3b9 100644
--- a/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-scenarios.md
@@ -14,6 +14,7 @@ author: greg-lindsay
 ms.author: greglin
 ms.collection: M365-modern-desktop
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 
@@ -59,7 +60,7 @@ The key value is a DWORD with  **0** = disabled and **1** = enabled.
 | 1 | Cortana voiceover is enabled |
 | No value | Device will fall back to default behavior of the edition |
 
-To change this key value, use WCD tool to create as PPKG as documented [here](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
+To change this key value, use WCD tool to create as PPKG as documented in [OOBE (Windows Configuration Designer reference)](https://docs.microsoft.com/windows/configuration/wcd/wcd-oobe#nforce).
 
 ### Bitlocker encryption
 

From 871309e121b8e97059786a82842d128f64492cc1 Mon Sep 17 00:00:00 2001
From: 1justingilmore <62392529+1justingilmore@users.noreply.github.com>
Date: Wed, 29 Apr 2020 15:01:34 -0600
Subject: [PATCH 015/346] Update metadata seo marvel 4_29

---
 .../deployment/configure-a-pxe-server-to-load-windows-pe.md   | 3 +--
 windows/deployment/mbr-to-gpt.md                              | 2 --
 windows/deployment/update/PSFxWhitepaper.md                   | 3 +--
 windows/deployment/usmt/usmt-configxml-file.md                | 2 +-
 ...-information-sent-to-microsoft-during-activation-client.md | 4 ++--
 5 files changed, 5 insertions(+), 9 deletions(-)

diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index f9405d730e..10ca75dcc9 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -15,6 +15,7 @@ audience: itpro
 author: greg-lindsay
 ms.author: greglin
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Configure a PXE server to load Windows PE
@@ -23,8 +24,6 @@ ms.topic: article
 
 -   Windows 10
 
-## Summary
-
 This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index 069506bda7..63942c3c38 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -23,8 +23,6 @@ ms.custom: seo-marvel-apr2020
 **Applies to**
 -   Windows 10
 
-## Summary
-
 **MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option. 
 
 >MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 8f73fcdfd0..4a6d9ab0f1 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -12,6 +12,7 @@ ms.author: jaimeo
 ms.reviewer: 
 manager: laurawi
 ms.topic: article
+ms.custom: seo-marvel-apr2020
 ---
 
 # Windows Updates using forward and reverse differentials
@@ -37,8 +38,6 @@ The following general terms apply throughout this document:
 - *Revision*: Minor releases in between the major version releases, such as KB4464330 (Windows 10 Build 17763.55)
 - *Baseless Patch Storage Files (Baseless PSF)*: Patch storage files that contain full binaries or files
 
-## Introduction
-
 In this paper, we introduce a new technique that can produce compact software
 updates optimized for any origin/destination revision pair. It does this by
 calculating forward the differential of a changed file from the base version and
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index f8f45b4983..4c13ebf641 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -34,7 +34,7 @@ To exclude a component from the Config.xml file, set the **migrate** value to **
 
  
 
-## In This Topic
+## In this topic
 
 
 In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **<ErrorControl>**, **<ProfileControl>**, and **<HardLinkStoreControl>** options. The following elements and parameters are for use in the Config.xml file only.
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index 1d78a11ea3..82f515da68 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -15,7 +15,7 @@ author: greg-lindsay
 ms.localizationpriority: medium
 ms.date: 07/27/2017
 ms.topic: article
-ms.custom: seo-marvel-mar2020
+ms.custom: seo-marvel-apr2020
 ---
 
 # Appendix: Information sent to Microsoft during activation
@@ -66,7 +66,7 @@ Standard computer information is also sent, but your computer's IP address is on
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
 For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
-## See also
+## Related topics
 
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
  

From ba1ebe05ae281ada212a7e536e875e559738c0b0 Mon Sep 17 00:00:00 2001
From: Dani Halfin 
Date: Tue, 5 May 2020 18:05:34 -0700
Subject: [PATCH 016/346] fixing meta

---
 .../replace-a-windows-7-computer-with-a-windows-10-computer.md  | 2 +-
 windows/deployment/planning/sua-users-guide.md                  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 1d0f3af3ab..84daf20005 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -1,7 +1,7 @@
 ---
 title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: In this article, you will learn how to replace a Windows 7 device with a Windows 10 device.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 ms.reviewer: 
 manager: laurawi
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index e896536b7d..2d34aa8326 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -1,7 +1,7 @@
 ---
 title: SUA User's Guide (Windows 10)
 description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
-ms.custom: - seo-marvel-apr2020
+ms.custom: seo-marvel-apr2020
 ms.assetid: ea525c25-b557-4ed4-b042-3e4d0e543e10
 ms.reviewer: 
 manager: laurawi

From dda752b272b485db68276ad48a655287ca8ab3e3 Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:26:39 -0700
Subject: [PATCH 017/346] Update
 add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md

---
 ...10-deployment-with-windows-pe-using-configuration-manager.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index ca669792bb..4bb5ffd7a4 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -1,5 +1,5 @@
 ---
-title: Add drivers to Windows 10 with Windows PE using Configuration Manager
+title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 ms.reviewer: 

From 02418ae3f8e00014f4f7ed4d42873cf2695385fb Mon Sep 17 00:00:00 2001
From: Greg Lindsay 
Date: Fri, 8 May 2020 11:30:55 -0700
Subject: [PATCH 018/346] Update features-lifecycle.md

---
 windows/deployment/planning/features-lifecycle.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index be5c414b84..e89d1cec9f 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -1,6 +1,6 @@
 ---
 title: Windows 10 features lifecycle
-description: In this article, learn about the lifecycle of Windows 10 features, such as what's new and what's been removed.
+description: In this article, learn about the lifecycle of Windows 10 features, such as what's no longer being developed and what's been removed.
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.localizationpriority: medium

From f5086843d177647664ff6ac8763cd49e2cda619c Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Fri, 2 Oct 2020 07:43:23 +0500
Subject: [PATCH 019/346] Update hello-hybrid-key-whfb-provision.md

---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md      | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 73e002c7c2..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -57,9 +57,6 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 > **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
-> [!NOTE]
-> Microsoft is actively investigating ways to reduce the synchronization latency and delays.  
-
 


 
 


From afbbff26634cb58c8469dbe02ce5d33fff8b5847 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sun, 4 Oct 2020 11:37:19 +0500
Subject: [PATCH 020/346] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 5a790c046a..f9fef4f777 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 



From 565fc712c80da74f919052addbba798377f90a68 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 6 Oct 2020 11:23:32 +0530
Subject: [PATCH 021/346] Create Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 109 ++++++++++++++++++
 1 file changed, 109 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
new file mode 100644
index 0000000000..e2c454f055
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -0,0 +1,109 @@
+#Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
+6 minutes to read 
+
+Applies to: 
+- Windows 10 Multi-session running on Windows Virtual Desktop (WVD) 
+
+> [!WARNING]
+> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+
+Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
+
+ ##Before you begin
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/en-us/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+
+> [!NOTE]
+> Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
+> - Single entry for each virtual device 
+> - Multiple entries for each virtual device 
+>
+> Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. That way, it is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
+
+> [!NOTE]
+> The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
+
+###Scenarios
+There are several ways to onboard a WVD host machine:
+
+Run the script in the golden image (or from a shared location) during startup.
+Use a management tool to run the script.
+
+####*Scenario 1: Using local group policy*
+This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
+
+Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
+
+Follow the instructions for a single entry for each device.
+
+####*Scenario 2: Using domain group policy*
+This scenario uses a centrally located script and runs it using a domain-based group policy. You can also place the script in the golden image and run it in the same way.
+
+**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center **
+1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
+- In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
+- Select Windows 10 as the operating system. 
+- In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 
+- Click **Download package** and save the .zip file. 
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called **OptionalParamsPolicy** and the files **WindowsDefenderATPOnboardingScript.cmd** and **Onboard-NonPersistentMachine.ps1**.
+
+**Use Group Policy management console to run the script when the virtual machine starts**
+1. Open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
+1. In the Group Policy Management Editor, go to **Computer configuration** \> **Preferences** \> **Control panel settings**. 
+1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
+1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Then click **Check Names** then OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
+1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. 
+1. Go to the **Actions** tab and click**New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
+
+Action = "Start a program" 
+
+Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
+
+Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
+
+Click **OK** and close any open GPMC windows.
+
+####*Scenario 3: Onboarding using management tools*
+
+If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
+
+For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
+
+> [!WARNING]
+> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
+
+> [!TIP]
+> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
+
+####Tagging your machines when building your golden image 
+
+As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
+[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
+
+####Other recommended configuration settings 
+
+When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+
+In addition, if you’re using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+
+Exclude Files:  
+%ProgramFiles%\FSLogix\Apps\frxdrv.sys 
+%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
+%ProgramFiles%\FSLogix\Apps\frxccd.sys 
+%TEMP%\*.VHD 
+%TEMP%\*.VHDX 
+%Windir%\TEMP\*.VHD 
+%Windir%\TEMP\*.VHDX 
+\\storageaccount.file.core.windows.net\share\*\*.VHD 
+\\storageaccount.file.core.windows.net\share\*\*.VHDX 
+
+Exclude Processes: 
+
+%ProgramFiles%\FSLogix\Apps\frxccd.exe 
+%ProgramFiles%\FSLogix\Apps\frxccds.exe 
+%ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+
+####Licensing requirements 
+
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file

From 207f4210ff1eed1f86affe8ea7f926e27c84f951 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 7 Oct 2020 12:51:51 -0700
Subject: [PATCH 022/346] vulnerable devices

---
 .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 85d599cd64..0c34e4caa5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -84,6 +84,12 @@ Examples of devices that should be marked as high value:
 3. A flyout will appear with the current device value and what it means. Review the value of the device and choose the one that best fits your device.
 ![Example of the device value flyout.](images/tvm-device-value-flyout.png)
 
+## Vulnerable devices report
+
+The vulnerable devices report shows graphs and bar charts of 
+
+Access the report by going to **Reports > Vulnerable devices**
+
 
 ## Related topics
 

From c9ef6bf5cabb8812a2b472018e51b397d13984df Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 7 Oct 2020 18:10:44 -0700
Subject: [PATCH 023/346] new images and topic

---
 .../images/tvm-report-age.png                 | Bin 0 -> 50128 bytes
 .../tvm-report-exploit-availability.png       | Bin 0 -> 42870 bytes
 .../images/tvm-report-os.png                  | Bin 0 -> 62979 bytes
 .../images/tvm-report-severity.png            | Bin 0 -> 40626 bytes
 .../images/tvm-report-version.png             | Bin 0 -> 47460 bytes
 .../threat-and-vuln-mgt-scenarios.md          |  35 +++++++++++++++++-
 6 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-age.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-exploit-availability.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-os.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-severity.png
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-version.png

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-age.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-age.png
new file mode 100644
index 0000000000000000000000000000000000000000..14d90bbdd15005c301889630a9b0e6f134e32a1c
GIT binary patch
literal 50128
zcmeFZWmwhSw>1o+fQTR>B?yWV(t>oUlt?Pl-6-81ij8Dnrp2&#~foU{bZ%ZZe!iYLP0^fE&f{g9SRD12?`1-EhaiV
z@<5}$4u0LVc&%)Wf`ZeC{6P(;$03CWF>J)8L@?&DFj22#rdZ57qo6!Q5f^^>-XV5<
z!rmot>8fRCsI5(4g!ju6oksFUm~VtJ2Hs^>EdR}(!g;{+9%I7OtfJTJO*)QzHWuSM
z=SD0%N=l){kdw2=o$0L+$0GX|E_|mBe_c1Nr-n|(?YqhakCtk35VG&yz5DEoytUp~
z7H+pRF)_(2DQPx(uA{Gi!=qlyXg-2HtDq>StSl-qkrM0Ht*5lKb%?RF5LIeQwYEbKX)mY+TBmMYp!+;iSXbSaw`%`_1`D{{kQMQ?>wsi`GC~t|9t^69#Wrebva)M
zuQCY=Cdg+h>?~E-IygIr#m5KbCNL-E-1qWHGt}jj5k}sUC*Qnzw8)m?;#`KtVR3u>C+GEqQ0*;78Vx^v@Ttoj#h-yq~jRc)TE_x
z_Le$zTbqdbGvqTx%~E_{_bbTC)~!yt&!thgKcu3%k<{Djfl6dKaT`Cc#O!$KGb?M~
ziQNt*N7mE}4Gkt7oS<=sz0NN_M`qiusOw{uk&b%;b3OH*$H%9vJIyi6J-?C`4$jYA
zBHV~N+cn)DF*8SUn2xfZ)LhNXudA8yQc+QvOzv~~6ERXg+hKu^Q{%9q74lIJ3JkoB
z5*;1wvUd=frCLd-s>vKzpeGP;YeS~dH$(AtiqdESO&9FoV^A5TICzv
z34+1Xde;M9UCKc6&ucRQ&F
z>n7^MgT|X0F51*+OclQLIb?6sF36-`Pp3p`Ot<4bEc-+G(_q^8rSyu5hi
zc$F@~j2SMNeh4b$E{2FvH1s1frO!^+`-4ZSjqOvo?|s+kUZ1K>FehSs!eqt?vvGWK
z#`f_qvC|hX_F-E|`IGn3b{xzdu`l2C^9bjQ-Fc
zKRfdjcc=brYY+KzQJ|lknsWC}&$T5sGpE?VKvE7C=R*@7yY=CRW5$@hy%G+~^%%>f
zc%Ler8^$eu`;QbF>~xKpa318bi&A
z`b*8PE2?pS?ozMR;fVRrUt;R%UTa{ezq3f1i%;S1@iwW2h1QCt6YYntsjd(rf|1ll
z6UEQZ$8j%k=tF-hBj=P8=}jM;{L`bU<-Qbp>8`H%g@v6<=dC>bJ%eU-{`gGMz~-*W
z_y|TcMot0*%te7#J)hIjW$Vg5`G&FA8)q50OaSb7l{l*=S_#K>_
zcGdUq^6^(2kr2P`_`&|<$rBc{aR;aU<@&*F)!}ki3~g=g;n9(N*E5bu=c5PcxIsD{
z!5Y>@YOgLyRaI3hY*xP3YdvJ6_us13eBUMsU{N+{Ci|-D?9^D-3<+%K@WKQ(_}PH_g5r_a@4t9xIWqa
z+Q7u!3armK_gy&PR!Hkubc&-n2#*QVeQKl(w;WIAziTt0p?6_%Gu+525WX~NYHqe_
z+D0%sPSH@f|4Ef{pIcx5QtMvmL_}e2ZQWhTNA>uz=NOF?<<7RY(~$rtF7bOB0fBhZ
zoLZc)Fu$Ij9<1C1l0r`m+z8bxmyVR~=8(r?T*MUJz9EnEOG*|Y6UBD4)=f;refxID
zZgc!oT%3B+{30Y;tIGm-Uib~xScz$hSTKv))l)9hfQi=B+N;#xWxg6S)%m5RG?0Y}
z1h2mM``@}a#r?fkyb-||!)-Zx{Q?8KE+_QtfOPPxNwsjQQ7cd9@A9+#)rlBLK5j~v
z{Gv%Akmm*+E-F`tG?kAJ6k*Ah_qo20l(}&O1HXsTL!U<5Ne4Gqob&z@X1+YdMB#6OD&CmWocoRA5`zDN*oC2{X8jz}x(3g6$i
z2}&a~oNXjs8OdBfO+Vuvo2n=_h5+f#%O`E`@9V+ftIqpwt&bMt3%a{QpzCX@olmCF
zaPQvjyYE3Le{Wb)T6+AdPKb+(3uSs?qcdn@jN3ws0^&Fg3)IeJsyUf=Gg-Y-R;2`6
zZ>j4+W3$=ADtq(O{Xi{?zjqK`E-EVbB_iF#U|}EP;2<;qXVv1_K7{w|^mLtklIY$f
zuX&gS*Dp2P!ci+*>&LWQzK{LO_N6$aV|L4#0U^Rw$)gj#!^I4D|zIn#sIHIjf`|8t$%{olu
z(5+jyi~|yKa})G0Zm$jL3fO*qB*c_%QwxiJW7KPKjgPzVCtcv&Ck%>Y+cgfz;dxdI
zZ&La8?=<+}F4g;_PA@Mz436=$$$aqDa3ZQ;)3r-wvkr$Xw|!F8U4C_mfr*86>Tb3%
z;_vUDr07t#;M_7cHn#f%HaJ5TO$?_wW!cx+8mIv0_Qj?{K`B!rVX-a&gp8{1l$2U0
z`7NRPhDJw=ulnJaRaAtAN4JGEKE^IvPDJnKeJ3Y}tlvB~>#fOSTSfCiGc(mEs|aSL
z%L`V>(C-&Kzv|;q2nahlIfdsAeV2)g=Utkg-<}Ibz_O|B!}t*ME=V)?Pef!S5x?`n
zpUKJi$!cfom6XV52l-+rP!ljshjRKh?Tgu6jxD@#DKrumFP7dDvEkz4PC8$?B5L<;
zVGS4P-{N;ZJiq#=5hkykb${*rc}(ZMd-o#F5-(1c63W*L5Ej)v*%N`gr82@|O|Nj?VGjl6ct*_9)^@=wn$2h;^>$|rr{PYb
z*YN15)xojx@{s!rue5xV4U_!heErTJ>^958>3yV)Ex{CqlZFWe)=NQH>K6!afwIMl
zHKn3$QXHBmckYkI`*BVL1k0Sniz2rKzteSC*$BCFa&mGAs^zi8wI&e}ldpj(@~<&b
zQ5ioHWER}g@JRgg>g(69mKL-Z*kZwC^^^6ef`aZSWMpL9dwaS^ITKNPyL4*w@jSLz
zs-&uLMQsSg+;VSHk@-}80WO6(#rgv>F01)gWrC8d>};r24-gSAxVv|tUMCf#{tllyB6X;w=pNArbfo^>}AdR*wb?dgM`cIPVLnp
z=^5^N8bqGvoy@nmIH@ta4UYot!x|m9_-l9YdV?+Ja_j5sKP4tox?PzP01^<^&>+9S
zP!rZLGYdBzt~RDgPfrKv%DAxmD5>}L{B*sEQf<8HSjpXcWRid#+*_J=4~8_Y__#?R
zMQ+yEvkEd?#b>LQpjb@JJNuIHMcu?Vrz=gUn3t=x-;0Q1(gd$}=I
zipOpA(0C|^ipS|@12cuFiwmDDPmrCYB=(S|J)<^%1)IsTEKKQ*7w_KPm7{R}UgLUd
z(bgn%tW$pt7F~OB_RpUlOYzPTm75h|Sy@?D2xQ9n@ZkgB~KAtRX!A^Ak2H&vycPw~{B=A|fITswDw$6$6v)9hf(3
z&X{l>@F|&%Sub_Wgou$F%zn9Hp?#T5XPGB7X%Oqd{RyJY)Zg2O3Kuti^Djh72ogTEKLUDm5y2T|GP>6$WRX)J=
zn4fQKte@!AyO>p^IIN7e%-uBK#Y0LM_O!_YA15yS0WO>Y!H0cnVeM~Pe
zFCbLPwS(IQiy;$n8yQjpZc95L>L?ZqjH6#0g
z)x{)l6;W>O;r$yoZWMPt`q<8{tE-Dxpx)j(a1j+1_1XwmKg-p);5{05<*aUSMpiv>
z35miiIdy3s=RpR*Z9IewQQcHTxQ}2PBX1l|M{HrWV@k!AtD^ESEuP~
z0%HriRnH6f67v%iXya$Yf(1+FRbXFgw+rEhBQlM{auu5=yMoTo&*?OonV6c5QmVv&
zE}*lrv!djpjcT}g6B-yR%7g3ZXf_*z*)~O)?xJf*2)IeUd3;H>#m@-aqcVPPSE
zH44T5GZ+q*qX)%=fU+i{%kRvraC~2Bphs$2wone0h|vO
zxct(k&a(%NpXL7YTV#KJd8S`=(!4fqd&JLhX?HV+iK%LTS7IU5YXMQaG^lDm*WWGB
z&@~t_UZtktJ||V9S`h$cb9a%{++w>(kMYsW9sgSOj;qZp3iGNH>a)X*x$IJd$Vya&
zun0!g-9z53z8Y8OW=-qc^zP~+dh-u?>^J{tx?g?}C)d&C)M1T=`Yh&UN+uXDX;dj&
zqg>|8Z7n!|yrU-&wTB8VL1UwED*wR~yF7g<5x%6QT+j0Ksb98gDXV)u(KxT8Rbc*VUy4ME
zW*rW5b8~AO8#nmjKaJ3*78A?5bUdy7{o7Z)(hh*d1kE@;
zUWhw8F6Q(OO@hvPS>{M3P0$A!fiB>ta{K!?Aw_A)&TFX@nY2+wYKW?+&^>LDqsua6
zAttuyeF5nKd!oWtccgDC>T+L>>|}{kdv8%n&%nT{({^ZPZB1-Tz;$Ij8Hst#_+SB@%bm;}Jb
zGjVisoS9h>hx$&##){l{zc$9^mX?B{%>-CO!+kwA0gXu|M`v4=;-pwU*-J}wz;&IQz9YpiQTaQCx&p#gi2W`eH#
z)Shq`GY1DpS!HF|PIrTWy!sS14UM96wc9EFFIguvt<}HjCL;kgm&Me^&1SFK*w|QEmG)XFghfQ;9okD^SjkD^d^_`D=lgqDq5))W
zG3HhEFpt28&iLQBbquAj>}=Ed*k#fM%O6X*`qUnAW*n2N2&2I~JK8EdAM5HOpu=5W33(9{bp**kGOw$zE5f*j_P!qCma%7gbXDhA#UtaWE&s$6GvI>>P1NgbWc
z?QUx`=%jG(DOBVdQgh~qZYIrq3iH(~6p8%C~O8!D*z(t8zcyrZ?(Oy^X?@lQV9G$i9w_
z-dE*lEgDQB0jsH;=4gCkqI|Eb67#mH%v23tzyn?&5lTX0)pl-fXAlR9s;R3#yPut3
zTG-Ord7Fqx(Ob>s85FKrK$KCP27|ep-9KAj11_gCNs>$Jf~`Zy%*+g2+e^K9t-H81
zzzvQR=(7RmJZ{}x4dbTas@aUT!No|b-bGbP-p@;1{`ntMuAJpI?x`y-Tpr_Y4-kupA8^I$W
z5P=cwZ;VAEn`fxRkPBUEO`f8mt2O?9o3wp!puawBd5?&wP#>}QF*vSXYdX;%9mqoa
z2n|C;HAgB4(f9A)@8B1rn^PoM&2{_xwvGTDvsCb_0SUHlZcW52Q%xz1&SlUsF)>9<
zVJFFVR%=1gjkaltlXO3H#3uF)x*Y6FqJ8{0Ef|!i`I
zs`?~G5&sHGhL?!Q6AE7MYELwQ$t#>QBVAojTY{lm($dmM-o#>A)@x4g-Md##D)*(S
z@w=Fq$oL$#vzAUWOwWU;sPKr0#FUhn*E6ECN^4p&1eW|_uiA4)GAnAbCCCqtrrZnN
zuLQ^)=ifrsz{J6U4k09#H3o7d7Z1-M&rlYlDlad!WL3zw!E9tx>w3Dc4+K+G=c39&
zGW4!$+&W)UN=@FszZVkXxwF0f)BWmFcz;a{xfkL~-oAYcq4xIhKrxGA`9z3{+GsYe
zlxD~KLz0VYSXW=aZe)bS(9n>_epR^A?iZ3V2HF*ejO&Gh0-@_;O1i2kn6{hvGq+e77AB#EpBXsHl=<+Se}5j!LU)nNCilfg@^#3@}{l
zE-3rM)9%y|bLg>HP@e6YLWOi?BnpCc?Z^m9T&LQ0vQ{&O8;#e=*R
zAZ;E45nS~5FIMit{NlIBNS}lRK@t)gaVZHPU|N+sIaOm^GLnE6rAGHmiT5XG8CviVANx5#1WbC-RA@
zBo(`hkEGz}I`~5(BAP=Qg_)}N`>-&M>Mqg9cx-&}6gA$Oo#+esC`7#;LLmHKhJ+x)
zi!5SG32VeG)0F2I7mPBy0|P5UC$Wj$;NtKVPQk>`%wcB6yUYo5iS8$
z<7znMe2s@2V|3Wo%64J-JQ^Ar*tN4*la5QK6}D^AkP?Bh!W2Bui_ObpLB`6-oe&T2
zB(l1iA84CG4r=eef8VRAPvjL8{E0o<@=_B=JI9IqFqlPRI#!JA=b#(uO%##fdI$|>gmHAi?CTM(!8H0a{!zf4kSURSGbFwXI2Dlo{?t!?GU)sf
z5*H_;t^EifOT@Ec`k1BPQ2kH#1eWI8!uWU&{IGBvptA{yb_|_s37%V9Yk>^J<;E8c
z@0%_E?ok0*khKJ~jCh;sNZqjvn5Xq_6+{ZeInv;MM+Ps3g~Kple&%BRlx1VLPZr6P5Nr%L_HPVXMgU#0uF-bEIWB@O1a~3i|{-P~O>-*~h|7GcMhX
z7`l7+u2QKTqk4ti^ZHo7|MCLVH;o{#KA*$jHZVN4@s%YdJ7W(Nc?_j2ZsQXU{iorT
z1J(<8$VXX*GDuusU6aj(i{Q~6?y7b^?8#Ez!`iDJpz=Za7-u{fk?HSG^^}tsTPcoX
z-`>>fU07TCxTlR+(31j(9UTxeglA_Ol2cQyMtXiNOl~bK=zqw~&SvD`C@F3y`Zzng
z`UX-Jy<(2u{_?Xd)zS!PEfk_6@!t5Hjg?tGhT_>i>3ZfXct^&~?ZXZu|6|X;_%ucY
zeeI#QR7nDd6AtZFBV8^e0VhAxZ7wkCeFgY}UC8@;Q0orjD^dovnv>#`AK_JiPPTEV
zn+R$RvS2{-(~*aeSbBJHxKlqc037;YSWK9Nmew8F(GT^I<9N4fe15t|peiXVYnz$|
zR>trG@fQ)B2J554ok#k8YEetLUy4Lhw9Q#u#CR$+Ao8`BZ`>}Qj+U7E03h$`>Uwg?
zwqxoo7Pt2JL0=70LM<--77V_(d=O?i2FM=W>P>?~!fv@01f
z`2v^Aj}dvqZfMVdRPfP8n_qJKf=q^L;29-%a`lG+Aua{
zFjQAp_p!Uad3t*JwXE#J?6IQ7oXSlmdx0U2XM0CSOZ6BOvw$+m0)ks68ay#5Tz
H*$%2H}t)N-!9lEz|4kuK)%hDRKV@M#v!C92|oVP7Vcjrr7X#^|6sHxQNJvgG;-O
z(YDbj;tIQsuf@f;Z{GA#D&_EQt$!Ou_5e6_#-^qw2F;oPyvJfQ%hPqufuukp=%1KM
zNb%PvdQGvMx8uQ8ECmZH^e2hoR#mqjO|uhYgU10td8YDl=a8@{jzMptIglR7x@lcd
z$FR$c9wLcyP1kY{xK1bp#)!al*9wrJOr}c0e?KA$b2w)4^T9<+sSZ^s{wQK0%fhIN
zzB>@9sby*^HNH8q?&m+3(v
zh>NIAQ#Yd3bUnENjbYCIO*RlltQpcLW4b8I^NVDO5UF`Syo!&*OsRYN_oM6Ai|Sfhd~$2f|Man$gLERlIi|&O
zhk*SH2+g}ddGxy1p#Zm!gfvJha&mGqfQ&n%2<50dxdJI^w*qS2In=fvH$%rE`w|WY
zhj4-&44gdZk8owWt;Bsmcn#d4XJF9Vis$;lX&e-3-$Z_@5A}Z4Hfz;7K9(CdI+g-@
z$diMi@F!GM&-7aFAhqYA(gF3{gmir^iNvJHZ=s<&ZB#$axUYKz2g`()r}ip2Stptl
zYyr0U`qh|I*hqghH0;$%o_DaoE+!0CyE!0wczAew)Hqi`iJ5b0>X!y=m$vryto_3H
zz#2R}29=_3fux)TZWm6QWpiC`tlI^z&cj;L1e(A5P%PG5O~|}?gM}+#A&3HbpscLS
z;&@vdm>(8m?D+&9kyXF<2((z+z)s*S*UJt^*MQV7-XFiuZy=dnyCotlJYS1|gl>_k
zkac;%3H5Dzm!Z>9GAIb@0v>*$_w=;F@o9L_x85veYnO|2rNaq(HP=pd5GwIXEB9a4
zO}d`;)Cge^GM;;HMKY!+I+$MuO|)*RS2E%X#U;TOH;^KmN^Fv^-k(7cRq4Qzmj1g<^
zFQJpSxF5r09`Hs8x9`lU*$({vNU_h8V0HfEFTETe=-s58CUwn&5f8>n_kf!00oK*5
zYKJ;N^f9brka&M|FS&Nb*-!cf2Q#adnl)*$uvkpL0MiNyp92eX?fG43Le$(FzPw>h
zjZ;@EGpZA*y1G0Y<{f4;8D1dc%A;_1cL!i84C=L}>j4$#I16f6n=sO)Q1n3p7&$tV
zOsTcOBD0AfR8vgNO(R~@?$YFdQDBK5pYL@aJ2qj#UT?>ssFJa=nxOH=VBzKl&Q-HU
zy(;SGPpu03t*)K9Hh_NN^tohj_4$77&+6vQEi5|fe7K0X+XDn&o-wWVB)icvk
zIhXStF>DIA8<40RuBz>U(J*ujEzFox>F0JR$sivZBMyX
z`;-$E_B4rr6Rp4g^$KhAOA-qP;f?ak#+BK#4l$DmS?JwQyy|{F+;pFQ1e}KAu!5Z(2b37FDOHT`GO1Tu4NV-)
z&aZbMwGMEhHPSOz`+^P-W>)Jd9mf-vkRT%}ijFks9Bq`gS6|ipkT(}w8v=;`mf-%?
zoQPQmSU+$V)el?F8QZcI@n}qH9G{(7PuIDPmKYlvDLFsV&iv#_iK=u8
zu1fHkfmHxWY(UT~?d%pKRB4`>Pa1-tB!L`70c;W=j55Y+;ZlP6FRw!tYN5zhglbZ2?n4XMSm``-FI%wC+6e&3Sxbsp$r)=
zA6LpBw~t>n|3PTvDc}r}1w$DTo9b0BXz2xfzrTz8tt`FYVC8{{)i+
zHo8#YP^mmJGa3(>L0;Mhq19rKv2=QCs~fCCW%HpD&}gCzEdH3B6eu$4{cKL?<_Qgu
z^U)@iQ(LH&`;qP2q1fk~oRJ+J9es~fvC%oQG`pc>Ql1{rmrim{xdaC1GH0t4>ukp2
zBBjbY5u$-|*TKQT*p3dpp`19Ri|7pJ0WcLQa!XxRXI*2*rzi5Mlr;5P$RL+8dv+mEOkzBDaX{4zqrfj^iz~nBhdS0?<1d62xRcL)=$hSc8xBG#&!l
z0V#B8D7;olbk)OMY{%D6SqM@n*Ckt4ZA=WQ{e&y?p1|4n=x#wV5NcsZPFJkaps>u(
zO2CCKz=F{l$fYm;_}2(LZ29I}lXOQE?DIOvRI#|0d%PbO%s3Y7GIh1wR~(bl`dnvT
zo{Q&)5&-Tjr5!ebnwoLjA$}C>`}f))&pI5%m6q=p{35_oEpAH-BIo`L76gHs0bJ{;
z?^fqd1SKG-*EQcJ1)FTDkPi;u_OuW-Ip1(73p6n-8!Kti{A*HX6+6^W*T7N28%8r_
zI3ilvBP+2xnIyI_r%Q^Bo>RTa1L~Dho|XVeIKN!a4kZ&Vv0uJ?iKIi#tJz~Lbz8Lb
z_4VpJF89|*GW$%qe@O1H^hXkDM71Ra3n-W=MTRJUwh^$~>B6L$2jXQC`nZQYdf6UTXe{n}W;
z8w{)5s_+Nb4{&dtou%XNmUcKHZxai;@#R*XvtCu2vlbfEiU753G(h(S_9Vc98oDKN
zYdg!CAI3Q|2SXZ$9m~Cvz)WmUR*w`H+H3~Gs$_$RIL;k#mhCi?lJFZmFO~YyI44KZ
zU{sW0ZGtW)GBds0TDeu#DMsPuo0dj1q~ZKPF_^-fdnkh^r
z47=+3`@<|1H3Log&HwuOzP{k*;zDi#g-U6t7>)}ALkLDv-p!AQt8RyxCaYZA)$!ucYfc0#)@I;Tu37oYC77zO6
zkILJRkB?avLd579N(&3;E-}b64yyrx*S{44+AF!a4JT4AcyEqPh#Kk%MZJ3u=?a{N>lB4c|j!GW6PWn
z{ClM|umn&7d1Hf!4Zo$`S)qOr9Z4cYb_o$>}}>Q{g3>22bt{)9Cn*sI)uT5QZ
z^J2p6u|0O>`7TWR+8F0&)Qhvdd3+fqD?KRXKlisTL3sEDJ~|RMgC6LJ%xdTC`uh9w
zF4Gi0sOvt4kL&y9bcmJvoM>gp9R=yF%Nqy$34uNCdH7v`OFo8d(+1u16Nl*->wzCl
zrg}FhblQ=cU3m!R+-;RT50rRUH__s)+@}d&$;d?Jr+?oc8~bkMA|yVNHAnefK|f8(
z`K!kws$|VpP2rEcO-bl*7?fBNa%)e&Di=;=*p!JQ9VWa9uBXo`?Kc*CTT%xd$*DuG
zK7XHU1KW@el+m4pn2kE+?qZu7I*B#d!63gT=H-0@zN*SK!<|mO;UC|)DO~D4-?;V0C!p5!
zUCN%?P()G^nz`GyfHOtH*X-;EGt~`99Twc?MX0I_$nSj@?@fvHoP*sz!khB1>=)#N
zlvdjLAJ@@=7W}`rzuy0A_D6>1|Bpit2cQ9yR^CQ_93|z_m%!ru{Ft8K-?#jb;coS6
zu23#C2%JDiP77X$HRXbXl`iM6w@;^Fx{(tV_@605{sp%X>X%-O|K9!g-w$`+58wSC
z5B%>7{tZS5b^WQD$#XVFuVeMGk7~?iu7+xSRR~75m`=X4b++^423(Zmvop4{?9!V!
zIA%Q@qGHT5(JTF^4j)IK1KWP{g^3A6m|113^I@^inCL8HnSEL2#))x4Rqt{82^_+gjjFZYgixFDtZ
zz@);isr_uqnj6USGin)wv%|hxPu#^0Dh7s*-P7`~w(>2dIr%|B8n0fw@V7D*7%@Qpc;clp>w|!!mU^$j7
z9OXGmi}_}GVl+TPI&sj>TW#Q&^3$ud(P2#B>nR6
z*_6(Uk=x7L+ZOTeZs;hW3`)iv-s?{j?AL0_9v)T#old4>)D{%Gc&Alyq^rHMk{9gh
zbPVRpi7Kx8jZOIstOd;nIckOIwQN|b)&j>r)m&z#%FvEaPUVM#fOYN`6!ct5NO-$M
zS}Vmr=*4RvYPZwGp0ji^WXb%M^6}K=!0&^63!c&4XPup$U`kJFJ^&P6{wD%C(%1y(
z^72arXg*Y(ixJ$rC;QDEODqgBsR+|UN5^vF>;Q1_v)jqdUkeQn_iO6~f@FADD&&^1
zxcD=mw*bI%z>^HIib8ms!}(|)63o>d1q{Ffo^75{AR?HMjzBmz!H_E=#ta-cVc|%}
zT(AsPmY6-YbkqyzhQRHCJVep!L&18!tKHbrqBYGqN;^TVwv
z8R1&Dg$VNrmHbj^oBg|goNQ>|V+NZW-&eSR4+-LK&=spaa>GH^VRpKxI-VD(^~km#Ez_5Qajw)2Mt#Ti%HGQ%$A-H%0HMIZFYhW`f{+`
zwTs{9LcB%zDTPo+?DXUtnOd%a%L5K{A%5e)oZF^r)NrcSdJ}QyW0A#^w4;
zs_XyIE!s`F#*UjQM|9^$O+$$Ll^?7=J*91>DJ4we^Zo0^%^WFrl6Jq6#OhO9S4Z;i
zvfueJkBGj_&fYDM9z1_h7MswO`DbuNlArJ@2n3zWO;7Md0Q?7O6hb|SQCpEKL
za0t^CJ%f`A;q;0HyF>Dgm(}Ux#*aku)X+D&kETGShY|PqdXX6IQvs16j9u+F6<$T`NLPXcD3bLtgr4~;8DOq
z4ZO#WkP-!=*h=@0&*fU_c%@;te;hcI0`!yoNR5x{GYxr7(zrYBggsl!yS{(s6t1G_
zZ4&2ev_gA}#x8~G;$&^^@-nTWcjk;AxD*u7W7Q{+vm61_sUQVs!L|=}sKCkuHa|p<
za_!Y+<$}RwRBzI-yOtn$Vg)q?fwX+D%?qb(Ac^!cCo=1b2LEYmOCRKH0D0@x`}g1V
zH8OnNE*Nt4_4JgS?o?eIs)92O@9tfla?5JlHNpzJHE(FI;gmtg$+YJwMoJJU;GI<`
zw-`8`x=V;&!4_=^4OX6Yb~4ZEzlhXTx7#~M8pLLN(qa#!c1D};cU>Om1o~{U|6=gXdTR;8LB(`mKzRx7^}Rr4I9(QB*_y-sMS5
zw!h_xR-2_%KilMAX4>}zQP5xOFZAlw_Tf(YAu&=o)|u7r>+eT4UMMX=4<6IdV1REF
z1vD@Hl^Y|OhPha#S!+iv(U1zZJN8##|7vV~#$N#2jX
zqc5$mCu(D+yd=R^xbK~JlQ$Pj6&5*z%whr)Bjasw866%Tg1s;h2DmJHu7AK0cAkmDn2G=p-3nL(Q+z+y5yZ2uiJVzM}4KQ*(m((iZSj4vY<
zgZ_Ooi#=MBjLV{~uOZ8Xs{-cYa>}P{b)?WR1tOes^)U+p<#ujs>*~r%uBu>8H9-lA
z6^s2QnMA(H-`{{oz{mIA#5iJBe&X;_B40pV8MmPzp4wJ^Oi9t!#Tb7r;u9mHsgxmgWo3nnJDe~aJXOP0
z`h^SpOA=Yedna8s97|g(EjzD*SE8pfq3ksI6Afe#3pni?QA<~aL~6RFkIpLCw$y?2
zwjOJ8dAi07wjIl(?T3)#!FQW^V8|7-72IEpZPErSbyfZ+5{Q1VprSJsZ|EaawPG>~
zV&o=z-V*Wrd1wAWQJkU|qqDPfyvy!WBr*U?II^(x_oqHH9yCFO?LyVzijIZsTZFyC
zuHW7O`FMCYzW5>OArZ
zMg-8FaI}i%qeZfQYc(rmc~Bsfoua~T3n`RbwR=nO5six0g5D*eJgCB^5&FLNn
zE_s$!bw!?9S6-Ffj3nr2P4Ij3&d^3Orl
z%paF066~SwpX?%-%fJosk&H5*BdDoyTm9;iJ;#3G2mA4b;B8Ka8lz>UrK?NcbWikw
zviK$QT5Vnnt?Hwp@6T}kq8+>~^Navq7c$!O;!9r-78Vw5tDsj>
zTl!+S$j7J5%tT4yc&fYyqoLkm|AA<4t4or#zkk06e|v$q5x`v6AMTa>@aTwF=Q%Jc
zqVXCwCh}D(S;a+sn%84B)y)TdJhp!(5o=e!M2K=`zu&_uF-f=NkI7Nbe-|9-^pv~C
zCsAE+s4PDJf{NH>^ir_s_X?t|?NJ)x+(L{bwd8#_D0xh>tNAJ9szg|O=`IGfXWVj^
z_7eZ#NMM2I4GiZ}wy-|DSouJcWQObVUtWN`lKiHTk(B%xN}_MckNq4@j=T^)JlMNDaApb~mNofDR*3nbEr??6h$Au-UBjTeDfS`{(*J#z8tI
zc3OfgBmu$1LZtLk;eNv6aHusLXL@V>NZhmkzgN$|@a;SQgg@je$1uT_5DfMw%+%D2
zu^aU4?BNKeN^B4fpoIGR`xjOb;^XUnXejI!P|e(EYHU2GaJHwIXm*|SyX19vywgtf
z;=7&-YiDC>#`BcK-!%g%WihN$9jPB68gt+x4WBQ1-E$FY=-K1oVMwfAY0|+|A;A@dWjb5X$w%OVm!^J5T)*
z4Y-Jx&$xYjqUy1?J?zL(y3gacJ_pOAjj1GaWDc}H`;yF4IZ==NRXWxHzvy1FSYrSB
zl%Ed(6M3un7V|3f$;;3u$^9RIWWlW0l08_uD}q;DUA?@z`uT}Cc%CRu&(0owrTjC)
za=1C+uf*VO!xL!qJmZ6>X?|3`$VbG2)oYoQeI`%30NT`$PCev3N!I8Wj}nF|u`?cq
zzJEdaEZv@@==F~P$|wJJ_7&l>v|o&#f4#hP(@&T%YuTKr>>V5P@9L6vsMZ*WXO5Fb
zL*e1&MMYT~$_47M+B-l088$Ai?%rZ&`<|_>t+tU7rm3lE27m4SK0opEE>E=^!14$u
zdsknrJ;)hlrOg@s_lpv#IC*%!9v<2aZybhR;P{}C2V-o(>7RJF)0I%mPoG}AP!?x*
z{_?Bp4?P*q+?wVUPtD~)Zc1$Li42^+Mw%yCZV@4xsKS?*zJgZaIEu5r$Cf&GSOJukWIYhTNY}l1en1P(31!E>A
zCr6h(fA#2opbl8aFt1-*US5`MCW_~_7X9FHF^wTuryI=g4e2S@S5!*sHXQCi
zL4mU#$GyRBHe&2sBZU~Cq%!}vun^L7>9%5c2!@&Tvv`C}QGn6_*!87G7&04oE-O&xZ{r&xE
zgytpd^_MT)-38+vW^W$5)Z7@L*Nh&Un8@bS0FOc2#qP%(sTd9j+cgvwRn_pt@t&SL
zJUl$p7F;MOu)wWzj*t6>vXI&$N*NL}NmDB}zshL)
z-}^-(Cq4ZpjdW~O|FB=n9Hvjh_KAy9wG+F?tZzL~{4f|36cmW$LWa_b;Uh;SMn*=5
zwd~S|;&(y*f?b1^(9N0FM(E!(ZC5FgQzDht|E6$NG?6wjEe%6mT^%9@QP_6iL-`u5
z5%T)_Qg;G|Y{y~2*anxyGzy$z&9j^n4fFJ5`lMLftj7C^kSo>=3%#8MvyEhm3A`xD?EkVCP8ckLn
z?CbjssvLf=QPC6J0OYDK;?!)8aC!7zMg}+D^-y_%UxkG@wsho%8ii(*bQ+$Y@ONv#
zv)*uB>k*mNMwSdtL@$t=N?7=a+;Je3tcQ`;aaXTRKF=z35H>^Vy7T49Qg45MQtZ)k
zQZSQImBhn4bzs&qh!LQdQ(|h2Q5759{bkm>2GqZZ5u=Sdk=TcHg^W
z=W-xHryzDzVdI3g@*Ydzvh?%&=Wgui{sZWxW7cP$euT@f_W4|H-_BDpb&7mNK$*}z
zH|w+1TegY{S16*@47N+;Ed>45uRD+jM#shmNCf4yZ!7mD41Dx#SosUpg=N4FBf~^3
zTV&PBk&h*&OvV4NF6+%b1Cx+vEV};x2KO}@lnPnv*I577M6Aq#411FI+Us^clT@-d
zX0cwpi+LFJruj~2zD3i2eJ3i5n8)7;#KO1uH!JGs^2Bc?AIG#U!@Vdy)=#ela^VAB
zK1ufw)_J$ZY7{d3pK3$NdQDU>tlg@dp-)cEDe@(Ofr{kgFnwMBzu|A5d}Geb7g>FJ
z?+M5pP$CKak}&_nEe3dys3x<*H4|oR;21m#Sw&V=-R1~D;s2@9dMGBwA*1lH3WVju
zCwMuBfeA^BSrX>l4i^;4N0`?@;PSEHQnRY1{R#)Fc|X@r$65>hx&u$*1-GE0)N5Hx
z&ixw?U%DF@c%lFAPh$#Xe0vXBhI4Y5AiINhi_9vCv~(@80~!$)@87>#dV1GUSU5Pm
zDK3`9P&^>Lf;c<9(?XG8J$ZR?);ln8BX@{*YtH-CBV>7ma{5X_!rzYB>KY=(KJ
zV;p=tjre&=49it&qG%B}04S@K${U*|qyW+2>?PZz!h44GQ7NJa=-N!dq4
z)b(`i2pfPn`-lIBu>w&5kis~AtW*?AuB6;%ih@|d#@rA5|K?p_TDRd
zudHP6&Hr5W{C@xM_j#WGztOU)nc9C1SFxxUKo;zf6W7Qn-;B#&!^}dc;qVxm)gvPcuoG(L6QJhQz
z#q6@JHgth+@o_X8732Gmwy#(fuh_&Vm{~TGK1GWwW@wOF{>GUF9gqV~)Mpvix
zgU$0i+axFlNGdPC<_a#f(Dd2Pc~3!v`@||MkGh%H@_0F!dJbuAZ7s6P102`M-9tj0
zb3>ya18xRTBdX>%$F?r-2L_KEL#RfT(3vDn|3R9bDz-gcc~Lu7r^q
zg?zHoEKt@eP~Jwy%3~|vOVQIGm=!%r<#@GY{6$MGrB5uR4REL7gV7b7~
zdv?y(f+PtspTPOIuu4x=cjDM2Gc#@hL
zCi!V{+Ko~4;k2Sou9B&$mT-Cr!F_xUVYEzzSolBQP4k=I_NE*-vK=3+%Dy0M(I&o5
zI2MzZb_;P^UpMg`SVHouVe
z*QgXt|Ds}FScxhH{%JY2e2fI@C}#oO?7+GPlJIJPF$nk9l>AhfHD&GW5Oc^ecsDmc
z;o#u-DSZX`6T=S%`>6}S)F2I3H>x56X$kdA=*qFFKHj^-!*c=gIc>_#-u#i-L9-hp
z(lmV(t0G5{RRPcH$nXj2IYiikP3V%4Uqv*dV_lsq>M4I5fh9`2H
zF)K0Ft?Zkp&JCC
z5FlNKplI`Q5p@8yqmvWT@bkb0`BZ=VZqq36BIw0Ubo0zTmGiXBJuPon*q`@e-6UI!_x+I^TNmfUUn4
zdQ=)Wq=Rlw&PE?tuWhZcd6Vb@U=0!K@Q6rl{ses3$dB|<<<=F3GsZvB*>rMW2#%?HOLXe_7=iC=ebF7*GWL01nJfP`0X=C)&Pf8
zP&fZMF%|~Id*$M6=z;Y$mR`u0r6)qMZ+Ea|2uHZ@(MdCp;u-XsTAQjJEHEB;KbqB-
zp_r7Cat;6j!W}&7(a*;MB}wzc`3Cq`$;hrhAp%u|H}tS#+$|_5fap>WT3h@-keyK4
zbM>s00&s9h+yYw(Fb`JNu-|m}Yub#G1CtJK+#_0|=N2JXu3&?s$Nsazz2Kq&SOzvx
z5&5GdvinOe{)Q8g39vnI?%?qiS}EDsY-LlJL(u5r;?i=tIx31JQ>|3NP_udI?l@cK|Dy5p5zunUhp^o
z+ZiBNO9o$$G97rq^p__eT54MP04Cd5;nt~+-CQbc7kl*WND^8i@FaMfBvjW6!xVGp#HJWJ#IgZ3#AxS
z*%bMJPl49B5=n~ZyS_7Gt^aYabU>6W?rrouBjIFF>pC5Db@nxz;&uu$SSruC>4YDC6mK?3h%F1hVvF6lQgIStC
zSI*7p-w>BLIUF^qk1j*Sr4M&uN2RJ@9wr52ps~8lhAoykYKI%nUof^W82KWjfIX%fQ|wurnvYD
zcK`>Fd%trmT7YESjxpJU9If&D^{{aE|dmihQ
znes!LP(BajJ^;moAP8;j8XCGFNHDp%|GlrT;KL=E!mIcv!L-bK^FX3Jh4Y4L;lec4
z-hkV}*fLW|C{Op__nA(#n{V}{|L4r0kPzzF_8(C9;nioL`IPt}-`nNVAAA(VY*3aBt`($81w&sCjo!9)P;
z@$vEbJ}^-9voX3ucYWg(%FaaDOtWQVWWQad-8_wXlkQtt^x1otq$e(!eNlU_K124OLSQ=-5gTKx
z3KBAvz%U(k2fIrIVbO%Y%z(ICebnYgI-9s=WDc2z0ov$CC?E4
zz}A-YF=2$!Ob~MjH3uE=e+)j=9edlXNM&9usMBG&_8s4F_}R~Sfea;{XDMX&Q}+!m;~_s4
zk5RxU`3oNY83i~&!OS1o8`!*lg~xir_70gS%o`!U(Qk$PpAZ;y0TR(;0`AkD{ZS}M
zr*>YISrHl{qB*&v?~ImaMqVjBEASxiQtCO_pFbNx6uXr3
z&f03c*hn?|hhMP&g_DFcRC|R0`Q86u5V
zJ_=v@03*Dc0B$Zs9om3~Av8ebA~~=J;CrdV{rE918bV-2
zAKF5*+~hW`%JSD9V3Lc7!V&mQQ2ftkmE0`^2Zhi)KG+6R0M?{0h$H%ZGVNvS3XUjv7<5#frGj`S9YG4_|}9E{}K8a-vgI
zO}i0F(_2dM7b0fViuL0FZ}#`SzexL}QoKS$rY`=z)AzA4+?;_xi0{Y8)#2%pkP-2w
zEeqISP4Hd-dRfcVS>c^ghhrWb91!4~TR&LLNh&NPIX*rvGL0aNOaj`Tnj|n0{t6ct
z*YT~j6wn4TkKS={a#ri-FQ~$GBTQTV4TOOd02QrRNSd@3F6uvl;V-iAo@2R8Q4xFx
zKa(I9Z7~q|z};25x|@`fW8UE%wBZ7s!B~d`CZQ&|Md3MGC`Nq-E>`xdwjZRdNv8u?d#K0vL2m>vORa?#zfN=$uM~Nwg
z{Gz|e_ugJFK>Q}-WzTsE!OeEPkh`MC&CeeKIP6AXVABh3ABzP`awMkg>bByIgHr)#
z9LR5|!mqT_pdtY9{rK6lp0atza&^E6ke|ZA!O_&zM4SPawUBqpr7xFjV$CZqJc+QF
ztU`f^^S>|&aiX+n@Y_rVJZjqig?ey%!LYG&1;$J9^YN*EVXrqUN-8M0^f-iE5YPvt
zx5lACjg6fh8olfH1!&wluqgkfaAqlsS*7p;L{+Ypry<$>Gz{kdO1C_C;h6is-<{=b~#aTJk`rvX~&*6y3c#WAUD%=NX-yVP36i$PTbLO1Y
z%hrWjegm5J=bR~b4Yi3#8B7WiO>S(~+FUm<;d#%3Bx>22Q?&AiHK%vUl0V8(zxwsd
zD7p=7(yy>Pg?tn&?6;}a6iu2l^7NgK)*A_f9{~{vLc?3oxfC1DAd)?RBwpvdClw}S
zjRwn|?3xFw3k$inwzsS2HzQ~JY(?(U81NO3nZ+>{?=~^c0H5+@DD$_!8N27>>)SOv
zoZdpeFHMgwNC1)5@2kl-e|cZ%OTy92&6d24pNC`uu?Nolz$eeX9}0z9jhC|y9dIjJ
zuR;WKhMOb-d_tqPV89xhw?C8T=-ui33^w76xD;xhkmfpEWp+DBD9<^|yOB>>T!wq$
zScWeA7u)&2#)PYIE;iPzXv7ls9m4dYaYt;R@>^UWB#fYKzj7C{81O(Lj#Y`EjU0=#
z6)B<)t)9MI^T{Aj>5aVAZ*!iUH57au(K7$7ln~1sFfc)2J=jnrQw7b4Zs{!Qfysj_
zlqQE2L3^Dfa4Pujcy!T)mv@|YmIQTlXdp}iYhnRVZI*vO|MTx0DYSv`fS9v(dR^1R
z1P5`Oo!tZMCjf{kC<7L27Z2~!;{a_;Er=n}pG15IL$Og5(m0KTG=Q_1NNOQ;ed9KM
zQ!2h}nlN&g9g??w%4f-2_4I?7@B$TbW
z$(0I>`pR}W0bmeR$esM91>kt7op*WE%&s}Q&W1OOBg2dqC<(|woKX_6#;Boal2;LY6>C%Ab(j5qmZEi=&eLJuEyQr4R_bP
z?FVUe6X-ml>jwB05}i{P+-nO`ZdW-uIl)mGVkb_&z=WqYlKiDBWua{0BSHnw(nY(E!cfIMCx_fjpf
zdBUS%ma;sUC;U7Q0|C7NFi~G2z*V|yKYBB<+PFU5h(c_gND^^gFFmWe#aM@&QH`D$
z6#+Rl&GEz8Ou&vokXDR5I)***#wLBU3<^C|dajnR@`M>2jMv|}`@0sbx043Ra!a$=T_x%TAIf8_wsP2ewrAkH}`7&75iL^?a8
zZ&v$6CR}7pB-m~GcO+7Ne8&br0$7E~SSj0D51lxc1M+ir
zoafAuRO$J1xzmiD=}OP{0m2RzTc>_GuEAzS!dS@fb_$&GA=!`?#vFQF*_;6ttB$Iw
z2T!ImARYYb0Rk=}SVFro=`7+iKKmTrP1dip+kVMT
zX4+VlbCBN%4`BgqJqQ;dA#6>obp=xH54mE!JLjj`e
z7FT!Nx)tHZ(Y5S2youS*`+`%VoIIQe48
zbtb6|ZlT{|jL%EAsbl4$TJ^#!c81=FGDA8fh6%t{Hh5y^SCCtfN~F5Z!;^>N0JlGyi@H>iho&*T14i
z=jfUI3609Zpn{-8kN_QA$~9oWM=Aee$;4cLXOl^{$U!E?v)V9^=`Gaa0+3fQloZRG
z#5t4U-{86-&>A}W`sdD2_>1u0>m#ZH0up2>KUM1s^!0BH+ZCY$Sn1sP^YAz4&Ygoi
z7~)C9ZEkK%@I)Wx4ULQd5?ja9kmKpBj+gt@YXf@ldz1t(B)zhu6sYOHBendWY7YP|
zgHwVizd!RiTIED2NH^Y+-+`YEUq7I7hvpin2zC1@3Y&1d1hWPIcMXYLHtob*mcG?dcPT=KYnCAb27Ks
zL~%sTe&~9!$E^hA2c>}fmg2IgTOUf^s-Q&Wp4)Zn$<3y7r<_(3r!;Li+d6Zn=;5cS
zlpickm_;wjP$l&2%LAz~HuC84fUAHc?i+Z`
zF1h(^?BeD>*6kP{n3$-Xu{HjSBSI!z&Zww`5^Y9`P#PkCO(+rA92el`_5&&4YlmwbUOg2)U&Z{WI-${UH2-S7pLrfEzAef==8Pv4A;{Y9HwnB#ks}8fg}|oaWV;hP+ikoJCKzoBnEGUzd8qm$1uk5eEiWw-G>cs++Z3v_
zJvA%V-#>4(P`yalbziWfIG|p8&9NNBW{?OX1r6ps1Cc~NHt3Bz4f&3lYdKB-n*$P&
z5djGmTqP7@MbBnZEs!aIaO*72P}708tSvxEa;B&0#Av_LjFvDa`n7uw(67wZptpEqk!vc=-f&~!$?dS(SoV?Me6
zTOe>d2B@Z9fUlN)QEY%yhAZ9Nn)iH%;APPg3EJ81md!t+CY=3MG6W%>Iw>xOh_~5y
z%ioN=&6!9Tu(%N~huHA$R>S6b8f&z2&H8Ep9p)zIPqPH02x71hNX`V|-ruhP>Qum451-$dvmkD?+1}atSXrsj
zXBlW?3_wyc^_ih)3#2k9t%~2cg@TgF5@D}T
zAxX*q(gH2?4@P*}j|>mbnVQ4_>_E(wJ2DevAvK}EtXc0Q{1&4qububI>%v56+CIzA
z9>HZ?sqO70rn}jIf><$*`=P5%L=<4Hd*g`^Lkv2CTdh7LEk(B8)VBu`ykU~0WVbf>
zbYz%9Rz9bv`%qy<$CJ#DvZ~&rbZ7UdTCfr(K%dY8=;suMNdCj;6}GYGf~0&G1|vr!TH6n@$ho)hEBa{
zf@IEP2F;~oyX&GDFt*`p*ar9At0>8QE0u1SKz6~q!%sEaHE1s&-85Zmo#ZZ8)pEFk
zhJ~TZcZx!FDObB*>_N-4>=rqE?YwU#8fLNo0|W7(HXsu5VSHy}_CcaMBWVYkEJ|w>
zCqkA&k;MfwQQ95Y6WUqAN@qfP;>qoPG;h@G1{M@qif!BN2iHT__bxqXK@xfNGi(l=
z=R`4jzo|Xo_pRHzgt7i{rmq;agaNU<7@Jf?G_@z{;8SC6=
z#7usZ!9&dbE12C9mS1)Gje~qXHse&!iHxh_HtYNLJ;xq=AMJyS;Y+%5somY_N<-=^
zkJ><=&?9#ARQ&mz6sjRrz0FERGi#?Et}bm3kf}Sf1cAA*=MzH{#Rk0fb9oua;>Xt3
zcfc%1J_0-EIkL>MuNniY%HT)yE=2(s-RQf6Dr1yz0&p*rBV;HLv+ck0pM|0thFUttzZzQ&*wuN(Iw3aymr+GVBGM|j9ozQy_g~#H
zDiVLoqGh!)9=C9-lZ_M|h3<8lu8NX}jO>Q>=-#2(YGC6uoGkqNTVXzZJ+c8J)JUn-
z8Nk7vJ(-)J-mMitL&)8~i@C{qKi&GFE`<8@GX}>U!VJWSTN7b**{iXuO1EyJ
z#@rGeN{g6iN|{?Kb)6ti9;#f`|Ma2#0@9@~4u_Vac(k7X=1lOOA2a(0{>+GENXbX1
zp8v?^t$!C^r?9@&Ou2~VjS4X?;K;Cc{k%-A;*LmWi9hlS;FrMuVt`oz0vw?5CIzd(
zwf$pPJz}lfm&<19Yk)(B2jEd9hak|KS5#C)SVMxlJGmrJi>)+!C<(K)v{d{T{y9%>
z%O4O*e}x3PWa>r9RO=4ofW~Rq?Rrp)ne#+hAhGB1;o7XVhDz_mp8Cw7;(@L2(fwLz
zrJQHbNdY`3qub_h^qdIh?7{j3ezAXnVGkXmUfzD=SnB>ZF*ND4>~VV>O#Qa?`rCF3
z;_GQ*#67oT+sGe^ri;;CwBUV@{3`q})cL73APc&uPS%rZ)CICud|n!X?tT!%AvIH>
zjp1USa-r>8#HN`oXYbw~Hz>DxaQ6(iNmq9Felgu=
ztroRpCgc(SgmSYPhd_V>wjx{3P=`9XnxG|
zl-jrU6(|uRWL^PIM+8h`-!&i4}$gCx&$sZ0|cm
z2mp~Nq{{)=1M3A0wKwe(_#0&ZT7?|-U{HlXca2LA@=)|==1BfrJ)}DGOtjIXSKl9O
zW}*bLBcA*Y^D;*xuKilUXV0EBM>;+VZ`NI_K3^a1ywT^m`)-7@BI--XP-WjBBx9xP
z?^<6%M(^RGy48)?9=FZ&7aJ(=Ohls~^nEHlm)w|L*))%95^4@&au!tyW%eVwr`@}k
z0wRxmoSj};GsUv-Ozh0G<{oX%+oZ?8Sg@#%VpA}YFWKjx9#2E6g()vrh2-#MXzT6L
z$q+}Lg|jU!<a$^}OUKt>Nx&*^OfnDgvkx;9T0e42fQ5knI}2
z0$rP_D$qK5Lxb<`D+qBN;-*Mc)U3czftK|R%Z*rRns3hg>~wT=lk4{239!mruYVi?
zU0Mt2qoTudX%DKl=i8hUp+|bEH(Dz1c(t`AU|=~Y@j7Zc{b1c<@&Ei$)!eZ@jOQDM
ztTS<8manG6%$0I+nr_fQo0u$^zC7t4bAA-pp_{i`g@`x!oep2I)ax2787MzoDWxaI
z0)jL0dd?d4$NeV}$84%ibrcgSzZvUl%wJ8((0Njz7|0HMss%L~Cd*NAs}!
z!}twC`L8uj*L8Q?@VaeK3NZNsvb~;nOqSlyXqI7i6(!15vGnFDJ7REQ$&HA?3W7}J#c%0L2KCKVG
z{|%#Cgm}*Pp5}<7G&~hU`~r<>u8Soi1})+7PENdF-)bdF&ttB!6A^0a5*kP{U{|;s
z3fikN{8MiCQ$D195bh(({l!Go-LIQ+x1IlEjKyK&H6Awfb}$+ELMGUc|Zsm
z_5~fINiYtO#46KOJh`EaH5YoyWukU^X-K%zH)wRUWcBSf3uq0@KH;#4eQeP#7@oA?
zMan593dT_G2n>X`{DUkosspK1`j9d=7dNG<$rdqtkKqh^&u8;*_>2@U8aDdywd;TBXDW>a4eOCV71E`(@=W{1rC2eR
zi8L$vp%2^UH?bYf1PRPWFf-EAJ^GB)))t%boGH&Stz=bG|hCKg&&&l7cxbd*!O(?G($Vd2y}^txbiR0N98yYFe(W6MdG^>x30S7
z4(>UAxUzeHFD#|=smSp2pO|%IWU8BEQEuW9HY1UmW<_LBZLcaFT)eugJ=a@=f+);7
zucdt4>|M@HEgL!8qv83cB4BiK#h9^3-B-FDKN#|U|Hd(0Yu3S3VpS8p|p6!#>Qt{z5cmB&2RdN^nx1Db8
z_!FlX-D&6z<2-?Rb{!o~M_&#V)Kq5WRi|#;Emz2NB*-3i+&;N1k{o#N3Y&cfof3b-
zV}?i}_81X0wQK1a8Rq*+cieX0HeEa2MIc7*OnB_;B$O@=2#Ew5951__H~ht*FX?=7
zNU>D9V41UA99Dh*Ul^_KaA167)Pld0onAw%wfNh8w>U);R}eP(!N3yo&|=*alO>L<
z-Wz|s_EX-j<+|rCL8%3WB0rxmBV~N8K>WcW&phw_f)=G(-+}ucq0Y|bRtcI!lQsiY
z3u)f@DI|ELIY)HtB_o{GEYP~u-~R$AcR0Alos%_Bwg`1kM-&l={?1h&z3Ke)0WlG~
zjvdxrVKI$|CzNU7QF>W}W?T}#U)7l|8m1pE6^gz&Lm8R}vu*g2b?
z=H2@2yunlE_wmZ#jDAg~XEAbB>#t@Y-v^$g6fU1Fe}M)Up<&hHwzjr5D!3D1N<6IN
z@teFgj#zco$50Wu&c9AQx4Q(Cf3f@jBuOtU3uu!gzazkpIcThPNXojP2DCwY%|8={
zpI*c2Al!Qv>b~3Iqaa+5{SCI54Aq0%@sslQryN$vATlRy9Ivg%r~c-Af<}8YTieJA
zHLcka-U?gfWkoZCIu6;3isA3Rm3-zUXTcw}-L~lKuT@jQw~Hgq9_F?GfWy7t1r?R2g&og&|$;e~RGX`aWTgVH%Ha{*mf-il&s2zV3F~
zfAN6C*7w&{g%8ck?55Z1aW%=oFRiN9W;XGxH3qHTs
z;XC-;jz3+I;wwFnt1V-DaV*f8pAvalKxM#D_$9|oP;2YvZDw=9z9?aLZ%PZlmKej?
zMrm8qS%sZa4YVcBwpthra2}vX4^Pib-{m~JB4UkR5h3}IJb9(n`r$qRLq6@H4+4Sv0bV3`01o2
zGJ)Oc@SdR*ErUWi@De@;97?Uxfi0QL7YCRM0%at9cv$3Hx
z=H<|whEDiu=Dad(6~x@m*k%d$BdOZz+WFCvrC8y&{$L5AhT~)L?qJZpE+Lf
z^Bb3Ingi$81o!6GdRc`RQ=}GE<@M6l3dsvvqga0qF4$nryRJ+5JsKC}*udj=UL9WT
zvI{5dvEMbQMSfT()DE~GQaFG6ReUFI!9{_G{D&XI1jfSBTF)LK@Mv>ZVRhOD2yOv_U_eR;gUs0{jQ{
zB93BcW|?tlAJkq70u_9TT*h>&5i>Tv9~=j_R-+US468K
zr`CRY3J>F=Rg9tYTE}ywo1&~Z#eVO`8U$xnYbh?jNiq;=cAV!s?I3@&`~FB}!h6xz
z1>s%?lZdpY-y(&dD?ZyjZU_mrhbw!Pk9Q^&A#g=&Qz-#!$vS^bwhMnN4Y;&cQ~
z&r871+1FXjJ(w!sReTtzmzCb|Sm5M|^VW32duxrOAHI7T8agqTO>eZd3Hn+c8%q_y55E5X?xG@-d3Fj%X61t^k{;U
zuuE1O0+7EMEeS_b3sy)#KtdSdPI(%-ii$YlQQVMYS`9c{E6##c-)Z5lz%NzYuI{kx
zGT*jp<_BE3n&&7
z`W@l89@P$@AQBGZQf)K+zV5`TjYu!sAos?8vF@}N($}VXvQ6Ym9>jrFTj5-CruY5Q
z(;4jf>NC={^P)R2#zzP58L%Bl3DidZyxg7UH9kuaS&*J>URySIH%#DAAdF}4A%F$y
zk|JcNKxbe=m}dC5vOXw^YKrC#u($wG&|}xFq9(nR^=6G#uT?J|M8+gTz-&$Bvg
z>WLR~OQiDy0S|`O&|~R>St?D&kOZKEkp*Uuq0h(=wzVzjh>YUhcw4$YaC!@2*iZV9
zF8>Oi9j+>8frX>d)CRHJz54|gEr&+gtIx~^daD=GUiCGE>85LP-8AWRCW`@^b0l!Y
z`DN$oU_Ac^J9*fabN`sDgf$n5pp}r4LPNM(9XTP~L)`M@J0o8BJD-SaRPUeH=)&tpDZ)y>}XCqCVr_s+E2GiG-|z$S)s4@w$JDxL~LLZ2?OgbPLFpN
zl_qT$trLR;mxJKj56H*4q=^mrrJYa*A(7MC&mIJ4};X$Y(LZl-%ip=+~oQj4aMiT84h
zIn7}UY1rXZ0?N)+CCXzOBtT&h$2R>r7V>I>PBx}x)~ZSG&RIpJ&?S*GPAFI2G6Ey*
zW{gDDf<=w)TspI?FWglLx}i~adagob0(EW4pAvx>b~}8cl+j{LPHH%BS9przYQHzK
zH_=!T7)U9S`{UKzNP>vo&AZ>o5Sk}-t2Ia8Q@5BKG(mL%ya}-6aAUKBvnWp|5BH=r
z4)04yeS#39YM^p|VDA&IX*&O7D?at^t#{3HR8KI7H}-#YW{zwwzs15J#v0hUgjJv5
zuuE!wvq9%_rStl5Cx$BjDN0JJ?6=$7EG$74P9u(Q$BMAF8L!GL8b4606+<4bVZGKV
zwQ1?VJ{J5aOHS%So+pS3SxVU%rl+Rg4O+RnNG@-t*k+)G^m=je2K%+6j;Z@6)N
z_05|L1VnVb($tv#pWT~=sY#gXz65^wVdSp%@U7q8mk*iQe$<4m0j=qN)ffYpKGrah
zFbS$L5nz+iJiIMfM}WzE=Z#leSo53R(AzZEy?@ZY-Z)fM%x-(X`QCcvI=+E^hfDnY
zITi|6YkJ{`bNxJ1avfy6K{;e`Mzd#Fs
zmey977-8O-^hCP=1__13p+NtyF=$&hxu9;kU3d42Eo)r@pWfZ<7
zl$Y8m(3J+*or_R+3Kex<9?8cxcz&z?UZG5x&IsG?m7#P_(~N
zxZkxre9<(RW^Qfcg|U4q-IKfy3yRa3D_XdsW2M#7(9csrh+o*qnLVK*P=gF2l?NIB*y
zF>%L9(m@kvm;;T7X45&>lkzl!UAbjKf9q!#)NCU=fWsV*D)^^pURwr5HJGiXW_Jyd
zp^!z*Q+&|Q3hmNV?WepE5;5#Ia?7%(4@WBZ=VGD5Wi&9diiRp9c~>u{_B3Zc&qubN
zRsgYz)v59NDem--A0TX8ygdzZ&f@+IE0Bvt1pfs-Q?xb4gh0
z?%=v`qPz`G)<>P6{fA$9M@-ZFKHfh}VVugsdy~s@Zsy(^&yMW+
z&aoU*Iq9?2K(;!L5JyMq?r$zzU5~d`Cnys-AM5MWiAOP|v8!pke8~kg#Y{#{MU8e|
z7|aS7Ew+AMX3v&y(5c^@`~=AvZec%AKaxRvI?8aG2k_
zQnJX>5ONJF1g}FYK#;3HSk8jJ$5s^+C
zboHW}mD$hli9wVawz@0fIU@=5?>P*KphadC>xDe%#bm;zLSOTi_j5y3@A4w0zw)b(NKM7>dE4cc-~7
z5k}GT-h3}M@AWKns4!Dk;D(c_?`t(Ku^kfYDuuRJ<@J4UM@-4B-dHxtG{i5fgch&n
z`iW-7m1r*aZm+G{XU3H(obZ?N6}mjed8Bh&y|C9a7m|&ov*LV<kc(t`K$*6hJWZ
zFr(uoS1fZF{T8&8(`yR5{>m`zxVwk3690I(L}z31pEu}8qs@xnfz)06&7e_UcBM5I
zS;f8wK556aPw5H`yO;*WJJj8`o9jIInoF)+Dg1A}c;D0IKmrI^;2qnpuPQj3XSFnQvCT)2I6^r*OmsT$TPp}1
zGhs09bCo<|M_Q(FQ@1WZs$1jn7|BahlM?I_uJaLln
zLuE|gC^|aw3j5#~ZuPJhqNnHG*cRk0Oy-BBM2|Hx;WQO9>C1~(q@Tb;W<#5DD7e0LZOmMhzZSbXu
z&MJJeBheZuxOUh3$m&8_EjS>Y
zE9}V)N+@5xd_m3QvTbf|eszl+23n&gEkR4)g@GK6$jY(G(_`}#iI|Vc3N(rT}h4ZWtGfV=Je+;W9ozb%?jl-zc8JPu|q9qcS)%Sm#+fSJo2FTP)>
zOo7H@QQy9Cf3Q*(IhFH*fCq+7Xv4qq+R(#*!&l2-Z2F73VBu0}(xQU5Y!stN;H#c{IqeLqX7sv|dKUw0``}>7Bm(V$nUH>Zdy^}Ne
zj92&8j8s+3=F!JDWkqKg-wWs%f250|m{HlEs`
zIoYk!@^XdTveuXm+GN3Msra-&Kc0ts*s)A(I#k!;(Qb0Mem=mpCG|yXigM9~(68TV
z)^T8%62q9|jjm6MlqEZ2$xaD9WVbiwl8!WrCYv2_Hy=)4s9e~W_N8G~U5_90^7Yl>
zie-zDcolmKnoRrAV6&VK@It**<8<}%%W13P7ZZs(el)K&dE{1p6bC(&h`Ic(Ga1}A
z^m=D=J+jYKV1!y)lc6u(AO?T^?p@2qZ0iEp@IX>lIySaEWhZxV#{7GeXb=L3fYEvQ
z@L^-*_tytWe>>bHUkFve&fng(hnV77s-)h|($H6*DVJ%27Gea+1RPljd1
zEAq{o$!*8yn?vUjs`kslVn!DbwI>`g`#m?;=SC|n7q*jP$GjuwYF<~OuI_MN{-_<<
zn|>Y|_P`1w17sL&=e8a9F`+!Nd2{#ERJKJ|>8ZK>WP&+Sk2>k5^2Z&ulCBEzyAd7y
zl`U2|jkO(F0y10A_($AY@M%k7wdW^axg34laYKH{7qY#RuvvQd0BMSL#BgZKemLDA
zx<)n-#+vcu0@-_?oAU*=1%+m{gU3r?DXF{pyw*x{>$TI^gJ;6;M(OM6UCX~O7h*3i
zk(p`dSoTa->{vFKISv2M5u_cI)5$Qzey(jin5*@w(bCdVFUz5v9T>pR8q#aKZ1iO<*2cla!mO=a1O3?Kk#
zU6H|FUmea4bAf-Qr5dRYe19)_(+R66m(%>3Y1T3iI5Od@p&S%b;UwAn)As7I_dV~%
zyUF@zJ!&dtChbg-LP48rrSpZm*_trOz|4FDTF^rbd2!fvB3_M;ZRHVH*7K)IBD5Fd
znJ0v
zc=Yy}g{skTF+u!s@Xg>SL($&=s3lA3r
zJOdriU(NJ=vz)%nZ9#>A=HdwGU4V#UR(T{L(RP6}o|$P7^}()Jyr2sOi5Ar7h36lc
zB3Q1mrK^Xg&OcpsSd4zDYSA9-Tw!xvTqC-^7o$0tp(5(2Ooa?Bo>LrU&~}*F#`Do7
z4Qr?IPsVnDctUHZK4`W|(QYl-wk=Pb?y8<_|0L!!yNkwprKQ{&8auP3
zbh75k@9_SBoikkP@szXh9hYY(={u$$cIw9P_>04k2wD&^ZMPw`52dEyMB=6!f+4ZTe6
z6CSRK
z*~vg8kKgkoTPex8E<|kj29KwOe)Q`rQ-PDJopuM4_S5)ffs+U8A*L{ODev$WPMI!!
z+Ag0^#?ONUsnG&^z7{=XGQEqeOD?dER
zv4t{CD4iWyZkV;|st|4@cuZGq^?9`3`buCl`+A|YFLk@$BaP#ETE3+=9qq0j?819AJzj4rH{UuY;kZC*pr73iRj
z3Ik*1AGv!A0W>x%ie2S@ey&Q7=JfIxrDV&%#nDJ{pVW;Zm6$TlRl^n6UkQnLY4w{t
zJJTmtCjJ`W=J2oY&DuH7dO3
zOYg3m>>+v<6bBa9!7k^|MTSH+Jowu+Yrh=e$xDt0(=Yu418X&JYeH0ZTN42jmYGxv
znR1zc0DvxP5IRGxG;-D}4F7^bY)BSi+-WuI%LFV7^cQ`ks!9$gF45i)@g_2I%8FO1
zXoCj9a&_l$dbs0oQ_()Ke=6U!TJZ~+hQqDBvh6GB9H_ND42SChch##aj34_Y5!&@9
zA)?)02V5_C=9gs110y7%tP+jEn1RA{`{wHU61m)lu2LPZIZyeXBusuJqQc8
zb)oWWk42Jid>8Q|GP!i=5_b!p4=;|P{(H&u*&7?uzSr9&3=J=+hu-Yf620?d)8W=F
z9)e%DXK1}m7;5I0<`dlJV(}+**PlJ(IqW8;a9)VhF?+VY<09vLRP;{qUCnK;A`d@>
z%hbxAr
z#;!3flZp3@M+>i&V#`t8
z6N^R#hb5lk-y*^(PGB|||5`ef@4|>s41S{1TYksS=;G16e&-$3_jfwIHatZ}*XdGF
zXgpkT!iQfl2t9o`s7lUYw?2xE9kVf?mx%Z99ieX$PGhxa-Gb_M!LQ~yxYkPF9u100
zFEb5Gs`}!2d3*cv5*yO-QQ()pG`U%!GIoP4*%GT+&Z~W>+Vgzc=g(C0({?D|bnSn!
z6|HBwFoyNA$6N8gp{$!{$T(6{KbOt!+;KcPI+1Jl^O~g9l@KvkdGUb#kt#G<(0M2w2tBT_Be{i`tkDkH7XGHQtZW+l4|t!h#o8C+xU{N9(ndW)mi;Wn_@@cyQ~@pzB(p4d4Jm)tjOZZ7Y|9|vLm
z%EReLuQ``0v);@!%BUf&EiN*n%bD+$>7}lu#4VGh?2SA`)XXx`LFt~f)qT9Y%Ew|J
zEiX7=Eb8$L+;IY#yULcd(UCgqVsv6q%V*HQMwUS8xn
zx>dtcSv2Q!$u~so<+T$v*If2>c~^p#*7U55FTsr%@c~t#t4;G}152zWXU6Tx)+1%fQ9`g=%
z|+^evJDALi#=HE3Dfui^`feZpL+k
zg+Cz_JEuIaBbmf~ar@qS^Z8{_?-;=VF0%BX7>3q?x01f&(Dq!B@-8$m#+Q9`7o
zJ4OTrq(r4lN>Cc4V*qIc1f;uDQew!n27SNlJ=b^spXY}P-AjO^mn_zwUx@Zv~T&D($ZMIy)}Q`mHI%J_^NnfB(N}(Q+y<7
zQNJWuieF`9W#L7(H7pU1V@uOA%XJbn~y-2xxsEp
zAN_75u8ql9h(*^U#8dK4J>*#Pz`(oOFpxiP#^S}qilT;#)ehbm674#s
zzkZV=l5?`}3({zP?ZtlYfe^x#ewCYI;>e6_H5bw7F-DK{{K?438NjL+b}ci*X7W0R
zhN0rCrFT8vA~*E{IB~xEu&_wU$gtZ?HGvXAA&z2G{W!^6uS5_lNZ{qhGzP=lE9t?DXWTaz&ZQ(d3h8vk#t
z58SQW-OKHmqxmm6cVzAntke(O!0Dlaq$!R(rB1Vh#y;W6VVWm;D!$)rJdH*p0U6$O
zvUNlLs1y4MjPZK-@VWWJus5Vsy)nA!$H9a2Ge04>9Dq7JGEw-=MeFjoWX@Qx-fH}?
zuBeOYXZ&Pa-}*NPm_5^YuCVY0D$Ra!ilju73g+@Q@YDI&uIHbWzd=DxQ^E2=SkL0j
zaOn7jiGr|_zOkRvb=x|#((!o~bhW>P(irMKT){ydn<;tvO$|o9UT&9nEUq%Hzn(l?
zWZJot?SY=`#(t|d@|f=oPr4Z8l$=h8wYXbkMec&?To2*&h6|(jzvu_dS;~R+6x^##gtcIj4;K%UVC(Py9
zG8U&d81Q|v=7CnDGsoDuC(Zaq=2pvYzf~$LylNa81$_07)FfYDXCO@wrI)l68sRwh
zcJB==D&~uB$5XAi_>!elyiaYi=y?J@{nTg~k)#9L57Za;eKqtpCSR`|N7Rx`zc6;5
z?2Hp~pzJ(xz5^$&R7bfkDvANjn6-9YiYV}#B`86*y*NB)FELybE;Js}KRuW2
zs%qc=j!)$n8&6|^JEd40Dem9(7Vay?U+q
zyx|MRTgF42n}y}#ecCs1%y1Y}v$BFJdl3_2j}*EG=X>&X?+5=L8Qii(ZWF)BcvNTo
z!q>4V)qv8loEUBttKVXJ{l#%|U$LZh8LeWbASvWVLn~zXWQKv7wl3cy%q@DkWf#wo
z|0wkfxN&X}ihA|C3Nu~(5_8o-EZ;)c45l%yj-dH=mb!?A*c%gDsPYZ
zk5an6{2qScnd=CCa>QZ+_3&ezqRFqk;m!r9aNf+?DT{zg31qOdqF@vg4?>LL*Cf9p
zn0G+RI^!vJXRDCy40YXahd;MZ4bF~ZKo(m21Nh@S`0ds$)kZkL_
zP$Cp5Y&RT*`Ug6;hlH`}aw_S2UJ~I`CG!){DV_w0pb0!0VlhU;0w({e0_@oVSy!4(
z&l~KZJd-cYZlph-XYUu7wVSgd>!jwTWIdt}H+#bc=fjJda&aVT7=EQ3CBja0^LL+H+y})-<7&S?GxO=5eeMn#8
zg>Pm~(u@;F@PDUju*Yhk8nm-TxKTQa+3aBtdL>A;Dg`dAMR4pP>0w@oxM_S_mUHz?4%;pNkl@>sMIQ@?1KQN*5
zJTfYe>yDjDzE5}3gD)n!Bf2weP8aUMzs2HwZsJ%erC3TT#E+Hng?jt7i35#g-`=OC*_$iM!|>W&0E!kx}#o2f#R~&5P7UDonqh7
z;mg!KrNt4h&Bn@$#8M~GTf$}(Z26m`4fWsFnosUjy=05@y4T6qA-d>E9o$%x
zkqsyi4C#19mg9fEc5&XIev6~p^p9uwe6O{(N3(BR$IMm<;?7+0T;OWmz$~7}!R2!T
zgwj%}1W>a3f0U`75jbKg#{({Qpo%6v&I>8-+ljj~^Ob$s^PjSvZYX?U{m^weEAjj~w7`+j`+F0dA
zWHZ%s#jEO&Hlb`@kYF*VQ52uvnULwknmz16ZFH^#B!r+B{XktEGZ%Gnq>K+UM5eV`
znps#Tb+iqwjXyu=Zq3F$uXxP6s8!wJ7JHlCJpsNsi_s2nk2%sMlgBHM>)wceip2++
zjAZ-N^U;8Hd-{Kq`a=HxeEk35-bA`6_1Wjy&S%WCvS-~KuZqu~`4M?YKR2E#=-|@r
zAC0Z2I#9%iMV}*Wv>~#iX~E|)atF(!V9!Kh=S#I(-k$7*s7@4_WTsP7)o2}C`lj)a
z981yC&y%{gsDnl9#*vdpKi}(k#fv&Jf+``VDZBuQTK!67W+}S6&@g?1{wN{7&aCFj
zSL54uu+=WR)>j^kKGfxPqVdmlAS7Fp7*R_Cqb-kdMi@`~e`C64^?kVywX|e9WUbHG
zY^;9`$b1``P_uR9PFaD^d?*uK9JW-K6Z6J-UPf%ZI)r1(iE-7Xuyx-w}?QrAHn!#r9>*1=tGNO_x6+HrS#sl**IbB>$0&OZPb>vigi4u3Kb(AsqivI_o6lH*g?vBQFq;w;TVw-wr+
zm5}uavXU1*jx1ymhC-XWRYSew0_Bq04D*80ItNC<7k@l!=A{+kMiud*>;B6c(Y4UT
z2OAxTGneS~?eSTNUi$w+UmYq+Dj*-O(7-v+@1i(PuH@0W<6kBM-k$y5P;^+Ax
zr9D}T=zWAALry>MFa;Qjrq$8}IQf`JWa&_7(Y~*2oA&dsBsgUtzXSzJACQ=t-hct|
zerkR!jIxU(DHN)eXpuE8mxv$f^v`+=SUgU8O-GJ?d0-pd`lg`UGl*&`ouYTatxlRc
z^24cEZMh=N$=EIIQ8}ep-SSx53Vj1-gTY@0GaDw=mUqwNtGIgsZ2hK@gPvyeg4OYQ
ze^c42>IV+((l*-;xjIwsYljgOylmq{LwD1uy-Y1e+;GFckX~o+HOUN@DGm
z1L!0WaA=^`4&rbyJ^md~8=xmok~YHs*C+c>1F>x
ze>VQIrfk%>=u@Fr1SbFVO4U-Zj8EO%v^(D2xTU9Z@rdi{eQ-rsrP@{g?%VhAe!E{F
zCSz>+4k-ang~w$Vz0zAv_tCXA5I!77#T#D?fa?F|QJd<|T|ABlC@S{5DNZ($1Q
zqK2ecW69g41~eD%*3*-F-#e+aGpu`af)Cll1gDNHIyv8a7CVKPr*{^Th`W6L3BtSm
z+|wL|MnP+#Hx@UkhY!DrM@k?B{FTQ&C1DA~if2%G%10XKWZBu+85v)JKqGv382>~{
zPHqQP8_aPj@?RVDOCRfa_6I@7a#QTpZ0_-g3hp&ogO123l?q~wsVi8)LzrQfaD`Fd
z*s^>7)|otCWS4_6S;y9^)e)cJu6u^L){IbRSh-7_+3r^Rf_pJ8e
zu^{H?Hg!t8KQPl;IBS_4BA{b|&ODicGT1Y~LjH)_Upv|3@q>V1_#H!QE)35F(ZO`k
z_JQ3A!1fIe4qV4ajOw^PUCjVipO>*7bb2xG9VQud(rjFsyeanEAlln{y!eVN+~nyM
z91QCUQIJ}iqOS^fTfScgfp7QK$@Br%Al<$)oF0<#0ciP45DK9TTVJ
z;W)cs?up<>2EiL-k3-L*e!bWzTw|Ytm7FUqxuvO^Nwo;oI2ere63k=1^?3CaS!PB@
zUdrGRn|@ERqcI`oxW3SMU8Lbq=J=*gLV)DpNuBngMuy~ReFVN@8L5Em59`zA)`J?Q
zuLlU?g|k&vTM;T3u6e91U+EIXe72|6GcTZMSuF4|punVtSHt|TD(;GVV)BU*
zG4#_Q8Imf7)ba4-G~4fjzW^MRX`-cF{`OyvssF
z(#O@p%mghyavB=Nbd_)o1)%Un!c1^KVMZbm@(+VQnk(o*<1&{u$(i0Mf@*KMGSt`uXL4lp1R4nD_i-wwMUGH;PEAdHQZjr7
zNCa%RZ&!>>MSNy}$~ACDs3U3cumLMC@-i$L2B7GRZPmVJTSR<3?E-~tf_2Ele%G(X
zf=k+*{b6g~u*E=pqNW^BZ~$%9<`1U3<~fik(2N36*WLkH7Ke`mqW4TpE~0lnm|*D*
z<&&x&BY9c$RR%N(Ukl$d%VAWXH+pW;aD-A~FL>6SV`R!j?ZhXZs9IDUQmgxoKy|DM
z%U6GcLeDP_<53J0P!yrV*={h_)=>(Xm-|rfxs*{tZ7)eY|k1$1SAVzdS
zJ*f+zg`G(U(Z{7WPbFX9RDLOO<^iUX@3ylN0D>5RkHy95nN&gCdwht7LExL4n^AnG
zAzTEwSc0+m(3sshZv@b-QoLwUE4uYX3H_FygP2w7EF@t{31UEoZ`g$M8z}jrpc`q#rg+KD_CE#i)rH6aJ=KbIqU>4Oq7mWIslId5!$0
zH4wgA=&pN4HK-!&6@A|s9N3H&CNAA~b&AZTJv_ubmGRWiLgAy4!27g1fkp(lM*DSyPzI0-G$|Rr!Om`Y
zxVM3YcUAbE^O&n2;MPF>kh~htF9@8jr_JwL2aSQi^0F1zQ`R6#QAx=dI^AdH=L?_I
zzA`^(Zg1Bdf6orgnT@~vNW+G=HJh-*6ciPycnzhphk?i^uwDwIh#i*u@MGJ_GXigN
z_QQynv!TFe{mL>_SWrO8Yj{3Z$U4W7zNtq>haj_;TDSz*O~A7ObQi;|e(VH0nSC2(ZaWsVxA^6$YZ8hJQcny`6iGr?g!Vi?NZb
z_Gh{0&rlXSW{s2OO9!J$>|^n7IqYxhueQv^ad@>sUTZsCcIQ6rn7jqxyQ=}|_N`_|
z3rmn8^GAO5-t!k`g}eEo0N9
zAUnVr0oE55FtlJVl9Z}3*`>m4)B@;0hsA9Hj;Xl#u`ltZ<1WGvY^phq)RHIs2%x(t
zsC=`5z#W!^&tuOff*a8R;p_4W1r)jNn!H+m4rf0WAaZbl-pggcc?NNX2;CQDX?>}^
z8{ZzF%*zgiu+i3=!rfho*&%x3AdA4NnxF*bLtxI@7Io?XlKSh{!+*@Es%q>nx*t?6
zVR$ki{&Wk^K`!^Ee)&g`$e5tdbP*c&)Nw6YLgydgRIJb`9lfE2p$!w4X!fzH<7sS9
zxJk6{P9l22`OwA1PXUvAEood3{n9U~3?q2%@`F4)#Gpv=@~aK*FZ=rDxVb)D@`9
z7?xR)nReQw0J>hwz<>@s8NRV9%olFKyd)f(pR!ijIy>}O9g8z*+h0%&mcC0g^4~A3
z#)m@M2L&qS&X6tF<#|B!9J<9;FBe;N7+H+DT^7tqxn_L_*dBw3%Ghl5c%i_Fd%-x8
z>8E%dv2=-sY6@m`*X-RUoP*`RZmPG6Bg5va`L;$A*02E6Vt2k14JGZ$B!guB`>Y>s
zyc-b(e(bd}O%1CvL}pjC?
zT9u48!ZL+eq}~TM1LTy%KlP)b->YuTi5~O
z49vOr@CuIo`c0siN;4pH^wp%Tql5L%ohpU1hA@;3NV-Aw_4PWkA#|C+;Ok~pRnW3p
zw9&q;ot>b_yLR$5&c~b&J~xQbgWYBVqX8H+kJHK{I=2M|mLlo^R^ZTFzy8UzGr@Zv
zNK7Eh`!H5=zkd^0C`UV}Go=}sk^aMx=dH#Wn>cU2Uw^PA!oTb>feBHMLbV{clf*yDtDR^?)BKe7!VE3HA*
zhq1+Rb~+Nk9!#+SeimCo$j0)8A1wqa3r|dJb$ff>r#P+*5T$fAgR#Mk@1hI!8yFZk
z4XiI!IAO1J654Q+MgE|`QI%tYe0i#6iv0^5~b2GEEv|EgE$jfyw`IFE5S4PcdF6uZ2
zl&vo&P>_*nD(c9!g}-}O1H6-v3QwS`8Z`znu(74LN}IrDZ$T9PZU)d7jjn{|g;O5o
zP>ya1*SkYeEgA{<5AEhfx1hXJ^QZE-{Jk~mXeW1xq^pg<7}ZlCbqQ^VQV7e4POma{ps+oo}H%jb;G89eOolZgmASxP)+YCL8tJj$T#
zJgO&&wciaq2Jq-C#kmP8g%t?%o^C4$W*I#GU6UR3?2WTna51jIeCCDR#6y%fzb@or
z4@*Za&nYz`J`Y`vBQqD4h+7azS&V-=<3d$A*1CHyG=0fBmqJoGH1v_y^fVJv@%Nko
z@zN!oRK=Kyd6uxbI`bk3Q&hFI$YEdqWn8Em1yh?1PEAccDtSQ*0+-$ov}uH17|%3^
zdE+)01sg!&MU#tb7_6&Gd@Jxz&!t>ntv+}Gs?AaSX6jYFf{~wDZrlhEv7dYQmq84j
z4@tBj99leHhkNX8kYfO0QhB0G
zf@%XqD%Ajbhna&dpm(BfL4!O2p8)1*2*gPm%!{T@qbdfVyI@cF5Q;y6K%;m6zVgw<
zj7`_JNt>U=R=Sv889L8z1%Ko{Ki+#!(vwW08+yz+?K_m{InRfcl@a0cE35oX1Otz?ZXFK6BOEw)7ky&(OD7~t=IeUss@a11YKcz)QVtUPIqfHYgKgYf>
z1eyfYPmA8dT|pOwTF4~ooiiwQUR+|AZ!;;>6)uS@3*dHg{6byu|v$y2cqGr>P-oxhJS#nz^a9G?C=
zHJW{_Fm`?229OO9+Dpmb91}-+j?LAb6m=|bPi?rs@ZM5At|8|I%BkkR&wiCD9XjwY
zzdwERu+J&dti_O>0-p__Eyy|UdU<(0(FdP^4ac`N@Gm4}*m$Z<(5~`5jbSECQ9Ug3)AgKGeZ
zU|b8G7-eE-(^jWMC-iyQipKxz_kn@V0PaA&!yM;JR@O~yLOQ&fKZ`w>)*?tvpcE3p
zrLO??5ncnxc#~Ub=m;``b`^-Ic}Tf6nXey>nisuKNKk=I4t#LUArSP!cqhOZAvXyN
z^KLLStI@u`83?^dFKf`w5Mp@K5CP@LsJpU3UbbLi6`8t7Ye
zC@^Uw2i_RmUJCdRW>(g-Ja#j3!28wx9kRfp7{OyXz@xtq`3}CVi&27B)X>0G-_)di
zTLp-`y-h4LuoW!#O4tYUdiXgX{q)Ug_C3ka^ES;D9Ga
z$MfXwr(8m6et)161gm{~w=u572lK|*+d}90-l9r7}Sdca(C;bu{lJY_{#{JW(B0g-%r1Y>f8P?SvbR`@L!eJe
z3DQSc1vr?ZPAhV-eaQo7ePt1}cYc4kP{bB)knUX#YCkj~a
z*q?J^ApCvuM;;m?F@!I*qt!X+&tlgoqrDT}xuG)6s-F0&cU(H=RYt~j*v>GWJv2^+
z2ZrnZ96w4S;v~lf&xxhk(GST7X6fK)^tx3NG0B`aCko(ab@Y@GDM!)&TV+$6_6{tp
zb8PZb_a0(aJm1VVfHSjK0d5|4=RYE(dUlQiB$8`YyL8aJAuu)?_wi#rw0oZ0_Kmpt
zSUs&zK}AL7n*23l_S&Vjrp)4_Kz>l;yN^kd3XE~o26Kg8jL5;k2zP>P37j+LRA9lF
zHCmUI@f?_u3@%1{umjG|v-X%8`)y~ltR>hA4oHcyU7WwWl_;z+xq+n^3tVAm-D_N4
zO1#wcbUvW3f+vR%3y+cq3)US3B7m((03D%?UE2TS4IUb0hcn6I`1`8!?7QoOwS#B(
z?r;-dW|9elMD!9oQCVoT9xN7|EU>fiL3t?g^qdAwpnee#eib@`VB2Qd5sg19_q|r+G@DR16b5{ma|k6;?5^s{jDC7}q_|sx0YD+_U03L@WdNLl=6nWH`8O
zHrdlJgds%f^!1rbKmPS2Vb1{MXZc&5Pjxj5(;)h9pC{Lo0u<~2y7+MvEdMDbpZ-?v
z!>9j$|3R+MgopAz?fvF&GyPnr_O?9|L!pAJJDI=9SJmD_`Sd47fd~H_bPQ)omw)Y(
z=MMttPnHF!w;lhUpcs13p3_|t2K4_Kvl}hh5j$=`LWbQu%e!)&9p3Ru^Z7FDUE1H1YVhrRq#OXmO0-9<56N3Qj-lZzMZF}_JyWBd5eN6u(
Y%&<5y&jLmuU}4Eit4QVCfAZ@80HsHIM*si-

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-exploit-availability.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-exploit-availability.png
new file mode 100644
index 0000000000000000000000000000000000000000..3e77bcb4e1178df19c028f16d304ae40d46acfc4
GIT binary patch
literal 42870
zcmeEuWmuJ6*X^c}Mp9D1KvG0PkP;*mq(eGXN=mvxxtr=sEF&04zFQo8ssBjPn1ip;4gc1UQS&l%UkYQuOGpX_z
z;qcEjYw4G^2n4}*8L?E
zLWQ~Q`0`i3tCRo^FA+NWZ5)$Oc9s|oL%uul-zO;LLbFWbvtBAhQYHu(H
zhlWz~@^DfWu*t~C5MH7;O%^^1y&RIO{`KqGk5>;=R8&&Fe#Ogrvsj@0fD!qTmMxW8
zfh#KUUmt^%nB{^0^^qfIBpUKx{|_8{`2YL@Ws40|qQ0oe`1tpbYqysc;$?x()HiJySPkuN$u80Wp9z#Fo;F-9Us?Xcia;pbi<-^G7kR=K-cs+l)Y|v+8sbA#Vi;#Ehgh?1kHL=+ar%47
zu0MYsujXeu*(~4RUpsPZIFrs)qIq;K_#*M~wV+#s@$s75hdb@tABgYYzwh>SFTbE<
z&2fL3eze5GJkf}az2N@U1xD|{i2B&nN7tc#mwu&}pKmCrs|V!evG_hoO;e75c(WO^
zkg+EzEG@nM;4>cF2{S9JPwr=D*4WVHm0w+5ZNmjx_uZVZ-&$CZjhB^{ZtwNf-GB32
zBQ7qk-0)gZVBm7Hil%1p*6`OSVjd_{pZN&K#sm;vg4eDcpXO(7@2-aD4rGZh7-$(?
zHClf;*^{s5yK<)#nd5Ga>7pif<*uCKB~>^GP5SV`OQ_CMTw9wBVuFp0o%s5L>q)x0
z@?Yip6`?x3imHZ!S2Sx36W0#G6Uk7Cgdqw)YXdLB)Zv@g1{o&l+x9udplO)Gtla#rliF9
zB8flT+Xt(4aBw|x_a`hOF|l!9%aCfMuH4h7Pc_N}NF#}fw>SFG#C2(Kl)06^h&U2(
z_4O@JWU`i5R8V&@@$q4qH(k*w<&qu}5FBg{j2>`5cmO-A)0-YZ@3Oz`Q&%UrIr&@?
zYlL8XXU8vPSb8&NB3~)D{OLhPW^hO_sW%%0dK>qjGV+9>*yMM1$*VNef<3M4*!d6vPeP#T5c6Eq#dw>7^Wvi%iC_g3zr?%HuB}^-Ny+8@Z
zPtnn{%k)wy+1UX}4XAV{e-3vSp8x3XmMro@m<;ZPlF}Yfs1<2m^A^QmV3PbcK0@JK
zQ*(ULD+UFty1LwI_s{a*Ad=&a*yO&<=dmt(CSQeKZ_OYQ9C)`64;9NV?Ck75L?(qZ
zi2Hv_87^CIDhSgn_+w>S>*{Lst&=1rt1$fdc>MSvRYC0NjLv$?mIC^|YCsye^ZHsVFHfFA~~h?lpwSpKK^WZAkyq41#a
z_F)UHox^ckeJiUgiOya59G%P4%^i`27jv|BEB&fFbBcO;^i({$PaHNUFt7;eB>3dz
z!}}Q-^D?0=9&O%Emm(Aiy&?Fb&wS1FXJ@DQ8?`%kbQ!~B#F70+Pq%=|Qj7A<4Q*ARZFlRO0ezjPScK5C^LbMJO)qG4qz{#~+yG>f3
zL|Iw8$pPPS^Lx6wDB|PC>oyl-s=u8q?g-df`xO+>T253Gl<-ptH#RQME=8owGzMcG
zPfTd9Pd5=dJ3AAZn$7)A&YqoF4!q>V^UBJ);~x;(OgLR2w%hP3llXO4rj&41}Q?Cb>{
zFRFNwKVRLe7#Di^@})-2JB;&-3oh%K6gAckk!XhvS8b@g0rVbT5YM`wxzeAWJiB#0
z2U}JDqBuQCff2scX!giOH4es$xwQPj=qo6!nY%vKCPhrw@`IsmN9W*;l^X<
zkry-qPKZPSd&^=U!wT1
z%F6amj#D#6VmHFpO!6Iy*Y4M>yJFe{h@dI1rt4@CT
z#*1&XuU@^Xba`}{TW&r*KX{fa9T?HkWZ&L7w%{2*QhD#s%Rkod94_nL=BmD48!w_q
zsNfSvcPi@YUdlE;yvb;G4KN-)6wf9PTF0oZZ!Il~D|@F|QGzb}gzLD|A&%3DgmBMn
zI=dKObhPy?EW(N>o5Y}!a)#Xqfm~nRZ&Vsl2&j!0=uQ#}2~QLlIWy$v<|Y}heA^yI
zJ+g+kQj|2Ozka+kdNE#99s31OU7b%h{y{}|XI*LOgNdeO9Ng#6+n7<9n3$H=sAr}c
zUa9|1n8}ar9W`%N$`8i&)YS-kt@@%V<<8dOh?y#}3p&;Vp?5z~|f>67liUa&qop19YI4RhMshp`9Hu
z@bM824{KJFQD8mCeLnhUe15DVpP8A>x3ZEKsrnh47*suVh)(?P{J+*KUG5{_@zFhK`OdIQCn`5FOWH
z&Qad&17DPa%9f!ad|h2#gqN^8>g@cy4`4CBF^U2Skh;guTb}V$p_BFU3kuR}EN~aWL793l!v$D3*ONB$>nGKG7B_JTc%)(-3
zqx(v`7Ci#4mCKjwVRU$+X0A9XL*1R8{Qc3mx*i0R{^7FvYWMYhz$%$46|>w4k}2
zb@5@Z4^Vr%yBIC}B7;KGUSY0IOw^0p5l*X2si#dW97sng*s2I6>h5e`47u*
za&s$3CdC@_)gP|rS0{Y(-Q9iXcK9bdj>r5C4h{}Nw8Ua+qQ+@^1_dt9`@?K2>B#1C
zpUBPF&gfr?$^N@vbL+p-j8|ES>nBf9^6MiAX!sGIWrtsl@oeqn^(wfPI&t;)_uqdf
zflbb#?WLUkf}vR6O55W&6T_=BmUI5Z!#%oksJ?32^NKcUYlK2KX>xn_*oNPcD?3S&UmzQVCxtly)`>?}Mq5euVP0ul0tli}mbY5rsh`eo=Q{
z=+Axs>14miHqqosKVD^#JD}WHUynz4i%{RhB*!Udh$u+k>vVnU)VjZob*z2i2ik-Eb
z8j)})o8P{FCv9tc%6yN*`}4^(Q^x+mL2CX$=}PSvnnVRP&EWF0+?<@8<_6cFP|f|b
zV`I~@bqx#{HgDf;&2-1g$;+GjweVb{>JSSZ{c%81lMVr2Rrv8r$APr`b8!PPlwpr6
z+IM^JxXwJSj26F+*sRPwB^7qNlP{;q_!NH3mqeXaS-pEi*!m`~e6O2cLq>9>bg|*d
zgYO;F?V%%Y4EyHf4Fnk
z7)zj)XCC;DVS0;tH8_D-ue8Wzz5x41NS)jA8Mf|8{(BdLhA>?V3f`b%0l8JU)4MWzz-5stqL3kLn)
zgOJe^PV*?uNpiZ}#>j^$A#e47_^EEs(OQUH!sS%cn>r~ra-+Y2L>ZZxvr%m!(PQ;I
z1IWhq)P-jpTduQzYMx&6HZnX`UH5qwjL
zeCmChR%{#b8?aFl$nsFAQx`0k!27MUjGB>&35idT8T9MdFN6w4mhj7Z4O1<5U{Mq`
zhmQlfU%tLQE(AsPimO&Yz`EG6x#91tPoGGc1n*L#qRed0q5$G*Tc>f1`Uo3uwK
z%$IS-7!EFT+4q}Sy5_;u))7JLmmRBK7Q=U3Rleg*j$V#HBIcT!8fG?@CpI=*G45yh
zh11pH^qv!5R3-(+N=!O&e2Tj?)Pd$sS`~kaL4F=_R|%t1AYpgQnGXD~ue0
zZPL%4eM=HDh~u%1N$VH-(bG{0lmBUEY_Y?nz^CX~gFjW%H}BrfexWF_8r$r?)3HHjUMZ=&-|wCaY03gT
zGA%rV&@?eME$!eYRz&-1@wRxoHR8V6{_|>gRswp@Y9gS(E~L`~1szrcg}ud0jLk!q
z&YHX?CTL#0elzq(9_H(rnkkL)V-hDPrw6M}8Bm4nl!01LyN)wuqaqE?_G3&zZ{15jo{72L-PBNcU^cCs|
zx}Ba-Y%ebcZH!m)o~G!ksrg%I@y_q(M#b@);?U6M4~MbbGp!}TL;#R6Y%8@weorWs
z5ayFqqSu+PnOUulZ!gY2;N|j;EaAFNLb4;u*fN=MtGc$P<=eOGE-o(8)lpu6{z=Kn
zR56-<{jy#il(Ac#xN)IJi2#&=N6An0?veH0BL1!E=aTPsbwX))s5Uq0tlzzBj|(u@
z7|wp8*7wS~c`4Ic+djkTJQ3(+G#Iud}%wT^z+devQ+3btysQvj^qPL$t(D33eZbOmO|IFSMe
zSOw|2WPd{8b0Vor{@~PBe}jc!GRSJBsEzoHI!7-38Bv%
zW^6rXKYuzBSKh_Day|3ZD0z2#ZhpSRwF$LIMOfwb&12}@nNxp}MBmMIjd-qN!5
zKGY*cM(3R*`o>lf-HCP0O~&#__82N8QAql1f1?nL)LxmHWV%kX7*4Ky_3KKu$&oN8
z*c|@8VRv-cGHS!wIyOcHgd0SSe`O^B^og4)#81?vvb)Q;d(RJ5fQ^FQ)HgYv{WCoD
zDvMXR_nViRT$N?pY>&v*cP*=nqP(U2?7NtRbniua&ab_EiX=R&=TGgSGp44bAh_lz
zoz9%Z)#c^yCBA=;N+V!LB(Cd5T-3lz;^5$bjfeL>KcD&%Mv~I9GOo1)KIB|C)!>@$
zm@Le1yVxTjR71roFXkcq`0?ZWF8j|%OJ8#j7ir<@P19}f9H>4sI%VaaneD@;qno^M
z|4T(1=5OFUMjjnCT?$0}{rjqZr#->i(J=ttWUMS;eoh
zQMi2dC3d~-5(niYGg26RXI55%04iimJkQn4m}jq*SztlTEOsU2eEli`{Afyc
zQG_X^Q+GGP@bEAt*E>?ctE55)R0A4GL+^cjxD5YFkB*M&fBPO}Vr+zFBP$zaI+BrD
zfG;OUtfG=v=m%tgtejlm-TOp+K+*r`36Nm)=FiGgRCX1}0+z^neUz*Ia7_02>lXUr;vyxF*+UjqR-2REY5eM$M)$sk
zI>!dwgCX@xfAW3T#;d*MzE(n@1Ge|}e3Fvrbg8&8U%Yrh`QR1y?(S~hWiPLy9<`B$
z1wNpp!v}5SHDB?fN!~}
zpy&-$qux@F5me&Yl?6Y(H%%A~0X^PBLKU}o7I8S4*(4Ngh*j2{j~ipZgz`QNu#PW^ODIeZ=@q6$(NvMlE=w%BqclK^W!q^z=Rtw@-Nn`i+$vL>=Gt
z+xK(h9+;voHVG2e)I7@h@Dun#0w4;0%U&f-DS~2>N4Vu~0mEhQ$cWVLWS#wHgf@qi
zt|fKx$adwvZbe3t!nnGc+VJw8osmWK
z7<6PWUtg#CqbavG+l$`RRt1)5!>y?XN^S=>2txzNC7bz<`Sydg>L{nB$X`s?gYG-;
zlHR&~$ME9xfFJOuY|>*40Unq5(~}dU!JNM0s;Z8h$n@TPbxv)fkhO9y+}*tr$1Pnv
z8h-3_$*}i;79>Myf@1H=Hvf#eyK3j5qO6Q$YE@Lwdk0Cy`jar~YvudRtgu1breqoJVzXl&`3rbk#`oZ2Irqgi7iAXKf4
zN8+J&<$I*J9zD4eg`|ai0`RuxhC!1h}z`;QkB%hq0`J8m)mpB$-ijrCdrU?{hAbm*1
zZUg!OUs787UV>4~Qpm?3I5-5l$ExD3|>V?eP?SM8UOM9<;B@ZO|Ikh&6&-~I?B^IqRb7XI0xcrriJ6y
zltuYtKpQ@ogzb?`0Z6?n6s679<)
zTg(8M%76a+Dg7)@5dZu9-!{v{9-$HHvu~}Dai4sl8Ih8b
z4vufjLAOjzWng1xCmSE+d8q%^@ar$xHy<#f0(sgy!si8-lX2Tqr1>Z7nlSET4pvsy@~vK!ot-Kq
zi{!BJ*5K8vP~ev{_p7vWSX9nEpp`Sbtg2%@&0ESXl!2(bb0-UU8l<{~4BC&e0YJ$&
zPfgLqGsPFIo<(mifI$DnV9wOX;o#l`)*BqI9e
z&7I#}>_`m?Djj?;=&mGHb92R}^O(M<GObN$M_`UkMsBGbY4MP47K?_zrP{`PUeg9@~kM4d)=$a$gZ6>9+zSDPNdy0=bR#jrA&C!~`o~-!(QqxA}V?kcNSk
zF`)%JyULGO_p9y)RD|KThk4%kMukF-ABkO3!l$UMg8mcj+E}XDr>6!ExTyL6;{{M;
zct*V(mYtay2E+kUcbVCkM{|s@4DR_D6$ME0y3SL9tOktu-d&G9-*ZTtt$Q3uXT)ts=iEUgJ3vQ
z$78-d8PD@9dB`#X@DtyOo0YL~08DiTK&?@VTrLP$gvKkE({pp4Gpcgn>{ANBc$dMB|Z(ssTGwt*n#Bt?b|o&
zow=tO6LkU5h3fC?i-zo>BXo3xGE3RXh(HG=?Q}H-yS*HLyqo>ii!sg4h0cW
z%0nh&KzTBxs3X37NsNTPA>Ks)ZF{zLR&jod4Teh1xQ@KxirJkKY!42sBYebn!N|O=*pT}fd^GvRh7&i)BnfMpNi$qfYu|Yf28>2
z5vz@jHi^)1>n7%!jDsoS%VQfFl*qkWdmA{~5Z_s-YH2Q7x}Lg}89N<)gP9N@gL
z7%3p2X1virYY#|j6b7yYPpYGd`c7tM=CifyuZ@kxpKDQ59Y`2jY`i6=Yoq`z1r&RP
zLdCI_n3(X}jrgSW(#p9xL$;Tt=+V&+*fffX-~vaF2jqiuFVIm@Y8{W-8@H_k+YBeF
zZP2zF_~@bR8Pqu%?Jde_6mO&1Z4O>5v9XCe8OvwyRxZ)&n-<5NNe!Rgs||fEC;-|#puGHH8}8@Qex<*!mQrkEyL)?ky*___>2uIEHAT?P
z(H+OLW}kU_`+5+aDNfkk+}zVK(o}^&F(1ryFlba+O-q`YvA7(q_`t})!|xIr7?>yN
zzct#3j~u-V3+bR;SnGQZ*{MKJhoazD63GP=&dmB8s;SI14-vcNlD#_TJxoR>#+l7c
z0##L>TX(11YJOm&V`7MFJ;wzOEFEA|00C`tuK`1E|Dc4d>_ZwF8nPzBN00s>bq>n&
zIR$9^D)Nr=j#5v0p|OKp?!9}}4hJ~z&kn_ZHMmOGs1HTy0r?gl9u72;7s!1cQxzn6
zd3k{$VQmG~{J&l1<#Mpm14AFHSBNtBB^2m6fAndBF0zlzcKjW-w}OEmUz_0cK#5
zyWvcr0=S0APS}AQd)@{vmgXDQL+1Teq6W+A-90msR<6>b+#c8Q@1sc45jSpRoX0(cs
zGmIA3$cW^7o0>gh9}EnZw1S35R!ws=-WOohX~VF=Gqh@F!S~AjIq?k@IcX#cR?a6B
zHG<(oG$${2_V3QTv~*y{sLi~Au@xZ#S&v$q=->O-V!B{qGCVrr01k5I?_a!B1u_gj
zjB0yU0?o0pV}xSJRzri
zoW@pbabXf&60Q@0`ADIkw6ZU-$g|yv=o*@uY0BB%FgGkW);6XQ
z;k1G*nFA`$X=!OhkaK=L9f!NvSgofvgIu;EiHCGDizLMMT2WK;?+F@6`D2?40a9QuW@?t=qop?XJU=8yB=A|?ylO$KwqM7#x3@n&
zS`V^nI-!C(475tdlw?r457XmX`&L2`H^LN_=7Y|jIwA^+kdbL8G*s`DzSG5x`4DjU
zv~~^QyQ88hs;Kyu8TaV_m|?KrHM2ZPC?j}k6rWer1v8`CQk|%T1irGWs$YCOmB-lu
z1%PI80AB#|DIcxgZVUMtnJzUC=CL^l9bc&`OAxq8JTIM3OLhnPhCz?bMT(%n(dz5#
z2YUNp8Z|eIL7E#F4Gv?U-E3Kyef53*?+qZrlnO6Ctbw)sYe|~5Lxm`3O4tNfShe+21|D#7E
zGWnp9wzaj5HgRg3x~e-m{&u;L1EbR1(C4yZ=Xv?##e7Z!P(N-IHTnaogS0nZ4?@3p
z?`ZoXe&|_86ZetMvf~P>h^HqECx-H)mNcVHgdUfdlsqo7>B{pw0YSOf*x1=@mR_Ka
zIWDJ+>Q4G_vI^o>R(d*?u1?-1LLj-e^V3ca6Em|^;8~D_NmxEQm7ES`yhk@Wl+i7~VrN4BzaqQ7$
z21XiWdxGLfPEL-EgVTQLK8s95+o{j$cayUU^<-qOZGr{F*q9wiF8i^EkXUoS
zqC1@~PcFCDW&?x_48Ue6T4g!;;qzy2R`tS}Hi`h2u8fqz!YLDHAV^Afvhl6$ZCl5!
zdRj*GJpJ&gJ-&lRmmxjB+?Q@Lor;FU5in9&AFPteetDSN9g06>F$7X+OaCt%m{-5G
z;ZhV^tf|SyKdhPZih*eX8rGcQy!GS?74!fDT_c}y+>FG>(czD|vj^@1;`K}F#I@EINPcepv?WK+Y
zVD@=N0k;dq8&tilxX)HoM<#@Ca|9$a8Xnv1U^Lvc>(ZrMsK1>2jBw*J>Wwl9eUryhJ}dJUl)RxvkOQ
zLM9nOb&ZS+Y_cw?u8vy*D-YF@*4N*jS9{O`qVbE3r2wMfbpP7-(}T6yb?u?EKY$95
zNGO1w?fb@f6;e#8TB=8bCM|%%PEAeCrdNV$u2$4;UZfW0kAt`Fv%sp>JT``TJt*VF
z2_^vzc8Nx)ey8Xm)*i*e|a_l
z>}L9x=SO791HiTr#d7MkhpK0__VmyLdT1+2mrAH_>iS87kPN5tgIU&~X#Y8{C36$1V-xtIk-C|U-W@BQp6&CSZ3w!N$aKLwL*=1JGZA>7+h!36$Ism$=D7Wo-
z+-mHuy?gggA7)Ts#c~`qxBY*mg9{K01fq6!cromHn7~>A|m36zQ5{++;0vJB!6v}_>yJSd<3}XnM^LDVvk7yn#b0N
zfh_r=Djn_Q#lI`7tC;ddn@;Y-Y)Iw$`w!wc0gExFi1*0&jN>xe?i$gX_q6JgT+SOZ
z87ZU%o}75}E;x%hT3ESt-5HshfIwSrDyXZHZ?K32(^YSox@h9Yn>TObxT`FU#ZvN=
z6>Z0?d9I7?lV(*i?ztb98Hh4
zQ~X$vW9!|cCxz*6ZKR+zZ^%4e+sG^FD=1*~7l-4N!f*K{!z?f9@sLi?_v{ILjE8U7
z7Mq%8B1c{_o^k@P^8!Q$*oVQ5UzN$r*b--P^^P`7_>kDhrlO{Xsa)3XYVh$vki`3{
zH$9R^o0B_>>wgM#zFd(4IhX8tc>`4Kj?x9zPcfu7k=}hX?7Ml{ykd8v7;fLj(5kW&
zd+Lnjn;m4+3#esvU+<_RDk}g4orL8~nInfPbZ<(k&M(fo!Jrmf^knio{!oP46
z3OSq&Ac4=aX>K8(O*4*tW=`St-)9$cxbRH=dEI~hQcP&~BLD9vDop?X3y|yaf3XgE
zM_bcY8xM&7S-y(6_`KqZklwt}N~V9;{&QY*w5oZm_dm;@(^mR`TeA+kAlO0>`DI3z
z7@J>W|9tkJzsv?Gd;k0YX}n=5?En45|9`>1t6?_a8$!;mIrtGh0crDwgfVNZ%T*bL13o+?=pJ$xw1T
z-;n~^$P4Bm5DBpy9UWoLsr*|W{S^oQsf!DhwvG-1c?j35?VF#XV;EM8nn=eJ#M#K1
z1O)Q_obg2u$MfX(!O-z0aZR3@x4F5O$lu>T*diz>==gX(VrFTHFjwW&X{0a>b%BB-
zWv(6n$L56TcJgCBiYMIMq6=G;=HPx0rRO7G8!l|CtuO~0er4aQSTis>Py>hX*;b=C&^W7Z^k4*F2oLg3k5UflycJ6>N?t}1
zea%?WnJ=%!b2sg6PFxK$Z5_))Qbo@T3_U%)wo0jjCi&9FDzdIzE1oM|a1gq)9KdY3
z+>}?HgALOcvi2z|dW+sfAlj~k%|StjKY)c9qJAP_!PwJ(_rS$WlV&LLd)ut2zJAnM
zgVP}!o2=}oO8c!TTJwDPlKj?ecv!B*6qO=
z*NlUclheuBxq=xV3k%EFzYul%c;tnynt$3tr(&s*RQj1|I5pPA!5Tvj8JkwsWe0h(
zlycJd3bS7#iiGqp4etCp>JF&Cncg?)Yk9%2{!qa*0VvTz-3HVWjq|~x$+E1|EevFC
zDjLCEC7DRcru}+$;}zM1oZS2>2gT(ZN{YG!-oc0`3|G2+QOatXI6U?|*yvxhLzD2J
z!k3mRnV39o;77mU9vjs21G4>h(#0KMl`@p>#ju^EnMnj|gz5-78qOl8?{$9}lDosy
zq}YVhxSTzf$S3@8DMVSKQ4tOsV}5mxTXO|}%1TTJKoKK;4?nEU22O2(Ycl%M)9H9h
zz%;nc5TTm>*Vap#Y^$lyuUUMyOH&O?{>PtTq+MEI}^;|QWzLm
zdNWB8unLcijCB0!RX~cP;D1uiz(s&sF5M%oULV)wwsO7J!Ct-Ii(IcdFz|;hB!Cx)
ze~OC4K+eF=Ry4Ky#mfCgfA{Y_evi3ZpnqnKa)6H(-tH?NegTW;4{Vx8?t-LU4Yzc3V8LbBoPU?05%JL8LA}^t8PK>vHMX1+u^(zjnLsJ-Hp@uv
zxqA=B%4ri_1_q{2{oMEOn{1B>S#axqE+i$2yKln?H}oMXDf~wuwrm_fF#<^{!JNs`
zz0*NI!ivET!QOaz%KF=5jXjW4`@2ngetT&917@FnHi@Ri1r3l$}${$30_5!@l@
zg)?v<23b}8YA|3*h0~(ft`%35`Q_)c63{$GhpUH!f?E9Urz$>6OEWVHTa7C>R;r!%
z-ZUK5kA-iHlT8Ob4WVFqd$bv&y(+c%cRh4wW=3H8Y08d(7R0#Z?&PbtQ>7T7qvH>c
z`1e2L|X_QK&s*)J%82zq*YU`d%#)gT0smGN!}MJw1cT~5!C?%N-oojzdc
z$0WSbzrH66MsCn#iD^i&p}IgW+TEI#L*6+|nqT9RdYg=U1UlfXNQQ9+axMuj#l*s5
z;;YKDA$h=<@pA>A{Wm*lhv1_}ErY+mPF)CJ9y5)O{i)2o_jkD9iWs7ZtVJ9K4`1KV
z<`i$Vnd!3Zxe4(nlFYw0_O0D><5B#9l>iwh1!zM=9;yu8CLLUzxx>pmsev#kXTE~h
zK0M2$eEbTVL$4NnW=oVA(YBnp>N**BdRTG4N&#ISxQCg!^|b0GQPl?6{D+d^*tyDC
zo=R7joGHaQ3imXIR1ynTp!Z?pj)x)F?`?ijBX7)`k;2U%KfAqESf0jm=*<3I_Js=p
zaitkp4McCYBYoR+#A%~3zPprGStGL4_j!(&)$CGN+~MKjG2u#iDjx^r(;yFJZ`$4G
zQtE_HFw2*(UB^~|17Fi)Z7FxXNG5~_EAj>52pvkws-L61{?|sHFE4~8Pla3$z5(x}
zsLA;?*L3t!22RxUjtrPTINsG$6$+My%(`_w$WY}YNb$kJ!C(SMhryhmpC2qNoNqVY
zGC(AX1eD=?vp!v5z2jQ~#DK<8}{_7_(c9*ng&w?3Lh#%xU
zl~*wk6Mk4xeq%80t|Uj1gqRqLk7kb-Z-qZO0$D-8Y6fTb6yqPw4!Dizem8AEHGvH`w2b4qsS_NYEvZgZ
zX$}pHsmedS8!2sler(hBBkJx`EiGzb>~K>oFviTHq;Da2anisQiisAN-*{#xjQZ}U
z`}Z{Bw3snmK(vR$7&+Bgut3#zC)e@t@e`u0p8XPnkVMUi*Ss&pL@TN)+A-Wses;8>
zjIR7~>rQKX7A;~1$UEe@kNcDUhjLI~WnaUo*+B5vkR6l?Ot0EnSU}}Q-W7D*YcqYT
z>w&~f_f7j>xm_Hnhk5i+Jy*VUT@0=iIvObR=x}rg@Q+_Yf>xQ2GBSkn{|O;tvF;D#
zLNCb{7T~@9Nq$L9rO^J;{$UPGAtM}|UB!D*705=T^zxom3!2P;pi;ufo8exn$0j$s
zzdZ7p?}$LA;PPZ$M1QRyI3$8sh7imJiWmqu3{wo*kfA;;JjD4$3R0jfN#0&RZP5eJ
zoboeU01^>o6A$j+Z%%6q+1ZhzXDPr^)%(20Z7?U{3(i_NLxGNkVc4JXQ{I9$A0QR7
z8X`Nf>9daZ!pQ*@Tl@mm)YQ@1*SH|r!4W`0s4$t4N>*J-_)s;VMk&RABgm<38pv)+
ztH!cw+!2`aaD9>3CkMw%=jS7YzXM#z+yF9Fal)s#coKQB0$FdGO}9TV1iQicJQNFy
z4a}aRRCg#Ru(x$BrNI)6zY~rM(`4aTg(eTtA1H;r16Oqct?7d=0o@@B$`4`&utJ;N
zk7)mhJMrg#ya4@nN84VY?LshsEPhSM-JMeSNpDr^mWlZg-#-`=n}6k|&`WLckR;5)
z)Ti=jBap*k<|aad=l{_M;JqT#0
z4xpY~YVt+)iJXmJ|C=Kq1yN6F$Wwkh6azCa!5U6sg6{y%HHZRfE8F#3tLD{yhV=8!
z;?n?&xU=EGVGf*saA!i_V%EQtI3wd}(Y&wEenvFpZk#efKM9=NJ@-7^6cNrl?LNCa
z`~B*p>=V=n4CjH2GZ7gkeoAI*WTTcVg;`U&uRALhw!B7k4{BN0#wwhAHVUaFcDEZV
zhhhpC?I$yjbibA3*2%49j;GaSjejE@SHe*<&0>+fb^e8T*Y@M*-;YM4;+euqT1+VC}2)^m+B+@=BTe$i5)ypgafw4(CG~ViEGR=mP
zxGC3-3fm;U%XVs2ZABX{dB5k1o=r-whd&-W9|}ElpKrf+-?dUj;X`(d{(%Ea!_t}3
z^q=WoN;2-hO|yrOsgJ|HXQb%<&Ed7Kdr3#^Ek^`5$jRQD~cc`+);TUaP+eo
zJJE?V>%C|ys4SCo7IGF6|63Zd|E%Jrb{k9z9%x&_H1Iyje|C0Xbq*183^R31`w
z32m+aDN|Kf&(=GiqgWCWXN>IiAry|QOHy9$eLo2glK(v5^IZZ|cI4Z5-7tDMXDY4vzgqJ@ULFH6LY*;E;W6FF
z?m}mU<)lDYl8{!@aT{m3+sV7Oc^e*HUbBPMp?E&4Bv@ap0zB$fm#wCY*#LUF!yZ<_
zEroHo5Z=|##z}p!sAMrSVakIV_lVj*6Zhr;N)=W-R>11(wdz!T$cVgS8RD)ikJT
zK&`5#&GwUo}!euU{%;Fco!z6S+?2{mSCOTmeZ8W9p1&3dPj!_CPAt(A(m
ze;#1?v_#@d1dzX#3?Tm^`tM_1G9bp0$OHv>;r?WJnDC7YV|xKl7~qrK%*?0A81Len
z{!(YPx7byK=q~*#mS5OCqA+4^VbSnI-P#*+s0*1#!4Ly1uR6s>LkQSM!wA^7ZvH2T
zS!oE&+e2@dnV9tY<5Rz@+M29W$0DHl@M)!Wtja1Gf&=rh!&tc~?D=mCF8&GUrBbII
zL!qMy+m8=eGfGFM%1sASEC@IUtw$0B9Sgx8?>Dgl6FuF#&K7W@Ra8_gR0@5{DA1}h
zLzW1=XnV{#HslrXd;k0R@2iof8cnT$i09$sGaty3gESrhBjn)laLk%-ys&%izeT3}
z)z9k%FU#&!Rp_f(SQNytYh?kUgBRRye*f?j-)gEfpcEH&
z$ndYzt(0POJ+ti*;`FELBCtTv3D6eA{Nh
z{+04@8iAa={6Ys;Qtex6|86_HwF_ZRJT8x)F?=6ZgVfl!$
zYgb#3t^xPKuGi@HV@NYGk@f+y;0%-x{_*JF;L`U&t-^xq|L4PLpsYtYzb%AfNzDNm
zMv$H9hl9yjRlpgz?DjvmO!jZu!Z&EWuDVr!vY3E{t`6ZB0Vi7dU&Y;qG(SUDW#?<<
zrB^!-@Wg?3RC`E8YgcDLsoCh}Y{@xf@-XjDnK5Cl5Dh_c89x#7y}fXW2?B;jN1di3
zZmhbm`e{Qk{uj0zH~0j4D4E!
zvg4H&fSdbj?bphoXtx=1P1+5}owg8q+)t6^hsB(%wRc&~%~sLU%5QI%gt;rXv2kj}
z=AV3yWyRm)g$nR&=dGNHe)PnqG-#~g{Apr!`U+D86NVeKk
zh?rGgzN{Hf*Z+ha&^p%S*+kB%`*q9n>P)l2rQ((;qz6>w=bQD>tmaZYn>9;zU{RLo|NAov>*7JO
zJDjQryJZRolHjK}xTyTIVUk#_)~={dvSK$=`un*oBTyplA>jj)U9~p+jvukvsE1%~
zFutre?nx3`Qd3u7QhO_Ou|FU#Oh~I)OiimfHG3T61EICCffl<5sme?qa*sS@#T$!`
zvYgC7MkeSMvZ#F=oS68EflH28>%dP#x6S|0TXVF39>?-;H9+=R*w&MjjsL~gb-+{E
z_x(d5Dw1SV_7*9!$q31eY%
z3K&BZ2e#px7He^)B`)(K5f}4Waiz_TQgM8-r~hnbN3WJzlS?1TxwNgD!dQNkyXC^H
z(I3nu9cBQCiytp!)lQ2nz|u&4oBk|yVOnkWbIs&)meEBL*!?wXA^Uh}uq5=Zvayi3
zXgQi$CE;p-*(-&E-zf&FjEY2~!zO;0Ap1&ucQzF&
z6-tMZede=mI_kXzT!l^a`yS7n#GM!f8Q3@!98K7iR#)>pF+V%Fb0vYI&%J
zXN40yDBiO>Wr{2W8x(j8VI8L!o;!_?g?y>!~H?KR;A
z3J?XS)nw#8zDqT;U&_Arz;q6;4Q!O7#485TPjz)Nz)XI}Y_-g+DTbX2btV08gFm}!
zKK6RlKCi0Er=|l_jX5~7DX}vOsp@tkCF-GKtKY93%N?tFpXlXLs6C3s+cTo%^~}&x
z$}nf}KW`g(WBog34I)x)NHmC|BF~Z!o;r9|
zZ3Ts(54RFN-QoTKHU&Zrj&np)U$|Ny+Kjpm7`}xv*yYpsDd%}D<^~Q`=EPN$FbDow
ziDae22Mi^*53jwLN~*je-$XuB@yfM;hr-zcH#a70dCT0DF1r0hwe!~2L-SYVce}ej
zc2|3kHAQon8AN)K*_dk?u^CTo#GbLc`#FSgKxDT9*0q$x;DJP+K0mj7fYgO#sSD$<
z$zn|MzAllDOPe9d3J(2sh+igIIw5-Ko$rI79CT3hD|27K+bD(EmoHrntT)9AknZd6
zzdux9QEErnQNfq_<%>4x6+V6Z*a?C@`67aAmpGZrBYl<>=Fxk{(u@z#$Fy~Jtokiv
zvUGg~-kn*v`K^SLYT{G-0>5_So0~O#2Z>qc#S!z7yPg(l9t4LYXtuPo0S=NI78^;2
z?&A}C&Re={!x0igta8Tmf(lm$S5>Mmu6e_AH7{61sEXtcAbYlC?f|3NA^5)`g}E%o
zbjb0{L$kp1@ijycy^w=N<0`6P!a%MN&6GLw1jb9E@a%#cpJg4rA}4!9^>pYIw$o}V
zX@iPNI`mMX?`BJICCl0%#)AH3vj}yYcdeuCF@yn9f85D_NX-`G!c@;#`!HoZ0)jvs7|vvBSXv#Z-Y-v=mX6^c1ww
z)dQHbnQJlKo>jT)i45$ctC(ZUYv@No`wt|db)Vn%qT27CS!?-NVRYEMFjf8gmH*a;
zYm?Zzer)5|YuClou?oJ?gcZbsw`MiFlZ+U&K%e2-Sk6~_XG>h%O&6;rd0)?m{-+n2Ts93_;
zrzhvK9>n*cxw!h`bW5W|HXiuqM%?^9k7;}2m+>{@fxwn-lPqgUxPZUGrd1{8rDgIR
z7!aM>APFw4N>aOR{)s)j;LG}_ZY6MGgCui%Pi98$I;DnTy>j8MIr3(mirJ3CZSoSk
z4&>?ja;7aW^WyRheiG_ReJphmY;51q5J=DO!hicF$m9AYiMewXg`4fQun-2bChrs*
z(kWP+?xgcjzq-4V<#WQ*zTsHHnp=2A{TU`V54=}Z4)V0VJMVd&9Ld*~-(hAc-VfB^
z^SwUZ6u`M#Cs{6j9s7ST(h(hw8&Rdq
z&F=-tDPcWcc%Vg--&Jqthg?WP3~NnV&=wUEFgfD>`TY|-J@E8vQMuX)_NsPD5rz4U
zUg02@%rpEJLnweA%cyFU;9RJ58=*(?dSM471y0l8*l=+}LI~D3v+4!89ZUS<{0N$r
z-UGoKNj|qG9o-VVqd8+eH8e-A=RVtk%X_^l4wXC)f8jGXp>(}qu~
z_S}H);^rOX@xDXQegvzWBT&}Ty7T{ovj8csjzQ-$-$_zkDuS!`$#xv{*jYS#x0Xb~
ze2LnJ0%nE^Iq{$924m;r%5M>oEvm_QG)OXVTyH00G0Jr{S?dm`*}hhBI!;Ay@(nrT
zeSac}9Y6C}CHpG<4D7*xy(;p3@nkf_b@ndSwS@ot!h3fDe{K3$yIiF(FHL(F_p{>y
zcPTjy)=!iB_ym|!DphVv_7ywjN8BnEr-E;|BnGkN<^RYX;ZZ_c>-U%ytC}twCLS-@
zKi7(VK<@pUKqL9i+$i?l7#sGE_G48`_`FF3z;9O(JTCdq?-3MtqG*+UILV?j39qEi
zw?_tt99s{Px&>!#!KKy)!qjqWW)CPIKS=Z(AIr?Fgb
z+38yGKLdHH=4rrxEi>ulNCj5^^Ora&$p=1e*BUnqx#ncOVwyjY&+g{I{`@n8_h6(f
z|9ix$n9D5^Y{S8I7&t`^_n@N1k!fTYigipqcX!NX
zZW5Z3k7mPpO~$U>Md6FsA>P<~EJEmP*!iQ0NDE#Vs4ssRuqR9S{_4$_w6=FnbM7yS
zG_7!KOvtlf?`8aJs(8)*4i35Br5|H^E_ISJn@Hlf1-W-V_;3wuZr!~1YN*A=!?L6G
z&#UwI=T5wnu5C>fZdE2m==XEmLGR-)KCJBj&J~(*VN$xd5g^5ysb>(&hx`}%(M-1X
zJ%e0NQ(|_N8P)zx=-@ngu9uv=by;hDZswN54Cle{Or+0*q(#*lm+n%~2t6r`Ks3%@
zduA>k6?w<35U1Prp~uE)A-2(iJ)PlDza*gVn^Bc6DZU-gl@sRFphacI
z)>Kn9TkqrSG7-^p
z+#D>ukL|cyw5+VyQlbdJg7~{`Ur`L>pF75@ifi&dr294OU(K|`1Dk?Z)hwBnD$~yc
z3T}N-Y_iv78;f-PHCkw#YWr)>k897{ATq=$y)L(TVRijJT-UKF1$INrLu*p&+FO9q
zLWlzxLMFhp09rtte07MJ2RB=p0d{Cikida%mEyV;PIQD+K5nt3*zEM;C*_67+AVL%
ziJ9e?toGCbkx(T9AMr&^%CrfKkOW3E+uN**)S^>bv##GdEXd~6;F2XHD|-w_$eS81
z_ZzgrEXosXRQVrU;%-7OL2muW>JHYPcoj)X%cUZrd}A~zqHm0K;cIQ{d`@_}Z@agH
zBzNYXxb7%MG02GKP_GJ?YAPI`z!0?lUzEVf9PlB2BIiQ;<566HKX?tB)tEi5JzK2c
zNAQw^%gyunqf?M1!v-Yif8!m-Y)0gN-f@VXJpx=clb~Uk;K)oc?8I~(x6ce=eNMt;
zj}mM}$vxf>eEOzLEy@P;#D0v|`(>x^hLZoVhx_0aiwI+wzqPeFr7hK=A
z@$Z|S0C4R~w5eWUA*+hry(A>Q8oubcnuU;+me!~6{Z02J`<7f6x0D$64z4BkLJrl8
zXVCoAaEk1*zs}GcU!;op6a@qdG=KAg05<^4!J-^x4K?-0?9usVK>)F^C;|=z-OC05
zKRI^_pG6VCVZbrNnMVPmE8PPehWQ9D>9R9rxz&7MlAHYH8~$ab;zk@t4o>zkb^hz}
z4IzbzmadHiPmSml1h}e1LYwBrSY2r&`&_vTe`Rv9!s{OTnf#@klKGHin|C4k;TBp(
zeCR%gi&;pD2kteG>ObA=qvYF$hS}nto0G3n|KNDn9!yWx<>)(9-iH1s$J%wvA7%sj
z3^-NxA5_Os;9`Gl*5Z8Dr#OSe<9-8FX&2#jubH63J*Us-j`mDfkEzZ~evkj18Gc=H
zjD<`-8OE|*^0)o+jCAm~?{0mxJL%q9RdWoHm`~SAv(Mw8{Di(vI04SK&_H1v!QA%t
ziZY<<>aMOE?#4Fn88mDmp8_~ybyH%cb;bt%}UgJs0y&9-5m-!~_{5fhUMF<-Le&XeVpf%R&jyV8&JutA&;=1**0B1vY?dX#=K$)jOoxv$#wzJQz_coV)
zls=ewR-bh&d(So5)z>JLY|l+GETl=OWObkRK`VdbEe0ALgS0PB4BbCy(`9Z?IQ@z~%`@kgnX*{sQXMpaN`7$SHoUO2e~%Y(-f$ahNh6GJiLHQ
z10KnO^69C1H8ZmbKN|(cHwM+Kkbz(E+_aTT?ZP?Ys2Z&>p^Xz|K+h4x$5k2$)3zrV
z>*z##qGKz4->)ggj>@%fU8%xeg8>?^_$g8Zj0Q#j|fp8Usgp>p_1_IKAgbKKlo#7eBbuX*XTM`3>m-2s*?ttvNZ5#Bze@J#GMpFzdIKYL)n4dhK+df8-73
z^_6;((Ag`N43bvu@i?JW_OG@UfZcsw?XA?(FXmW<{RrcE=}FV|uNQ_$Zdv#ipAM9{
zZb@#{JbfNuZB^c+XGLZ?k^j;H0NZ9~*QUR11
z->F4dL8$b=F>Jb?;Kpl}gNr`ExE>xJ
z_+HPBpk(N}Brv&*+Su3t4e6&()cacpLuh5)?5X$)SA=C$2D!q_K?zJIu$wkuXG@2d
z%NBUSX7OyzRe438P2yWn`ykm8;}y^n4y5?G6U}aIVmmpp(dA7_MJ=}8a?}2!1+VsR
zP5&0Mp!3y)R7baQOl^0Nrn|~6fY(B+^|eFYX8~3NF5@XzfdWa@tfm<*T-11hmb!Y1
zZlPuA>d13h87}Rt&H{^;_4OXr83}bRMUaw3MhuZomd+&hfbq+Q+uK_%S4Hpk7lYGD
z(C@kue}nlQ+++rjiM1w
zi&PjOup6*EZGaqL%DGXu)1sgJ*%#}>b0^P4b|$ejp&?7Ru*jk%N*a3>SU2E4rD2E>
zCf4tqYtbc=YF@=vmC`Q6D|DM2Z*0c;4^Lui>;OP`*do@=$hE1>J1G!a&9bmfQ}BbN
zC3s0k6oVftRyuJDTwrlwQ72o)Do#QCKVxUuj8@$C=vGO?a(Jw-v
zh=sPsvZ3A2mV_PL_0ejw(^pbbg8PB)ULQs_xnTia1<3rqgM*HoT;Tgw0uE3TFMR@4Bm=heLJTim-)%FpYd%oBZo{3FDjZep{cJ++S*ZP<_i|
z4J&8lvO!S)URwI|qTh<8vU9@qms>9FJlX{Z7Em=!cW(B0
zfHZ=pf6C46*kB`ZO^n!Sc>)m&hzmSx2BHO=rIh+qWD{eTxOZkT_HfL+7_o*)-41QCKFimy)))
z8NjqtX@^kJB+4(pH3%7*-buYiTK08A{I`OVg0Xg2w9(xwU^~8w?R!`b*G)Jyi5))8
z8uS614-h?Mj^*PE)E1Fe$4$s%&u|N>RN1s+qR-c_C?EQ1sm1IplYC!EI@C?~xw?6U9PmGrTzDPs=caiS~y;HTnS#(7w!>^yp`UEM(3IfWDrJ@873|k
z!L!3s_Y+#9_*l%B!Im_Zb$iRV7U0s0M__!Cl2T)dIFT6hQKF+`s{Up;wdVStWG50W
zIm?t?g9n&NLPEmzr+Tn$LnRMOmciAHobLiE7UAIjfwX}L1cF+AVIa4|wZMKbPZ|nn
zwJuR=F`rcjwFA^=yax^k3M%f)4xjtAPilRQ{db=tq$!-+*w0Orq76$MG^@?hE`B^x1ekSG>_VDH??&PlpdB}&4FAb)vF-HN%MWd^VOG`Va=?T
z+Od(U?OqI`vA4}pyvoP*j_Vn94M+EeqsQLgHm({*p7(hoJye!k%S;Ss8J(T%<&+EuZI*2Z}E
z_KY)aU_q6Nloc+wjP=x?raaNip5!7j&Y8q*wiwZBH*w3GFNr%fYnAbE1s0l_*!iz@
z-gy3gO1cSnapVNblUw=0_?sXdi4N`4&3gmHPRaF?sWkpk*R!tYLOjMHR4PV@sv-Qt
z4vf%T7~;8n_$q7jdciGP;f(`BT{dFKndZ3;zhrF>&s1n_ex|e_Qw=oH6wv34N)q8s
zVov?_R;+>@<)@R^(A>cE*R0L7fx*_2vWnEr+SG-q)A^aZFqt(1HG_#nB?9<_o{a6D
zjIB@VK}QpQxkVe{KJUr8cwdyx!a{JM~=%?ms4
z0_dPynV{j24n8}6E#oCWd3x~`?j-h!;7kFons2I+{D`v}jn828O)DUCBZ)M-7
zU%i%F!b#@*GKmwC#
zIthHc<>X0=Lanw_>O|_Ax}MkG@=Pxl4XI>VFpp~;)K3q{Z8s~pRl&9JwOjyAJ?*ZP
z^W8R+vP`c^@$ykJ`TlJyfzk;$nIifUf|vY*{vz_Vf23;!cY=(gnW?hcaZx6BO396N
zysZZxWSLb*yZn#gh4O~XMs{{CB@jmtwY`GqFlITeBxl;ge2;Bu>1cTF+Hx4txaVCZ5M
zQUQy(2pyILLW{nOYriIH+;4zp3D0
zMP3^A;R0W`>xW!z+-@lQwD;x1mKxDkAA}!qeJ?lNbzWB?H5Q|wXATLx?Lk^=zcH~_
zNC%(Ueo<>wAeoK8#euKXR6s9=WPC@zz=gsD>sp`xf)%5VWieHU!vKP2sfMl!cZaqA
z2AR$JVaEnI4gq~C0PYsH;{=9{BHb6aV#jg@^_3dOGYwNf;D5Jk)AycTe&djhoDR`(F>j=Um)+VL)f^r|?AeHU{IKKAA(217NOUfp}IRK58!BTgk9@DZcN>HZ27Mzv+-fE7oFlhU%8
zEuI4;1BGI`t;TNL$DMJ%e;jZJeqFjC3s>5<^@pysZ~A=LAL#F8X6;8In5$899Jxts(Zj5x`9YzYA!p}g$wHE@u!KXB;pHQ;Sf^(k)k_bLjNdIn(k
z{}!hWwTeU#7I}p`IJ!eg%WDUD$i#m+-@ChUt>g1AhZd2c59`CC7FDH&)B2+3t_=}~
zZPlCyalUN^xsyaYIeR7h1HLjUU^Iu8$X$0x(oqUiH(*7F{OG|M
z=wo=}weLZIN(9N?5rFvrrF$zv^j8asK|72>~0xhOv{;o@t@eCX5*zBEZAI)ag_$NaRS3qCd_m^JQ4iNh*bf
zp%30gD3yp&0ow2{i*rN}-H5^ae`xGgfw>O&g4Ab_yGCPoRlke4t7R}`yMhg`asPv@
zqB09j%1!c~KwK~il2;&(wT~E`sF%+A#AiWQ=coQI?~sATS1JSh$N)&L;R#ULJp=vU
zU-dU1G7GQIx%>d~>>}tgQd37k$94>thb9(tC?7T%_caPOn2F0JPD^&jVPi$h>ae)O
z@}qA={2cdi3f^D_5Rp~P{^u8ghrAdLs-)(J)<3%yk}b$G5AuMiLIS9S#Z5%&bj^SG
zP*1+$RICF=3(JLVL1ICszfmQVS2_U!0*xdn(3%cxDZlyUItp_uf>PdT*k+}bCP5VC(qDWeQ?7qMB=_sTUhpY}
z$)vo7_pB`i=DJaU86vVHM0i5|@;>Cy_wU_%W1$Ply#`2RB^1OR`ZEr>84h$|P|mFy
zV+nU=yl!c`8Dubs&B7Di;ZS(!sj+qn
zAkF|K&jIi_u3J_lGmFqctobS{DN3H_FU%hkpT9Qq**DCfYaw>WLOW3wi!T==-UDoS
zA6?}QvljN=u>9fN*XLvbIi-KZWS5J>77Rd^HQ?WW@QOB$VCzO0@m6SQaw7sL9>IUK
zGZWjLMOftnvQHND9x540`w0tcj$Zc|jyV$l#V}JwO)W~`gASiY$i9~;RO}rn$NuC$
zCQ>Dc#C+6eZ|T_M43MB7sd1`y+8kgpDI=+hre=5|G*z!})_B3h$-VYCrFRgLU>~t~n294cs<0O@ZS}Cb#yc)+{8d
ztsdE?DR1(`-+K$h^E?KlBM{sBr1?3oDt`I;Cd2h=W)x%02_Y
z2*RCSoY2hN+-M73kh2P*y$YG9>N5WiBeQSXurl1Z2pl7jy=8-&zH9&a&v1W-R6RU%c+}XUfQN60l
zxjmRvDt;CfO$&m4z}#FtPj!3*tmJ_9rTk~733>6=?@UDa0W&_1?+nF#r9a~BZIp4&L>60AV-aQ~V$m%S+(VrpJqL2(`g7>z6G7&{?G;`Wp?PjGs@?(yr
z!Sbmym5hiogR%`cQw4=`;QsKB>rpf@BSL)o@#?vrRnT+jjyl1IO2LLjLxcNI85#G!
z?|~VDViF#ty5`%nFXX`e00?MkzgIVt=y~gCNto4Wd(|86wJx0m!fLr?GQ=B!BLKV_-}WSBXrt>)f*U9GODJYpK&nWN=mYs>
z*Hc>}Xy4Jr5FqNnlqg4WcbSEXBQ0h-9GU=(lCS>xC7S+z%cLyho4thDR`h2?VY-Mh
zOeH)bGF{&s2_U|`|Ks!>oro~|o*ZYiupLnJ
z8;9VrQNoP0#F_8j$=KQ19kU0P1MeIiQhgnaqa@MBE)_MMyG5cr`%au
z6@W-Ow~-WZDW}~N*pj?7_O>uOi12%uhMM{hIxqNO`ewu3{6Zto<&jcEISfGPCI+1=
zimA{9p)PXk&?q(sv(T^a&<7*ItoUH2{kE0WOtLCX@s}@1@lk1{7IZJ_gPv|sh~m06
z>ShBX%Xw~Pt=Zkh~8h-dtTGZ
z+m`!0^bDTz8-^(d)a;9TxgM0JKv_!JiTuo{`CL?F-Tht>VHc3+1GzO)-h%96*GlL0hg8x?tS
z1RxE;d)@C}yd?*dta1LiEC}l};Ose5jL@m;Q2BsBrlVs}^n^(BgCzG&mjk3yPybod
zqy-1M-zI55(gUWJ_0W$f+D9QQ!UII4IP|FK$Uh40S)>k4L{yZ;0yoJj$@}V7#xS7x
z6h@DvVPNT2sf~BLqY=IX*ri|bDg8q^bf@rvIpIc1U!VdJ1klu%EkmG)M0oK5i4_#!
zz^f-YQWIcD)8(8%3=8H`gZ6laUm=OXV9)Ga#%uLgI7)T0asm0J5VB&Z7|Dk
zvKW*lu7Ml11oDF`Kk_<92U5YcbeUOJK2+tO6;;gbN4SqQpDZK*&Hn5k<
zrlR!Q%MMygbKv9~1K6W{Tlap(IaKMwG0ZL5W7HV{l_Rwiz$}#75iq@ZM(?}t1T;(r
zeEACszJAbpKUj;3j$Vk;w|`?wiEJG09D{4KWk_VAudl!Swm#wiN`1_wtU)F^4g>Jz
z9xPH$4h}dN;3fT|aeo8V**$>rC%?7C2yj=jy;?r!E9g_JJE8w=z{Rh(AIlNE4*jFDsRP07d341kFPtP*pEy^dml6o-g#Q?DK
zarV%1Cl~t!$vjYlpL`oHEBRpP0WZ>WY{R70%#O<7zCKZOqG)mIVe(PT6%2WZQksSm
z%bu2o$hRX@ST=NDqMGPM@CYc4yZeSxOcXN!RRNfnNL!
zL=^#23%H0TC~Q;!!Td5^5I7FCNA;8_+FN0DCvrEm(Sn|?>KFm4;seyrME2=kJ97Bs
z$8k9=Km)8z%MErOa=zRGsBgTJ@GlJ@#dop&GUlcjuOm1NCEO@96~MW@9sPf?#dv}A
zpDNccG*6a5iG%zBI>N%y3$_-N5?^T6PvB;sj5u91Xb)9Gj||6OeHLhDYx43;-!<4f{TC^z#fR(UON%Tf|P9JPhD8-gRv8Y(qZ}kmoH|YG$%z;&z2|Z1|RA=#4jo;
zUCEA!G{HEb9BKceLy=B)^@nuz)51#!&a7Zwf07>Nstu+y3V`2V|yzokWk!%r)J>&+&GM0l~
z<0tljB6pk=9xU+uh$6bGU>92@nT
z7}Pwrv}1#O7LfHq^|z6MdOJV@fNBRw;2+~Uh0CeT
z{`5%+8eQ&CZp3FX9r+h?#4^?HOG1?FvrQhIj)NjWRDb`aS~_cuFq=@V8HP~iaLCSx
zH~2ts(Yw<^)v@K-P%wtn>mJ2wzkfAAY=iMT)5p2Kmk9#YosT6;1#A`8HBVN~fcx^)WT|Isy;mkP`>}qodhB
z#Ro+VpO{4;>p~Sk8bidrUBJw-lgnk0h>xo9|CT6g+|5CQf
zfYX!{kg`uQ2Y50%?|!v$2s$}{5&GO`JfVq2yfOr76Ee*=`6!O4h>y)*X^EL
z!spxc_=7nh=!4O^U_kF|%&r~W8$N`=x`QbYpuf3;j55ZXy^`Ymt|h#d_o$L)-7>ojdlGm}62&9eH~8?(7bRwo$*r9scsD=4
zsFwFW!j8a{rbPg-x~4Ay^yAw^*#H$yPg{lr|0R@Sxy>O-1k3?MVLf~o8%6fZ-uG}JE5-3CXjPM%y)JO<)aNR(CVe{Y
zcXBG5@_Z`Je`^u@KsWB|*>4MT0w6BGlO5Ba#pp!BSPt{(%7!;q?El
zn^I#w>$HBwJXT>-G0ZF6a(Ze9uE~1^U|&S&3v4H1gpjSktNYiTJ>=ZU<+02cwi{05
zBhCv7?xT<*MCqV
zn!+}|^k(XwQVONmykR9iQ&)d#)(3j2F3+DMMENY)TABUND(+m|{-#3MC&)zk!QaoF
z>ifx9#c4aVWY|zE^JRB4)y>w)JzbmJN~?}SE1!Cg!OKI{2V&I&t$X
z=wBK3Mv3KukH+I})7PhBI;mMn7OarQC#OS`Wm;E_aZvG?NZePvfyWpbgT-!Iy&1W4
z{e_JGl_K_Y@MiKGwO&^MVYcZiYtfT?SxIux;z;nE>+XS?iZLpG0XLq&C)-6>R+cpA
zGtLeBtQ5JF8fv|BMDWJh>~!{Q?UVjX&uLSRKE>G0p6!jr>1vmxfA&oN$yAP_C2u;J
z;Z5r|tz}DB*M(y`8QlR^tEqo-zUlh}Y1h!$2Nz1_W2{9_pKB7Ig&TeuB4Wp{RakXQ
zxNQ8Bm-d|FvuBJaZQ$eocEcYu2%ib%J=GR8k+F&4RlO#x`tt_TP>eBXlfVLnnlUbx
zTC~*=riO8=bvfVk@}CDqp7@6S3t628v4)ED%nM?DZo)5&eu~ui#dwTSh?}Fs#P>lXF@fAI%`?0@62eI`G
z&8vE~v$<8&PkXf}E!)ESe|ry?y?_6@N(dh9O>WFyV$dE2Q*(QxnzV4z>BP5Kr65_^
zbBFM3=F{0J4eEN#>GtKPVd*H`dy@tE+$B>PZg^{3ai!=K{;Td_mz&n7>!;@MbH!3z
zJupVJ-#e;*4NwIyja(aq;}3-tUY&Zx%PMi`9F}R^-SYZvbLo%g&z{}T{$x%jc+%(i
zz|53mmEozSP&Y2Rv!v?V6KD(O%l)12)SmUtrD*fdNv+;J%@algLqmcLjTm3Y37(cX
zhr7N$60)HLYeM#4AEzfpF;)19R2@>&ZEVag>bq@cfj}j%zqdwDlWgVA_51TRvO31A
z$~Kpta9hGs4mRRP^93$o59o8usspAy8`N0hB8ZqehF~awWqm?p){cxRi3`6g|~hy{O``y2A>wXS@{lyA6CYZ(DIMu%zUfH~Gyh
z^6=o0879Du+_zoyHZTtTcCbf4OC##ac`760S%L^T8LR5ICr^%Bv#HX%h*~mYP|&rI
z8gqQ&rnLaW(}k6X!e}pAGN09`?u(?Pfmdz`-*A2)lHe$UbntCzwl9{>)_4Frt1qpc
zcy|40+c5>xLv_1zb1i!fEc!=P8F-g=IS8;jo5RAdlSo2)p0Bed*6?&la9KTK`Vc2V
zUY4QxrpUU>Z)Rk4^jMfdRcN`sUgv1Hz`HHYdxDis*-wt&j1jxG{RJa(5$8vhT$-s6
zOECWOvOS#fGhQ?_K0p6B(_v|SXw%!s=8{x&#FN4I%(G$PDauNBPfNW!L9vEb9^akB
z)_MQxSP`TRxW9{=cAb%t$QX8}fZ1stB0OYrP5w2fmPAi4TunM|Kz!nN)0tl%LbkV`
zx}h8V_q|FyJsc-eLx1(pB%YLxSXFQQc6W88G)7Fwado*n_VVoZu8r`IADs_=GtyG<
zy<_Wqh%TG?C09~jt`K=*EjU)#Nh++x!L$3lbdr@!i2MQ^)%$U*NOA5`PKXkoboSFv
z4m>;u3?%6Z0E>lIm@RR3&1WG5n4jLTz1345j@wNOhZ)XSwmwt63LZ*A>o
z!LU<3Q>aPTbenUK&@`*jgVXTa_Ux6Do11bI4@VbpC2^>Q;w5XF1@Fbehel<`XVR2s
zMLZvB@o%X7qfvRFL+g72x9s)~U@jcjzX_Vx8g
z7s^JXqpKPdQG1WS%wa2TDvCCI)be?LvzmE^{mboxO@-CKYoR?u<-)Wp!U>LB+2Rrl
zetVC_H;34sZWDV&${%yJPt7XN@`}lI%
zfm%8baTgmKW3cU;y==vw!T)9hvr@>#!A(3a_UXToP9vtNI~3PCKVJuNlas!#E_>aJ
z6Z3<2X46#ye0~(E(=o6&vDg(C6O2jTkXejlQoyfJ*bkwKF&DV_b9aHi$-M6UP@!pz
zczH1~)l1PNv0e6C`?~`uzx77?`YSC_9JF2JE377unJvAdF9I&*(?q}VgfM{h{VrS9
z@z~{@urNIpmCB}^!xyTnEq#4~?LFyT?z=_Y7?pF+#ds;iywQQqJ*>>*)9HzIr$faA
z7R`>2GJoZEr)_sjdc5}XG&DjWD`=FHJ$G98=Y^*1^mLksaiG!zw@1h2HQ%sP8I#wnw=^20jD8}_~%vo|
z$c^pbpNL~eDx_yr^zH{8HtxertAFP=?Y^CBLlD*z_GqwMMcDkm>sbB#z
z)~_;Z84<(*??P@d5Rj)AFjEmeMv1p*$l^(#+7J^W&Do2lS`qBO@MV_iqovj9p{m~j
zBrDQJ^t5(%H$1mZM}E&|nw?=WBm~p=N;AFFXTEnzHhL&zGq>vTQk=tMdJ4CVzDovf
zbf*d}H(t%cp!FKR?lN`7HY;gm>j%Nd&PbZ!pV!ecndd2Hr#nxoen<4S(W_5M
zSXyxk-jGK{Q41ziv<|j@oI_6rf9Xk$2c9W&=4n&uy#ErC($jIG@TNMKWzBjMnzf;i;3@NYx_UDCs?)J
zf&JRGv4Df>iRP(?9%d0uO*sFYP@u1k
z9{z$en;q@Cu-3svOHQh8PTgkBGth-Srm$0g=4=(-=m!s}wri_%&6iRdp8RP{FUQAP
zg#R;Vhs?vME$~OgOF~J>Gex62B$8hV+}&sG@6|5)?ogO-ji%h3Q1zC>s~RjLN7G82
zLY3_1lwWdN(rayPyDcm*kGX5d^T}uPa{S)P^%I=r%Om*#8wJmv<-D%UAY_o-{fM^C
z4y@j1ISZ(94Z)+4yl4Z0E)VJ-71^C5JB9oqQSV6q|G4BomVVUkONcu2q3!gK>3szT
zQ*1Cfax+=`UaW=RN_#8BM)tZCzI#lO-;5O^nIWdDBOnp;BcXqUg7+FCV)JJ1YbyKK
zxK7T%In#vq?v-G|RbyHi8N>W}uTc$^yD>qlubVLfcu_*=uW`lbSJl{QA%7CJj1Fed-G2R~A40P6nqYG91*X%-NXD1ZSRd~C)JvO7
zzI#F=TXX4mwnrX3Q&y~*3YIGLI`+jiFq0VZvG%{*v;Mu!Tc)zj<$&{!SD(qoWVJ_R=Uc1mYL(B%fgT
z(@#D($bIHkh5JJG_9Plhmw??*@4onot38L8)?-E5YxgS|%45NT$9sVX{NFj~tjjLa
zkoNupjMm7;51Vf5?8@R1#y*~P@*W|jmd}`L&o(#ni6fCP9ex=7ATE9{J9nWjY}S9`
zC1cIR)2j|AllzrauXykCZ_do5X6BRjU`h#;4_632-o5iR9=C`3)D7JV$^l+u;;tq6
zHLIkQxrxx<8yFt~IL0evZceT78z-Hmmd(L1IuA4E=>%5XdffvtK{tFC`P1ql_M?Em
z7E^f_4KpTjY6rh7?NyJU}TCCpI-Qwe04P2vG-htt)ZdD
z5_hB$OJ95N7ivADckD9fOT@K=`
zJN`L^R!%Cnh|gn&z-Wtp=OW#BE8sw101Yv>eAY=d)>cg%?$^zzN<0^$;30ZcEYdWw
zfX32$I#f~hzon+UEUS8v)cM;3VH2$`Mnl)Jlor&*ij
zWx!YF2hfAL?1OH}Zq*k~z>${zefLj4^1?od?7J@qz4JRa-;1#pJw72gYSJ>3Gy%)M
zq_@*Af<-y6#bAEnjH_*-22I6fZAEo(ecH@7_HWDz1%HTrz%53l4XIW02k7#4yLk#-5Q=
zpVv2H4JU-vib5sa3W|t`z-gR!5wS&A(TTb(nh53mNs8
zHwBVL8s=6$)%SW@NJgsu=qR#rTW7b-zJsHnPlFh3;`8FiX0kBH?AhWSD7fetNxNd8
zDPmx)iC>ii>lt{c?d?ZJUw|B>3e1c)@*o@<8hS?JSfAZyc^%H;gf9DO-f$vh-W~2^
zKM;7Wq@HfJa?d+2<1PCx9N_$Gyfy%ZoRR}3bNi(&<-C~1)i`xH!W#}Y!1pHEqlPcNIDgQFG-a$v@gMGEWu
zU2?M2=GNJc0bCTXQAllVkaqIKLhc){y`_@!cewefV)Gs=8%n#x&iLgegXg;=x&!Q?mi@pJ_tF
z#6F$9CRLxuu=`CJY>J1WpzM{jf>@rh`X!L_$$5G0C#T+jY+B98S3b(yr@Quwmxq&6
z1`g;IxO`b*U8F;7?NsoK7YZ)4fkv_{MPMS3wLSM0Na7%%|1Ss$QHUhm>fc(8-xKB4
z^JfY@JiElEdhy;*8Sb2qeutkj&ApReJC$Gb5c3-zEq^3-#{0|9hg%Yx_sH_R^JX|M
zWuKR^%_^#~(tq|6Pb+{VIOGbo)0(F0&$7q3UR}|HyUxQ`<3}oK9t`BjHUDb3c+yZU
zbEg{@=Q5x!qP>?&ff6Rtg?XJRDsv@E1@sN6W8=(9V=Z%
z@7IzWkRPe@G>batzC#z+_g>P->FnoQ^2juomX=^kUjZ?~cXMsZ;EzwD8t(p%8@R^L
zPfABemp5cvz*;1xVp*i?&$M^Nx;RnhSDTQTlN{bJujz?%3Adiv*{u{6Z{-aCxbUTT
zFE{8>;x`8AOuCrK`K`fnhg-JXA9##kg}b`u?N2al4;Oa)asZXcx&q~um)b942Jd{G
z-RS(*aFJDl{>S#CuQ%Twx0Asw3TL}+BPbIW^NdiQsVJQF;x`k&huzH9-u(w;X3^Bt
zj^hfFGCf_XC_jBAWhbz?oWDu$ow(~J^fia~+0{6#$l#_4VMdkRx((Bkn@HqgiD3In
zc8>SjL04lAn@TR&0QRLi=;|7HHOGe)w}h(Z9Lf^)();AgN_Qm!DZy78Seh-RbmMok
zpfB`-W-8w@8rCsQmy`Lt>Autl|h
zOdSYxj-A2}5Y+1^UVdAgbX-&wP}pBDg~n>&Z1n@9H4uk(&r09|*jHU|z
zQ`WVIGrj-u?@&TJVMB(Wp+qH4d
zyiUl+Qzpt}6XmisU+#(LA1IEZdt)@sm6VcZq!eC<80Tgh%NS9)QP)3)jdaKj7T7jv
ztY^)wzhPz}>+Ee>eXt}hx6_?~od`{*b4;_TTP=!Xr7`-RDtc3TS(R%4Nw$@g81bL?
zS)Yj7qqfpLX}F!eNyKbdchIHcLmRKxeUs&!ozhayt3}yPe{KGJGHL7x|Dyt>lEPm@
zRDIojh2FN!^7U^PV^RH8?4ToS+v^sBWn7M@YZa|cwgL5=3%t%yAYzr4+JIue>5x+z
zO2qnsJ`vbx%xW^hfgpc+Z6Ty!-LXRjKq(!>OhBl>M%a}gWdImm9hnDJvfsfHzzkSI
zQ*&L}6pWB`BzRa10JF4=3<>Z@;3vQX_mx*{K3WK%Dhww@HT~EVk|Ah1mGHT7X2JKS
zv(^IWv8l}o3?fG~^LVXa`r=Qn%RsKxu11I}KOMFOSNDP7;5gE(q!Qg?C;n?(KQc*?Ql>oV
zzU--nbGiE^^|EJwkzxb)-3C?N)n4nYMmk|jt)ru3H1r5PKHgEFrK>yo$OKo>-+vS<
zCubooc7w_EhSt@3xMWswF@WEc$^ffU_}fC{-a)Bw*fgJc=t&kM^EvUaB;C4%Z{N;<
zTY(_JLM}pYi2(*n-92jVvraur5zIjOxws*{fDroe?l7GkUayO?l#hdKY%1M!Ro2@)wHxY
zm>}&;H;~uq=}^Btkc9tvFkHc?T(Z#sNN*BQXpC>MZ}Zx_n21<9VF%PpGb51b5y;|ecxem2O<}+*b_d1|=hJ$fuT|yQ+W%0`lbNf@6
zayK0V9QsATwnIgO^ZZ)g>HJu}gK-K+w5kuC{$xdb)49UEEs}d|7ViOTI^q{2PdY5b
zA*}2XVgZ((Zs}}&ljT4JEdhv8OKCA5AD?=Xq5U)HroUTSY}NVbj*bo#$F0N}{@oZ*
z(MU1`atG1#_*~%54XYUl%HcWz9eSE7%~suo%HP@6(lRyiY>+b8HTB&C?_>vVV*RP0
z!-rqy3SOM78iDQ(@jaxODD=>RQr&GDovtAm!aF%dM0}0jsWN7is5|t1XE#5FUm>je
zdhS}jOS8Nj`UPu}4O1!w)vjkL{z0ipq;yc`RX
z4ru8(4u;L
zAthxG@H{~^eqA<);$gI93*r4lv2#hIz3xMUO4TcmpbUky=Il~kc>x85agYGliU2uS
zb)lvz&LwWK7sS`taeBdl@9NTkun_L)I#6Wp)5IV`e;&%bq93D6S*&^h=0=>$!K%4X
z#iNIZk3;k#42$aL_hlL;Q?jrps``XpXl<<-5)D~kh<=2e#PBZ8jBX!NoX!$Jxm^tg
zw8@tNFfVO}dGn@SAGrBW9v)?$D5!6lsMD|`4=?%wmhS9){1>H1eM92&f3}Z@cGpq1
z12SPeT@ReT#Y0lzKz2K9trz;#$8L)wW1*&haX9%E6>@-H6YVuJG_+HQ255+0@URuA
zV%N>`?4&GEoIsWn{nU>>6TxH*k8O5JJSw2D_}yh*yW0zk5}FhL&jDZb!E;Pb*_fU<
zQsR8HI#i;Q>7d$PDr~p<*a|TYn_LTI_8F}OW%@6Iu#4+YYfAf>0xoJcg#mj5~@X7%|E7qk3U66Hq>^HMW1F2bT6
z<3)n}0nyg=eVSvT)iNoS?{~Q?9k@@s$Bu#)xvEBk;TqgYW|{Za3^K$}cyOpdE+0Hl
z1RV(q(&AZHK|z6W_@`VCcVjM=G}!9~Sp+CHt4mUI7WE5cw+t@6k8xh`KMn34OkaU^
z5m>f@=bFL6!N4pcqW9_KJ4JoJ+5J7QsDJw4R(5%3n&J*+eR>n^sAy)cC=#l
z8ke%J4LB*&>|e&m$Dv0x(%yGFFffpomiDd-G9<@g`w6fqi6UoadQNmy^6y{7Y*5$N
z@8lZS3|s~>8T*u;A?>5+8KnX$RrMqP=d>FqzK@Ydgf<)y;pg$Iv~+YH0rprbn;?F#
z2YA(1!?Zxd4{sPA3>}1w@DR7$Yve)Mp#lqMFH7Q`t||*Cde9Onh*{J_kB($WHoz=H(gGG}3wM|j7`Vxh)Q#r_T1Y#(x~@XP
z=RZ`z%}%bEPnKn|MH|=~ei)9%YncD_{TP+AXrr
zlJUxey8fatSg+75hg!ezV2sJ}mTLPy6x9JA?|&PzMjXa%X@I3O_SN!lmsdHXta*9d
zn+a

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-os.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-os.png
new file mode 100644
index 0000000000000000000000000000000000000000..63ac8f881ec758d8918ae2c0c88268df22e71dcc
GIT binary patch
literal 62979
zcmeFZg;$hq*ES9}x1yk+qI9UJsB|}2fJmuGcY}0yC?b+0B3&vaUD7dxba&6t4MPt-
z-{yJVZ>{%F_||XzW-afVn7FR6b6w;^AG)z{A6T
zaOooaWNXW95dL@B=B1iF9v;cx^MCje%p^4MLqZ2>ISIl!qD%M}u6E$xDaOOQjVJx$
z={uMBwMl1(TaD=EEo`S;-dD+gKHU3+x|4z*c7x?MQD4f#FAr4-ZNQ{S($BoN?_H_423hi-@l>&mK4Wh$RgR3KH&H#Uvz5CSbbOvVZ31=U=;i
z{s{BV;7(W2GcyY)FBg>(+$Xz(<>D3EC;e%i
z9F$jv1^wXuapIIj#KgpT&UatDm}~kP5z$zGf%p;;Nt#lYa#}45H+T4joyGp0g*da3
z{Aow|)Rtn~vlG`L+?H^b*I^8|NtZ4U_2sM80n^yf+KH1f?5wn$oZj-cMvL)^khL`y
z3k!>K%-QkfD_1HO#{UtpJK)$^^p=x#;Ms6o;n=Qu^T)KeZ`a+*iml!IibJA0M1E_SjW9lD^LwdU$x0
zd+!nq>}*&3Iz?5xQ}n0HPoMRY_LR#!#Jg~K=)t*YfA?<5&cx2F+0r86lehYJF*V#V
zJ#khup~A=7LrydL2CkTD=dvPeajTlcNV~<>)>geicJZC#3dfYRG+hG&nJ2n<&U*|`
za@33SOmS>VYG*mxr_98Q-ONS7=_XoDNCA8)ru4V{c?+sqmV)K#Ch|%3eSJ6V?d^jl
z8I6r42qaI2={d;#tu9=+Ft@lE9u*}8%Vf3Tm}}qm;>DR3?Aqaa>7b#JQE!%tH47{2
zhhM9!D}!11W%H35XZBc#4P2o8V%Ju$f6+??nZ=mJ#D=aedLIKR#5NL(szW0gu?R1`
zBI1IkZH9)?d@oV=^D#)yogo*4AW^sp;uE1BwcT2F)bTo(U;Yzmt@Zu*HZr6cm*vs}&hXEN+Y67V)6!
z7Te*ulOXh_(rJ_sKO-X}n2!7NL7BkEkGW^~Z(h9k*Lk-*A(W2bw?^s4tvn`9&M@h4
zR8wF5w~Hv0N9WU>YPcZbI%C!3ro_T5?J>?kJVo`Gh@*dNc!*FKU=26Sob|WjEZ7kZ`z|2fKj?a>l@=8i-
zdXe3{-P^ZsH#2n@ki;SHdVAl%`h7-u9!)JQc&Uv`3%f^#(BM+cij33tBEHAOwE8o2
z81^@X{Ck1WzB$3u*528meWB9=T@s?4GyXl(Ac{#)FhIe$`vDUZA%hOuZZU%e7oU(|
zHd@GAS9j-MLjRr;OO2TseY3IbM;|^srR;cxIPv6dUeT2AQi=%Aiin6YdmqmQ1>nL*
z+@OCDq`sTv4
zWk4<~@G85MygW%>%@L9LaPCit9u<#nIP`OiN#6Rsza%6UNAC}#&DY(U7l)rKE0g!9
z$WFuAb_N85
zE?B&OTx>qv)ZLBnJl@wgGIAUoCcb|C&?Gu8F5G3|N~JUA*K0L
zW#IVg^W*m0Z{dfB=@FD6lGOZGZ;j{-C&!9UHYZE}SWQ+;SiU1yI6OF-Q9=j#_&iZu
zGqJYr&Io5JpAD@UsF>4sVr)8?A4&_6WPDmz$D+P_)t`j^@8qd|4?P)KC&U#MpF?zp
zkz8(0aPXCV%(#?|P0OBqoA)zi;|C1hC!8cCBq9RFSMZn=5@vdS`o;@8ZwRI5x+&*s
z)-fP)U7rHj-()H0tR}>_mq1`HbS5<`Du{+45TtlCd=|RWs{}JEDDm)&|&_t
z;nt9MV)k}+FJH<3Qe5mxGYg^S<(i~jUtiza+Pm{WC^n7%iS8piUZ{)#K|%Kg1U}t)
z?jPf(a;gZYRKRnAhfxY8)$CJCtT>J{7$2`PBO4l0-mT0MXJcbKUo2cTmgE?VX@CR=
z+hRAjsh8++M0IjPjsF_?v58CA-96FmNDT@ao{giu0VYwDR@mti+s~gbq@)U*yRDi;
zb~)tY_>v(yA#P+|{N?+{_v0m!f$ox}g+upBi&eZelSn4d+Nan3wJWU>Vj4Pm@zSGZ09ZPe}3d
zy*M{NZ+p=5bYgYj4l8R&%HJ39@$pdaX5pfqSywE_Hq%KGluAy|IO&N;mdCpw9BU@z6=NoumilVclqZaVnj~_qmbRtf1Gm?*!
z1O)}-#gkN4KA*1UA??O3OJk^|*4NfrTRO70{sd^61IlHFRJ}1NBWrP`CQ8JI)%s!S
zV3zlM^QMsq?!*P||GXem^IFMPyX~nK9uNXJD0gppE#!QewO^*KukD5mvCP@Yj)M9h
z3%{Hk%NU*nG0)gT9q+~(PxtmJc^#3e+MekKwUY+y-^QlCY&Cny&FgBqZ3{WlCsjvH)IM`|{<-&m;zI?Y*oBmBt7apOY$)?H%I$f=6TiWX%Wz
zO9Nkje-t^F;%?!?Iy6GL4S6Dhb1u^KUf!Av9S
zZ@Rs|tOYz*-o@Oxp^zljsbY_us{L>};N+Ahg~%uB{~8lhw{JOaI-X0%su5wO`@ZJ~
zKH!W3$U%@OY-}Cx^YZ#Nil5XDAxpjj>Wb=lE#$D&vTLS@rz+r`n6VaNAzKxH(%#i&
zJXyi}$9y={ZEqzaZbJsWRxx4V$UFZc=HCz+{)>Ta9&@2|
z6Q0;>iVYE(8j{Ijgw4Uzb*l+qabIO-NlZ*k#LnizSK~8R+FM#~+clH?^UpuI&Tn&H
zx)#WJd5OhP#W<{uTt`ZVhQo;4;MMYUc6EjB?gp=Zaj~x)-tlNvI?f`{-iu2G$vnF|jGT|cAZf?)SQ6bNHNvuL;Ku%W
z0s%!OV)zg?3Gn7lGiFt_!jN-xbkyN;b--G7Hc>xpoY=Q--^ws&y{R*I0B2+AMMp{;
znW13SHxEYv5IPI}GF6Eow>=tow6?zPy1Qk2a?=0GX?@~yE!ix6vO9u4m{Krvz=@41
zQOHJD98w$=SIP-VIfR(C^2WO#$~o!>&TB1bZ>g{G@mFr{`Ha#RB#_VrekP6KwST}U
z6?~hQ_trydW4*aA*8$)aO*oQwBlQ~GHmJmczfS3FPHeK$G1a{^w}MK
zNFivae-;>ACb}|pxR`kV&Ych0*({0f`)VkcQ%6Ni&BTNze6{zs|JAFPFQ;-!Q7Q0#
zX{T&mJ2SHao<}^e$`Tmu>LpYTvrbonxtsZ%dZh2~-w)4MQPkaOXFke)3)7SM<;$h|
zhN#}febfsH34Eof&hu_!exf|h|4W?}IcBIDe*JL~=6&_#_U
z0Wh+`PSt(-m#|2;?u2XcnXH3DxzSGn@3W)Ty!Q#h=?Y1FbUQOUKV2q^jJxJShIN?W
z{yz{Laof)Pn4Sd>XXM;tE$y13@^itJmyZSbf-I-bff@aH8+}`q(9nsKXrrQQERJ*
zK-QA_!Ty{xrB}D;$sfB5ar~BCo#D|gpB>GIx%B^f274Y{myZ{y`*^4m<+{3ka;Vvr
zmYC|aK9&}k8Bxq@wILz;smMO?ambMJkVlaXKIw!v148_W!+iKedHIl3V%T3P%j*s|
zw=W3={mi`w5A;pU{e4dxr<+7pBhi;`kdZZv@tT|V7GB8BwSpe=TS7#LdqR*k7i{;m
zuD9d!gd^TvM(l*(4S8B7c6LNrnd%8O?=N2@GDAvBQu3m0K>?3d-%TjtPV2#Q{R(0a
zcy=G0@f%Th#+6P5b&Jm$KKqAidD(;OnDLw9H!AF$qR2^0@{5g;r%itD4XJj8_JDYP
zyh&~{`i##_c?FX917W5(IOcB^6=TFKA4`SO8h1P=-5Fc8o>4;Lhs5zrA8xVh1Ag`S
z;2X_zsI{WqSLPsiSZa;dhF*OcC7P{nO#=9)V$AL?Z=PIS34m>~@>zXPJpk;6hK4=4
zp6
z4)>gVcFGsk@^$}{B+frjwcsOk*nE~_FR)fxqps6;F4uM?2$#<66uO$l<0hTau`A2-(C3?GsCxGDqu<3u&9ef9
zR9B0CDh(L~f{Z^w=a#6-!*X$A3O3!NT{DQ!o!X^dz`jLpdwFU0deik6=25d*WJx-1
z9V&TegAN@sxs_ET#*KluQqv+P(%ahPx4b;hMop?V>vw`_IX`L%J8KWtXt#~EW%lt?
z5)%<|#6H@%e!V-|Eb^zlmzCeIKg~&dRp4a
ziO(K+5dZtPfo${v7eajNURYRIwq`-q@0wyWGBk_klb7jTRfqfcCMH+k9m%o^3Q|!}
zM7?EHy;)RL+|bnY`TO@@C4mr4n_Fw7W>Cqk<=p)BuoKWYUNC49d$Gv&vurq{K_eWc
z*E4m;Xh><&<*~4E94|5_%@^riEXHb+{P*A%%J%9-f}cP6uQM4*E0m&e}A$+^2S85bdb`gc71L6Pf@F*%#2E|GFqT55rAoyXDS
zU{bk`mjs~aGKU
zIO3sq-Q|pA(fS;o%!oO~h!PPKK`{^x6LzwJy;Vff3wlJ;>lrc7o}6OQBKu2>E^cmI
z-gVDVo)~Xn+Rj6RB9VA7sQ2A3nU0)RtY{nr#mFG9up{XU*2X$_s3c
zijM0!y~yF&BwKTIWDYPeMqpavmkiI1?4x;#8)V&^y=$Wr{O@lTnRx$YN1k|ewm&^R
z+B@7#9_6t{#Y68`XuK{o_Qy=oivHa@KHxYHji;a09IeREd+u^Bbm~0O_M%@M#=Y5a
z!yC%e>0TQxa@{XqRNY&BU*U)e{TWy_QRONVV+1@KmH3&&=PPutb{0C-3LU7Dr4W4c
z+_j`Z6gwxxvxhT5fyb}cd1tddqO;r
zFfWxBI6x1vz=GBU)l4bf?%qhtC`
z(;;6W5dlh4sCK*Mz4Uqxost+uL8jy7_tY1&u=&%s>S+4~(8f|3go#RKP*={GFlgT<
zpb5Um#ALg$8^g6jb>-qS>y8&gX0|v?Upe&AvaT
zuBn%rJ%=8*z#s4AjUAj&#>EOTvj7VxpL{gNF6=9%^HzIiA{AjrD
ztV^Hw#Xx8)sULO$lX5n!vjsSplGE3}ka=J_?!%M;%DW3TBw
ztR`FeV&3UB6}H@5fy%OT^f)^3PXAZ3*-(`rJ$<5pkdWQ($Q$_tA!$it<2Sy_R%}RI
zO=x6}x-InhHja*|Dj3vF^7^yW<1ZmW_xboffAGE7Ut%c?^a7{hQa%x~GCV3tC5O-u
z&mFtAFwh!4A%28^aw_~5`IG<%W^xNl%YxD(LSKAlb8}i++O`2?R-E@@caq6YS_t6z
zh9YXTTy?C0WAXfpTm+up+XoxMKFSfCzY=p&_^=!>I0mM*s
zydiwD*?<+B>-Ee#=>2v(VwPa-?!c
z9MUI0p9AHIrGw7jbfSz?TU*-#UDLTcS#*_V=zIbDX`Jrw7|plcs=^_$OF%51zdxrz
z)AnGL&i0;)PE78Hh{l`46|~-p@*r
zQHhC(^KAWTax@EGhqoM8Ts9|m*z;|s`3LfJkoAj1W+vUSeb;MP;(z?OohBdm%FgZv
zLiFeo;XZ@z5FtYkBTH}|@+c6952Z4Oh{nbH2|$*7BD-9*yWO6Bo+jxw0%Ao`~q`InQuim%0#{-KLNE
z1}y4@Y7rIrQkBkU|08%er48V)qSY{SwgKfm5;cT(Vlm-|wQ
z6NH=}+`04fU0zaeGQ({Sj<4jb>NdFF$D_sO6t=bnseMY5>lEYV+~5BE;h}e5vyJ67
zm)F(3Z9q?Ja3m_q8e-HQ36b}@zP|pqN*;Z~XHpY1s+u-PNV0N&y%iepm1py2t2!EH
zBR!;OV)W`GCy>3o&JLNzN-Uen6hx$Fn?gXBs@R#+pOOfY3Zp2UeG016|p<-VGvPK6pR~m
zPovnh+O)b;fiI#Ia)>r_Nm`jR+Tuc?Pyzx1x|T*Ey{4hz;bbLFPA7ZAuBXmBmOtYL}x3IKniMjsA4fA!TLQq3bvL0=|B|_VMG#m$I+2ch@Tj>1m(C
zJ(&&XdipJrJOMmQC183jH#gT|sprGSr291n3I*WY;bTCRFfcZ*t*gT)BqRi-NJfqs
zmA>+wPDe*)V{N?j9l>(MhWVB&I#R-oIeteV)EMMMRWW5d^0W!@AOjfAHi?65!Op8)*@8?cF6J%WTj|85
z$ue?0{IY2z)9y)@c{emPG;L?dRN0Y`9xLQXxzp27b+#~0$#IRoW?(l>0hCFyCS>jJ
zFzoi!(i;#-BR+oor{7nIhK6R%f}Nz?$kO0BT>FJ6p3gUtyb)nxPeHtX?NBZA>Q%id
zPqV4j-?6b+I4jH7hsYGVE3QxqTyl1HCV98nWC7WLp(DNyczKuoate@e`6hiuSBGXN
z%Iyso4dWKXJy&iTOLAW^HU?c}dpMF+Hc7}2sA3Vmjmxy`BBqZw-bASDudVL}U*Rg^
z;$%;MMn^%@K8p~ohpXj!KUeK>Iyhn1uQ8Flu@uHgD`rROQ<3N>*H6kI)B;qBt({$c
z=VU_snuUCVh{WH08O-9J|LX-<4|bjMk_@Se+UgdUf~@I!co;9_dc&NCW@3_!B*#=w
z?}O`wVGDP6cQ}k+LINJydjRZ`mX>cqb&(KCNdbY7cTlN1*oh3kd>I7oYu-2?qScR$
zW|dI#fN;xYmywYH&^<~;CH?H##|%aJs2;X?5(RawQta|`(06D9QHjDsLqovbeFL_Bc4g%iy5`iz
z-kwoREO%n0X>6?GKcy_8us^+<&WQTuc?B!B82tvN&~|s}&5ws^mX3N~P_xa5BJ*Lk
zu~N+Ic{i{d9BrE~NhvEo@F%64X$foKc|Sl2%=QWOQ5ZlyI8p*$Cjwp})OyA|b|)^q
zrBBfACWVi3Pt4|th_;CZqQV=XLD<~fWtHZGs;fmwNJ3NH+@fed
zwse^O9c%hrb>aa^|5=#bYr0zzo!Ruuoz`V8prD{Y8xbBBBMtJ<@=&$#c&T+VfNqP?!Wg*A&E4I5clF(&;i>cUZ<|lW
zzWOd=VzF*fP*}*dcg4}p?w4}TSna${JKH>*?j+%jsbqv$)h5SJx@H8!BFMk>Xmk>g
zg?pJ;i8)C_OG~+CpC^2l6EEMsy&*4O%)!mg$aJiqnw|e+Z4dKmFh?T_%ma3FEqZVS
zGjx#nU0rMf|2fTfAx&2~(Vc}hn-Q(BR
zxSo&W59FvIq{Gp?bi_eKH3o*pJbhIX#E~r89ZgqhHuoPLZG4aE{i2gBc~Y@L(bw0v
zxwT){H53U)0FE?r5ntPI-AgR0MGJ@z85#L~vW<_E;D#n=H8biYxjAx$d_=nuXU=+WORvltco
z?A((0mc8LZBN-611Ra*HIhB;$ym@m9gDzOPz&yRO^8T@u@%_)lxh$cNa-Rzd3hA3T
zbBdiS<_({(o^0=Q|7~izL8s*uT^Fby{81(sJvi!Bu=4kxh`~-EaYXCu&%5WDnVBy^
zh-To2Na)(cPC^3$>RNjXI%t%Y1~H&c)e*A?FD8?U8xD1-U7;6=<}_$lRwZP0)r3nb
z$j`sW&Yt(eKh@^fuVg?Mj35O>&O6AnuU5lKlpey(bxTv3@T<@Kq@20YXSB_(zB^?eR(0-zEX
zhO0StCjfvbu|{_Rf)@0cyY!~{S4$_W_sh<}ccp81Wn~rL)z02yi=%r@4X0|KvS^|bx1lSvX29SvO#=^!q3>+`D
zywA){Y;Dc(<9Bi;U>{QPBT6xfw5PpAy1??jAI_9}`}W(T1wrpKkJJQ)K-8x~gTrl`
zreM#Jo8v(37g?>V+u3*brbsK&($U%4*xWv=cm9>d{ja<9U_d$?CIQfc02Z_F#pB-c
zzYW&O?vs4%TleJk>uYE>^}kT;&h;!tNtDT0K3M%0yBA~KhGF+#zkXf)Q;yBZ+&l<@
z;18kZp8>grb?}#|rKQ$JmObbvdMCu}VB?{AAQu}9+#d87k9fP`=(n(LDJ$vg-v#8E
zsy&No&OA*JZ32v+-y&t6xz
z_V$dng)xyriIT|$ee``%$rX$8;C2BeBkjlSq|0OvX4cj^CfI9!+jQ)oA2UsvTM0UF
z{lF5!Z-VP|e;735d0io8x_kE{K%T97;#p4W5T!)l;f8tb_O{vO22UvI^+2Is--9)J%9%B3F5=+$m{}i-_1i!=U#^C
z)$tw&Pw7{$47W(p{fk{S;La%k5fM~gpE&d7QE-X;
zu^6Q0P7dpdtKjk+yIG_4=e*}EFltYGYw$YCK}0N3w9@(d(2nuU?93NL5J8~O4IYb;
zYtV{Q^K34ROQ3bFth(w52n8HAZzDwZ1&l8e#POX5WM$FF7r!sy-quHWqd#8-9DVop
z?Js#XCm)l%)usE5I}er?>UZPaBq6Jz}w@*Ni&nzrRBE3$7sQcMGUOROyCiUiddrwSG
z2-S6pBdP;t!8
zO^eq&nq(^%TN%gzlau$^L_R(ciDSj)h)Va~abII&WAG{!a<5a?&&McIVwq1I;mwJ-ZT}1l1pz73FydQm`P5mUz|VH2XO!E{RdB;l^0?TPyQ*yqkPnvz
z(fk2^Vhf9D8A6`jWn}d2N~oM#URE=vD>fgjZybyO2W8B5l|ZNi_)`WKnS&mkW!Ty9
zW(MxG_gA^v8-w$yfRnT8tZCIl#GNk>xh0wEs@D6T9R5tH!4)t}cLMaL9JcjA!0zsd
zY|SY`RDU)}^jaw_QA#LOJP9fBj*W=81yu`xX8W$>pw9<_EUn>d*TYu3hlWVtkf`CB
zF_2+qSKhvBE-Wf;Y##Rquif9_(mReKfs(lZ8t5HGL{ztC5fh>g582pqX+>TSWUxOJ
zh+be-&p+_TsFmvr;(vI0LRXMLa7_Ar#X<2c9Vw~R>R=qG6jP^IRH_DcBU(c>->Q>3
zlwP#HN3UV4hQm%BI{Cx-#iabgKflbe^iWWzHa0?&bQpng=;Q8#qI?_D=^xWK72&TP
zXTVBECSZTW<2*TttS@byZVKEAQW7lrTv|#B5xg*q5KjX`;#C?xp3|W+X)^enHpKKa
z_B{>?S
ze{2mhT%nd6?Di|1*As9@8^ejcPJ7dW+FZ~!D8!vpXLO8L
zX;CTDJ%LX^c7v<@DfHh=3J*3{^Ri?OSU^BbJo)%fB&*gdNJ?@~r&5=RfT)7@iVJiU
z5(cr3A^2c`=~t;;W*3LQxb7_4ZX5ms@D_N!LPoA{AjXq>?p)>M1lQ!nc&#>T*+)*$
z6P^1r-@JKq0;;x0rRntqVduJrpCWf<#_2d;6WYqMRyu+MR(=_n}WBMyj%Y{?ctu#a(p;OQQI5vjxnHBTc=#DOcOVWbKC)H
zHZ(DXCRnSxjLzVdVg@(Y!Tz`ez|+X8Dv`5;S!XCOkE<_fh0fTYzab=@LXhq4x)Z8)
z7NuXw*LQS$foko(zqWuy4@bl{PfWxYnVGGjk%$C}w#C#;4X51HZ;QhdA)>)L~^{boc7#rV#4h-)|UU=|3j>CYz~twRJr$dQYO|P&{8$Pr0JOK1;F9?Bb|
zb#`J;04!q7%=+l~D7cSo#g2E$z^vR>QEa~K>CSLOO8EuwZj_2Az2}=oRW6oq{--|!Xv>~er$aQa
zznGx|y&1Uo??65QCyNk>{|g!ENsZlkZ(~rQ8;ti8emh`;=CSas&>Sm
z0nlgbca?KN5|}f=q$sKP?;itp>^R%>ecRrwb+BOeGF|=(9bY^Mlg4d0RKxIa)Uo8G
z_h14Wq}{FEO{n}mDQ1fOyEBPSU@7J?wJ8wmFV=9rc(o>O5Scr(oSrzf&X2wgu3I2c
zG&MCTPira9)wb<3caT%#$KCeoGru+A#=5$y1h($Gee&BHj_d^UO#&2$zEl~CMAr@1
z_c|^HU0|GKO7gl0n8Von0N=X$P)Ir;AUY;y8ekQIUJrBu;v}yl+j4Ao<~BP>sboy@
zQ`5@<#g2{EEL!UY6|r`A`7eS__tE$H!QQYEIPloPfj9b&!4a%m&|Qe*wz8*mNip$>C&Bx#ov;yp5XC-ci&gRVklqu9^+kh+?XbNnoAtiiw>oUthx$w9HPe
zz-5-LUL06t(yd+QuXIL^11EGd(8*r{1NHZ%7`{bBNG!?m<4ZWU$|ndH8Mf*VWgmvn
z>*>vtNY73!waESChdey(fjh-QYAez|v|H$olN!#Ql*Pui=?8lMqJ77-@mto__Kd=Q
z;hli@*k}=pW|8Ork`y|3({pigXL;n>u)ezqYWqe?
z%01AI5D;cCPLUFQCF&u=Wb8#C2Q<)&*OAGQGow@ETKtCBH+2a$G
zZ2siUY{0tT&mHr@%tl6pSSUdIaI{yDNut|1{?McDJ?|NNVB!K~R}+-G$qlge&O0rz
zl%M7&@^hax20*#4IkIB|Fm}1TeDQp8E#NW65^k6~zg?z)-8%@D%3_Sab2F+$z~|Olw1xEg`G~W-rS3&;k3I)9!Xwx++_&BVsn3g0cb*A
zrCkV}OG}isza-EcmPf&M{v-GxMt-jA2rk#@nD%G5IJ>^ydEV3&6>;a)>{Ek#Nq4|A
z`QgKsbgkq4U>fYdfJ^}XZqNvRgsu#78i(GD%&nRu6c{jt4xHzDrRc$<>W5E2XoFko
zP4oF%R|oug#ZH%SxT{Ua2vPqE(2akV`wusLNnK1W-XKb#9&lP7IjjusaP56rxlY~`
zFv~(?6%tE1OxY3qeCvc@2t%QbK+Iguz24@P!xYjzdO&f%DWbl+e&
zeUiEZ^zb)qx-2uVWzSTl94>LUt1{Kge6WJo9vQ2$QL(~rTHBsirM$ckrrM77JY^9?
zov!5T*Bt!lw|n_<7kxkM)18>1f1b2CC?TWXje6a(cXnPZr)Y|bu`)7hR8$bxST2;X
zw!o%Hsdhi^w-W>tIhDAce$29y(|*C&@a8WIA+tHx75
zw$a897v`0a6DI^q;~2K1{mQI*qpVk@zP<$3)uQEn>kWepSy_*m>}E~-(?ZNz3cw2#
zohB?Gz+v1$34B~fG$F$eXUzC={~}2wi<*bTcsT%S461q*V1WU>hYu)wphbqGmGjtm
zyFmw;u^3akc$N0$`dG26ZT$;H&!bnRI&WBP7COxOML^0^8tN3j`0wVRicTNM%3SD?
zM+-}He__}MfR<;Qa5z&~xP2%b0b3xzmDQ0&1tof@VI9ut#w`iQ(dmYA@GTJS*iHR-
zYB5?B1E$Mn7|&ACaSxFUVRL$G3KBB#BrsTNI^dB1WcKOv_I6>R(K+h(z)pH_tP+5>?Bd<_{c#erCh@s$>-Wjw?jIS7^OFWc
z6CJh0&&Md3*-Og*^rlxBNxgWHQUTE!NfYF-apM)(gpATEp`Y3<>W-*nlaXnE-)M6m
zj0~X1)_;o9&UFxjlIDi?60WvJR(DwMRaLow4J_&j-8q$E^XOyZSx9sC-`V6@qD`nnUSaJtoS`V)p9%mAsJ8U`WhW$D20_@IA*_?ma%
z?jGfduCb6z0<3H4?mqYN0a~4yV8*aMvJ(VOpcMu(K*89^v}vhbIbi>L6NYNeYZIpC
zG%}`0?6=K}ut3eMs+05+l^J^&tUPq?$J>0H3R$egYO?LbRfpSV>W5vk0xnOZ$oT4_
zz5RKO1zLM1h<(9k-{SG4y8|+N?;*Ry`JCmPr9#dM^F&`=3(i+v`c
z*-u&xQ>QB_;p;fqB_mOY_eo8?_2KCU*%+aaG`Tn>ce?Xem%n8Mdpk-Rx+`2+OUuh9
zkpnz@{14E-#YGK1+|kjqvXX!H>>q^qKBbwN*|`=T#)z2(nWXKMPetN;6dazrgXz;}
z{}~mX(~)a9H7gVU&yeY%^W)=rh5vl{KmQ5yj{bjPhV=g%*Kim>#+2(!{ofJY+-Se@
zEjOm=inp@BI>7^{ya1D4)hM(7&Iy<6!+a&|a#`-p{(vv=XhBANKK}2R?0+{Wj5=NN
z@&Dee4BPi9H~!ZT{{JWZ--U8+40-2YNOW*pth5dJTuK3rUE$-+W
zwzN@w$lj}jPg`{wt)*T`#kaUvsM(IdYNw|*P`DbpVr8{1Z9i-@Y|f*IFy
zC%sA)`voS%*UE+P$2cN+`bWi@j_pskIIH8ij&K>Y?;K77^OWW%5pB$buaAU0%7;g*
zCOk;i1?o_&wh?EI4APH_HQ~U=Y`dF{1-7@%NBXYX;wpZ*<9Gqa{ir%tbIc{Y-|m?-
z?j9wmtfKz;zrpe1EUP2Wp>8kZP{eCfGh)YcXyOUkc#x&u)he263=IBAq&Qw2pVd7v
zw#4{&T9`6~iK#j;_<@rI<>lTN@c_fHb5Le0B4$PVdN0m8eQOK?*Xq(r-fi|<`f1OHezq+ZS^l%(S!YW81aJx1b2#P|
zAt?(pGJ*$(C!%2_S{0m4!AK<1Y%Jt15D`E-7ufb2!^IrxchQ2edvkA(xAPp9X604M
zF0yImn$ifms&$}+Ba$DvKThb*b7B^9nfTCoSXP)k`>==gC>l2<>5L-R?OFqjg2`dRD?}jn#Y?0WOI`5av7xgPyX!O
zbV#uD|MbS;SDo(PgZJfxMLmZMcJ25#*SmqHk{h0G2l2SQ9*dh>+6a&68ea7B-ta0c
zTE=yCbr~9JS2dk6xMLY64Lz|4oa=qFxIYr(Y0sEdj}3BPmzKPpOZ@k9q+Ep@LfA-Z
zk*?0u+SZP?Fd}c`cvNIwMce|LbKG)0tl?c%GeUMV*lX>{(8}5z8@>e5O{Nj$sE52LfM1cQczAt50y>%}T>)XFc?(b1{yR%52Y
z`J`K{zIC$GeFqFtpy%{X-1?tTn3W&!KW1iOsR!@Cl#Rd~^J@w=%`XcJ#(1^M{cyAW@#8n2deLL5P-<8s9~s-dMK%Nz*{Wy~v=Z{wbDkmy{2M+vqcR${=MhrXJ$LEc`>-b}I-UV0iHE$g
z@(J5Yy{UC$pu=5ij}i}UB4Y~U
zWF<)Q*uD%qsqMb5l#PDv2S0tIUGr~(7AotzXP#T+P)1gkAD>oGe|p?p;!C)E8v$AY
z&x-T+{GFB62u817mzjG`YZFx4L@Kbj`|M*<6G1EL2Z?K@R#uWjIchBxyfR**HSGtW
zbzRe*sG@3OlFq*Ls1qjlN_Cd-lwgfPj^upeiF;UsBp
z9mv*(_r)_X(QbI5+jazb#vAbAa9?o01zyi@k*uLfYsVS0
zJ){Mx72;n=G`>H)r)O@??6h`3hRVYEV_h`ghQj#BU6=*zWJR4m(7J%`?E{Z9S{~&V>{wfNK&Y1vxFHZQCG5W)}Ri&k-maAwO*7BjRLcYH}mtD5(Zg)##
zPiE8x8lrY-dHF-b^pj(X
z^@A=g=hh^5QBhI5g1%u@&nE3v+t+X3ehfCFI%xf7ht$J7n6bU~Uii5g9FC?x!9Lxs
zFuUY>gOln
zvKOK9xmu+bGAHBeQ1)+ar5xp~`EXoctH$yk1k8`pJbqL6wy5unkn-U6oV&`&d~j!P
zvIe7to!NY9J!8YeeP@2@tFn-nQ|c9{=Fc(7;JKiS;2Z!x)K8T6FE)QnurYhb)ojPO
zqknlWJSDGY`_(-s#n*iSd>Pe1m~ICkA)J254PVR-hX^F5KwYhMx0vK{%$(qU84Hmg
zFkWLzgNM1iCJ{v5%9M~|H1M8x+pe0ag;iAaAP?t80zR!e{ett@?&qo!ok{dQEC0cS
zgzQvc(oJ*FUh|$3LE9*d8StBEF5n2muDkH`iZiC7%vOi;ni-G0qukZ#g&Z!4tGx~V
zHtIaZB-1vpkH8ds{r2r6m=xL?H{oUsjg4o%^nSUzI-G2{PuJ5~N$luYyzTA*dDDL)
zN;&J6`OrK4!|i4%M=k+aDTLS&cljh(AD(JkX}=T08hFwkkhiWm5qj-q5ygv5eo9QF
zH|;NmIhqAYTsaa=X;6=C%U8
zMSgoUd85GY$5$`U$5L_Jrf+`gmuj;oA7T&C8?g}+lg>0j(W|Q~-~6aMBZ#H9rhs?*
zRDRv>;O00umKm5=)R2rFs$Y);ucYzp>hd#e*W#FM%1oq&a6|-w2gP*59`zm8h=iJ_
zl(PuV+cR&;962KuYuHgXZo9%7JHn~JK;%~+$5pTUm*L@hzNsiJ{WI@PAuR60KYyx1
zsa$&}?1Z|h?f`&1uagg8s?gah@5{19p_Xb#e%2|rKTVH9AfByP6S`DMau7X~{^TyG
z*K0I>v$oA&RTpoeCgx=m&?R-W8q=+o~J(ZG2Zsg
zI|qJB$DSfZ^U*s^8z(CtvsFTMeb@jFcP0CBQ2YLNVi!G~M0NMccroCBT*y?Y!6KF)
zp1VlVnTQ92QOM*CHwvZ&<4}r6J=)*a_B8oL8U%(vRi((
z`y%uqZ`fP$!{?_%%Cwjf;EZF0OO^J3ue(Rkx=s4sR*>Y^i{IL6Jg
zvlHc@`UBSt33L>BT+7!5z7|?#uv8Cf$$KvJ&e@$uTsZ$QsQA4djwE^veJoWU_QfX03FT;!T
zf`}6^7m&$VsuaLQY&=nbvFf$>xm_C_9t+uwYt`G!)<&d`P2QZD)8EeP&WT}b#g8T}
zdk+{Hi~?RRuwIa_lgKPtgF4V}6VF0%Yp9(b^0rSx2854KGX1%}Kkd-L>Es1=kV#2$
zp)hX9xI7aq#!sI#BSk#NUu~qL(ab6a{X5mUf2R6YEh9Sk3Hz-dw?H5lT$2bht){UN
z9eVrCdSFVtD=9c{6vXzK1#EGLrbs@zyLSlz8da3~TP{Q8nD)xIjU`Ln|y
zCC#{0Sl3Wo+~4aO5TSSh60~(sIG>KQ;f+N*TdUW%8%?Zzp}HQx8g~MsHXZw=A7)3*
zWlqx$H#g=c2MaCxvA3UBg5_b;F2RV9-4KVDwTEhRcYf+6{^)VOr84cj{i@ezDy+W#
zp0bb5lKKxce}Nqb93N6+CH$LVxfVydvZ2OyTu)Qg0}mPf3~~$qd?+{D^Kjy*(%m&R
zB?SSdq4{plDfz%j&YXLyN2v^BX6F8*we6=XlSy%bT5Kdg2L?Ji-vRJ~3%?30HTitk
zNVs&H6eVAPXzAIShcIqNk6U&d)YkZqet{@q^dOx&4Lr)w>2$>Qru`ekHgS3R?y&LB
z#zwl+l^x&qWY$}^ZZR1sbNJ$3b+uyxpbQ%B&dw9ji63U21xGEUsGFt8vPG=&eMTa7rd*E6Ydx2y&T`eBqEqdjxU~|Q~GKPtU4|yKNTN!
zrH({C%AvD%C{{NVH6ImvLw>#Xf~i5W?uT@?npAXW@Qz+sR8**JW`J^bki=9Ci2{Dm
z^)ee98Q)5G;Tz>+w&l7U{E70T+|JrBbngGTM{Yr`C7C~z_dokUYLIWhLgUmn{2J#R
zV^AsOQD=PY3yS`bb-j;@SP#j}KdiiDK`YwnTV&-!Gav+@Di`m>q*VLtmnQ&1
zZeHGwio!yI9?=sW2+-WCkl#2tJ5LQi@m(pi;eYA@Pjc6Jz5Qdpi|Ky>
zr%ziTS~t2!0TK5Ny{~MmOQ~P!xAg2b?*J@Ez6LV%IXGJk1q~|I*2<#wQ|ZBp3(?u0
zql1YD7nzR+i>ey$9F~e!+I*PU(oxw_|K|ShLXeUy99eVQ>EbH{-FnK7#%E1`P#V#4
zaS>!@X7*Z@Zdd2zu*AH5n+CFV?XFvN;aJFp0~(^f-rn1*j;>Hu45(!`!P%MwS?L@T
z6N5ki4mw=!%m?G0qMi$$5IU>8ps=eZpx`^VE$NE5o^A2VZQAtl2ogOZ;VRh1pFgXE
zD=W33CNWB>#*X?|orQqoZZ$+CbbnZV_
zcb~k}O}XR;o;`+>xeem1ba0Y2H8o0}-hb8{VQ_;psm>PPzE~KWY=m%m2#64TvFT!Wg
z&;||RBX+GXgJ_RV&D@*;YB;9s`Fs2N{6VBb1Q_{Sz1-!lF=PQ6+UJA5ttjL=v49{K
z+~8(AV{$#jiKT=3Eyp-&$VZXf*6;vky-qW~%j)$P4_CiP{Vx4V#<^1A4MEp~y;^UCU-uVz
z2!Z%F_r(|IdmcQ|$g0-w&sG7Y^!7@k+21f9R^;y9-V`hsxR@XLZquD`d5Nyeihv;_
zS}y4rBnvCBP-=btmC}zgxs`lDIWTadc;^Hcs6R>3s96Zu+{M5A=6723HXVy29?-uJ
zg`$lS@q9C|b!M_->*|FQasT08Na>QbOJ&FNArb+8|K!J!O`4U4|eUWamg^2
z0O$+Uz5_H@L`488_6p)@zq0qr`n6I%(A}-hfWz-YRTs?L;eHwR>v!>?FJI!muj)b~
zb|WJKeeb#0R|k#Cup7Z}XqNeiAbA_W=K&Cb0IjzfeQOSBg?)-LDB-Q)WdMZx2V-ws
zK|tdR!}ZY$;JDsKC;~F%H|92OI^IJ*+i7QALQjt!h$cX{_J8ALu+nO36!sf65p&*m
zufb38yfrkWgGIJo+t7;uDW*jJ6#%%~3R&1prUPIMfk{IR!F*A&eQWL^1P(y#0NiPU
zCX%>-vV;~!nK|kAN_NKb1EV7CMM|xRT`109fIRMa@7Eu1S$Sh_VPWQHwu&2D^X3?%
ze8N3w=mlC!)cIi>UPL`q1OQjuQCdDQKQdtk-0bb`&41qapnUD?h$2Aa`5v)%*!Lj_L2d+Cw}H3^$l99*pw?&L
zsw^(1vA>s_T|vfcNGfjTc{Flz#3N{cys;2;#_HCv6`D-D+M&BBa(oAnJ9!pV@ey1L?MeF
zj5wCN>C|UTi>J-aQi%HD;wLDGy}dmqAeuD04R5EEmk-%7A^Qi?(ZvZHD`#|cc1k|c
zV65zRg(gUZf2lKM2nk%OksTw%50Fb(TwFvw&S+zx-J;M
zOPl*CaasM+HRx*P$VDAplivp8q}tDn@Nc_N}TLyvs7!=c{O?5H)8LP<>xO&tGKd_0ByUAOeUu#k`|Ao(YPULj4QSpz=;_rI#^
zR$5Ro80_}E3+aCMAh8RYr7hZE3K@_K8r%>(2uZ98?VeA4rtrx+-GlSlb_;FU92Q?6cOT(JE+wnIu#_EMR_=z$X;A(5>|3$>yoE
zTZP!_soLf!wXkbY;z?8ILSyHbS4W+jMXc4Qr3rddbNTn*jXB!laaKKu8$
zb^Aq->O+Wp#Z64;ea;UZ5%-4ieEfiUbvs=U3xyQZBk%(XzQ=Zm`W~PCi*GgF$O+S{
z!HbQxMj*gEDFX2iu@`blQvAxt(|j;3M2-0MSuX
z8u|?ok)3*k$~4U!*^ZRunTZ{uu&@qJ_FO?-XJ*G)RO30U@ETlNT&zcipkR6H_RGG0
zy^^?Iby2&QXE)Q*6@T{Is#LoW0(|#m*$q8laKRwV@uH4j8hxarf1|HAFfYIEr3q~a
z`sR@=_H-tWdCj}yo+IPX
zx}|%I2a3P5tV(~|iJ>$^;UKqScqH~h6{Mi?Vr9`Xl`(@GJ=v3JFt}`ohu)k!?YIfs
zSB=?M=-LY=mRl~Dy#Ly1ddKKwe@(N_M}(U^(o4m)MjsENjVH<8BoutMyR4cY9y5H_
zDZ|zIYU8h-3()2sl$NltvKrmKUf_G-gY*-SU!|w~@$fPYlx)IB)C$|_JmFR8Q}2dy
zE6%$+&F$0m8;b53op+;{BBtw`@CAZ^qX@g1&aRAfxdbwr8RTNpEb(1eYV@NjD+TM!
z!o$N0TsQP99>mzuV*43z<$nE20xD%GZS6SSW~8-w9KxwQb|Vu?3tIFahn&zO?;FCI
z2e|`jU%#r?E_niJnB+E%Sq*d%sIZV>6eusjJ0KC)`z~{Y#)jOjv0SU+A~Vej$IMZR
zh(B=`10z8H>ZAF1=mZr|@RlCSY+2-Ba@}=;%8^VwGr;_Km#Oq`fJP^m)o%nXGaxKN
z2Ru}L{YqeiorPGUd}v39EYy+BY)&SUDfY5J+a
z?1*Q-1-J3}=@G&Y$^|6z2b)aqOieaG&%jS%1CJoz6{q^YVWhDT#F2echP?4}Qx7wt
z_QNy)0z`-ep-zOz_}#x+0D4Gf&l){MN%{Ek3fw&>ViM2y5H-nbTgJ)NwfLd*;ESd+
z0s=jrL>VOsM
zJT%0?AtomFImo``2Mxf85T_xy;DXZnj9!QTotm()FG5gY+y;HyX)!Kc7DqyHWbv*r
zbjvy1Y{COT8wxh4V<+-{di59m{0Fd}p_doIc9I%gD7UaUku=w@$iE3k^1S~ad+B=F
z3%G*&5{F%klHH`fzMe7K5>iB-tN+VOD7F1}6p^DToyhVF=b!W@Y+hpA8elYtg#Pna
z>CmmWz_mu_pu_wE%@gRRcgg8y7c2Q-mDZfKj|C79%q44<8CylWPh
z)f|J`jEvY-11p=gL|gKKw%GK~m_9p3mf7$4V4i
zmE?TVW|7c$8_d|T^bYliIr3sx&m`-vB>W0S)qSa(Iw4*2sl_evEmK9;=?)%hQQrCE
zS{*m{4|biRWd69-)u#qgN56~AnvWV^RXm9y3*7PZ8x{FgF~S*27p5HXXDx&=r2K!b
zTT~Iug#Wt-@V+OWos)xw#6AKVTu+2mDZ2ub9Te}`2-_4&9Y5yha3h`s3}F0WkvAedn=UpZ1rl#b>1{y3GmaytEtJMmo>mX=8MJ-vdp
zwRKYf8a9LzP+%0SV_ShXHa51nzTSFzwDUSS84uyM*?`{n^XJWjkAGg^pD$_cwA0c#
zP%@HMQbMHi@$u^{vnNl|Q&Uk~s;HpdIszH;mz0*GeZGJwv(dcxNDf+bLX}}iyJ@(^
z$lrnZYu}jesJQBwf!$HTlo1<H6C!x?@TSiEBZJQZ%$&)e`~uefxj4oqxv(jj)g|
z7U)I@Nuiw|_3eCE9FX6IQ1`zS5gY~+b+TTCx3si`@FUfCLlI2Gg=<0hot+#YQ_OI-
z0lAWYPE8&f0t#j+`V$;#(YoU%LdVuWg$>?Qy>;(J|Gii@)Sw_KT>@hKnV-F*?{R5q
z32HQS@n?9-X+;Pnrf~{}j;H!Y{j!IT@UN+CI``ZPTc)t@{4Rl*dE)yAav;AvVE9LR
z8i|H9;nyg><=}F*muAfk6~FY^WlHMuUWq
zPlDAGQN1qZI2Q@BZr3upbN>mcO&J^fMBa-D4I4j|zRy$|^o3M-9(-81rdmo-(KWEej&LIqmX^%sJxP&J
zjSL8f#G~d0tQ#=1nw3u36UQ(c0M8nLu$#4ngE%Cik0=I(yd;+h9
zed48qb#(wqK>%@O0&kecF=9kI%v(L|tADb8TY+AXTPB`yG8%lA-wtoZz`B=;Ad)NS+5xbxY&(3GH*aMTzFKNeiYR>@b?Z74bZ!nftFzYp=ZY^)dD
z7M@u9G@VjjdOcu1gv;0WU$+eZGvt19)$6n19x8XBhbz3{K1+b8hmx99V4iv70U98k
zb6Of5lBWijEkB&e#cPA4Kl1sz>O*!f3wq|WV`h0^+pRYh4YPpEtNbpqUfpo^n1dlRgyXL-cNC;Tdsuq)YL?8v9e?N#w
zCU%toxyf#`U~
zP>%AgqoWauz_~!R@Tn{@?0zU8O8B)c3D(K=P-DTi7#x|@%PG4gRUukVqhosYGa)Pe
zlJ<|p@*?doR#3|?_D~W|F0k=0+u`MYz)nrr(_`A1Z>?-
z`m|n-hk3m4dbci$*1dm0@xn`JnuINoP6XTj_mrSsD66M$M6I*nuBbEiDyLY$`LV{-
z((RVYqd&Kd#9=fT0TT*9B7r~aodftd;T70`2yDRbLYkgF{{Hdtm(Z}iPG2<@VvN%^
z-&1rJ78aUtIsnQ>+~g<-1>vpBH{2#s0Oq!G?Pr8v>p4bifXiKlvhEh3oSO7&A=9a)rG@YVjO~658x9N~9s-=a$;d-G
zazZv`Y0S_QdV}zI#}v)?f#tzss0g>(V<`^J3New(TgHsXVs3PJdDDfnlVqpet9H6!tZ^4VD3(X{RjR{~`!9I0HnVywnokg{
zeC)lP`n`&5WG_UV~(ZYwMwl
z>*%^?C{a`JogP2b;%3HA(2-fp
zrq*!|>$vF~CZ<(0S{LrFP~wbO?m$=sg|rKQ?*w(^XK^Un{9fE-6q;M-JM>xII)z+8
zE8Sm~=gP2cXeSSe00B#^6{RVKE{DdD`(e*ric!(dM_TDJL3iQ=xCmtDuA9c=*t+ry
zV9I7XQqGE&kFCEqi_gPLy6tFee2vIxeri|0HV7oHOhlq9QM?Cx4KogK@&XxFurcMV
zzMF6oX8g&q2W`mf=r?a@UqJgRN&Ne7vhLwu-rd`mAZk;oy{bf%A3r+cNrnNbHU$)~
zofu{W$kNAsPw2beaiWHq)?P-Kyp=S1&4M+Xdj4_8N0nO^>z1E?>QRWM%_sLlhW&kA
zcFn!3r(Y8SEsl#Oq>k2pW;7opJ`(-xg2!|KqsXK8c?--4gDPD|CBDx+
z?|j~sePVvv!^rAgtle?8xUmuSSpC?%Yq7}srWVe17mo<5RL6^Z^1BE{
zT}cx3{hreKbBEW2XTKL-7xypil4MHE`Y3TGyA_cf?))sQmA%jB$colF
z#hzI4=knTf=eunoDHv>CmV1ADnM^a5Xx@z`vgscQpOGtKO08tgKGb7jw5tQR+jH%|ow<
zgW~m)3*tTrH^rP5sq}ReT{t0(7#arLdSk;Wkf+(`?U!eUbAXAbmct~utefH@i
z(0Ed_56IA4x{6cE-QP}__Vr;8W(V5yo#A{@@eRz~%D3k^AE=Vur&1*02+6VFiV=7g
z@HF;c3>C(JL6S}P{aGzB!V@Ui;75v#^y@-+bnx#IV)V&Ho6cveV~WwIj8nEkn8;1i
z7~=#ekj{>iwb|Nu)bXE?7RCz``8xD?2O9V@z{Scv?)Wef>^SfGdb59`so$s)ltQZ*
z$B|cdDR8zOl^enjQ2u6%klyq{Gb2312VFSv;u3=C<9us57X(7dba$z@J{*NzH00C#
z=4iZygE{1czg~QSdN6#^5L?qD;h^%;^}QGl^wuX2FJV0Aqg(%yjQocjoO9ZPqHSG^;GK;TzdAeA
z7?zC!zhE=P$6fx5j+X$|58(B!UDiEA9mebvS#$_9^DaXvBTUPk(6LWhRAE9GrC7}9
zeBNT7#z2uyqCrbEM57MAwpe#Z(Qunn_=q&^%8dgd;~KvE_ldci^2W{6lV_U=C#vga
zbLXe1FpFwH%pMY4!y;5lL
zPTIz<_>Oc`jNWR&iS&*K#FjjJHGK*QNBVNIzDE*McoK?bFIfJhOz2J90i700^=R5NjNp`n)
z$G;>cfgYjsXNub&o-gR2AUc-7I00sxr6K+(Y~V`{E4k0jtZbwZNLP#iggCz8?dzA`
zLZ_i^ucfTdpRa=DyAnvdDEQ|xxQ}2@a?v4Ias3}QmD`;ugKj_o#8^!H@m(R%JVla7
z8d&j}dVkd0A0GR3F7A1Rr7>Nsj@M9th%#6`H&QA0552=g0y_d9A_BMXYxuU`5tqla
zf?&ropqq8uAjXqa)6)4`^Jvqy9s;8iKXLl;v>ZS^a8I=F_<)|Wu($^Rza;LVloUOZ
zep{ttMN)b1?QUOJgrp<_-W$5SsYs2$`MZR8FmiMgQ7khQT(+3Vd%u2-NYQlkO4JeS
z{ztkrqYqu?aIzpSNQ3~gLfRLZ4oRu`1l&@1L`xc_MiR0P1bsJ~PLv7y>@#xLK??!Sts-$e11~56-a%GzzwAm
z86%x^shB;gJL|e=Ja%3=ee2rZLv8L7>Fg3IQ)@w$z>eb1-|)*d%Gt%h+T{V$!J%1h
zix}RM&Fv}ko`=N?+Qm;^6uB>s-gWva#T?OO=1|UdpUE|fE&jn<&$Jl-1~P&U(l5-R
zY2+@L#D8)h-0e(`vVQ5FL($=353?%@
zy%yX?B3ZK864lx`vC2HA>atqIEUffzVsrSLb6e^^lQVR7;*F1gD*|C9KZDlXJK`Uw
z{KQhak~gYF)F`ERT7_AOO`>O19qKhrGbP5U@qeOd5xBfWy=-)~$Z_#=n42t%
zP>L3T{>zBKlQl8Q_;OpR48I@&&)$5RXZb|hEk8g?X22R;?!JNfA9QW8nd9r829
z_#a)IPm}>!5N=6E1_{XR(?Il#kRQ?!uU@6x_w*E+o}O`7O^<@+joeVaO32W!)to!9
zy>|P2(^voAQkr!6LXxt(FLR9S(HVviwn<_zZ84qc%biZ>+GL;W^-Oq_CD!1Ee6==v
zo$rrhi7-l1YP?KYXXlHc_+aa<#zn_bdjS;L*at`~ycwpkQ*dJ23)6F0Ep|hRQnX17
zo4)JP{rBkk8zbkv0vxm`)A$0SvSgxbgakKD%3olZ2PG5Ue@l3!=r%uI^?6~(kGnU6
z+J4vCzJ7261pzJV34MGGANqaoH1cOlOP-9RCh2J_MP>sJT_-8N&D#K-^}qLsNLhGG_xTT)
z&wMzQ{{^CieN*R9Dl0-@mmXH3){!-Cc>O
z(DT3+x@0;@oGVQ)9bQGGyx0E&9ta2`+2`_F5Qu{c1zJH5lTmUyay!wJ)w@SNw;)c1
zCV3K;*#}lfkduV&NbdS7Dui(01nO5%b>8``TXD^!Ms%@8AuNo^17hqD$RMW#XYx&W
z5$0;-htOcW7xNWGvW+l6#?TQJbXm<{a0)&4tW?$1P!OOES3-&
z&My5Z!WE+$E`Ag=ppq|HImUDgfu(;V_X4AEfl^p6S@NNLV9I)=yni2t9Av8H9>`HZe=qR}RlkFc_P?p(&R}-P`*A?d
z9dh5u)gM3u;VRrCu+ngGsYOM~wL_xT#4Tl=ik=%?+Jh}#G2zfXaChjo91v6)Kbu71WT~zU_%rD
zKd^mhY%`vjwN7@daP>HO>Z}t1O&SFecusQT!P#%lI|@VF}m}?9-0{p+3>k+K&=3|wXgT{|NlMB}rPy74
zk7*J29Ckjx7Z&@6`hS+O(?U^Smx{P8SK)*>A96@2BZ+h`=U{H!Jg1g~4LQ&=l>$f_K?mC^qV
z2azIn@(QD(SN~551~P4IVNB?AcXzX8dc!VC`O%_BgNf~K`3BPu5G_DDKV=X}AO4f8
zfF;pR<$%=aLPiVv8@HJZO+V*^0rnC(nvLdn#Sk+K`Bw|DPHDqS0S7pW&K4mv;!wr8X(tbXn0pa$y$p#pnC`@A1^?ZF`b!ZG*2sW?i6m&k>&`45
zNDunKDu9&Xuec5YeG^gbOG9IS(q>gvQGouH%W}c=8YGN{ZCXJ+!mt242bp-&&Le?@
zBG6^;MsKYH3fk`Vf&B~;baA_+s{d?W{dIG`8}5RS5r~$n>g#`YRJe*H7du{BDQePw
zl*t%5EX|d-4Tc!k&A(Z2cl2ivTGloZVFu7dSxHJsMMrNe)NT|wgOO@!X+fDltDT@4
zJSlK~`t&IRnFO4Mdq*beAn^}y4pi>;N84uaACHsQLkGJ{`&^Nao5NKhZRIuU-;(c<^UG@(O?V}7@;@oam5ktiaK|Gw>m^t35Jji>Fkn
zZKC~JQgSb=UmR|=uagVp=h=iTrn7l9GYdQI@8lelk&hEh~_Ckd8FJ
z?Q#yCWe7J<<>wm5#^40gwvb9y0M@}Uk+6v-Fe9K>{mB?(n1qna>U*z?WiW6+k^@X`
zD_5I|`jcBHo9|9!osbo;#5!HxPXkRI0V$%^@;OK!Sb~`aF9KD{
zHz9Eh&jCeaICPsr672}^uyB%4#D6yZWaU{mm2i+j!BXG@FKpg7l)+KbIb005R}Zq@
zH~fjNDB$;546nH$
zVFog!VkdwrfJwo>UGvwX{7KligtePCLiygMkn3-;SRvp+3b2ccie4oqMgrtPyb3)x
zX$VdWh6|ZL`h61h{!dLy<&B4u=kENo)C8}SA#H#d&yCJ{{9&4}2i9A9Iz35On#{+V
z8Y)n}NkVnQW${;`TY#IkHzj{4O4l}#f-qqU#PctlcbsH#k+2~Fjk#1=h+|}LK{}<>Er6!E+|1JAl4{PQITm^F
zG6~gIQRyC8qqzO#{TAv6B9r%&@Rr4+XgZWL*fJIG>u4{I(_8LuMD_OmAd&U^SaL8^
z=`mOQX4Ji}cmLVKj!)ILGD?Qbtss1fFm=h{FX)KwnG**sIngioF&qko>?aW-9=j=E
zm=L2rCu^V>$r_L!9s50Cv)^tyD}g~9gwG!Rdl0SUX7@6KTGhJf7b)apX_ib*{!H|O
z)87@EK71uqD`WN2dxJks_ckd>-s`j-?<_bpR7G7K4q~d7x#|uj%%bU;*$}$&~_63nL3GtC$a{l
zy~_MMKkT(wl0p(Dz5*Pmjww9ke76rO+F#!Ac*gEePq
zt5Bv8{HA|GBkyO5`f;lI@s#WIud~eTLNDXGv?=fPlfiKg?Si&O1Oq!4Dvv>>f|
zR>rL+Lz>vi(=E@z+Wj+3D0Awg+R;q@ubF(_$^2jGDk~x@Jnzm1Je+c(JJ(IdI)6My
zj>~e^>ib1oWvU5IITqSx0kS)$7+>yszfnLgYzd4$x`)xr!VdG9C|Su-%Z7cnh*g4?hOpQuZd;SD2sP8h&YN6f5rM9iJ
zZw~~6@N0VoY6J5h{kdy=i3GY->$d*&cMJpW)57aXOx39jY931{%2;D^IX+4nX$NinWqi-p-?4in^%ij#bmy^j;cUU>J_SOsedkxb>PmV?O;#3!&
z?+l3|V%C=Jl&RQ$N46L-(0;Dt{zR_mjn>`rsXNyAi%LFa@u0Tr&tc!nli%H=^*f`2
z_S}^fgYVmf%2+oNI2heO&dh#z86C6pEbsei4Eb+#mo4tR--8y0WT%(BcR87Z@EdhH
zzOEmcBxs#9SY3(iZX?E|mD+Ix8VvkSH^{+WO302s>
z;?shY{pRh$q9!7ZxoGX8sGo1Vo!1GMsbwCEbmd+*VWh6U1gj!4^>#@5)up2DSO*9~svq!pI@A1SB-c
z>3bBB|EOZ|q01kmQsJHtXY<0jvfG1o=L3V8x~ed8V0ggbK-~;9DY_ncNBQ^BO}U(%
z`Z-JG0Wp-J*VAG$9EVh|7-I1UE^&)H;nl^gPrds!{7%oIM15y@==l}(TIPrsMUtj5
zR90`u&tk~AS$w%!)}HJ5mhimIJ+M?ew}?3}eL0ZiSXX&4kW?P^we?KiRz){M(g2HA
zn@_DxYPBxk0q=+r=A53M9yP09CQE+(HHt0=so3czDiFA%&w50_I#X*5dHuas`U-bW
z=uixt#x-JMG{7DU(5tn@g8Po`C_lBvpqGp-@{SmX6Gh&2wt(bW208@7F%ZzNIz_eP
zsA@+X*0BHG3#sTFy(o_Z4FhRswR3(S>a99#jWA_#MdRzKlIfTfB$2%B*fQm)`>Qt2{6B&&-}_7YgL5{*DtxEmeM2
z
zSsN-0gi|9R90PG;HAo1ncYi$ko+P3p@0RS3T+rP@Z{l5HXh0x>>|YGS0tH4|B^Cq#
z!jMNvZ9BVny`7zhCnEO+G|tBpJ)A^kP)Pa?O~vG)o(!3w1YQ1Mrrs_X(i`Ae6q-L7
zd;F>r16zuyaluX5Tu8vyel(>poKbtoh!B4lLdeS&*UOrQK{0;CIfXl~xuwe>FYA#7
zb!E`L<(q|KfjmtrHBG9wgk@@)R%{v@#r!!1g1J^y)&g@r&KuSO4%Ck#PZCGXU9}5^
z^4{Cbk*@Aps{ZyM*FwqSE`8zr5;meDOAHfn4q+M3yOoN$t0xNXSL6F#8XVEdKZytD
zBt69$^!hmXY(KxMo4s_fl*RXS;L7QM2Yfm)z74jJk9kUnus5ed=nx+sos`qj25pKI
z55u5&!jU#7Oe`$M(C-Y6I1U6|DjX7g<*2gST&@UdAE?^9JfYJp96R3!hd>~Yg#hG3
z#$!cPHtL8i;_>q$)t0s*5gR#{W5cW*9Oj_qLQV(}dgu`?jXOPJ3V@TLZSapzf)9{(
zhO%uRCFMo-g`8JGulKFktwBQ@&Be2I{HuDGdVHyfd9i%kGdHtrWL=5eYK7%;&y9j`
z>?FStD+NWp`WTD%(K1xxcpqxfO<=k4k*+x6u$^G0iI
zShIepPicLrHNZrZySUWiu2O6?cYY^DWyv~!P}7AvKYw8JM=omb30jH@x?5cA9me?0
z5IQC-Gfnh_U^0GXI5LA`8tG{p7ochmnj8VubiQ9!w*?ZvJ~)&X9(*3<+GDM&uaB%@
z1_r=rd$t`SJAq+;Q&*0gLK_KBZILp1h?pbq-_J%?HAA2{4}}_V=sGqu?uA|~*I+nh
z;e=!a6#WUG?e@Q*7E4k}zn`j{t?ljdCjJ0kMaJbx+mt<&<~rVgaa|m=c_`2p&k&-I
z_m3F>^g+98#w542feXsLw_q_}=kjA~SmK7)KO|}m6FgA~cX_Q`5?`NYXoJrFDUjRg
z{b($<^E#)ajVEH2m^a*~J=5LEOL&eYN^`S
zckyS4U?i);-OipxtuN!_le~2ZGVP*RC6~tlc<<~#1i(w{2L}eJfJg`w(^>_FD43X-
zK;XWCQ0TXH$ioQh-y3dhgTBSz(N
z%0<=%$m#BvS;sZXr~b%&Ud|B`wqnJd_h%b?t+I?&eKaMDY>BN!w7h7F5JOa!7Dw}<_WD8rK0vl&lC5taa#wBCc0!Bqo)XLc>!M!e+_~gPNbs#cBYa)^N%EK_
z{hU;^>`wd@MqGvHZ-c5HJOt?@?s4Y0(TQnY6-0^UKXTl3Zp`@-shmIHTCyuwxD$N!
z`OVYiuZT~mJcnid>DG4k6RlScS4$z7;Jl(}F%%nNw
zw_lf^mfGbW=unz>ut~>gg?Df5T^Gh-Jx~l{d}odKMAK8?9-&kUZw$>-rYm(jV#%hD
zGOSk44PV~178}Z`@0md2;vl;LVa&?~?mOn^a6mCEKFzN-WWce&;6n|UIN;C4-=(Zb
z=98PeL^}_U_23_PKpw3FB}Eoe{+$1wtzB)c0hEt{OMl*uED}*zoQQnM66v#cJGv
zfDfVmMYkP_Vb=uAcjmjUlHCc4W!1Rk_R^Xoq3sQdV(adwV$Mtpz6aqKH_sLE5{PkM
z)JSgHjR;qDv(&_eDXoQFcTTf3b5SgTG;*W>(P@lad;SrTU3M$M@4tZK6~-Y~Cu_S0wisT`wrY)+K|Ueu|6=Pcpt@SO=us>%NEK;N
z5l}$7TToh%R=QKVTLlC}LAtv^x?4)5rMpYIyWZNK`+wuTH{KmM?mbuK@cZ_+SIjxr
zT*^6NYlJVXcGYzX+gn?;etjiC#`<6Z^~A2bmI;)>H7lqJ@Sy2yj~>HPa0a*u#S%`^ORzt=t*{Soo0ET5ZN3VqdXR756I3S6iStIj8dGiV9ybE>uijX
zflwu$Hlp7lLX*F!q}9r()5;isV0kWBVjHD&!H8-@g8p}uh{5KLaTMNDPwd$w
zD2A}13CnO#848%O;v^ys%m1aSx+u4}z%v8_g{f*w0`Ng^@|jby_dp;uo`
zd>-^2^RMT{|D%7sel(1oKBiD7sY)!gRwWA16B!Tj)U5qPNksGwFGoE@fIqAIv>LTB
zfEYt~M-D&7(r)8
z#P)s~THsvU_zxdY8XD>SgIRNT1fjNjx>x_SQD=2c`q}sm0UKE~l*hUIoi6fA9^&bb
z-#bL39#*}Vf``CBmYuQ^;hQx_WhQN8IP!&d_zP{w`t#h&kM|S44JP}sCIs9Oz%$^n
zB$}>WH+-3CG!Y(p8zLDu;BX!q)0|jC2A1+N`p=T~nzlSr!ydQ&@Uks)Jiyf|RCr_j
zETvy|czVw6)_UUyHge=C@HV0)D5{@X3uJLoYENy4I{)T}ZW_aiD;8OIghMX;{rh(T
z@IkD*yx`8OyWj#C3xM{WqqzX<5xsC6B9%k)u0hFv6?-g<62R87X5=LTMJ4R22vQ+O
zkhAe>dt*Bd_j6X1OBj5InzjjWF^6q!u)~pf^W88^A%>*M|Z_NY?Yealpw0
zvQ$WT_%4jzYL_TSvKZZkoovM>L;hgs3X^c0l{U+>b1Tu|lqO@i_wR!QfLBQ-=Uvff
z*mbPj0@Dm&frOBaS0dQWNr6wx-F*weOt&?N!sTQ+oiBE{kC{wC*Cp2VK~?0r7k5uM
zq0E{+yJLe0+xUFN@Uyd!zfvs0Qt2xW>!@KB!b0sa>i(R`cO^=1NtF5qX{^=}%Mzsu
zk(oEu)y(K#%MQj-bG~+E!h^o)AFTH$>&*908HM0fY0n|Foh4C9dSQ>dL*Jd=b~6w;
zkS3-cZBI<9`7v5{|C{)#(cAqm`B9+pBIerm(85tbiYK-0Z6c|
zK^1clYDhcqO}_&PgnAwoNBK;hHP}DE@8_8L--JeJDJr&op+UO9Tqk88+Ti)HZY@=N?qC62}
z#6E5To+zfXzEpA3$i@v28>PakIcVLYiOkAB!s~O#OAwsmFrm&QhXN`oApv&jvAvO(
zZvyIn83JhbX>5veFiR%vGI4}=4{V4qQNRWe+Bk2hjtliW3A-)1V*T~n!w^YCw~GQi
zpdYMQ17Xiq5CRDHMVag!g%d1q=*xPSAMI97F1`$Id+(F-khf&;BBW3a(4pDh`D_#h
zbk5^zbAkibj6Y7x`hpGGKZ^QPRfyEIkWGesU4M&vMM1b@8TbBK`9|7)j#IP-3-2RiGxUE^Z5VwQrRKOPh(!A5;)GfPWU
zBLm5dBj6YV(9JJ+27kxO=!Lv7UxBV^#2_A7;f}B;;;B2^G)7$FsX^Jfm0#S>Pqx7T
z2f=oLmKFw<39gNYfoRv?zlMT|zmImFgZH`4ZQcTm-iw{OrCNKxrpq&Vm1td8RFFeLd>BeVx$dV_Mq!5YTe?+ag&
z5q=rXuH2G3jsDQRZ-jz}`4>+-_ggYYTGiADCs!^%t5yYW
z5R6?y#TSmRYfD7OC!R>Nr}z0b&H(WVXsEBx*Bwi}Sr@Rj_^%MB3-=4)zlZ=P6X|L&
zNw^Sg((&okr4)4C@1V+nA>5g0^V&z0l)rYD#|OnBYYC0;LQwdjUK0gqivMz7I&2Sb
zh39uPHg)j}CVwJemK89yeT;k`_j5Lp%sbw4&PMO{28EKNfy4#a9}Xq9)&
z{o>eQ((Tk#I&Ru6zi$WEt?Lq4O4b+E6hYTo>^Zbk|8EH+1NZ_2A@_O4uQ||a{6wecpUiuU9yHYGa?lznx%d*7ZdaD3XKORYAVAvBN
zA3O~`SAqqm`7#kA2YT=i&DvnJqOky6>wH%BIJqs)-X9^vPb0bKH+Va#*aqKtQf1xq
z#tsdObiVHLoSwdB57}X&YSl^sUSi-^z-U%?Zr43PoD=%5DFV#!&=@lwmOa%0bKUNN
z#rGRr0w}7O4WCwNxE*_SbVwr7DR{L3cBnpC$?k|^^=lz@mL!y?f;`$&YO3OPvP_j*
zwZR459LOzQAnSpQWuh
Y?-5N_L(;@So5`_rm_YbOOU$bicN
z5<*2150}$Seguma)0pcBa?FJC^S$lbaG=*6yt@Pht`u1C*)UO>Og=(z_2hCGo$^^nyCK(cBoH=>fGI(_Wpi^vIQEN
zpow=GU0qXC@$v2#kuY?hKG@v@9$cTX$h!U{3c0@3+f7o;j%3oiZ8G>{reY~>4pvtq
z22wTZ(gCEl^iELWAmBiIyX%`AbG3X*m`K-#7{_zE)~dAyMNd0OxJIWPx&hvljNu3b
zxQO(F`{n5rG*T&pj6$E$wcsOodV3cEzs7YM{Utk#*q}@6J|S!@0
zslR(CCLn;KoKxCW0LUivP
zftw1to%YU7Js_>V5_8_IQSU}0bNLAohk(oGDa4o{1JWQUu|pwaGg>c7Rxn|-uB*b|
zfy)id7Q)E5U+l(@yXHmc0&drDes1d{#VNPOZ4
z{r*PJ{jo>?xnQBy$^=cQT=nySIWm$*>kF>;&D&cPb?fQn{V3(7Dgjv8su3`~Inj8p
zf@_0~sSPtw-RXmP~>`QhvZ-;X6APw3WonPRj0)tW*|eq
zf5&zMt3qsB~mra|E@yO|Es46CC
zp_&8593VM$6~J`BgaP_+Q+Z6{`Ku=jXOiQSX49YYwR)bGP-}!d?RudZkA3yj^UreYBnS2S{j-P#
z0>VEr>MthCBIjMBZ+$3Gy4h3Kl=Q71YNVJ1iAGn|8c+%hn!WYjKC{`Auv;)|Shh-#
zKU%cMLBe%&i)9K$;tJO=6)OaM3Baj+{QW7PKJ@|m2gt!@D0hCtp3a-MZfz4Aun@uu
z4De<}I+I-RtyOfF6@|7^IVTOIWRejK_0}aT&{R~+d?qr+kh@PnAO^H9czdh?D+eAS
z$+9JryAS{4E=2!PjOjgwe@BX_F2Q8r=AApq#l<0@3PZ&rRb9pRs25OB2-Q`B6_S(U
zpb~~ecpKW)=Nz=5yFN{K+(1!kGBraJ!PH8hC$6;NZjs2$v(2tRaab$m~T
z(#ED{V#@!vIQq89Gu~h{6ecnSi3Fw$-^zk(HIub5I7Vfb3Old&9P}RI3{_s5wqMdN
z{u!S*SB5oK}9dV;|6UR8cU0Ou$oZP+g
z#&!+s!>&VNw=o=c*vs@joO^Sm;*(&;#TLzb3Z3#4i~~d1AZKR}hm2Lxtp55h!o35^
z2x#Dy4H_)k2Yv<`Aj5=>3hsXgbBLS|Hx_^p%DI@=VFjA)Kaw7jrJt|w3ovI<%!bbm
zyi<2A(B?s5VZyq)DS+V$CMLLFULeIL#Ba;#pH~oldbffsgkQ_KU)#_m44kOHZ%q+f
zpb)V|=v(D6x!d+v{%9%T0r1qWD*yboz@a7=-)Qj1Rbj?a8?5kijwrM4Ln>ocv|`ge
zl#sJ1>Cs--wb~^-Hp(9}&U1Cg>npY?Ji#x!qLL$+XNoJhS%jLpe#Qa?(bKo;KBk~(ZV6?@
zAlT?8vZLwJX-$w%{<8eeL`l5I>~TQpD}|H>{$BzDg5Lwa+<*NdRSt)*5MzdX%%Sw%
zZr0PuFp<{H8zC3!0n4?<0LLSb$8XS#T(+5z
zgA!=u{<`FD6kkYVz-*U}QPP{&YLYRKQmFFcIsX#WP%aQacn-&{U4U9as1La1g|Jf@
z+7<-tfryuyk>P{He}EH_%06=I{5qT&6thUT24OBHul59ih#1}vGl2fJKsg7AkqA8l
zssKx9ErKE<{;mc^-}rytv8t7jzJX(P_^R
zbe(X(KsIWG4?aN}#f8k=tE8LAYgockq$osUa
z=aeMU{e{57OyNBY8vD5{8-quf!8Ki$CsM+n&^+()Fnmh5GIO2cb8>I1UOtpR)y#Ib
zw3I40y0O$+rz3j!G846xl~kKY{>EQiQ3!8$m4%V{on0&5-J8JXhln43zAm`CgaR*XAX$J0-%@x3Bz1NU_``QlU$4$
z$`MEN^OJqpI*sq{?hbd<=j+!e0M-YRi-2>k5cK*rFy>)-Ngq%1|2(+hHNy1j>X>Ff
zykKy*0xuI8CeCo3i0Qa*wQd~aJy1
z`6a!j{aS@fAHJ}X)NEVq+~3_vZ0+kDa^zm3z~I-F*?d;
z&wQucPQNLsJ9(K0aLbtQf8{-AMw=(>uM7%G~8-1#4c}X@lg@-uL
zeacHoeoZDCHk?~3#|+Glg?1a<1;Tz|CPUrlQx3`%4^GG3Ud+Rj~@78l^%2##s
zZ!QcN6RY2H6Q56QR|<@S~eVAD=N#r5vXUcN?Sc4jWOtJHdZ0efq063qpdcp)EU
zGES%d%y-i(qsi%|F5RY1m0dn2FH5~BShcDE5Fm~w3;i>SM);E`9DaWOO8d<&&s+CE
zVh(Hp79x;%AuqSQef4FEW%uU7-q9UjE
zs6O|?PD+*dN-F%F4K_TT9_=3;qOUXLwwi2pNQ9QuwZ^O5e59Owus+sT>*|c?yE(1q
zZ$dYv1HzG}U%z$$e(KFt<9Js_|v0#qbHSK(QAv7ZMeAqtoMMh8rP
zyoBx+5E&|vg4=F{M@LHlY@aOrO)$qSwyw`PTFnGV5b#tS2PzBs6({{s!Y-ZaUrLh_
zs@R7+2I-zj^Ct?p-a8V^7L!7S`-Hm(+bi4Y06ef34!u84i2ux9e)@Hz!jsLwt-UCE
zLu-Y6cboo?<-!Khtu>;RIq_E}`p=8Yqu(0gM)bBxt9ykiN-ZQ7Qf3R0{Pm{nAgg0|
z9%b=7ioyNRw4C29al_PYV636|sHNDyKoKrN=33`iTQdKozlG
z0G$iCEGH%=0)s>h4HG~atGt8S1&F8x8tleu$6e*~d|!gET7Ei+^
z5Dwo8GBJ`iY%0?(s}xl^a(2mOmVQRYW7^TQ`EW>k+Vp&9W=Z=!>-Ii(V)@CYvZN
z4;aFsd&R$3kA1IuT&1Cs!VeVR)w{}vST;Z<1@i@Z+!`vGF&udTkGbV{xk^+uDpJr_
z)i(bR7265~`gt2DU}Q!I6&?R)mO^&<{-6pRp)I7u63JMuPyilxf0G9=IPT~Q`xB33
zEedC37K{Mew+mbbqw9%HQgSi^K*E+^CYZ0>mRYDB8eX&882^W0{!I?x00tI$Tf2F7
zC9`>NIkIgIAuTQpHXx^*CKcN@7r;N6l_zNU-VWKCsF)p!AgD-n3g}h7!}hF`^!G9w
zOm7ePD}4ZzA*3vb8;;;m_(NDFD(f6sM_<{JTJixoiqEHFEVe;{Yi5BkQ
z)jOpP)IYq!g4=IAc>n4F?XdzRmA6)%9Fle&l-!FQZNj|X2%l|`>^zwxCA=4Vb)sxr
zm_^Ih-4_qqDgC!=4t)GuY*o8#$7y1?V|b^z=9Z)ree>PVK^A7ZHC+$hyzuG8q3r|H
zsk}o^``4}~dx#E<_HF(L=oR6C{CPRRM*pod7uX%R&VAWR^xZCmVAS${;C0q7{czZN
z4DbRViiyDKxLh1BfsacJ7-ya)7*BCWAFje7NV`-!ckLnYmjZi6!uAL-(~J-tU@ixO
z%406BD45|<9AS8qDK8nxgiLTC3X%$!0
z%n^`^-R!}3&K&3)F2q$SSX9t@&QTDvsb0FMRN>9QBSbD?y4U!J_0Po56=I)Soex#M
zxMUw{lM8&+1F;2<1}{E6NxNY9QhJ5N(Y&MkZ~trV;w%suMNCzqfx>gI+tjRg=|PSM
z`XQBjg5PfYf)(P@iomXjD8Th_LPS$DA+O!I6!={PB!P_|FoB6%eK2Zr9Tk-c%6|Qh
zhMYT^`CKE7I?rg<4q`>fJcv=4AkAk*kjo`%oIqu3FI%j+L1&
zfj~(ISPp~t!+yd4p^_>^`WT>;;W-%AdA@PzJVU7@8%xnr;EM8;e2#Za_KRI|Vdipv
z-JPcoXGiU7sil1$ydX(IzNVHtUOx%%T#mC}6(vaPx1tUR(czkn^JouIMlz9+>?1(V
zZ8x&F
zGg^igSXJNvkXs6HcPxcO*!Pf-CYUp8^1&g0Td3;`LiKt$d}!T}m;x>8l|wWFutog|
zQb&LXkWuw<;PI`r5AQ>lwg^l!vPT!4nB&jTf-1{@2Uj)wh2{t*4Z&Y0T}PyXA%!A{
zIp3i5-2@1TRz|{P%cC({V`WA|u4_E_$R#?Lz2j+Ud*4kQUF{m9P0l42K5)Ep#y3Jm
z+N9X>{6pj%Q_xM+aYMb^Gk8=LH(k$l(D9wUHP>(jH8-)p)_l747w4<&Sf#f#wxDXv
zXIuR4me#yNZu4O2DETi5PgPSZ{z*Cs`ct~;LCQX4W}O5h@b
zLJjF2Ax=Wq16?~TzZ+z*1Wwb4Nva1bhG3?AFKE+{qk$I)Mou$qe*ocY
zRyMapMP`!;%OrE4sfd6bm5Ki(fwU^6U!ep?o&_{@2>0&m=NC+K^5OD)(;eXsQYG-f
z#|ylWmH>^VWMnKDzzTNY`VT|_QmXc7_ReQa5^-JKCjh@9G9Ori2Sbn!KZh24?+Ccf
z@kqo`DoA2=m#&Yj`f@XpDa_+X28jDCz8n*l{{3B4dt+I0sN%eQJ~HM{y!ae^qPGh+LlK*VzQi#p&^ixXo
zpta$KnN@9D0#j;#OP=h_M_oUh=(5x}qce*`*|&>m-q=cB{}~w8--HCnBu2O61-!J^
z(Z3+SmtUN$roI>u1tVlcI`H)?Itt(=uqY5BD4EjW*(+gT5Ene7qeD#q`ntcr--$>@
zB!G0mpL=8a3r()(+0iy=Gudq`I;Ft#3}oDzuvrQpeIqf39WEs_%npl@22fLhTfpqx
z9DLtx%aTqH;p7?ES&@$Z#6SoNh|nA0t_TLLtFQ!S2mT~fpf#ThifKGt@b?mlw_u0AO8J
zT;kBnMnOTr2oB4~2+JV`3RqB4LIM!m$7Cb`jtQ!tdYFm@Z9pQ>*L)e}$6)r4;7tGI
zC)1>goS@l(c~4J-H|Z-bd`k-tg;}fNx<=U8dvp@6`_M1}+bjwy)^N)S+spuPsNR9OM^FS6n@`07C%+4eF8x4C
z^!ratxqIm(JOJ1R`We;+fAjRbj+BiEpG{wP_IRX30A%HNy3XWLLISB;Y9*hIek*wD
z^F79*{{`VEdOyRz8!$!XBbfRy!Q0t^e}m&V&OU;qBua6hER2{rmHW=KiFeK$G~DT_6_i11W55;kNn_`+;~~2!@Kmdaj;a<*&58@BHgON;%LDxH7l1Z#_r_+|
zV9+riWD|fJUsLdLHpS^_suq6-7(sV3!R5t+K0JUX);>CKMS6_W&;p(rLrfa{x)y@>CuF>QG)f
z94<263M-I&)RE02+AML7U29?DpmK8^F=8Q%b6R<3R=G?W=X&rCF{+R*YSu1*Z~laP
z{IYujFte{j?Eb)WkCs?#;O{`F7Pou;{cO~6v>-8u}(Y7fJt&l{FN>yuhYDWAM8#nEh5my&D%i_lZl$Y6CPa
za9JIq6akS&gi|1?0Ow{`8SQ@rSpdJISssAP0F(CQsIVg@AqdHi{3`$n1B_o+R~ONF
zW8b~oo8>JSI$o{BTm@<>_)qzqKQ}(V8;?X7trkGk<8U7#*ns{Lnt8DFM#Q5JM@n>&
zn;3VTVa$^0#(TjVzD{yWpve%4#e;3Yj1T7n=EL;NYw6mc*BBKg^OBKb3?HMy8pH4Kj(AT
z`mdQ$=GgED4`D7Owsy}M^jN%}R5N^h=Bk#4ofK)!sS21yCdV7`g^zcsF+-ec-@giT
z+Dv{!y|t;i#gYd%i3fw$G(@tE*3+;$^i+NEoc9j?s1~tx?%SS}Zd12)yS1uIzk}RY
zhPjcWDc#SNOaEW;kA7VVqVU@PKlz8?P0N|Hv)yi&^Zg+JRW&}R@L&Kp4|4=9Ak%>i
zuX(b!3=~pc^EqubHdLQLLC}HgH}D}JA@m{@7VvPe>iH=&08lx>ine#4FGf%RD6{u%
zNBD+@#{mxNKm^t2hf@K<$=kLgor3!Ml(4%s1w=*&BM2~xtg0&Q2s@>B2qz+lh
zgwo~D9WuZ6K22OUM@IGQb_0?Kfl~>jWk|vW6?$(1*R@!wmPRc84*0dUDoe)&x-k(_
zM^6}(heJVW52rVP5)vABA`ADeR2YjWE@nAa=SeK6NCg{=qLCDtH$o8V9bu_rYkPYm
zSRYw%JgE{6T2rPpl4T9bPP(b|3g@;?xq*~djpLZl*lL^$la&p(Mi`Z+;Ukv73s2#b
zdro>2(l5i;sZ(~|Aer;2G+n(-`PV}JF9k}&2t2=CTFrI1eP=LXRZ{?uX!?Rn@7}AWmy?zs3C_&vFN-MIaO9{pOKR
z5(5w%=l=aBpzk2KYeCIXlKWCZLV_H+uAe^zP^7IXxwtA5z2Dqu1y%uRBL1
zO)2l*cp$@exq9E3uYH^E;Jo>PiHYUVp@B}Hg5+A@CH6bEH}y^Wxg2J+f81=?J*W`?XUiE@O7>L-5owh(QbXSdV|
zeOPj24P@%i#KwzejNQ;5$u$^>EsDG=aixBAi_%eDZ|wU0k2vLRJO4;dmv_NDke`tO
zWrMkXRPdCcWM&QqNPh=-<>2t}7Es*#0Lu*e9?)<9PuDk{{3Y63&bl3J&ovp|$jH>+
zljf-h7Rzz7<`8TWrZp~4!siwLecX*%s@GY8rO*cVq3+uKY0O0%(B99)}h#?Trzc@dx52K?V(60r7I1Rv6
z5wKYU-D3DS;R_&mb?vu}f{H!^kb$NN*#X((X8|~OzCkzX|D-bFa65QfAZZq%Aj&~&
zL@0Qb!E&}K?P-NSSRU+$%8QKa>(-)^s&add$-|v*?0p8y}{k_I`p(iZ3X%+(7ILt!BxJR
zTLtT|^5#?QF#u#ao4PzFgRQo(?n&It;D4XGBH?uw6kQ0Q&tN`Ttvtre#Dpxh($dm`
zGhi_2BA#@Z!$5(8&a-{t>NrL=eC(4Sj0(ZYm14LPxOjA>B$sh@=ZsJo6|B3yi^3K>
zgRQ?jd|4-xmq#XHw9LVh2iNb0Vb^=UVypP{>qfy-ZM7_Q`KPY^rMW{n88xL}WXTUI
zab;eftlF9ew&jcsm{bTpyDd+DweXfF#rs>jRAah@9UaH#jFFEX-MShi8Fsk4jlZ}y
zwRy~k863IGIn`YzG=la@hpgWXyH##v8tW}dZgWi?s(o!8yP}%h!)&%ZLTLr^fiZvC
znw;~3f`(x70<15TOr8Gcv{ZqaA6Yyup7d}3}55YvY9A@J_?LzT|h|qy$+=f}{P*|%J0=vdEPx2Sq!-GMy
z|NW7Wpuz%OBGA=)o9=71nWO9TvEpNnHUCDOps&>q3L5Q7>5I--uZ+jUkcG`AI{2uN
z4fQ}#TE74?AxtSMO3J(U?p+gr8qCj@fPjGHT}`lle-#7uZN`z9w?C_;1A8DUN;7^Yp{py?%2
z3v;_Rbw5X6Zky0ea_L5klw!l36XvX~J>FkA#+hjd|Cp$eM1
zqH(MC=c?d;gmjGH%Xvd3Dq})Q!`V~`r06i7QIFtD<(6}>H%*V>A-S7zRW5zX^9{SI
zNSF)&b@BWC#3H+O<=eM!<8#}+&t3rky+zQAtrcTYPX(%>L`3~cJ}I1L{`{U4RbUqP
zwydvD%&m{=GO7{1izmO5F)k7mihe5WE}v+#+aA-c?5M4W;l$nd)ycniI&DZS6!W@I
zDyhp(``fL}47q#Dg=ulD!AqB$S8AUrzmBZ>eqALVlfLi1StHY5RUVZKyiL9vnTUr?
z$|UnqpEkZ&<*Th;)`KJ-bvseRQ60479{gBz{rsk4(O#W$v@Buh>
z4jKw7u(!HrJj|LoAvFaKalZhha9qhum&$tHZ`T5`BkcS2Oi)QXu9plQt(&`#Q4faz
zunyD@*jbttxIhxDK0g?Pk(MIO`l~=Za8-`J*a%OX8QEihZ0_o%_U;{R%
zHn*6=<@rs%4?aGgaaT4xSj!LO<*L$e55;Ar9U2=SD$dwCk4+2^-t$k+JPdWsuR~Kz
z5K(;jr58)|@Zj)#lkqUV%vx&axZ|>(Dppp1E{b37@I);_&U@CuSS>x|8E^C_dF1Z;
zc#Z-v4U$dW-`^immAC>SinI@anXLDp#;AQ8UEjn1Tn~~yC`VDBJ)=5QdtGZ$Upi)^C;%J=m0HeK`78X#t0P`hR^b
zbVW37G*7M#4=0fMXFqM~w4SRwj#|{(G&QxtC(BrJPh684!rr$Ip+P
znmX&6$-q85;sDT=LNCU@ygu;n>BdQ6$yQ95!2^zDHG$n{p!U6@3Hr}r-H1(fTYUHDf^9+2GcTo^*R-%ZNm2T0b@&_)3DVC$l|BWrg{QCeOfS-13YVUnksPmL(s##1c|D`PlAPATPdD&x$<`qf?)BrxiJJJR
zkS2d<)Wt!$J+tpL0y7f;P(q%>e(>NItQd5FIjGFMyd_X!EJAo#x8!Y*4u!{`xh@qy
zO2@)QAsQMROM*@b#&Iwygv_pwj+fS~d4Ocm(6Ui
z`T3?a-SLLeGwFBk^JKAiQwQiUj%JoLiYfMAs?njkQFva)mJU`%*@$_eH}S3Z!7>2-sK00$#&eX##MdkrFUY#r<|@zxrkU@anGt7
z-!aE89*K_=uE~I!?;+2#pskeOQqS6zHd86fZY!Blc`Ve*_DVYFP4=Gbi)M|%P~+e%t1jNW(-mmRA@Zw4S;;-+!O#Y^v7P)ZynLNyBAKl@
zDR$U6;uS)0?Q4^outR_n^Gx?gKD
z23iE#oBZ$H4ZFuKctQq3#{o
z0$bG7%%~=k4hFGdHc6QV=MnHBbSDCFV+m7sNLp{i<8_EjJVQPKuN=fXci2$%7W`UZ
z5>y{>2N#%P`HIg73KBH5GLG
zZ_*(5ZbG5lPH867IK@hcAe2ZMEx%!w+^6kpJs(F@Mv+cFmf3Ahy=KjV)lD6H*4)k1
zx1CyRbW?(fs}Eg?uW=RgSQ|e`%W(J_W%W&h;@?@sb?VOn&-0T39R>W8Iv}AjM4oXD
z!^)3;(>vfa0f_|VA!s9EKj02bC0g{oX7~EBk!X{(&ITMYLVrT-I0Eh#Mn*OEzaPLI
zowX@2$we>d1oRC`}yJljKTT(@nIim2Y^WZjN`zq&&9-~Mdtyzi2%P*b$
z7X$x_ua_9#n)!ys_O^z*I4F+e=tz#p!!}jgTB@dIOM8mAi)n*-QFlMcIFwxqy@0m`
z-WOb061qis2qTP$Y7|e^;tHs$k)cOWwKLiL{WE=FYioP9(_@
zh(rVG&ezS6LZbeIhIwi!w<}ej9iWqs0XT-SErOyE^bcd}n0h5u6gM)ZekwVkpjhub
z92_*$`lEm8ATK7zLJGz1-uu8zyT@`W=~&k-$TDuFVWaO=TdnU%58+j0(p$-0ywb`(
zCyr!%iRDKDi9x1O+n10~VlV$~N1*ubpn@v2QM6NKA$gdW=H6(TD72aH;Imzus>L8t
z4?~(LQ6(#w;ooWDzX*gHHzp#Y0f3Wzgqr!_jvfOu>7Tw4u_J@%
z2p6c1Cwi1?XI-I+^t$7~UOsoaO7QswsE$yi(wXsH{=Sw8sRCymz#j!%_Z-B
zRj?M*RoB53-0rZ;=JVNaZ@VKq$hB-$-8SpA*NM7ty$w7ojp4GY1(`_WmN;i;j=US`
zzn1-FWgWMFp=xxZh3{!p#!SIQu_qi6DWOFF)?273V&7WdDmPw687IYauhqYnDYHzX
ztT>l7l<9ox*5Uej+QCW3JB)%?Ma&XO3((KgK9JaI(U7h>#y(nJ+&zYv?7%|`0YFq-
zu@(f@fpPi($|KLbBbGZHCX?ag!_e0zbSB6L(*bBdBqYQF;2c!*?}v7uwGdSaNM(_N
zB3})e@k3$()T=Nl0PN!y3_AzGcbO%$Cs{91gX;pW5y#-^TUB?q
zK<`nojT}!u%p$lL{L@AdB%4?%33swC7=L
z6lnt?yuLQ3{`FFjte>d$FtO&Qrv*mA$*pCi=sVvS7^BG;QUB=dj!|-&l{umGdYj5y
zdF|dv_ly2NX_HDH3q8!FK5HCIg?=U)9
z#GX8|AkD`IAj+8rFGMY!l5#{QJW^#(4-BaG#&`v^oIycB4hJI!nLmC!dGzQ}6YB;c
zA^}1Q6yR1ry$B=WwnMCQk;%Ej!m~PlWIPp)0kVzL)9kU-;sLu(C{f(@lF7EAjIo4T
z9443r-?ZnZf?5_%U-OR))G=vgf@m
z8!PZoRKc+9du?<43cX_%(&PHXP@Bl(7c5cWIIFi)4Y=5<8{4tm$ceg
z$Y|{Iz5AhDafJD73l8G5A@_4U=w+Wk5rYV_wVQmfhsswCv)4zhK&TH6&~Tk&-&WgnDs}o~Q*1H&D3dbL`dPS3R?)9mGcq#rY&*bx9yDKzP^K?+yI(MaY=Vl7jm@)UoeOC8%LDVv
zUjUzav`@NUx*{L}xHd?@93FB?M~Cj0_8_^r+Yn{PYg!Tu@7CqTIhY&w3=jVX_1f?D
z_J8B@+CAmHh$jxuZU-}RX<#G;NMI6p=gTiIPAfnt<_L1BIlZ%3WxZpoyE
z>widM?m_l$n{WvU{4nsp
zxQdDYRfrp~Ew}9EgCiF{7zzTTGsOK2A+nKvc5Sr84<>aDU7{&L{sxNl8%wJzE5mi}
z{B=jo^dKuvNlir*`h{i_TsJcP`>NN`8>d0ew*dCsI>0%BIs^yW1Q6Fs!6}WcRVc~I
z3c@rtIGy~p9nujLyvl#REbXxi@O&zuY^t^c3INk1*bJD1BLxs#%AAAEPSc^7Px9*w
z)MwHLMB7IAL}*w3n6JD``~mCPeNg<1puw?gu)T(VHvF{OjD8{8|4rc;LuxygT+RB^
z1(PpNHRP@rJ)&ic@f33vi-{5Moo87yc;$U^zp~oo^I6ED72bApVgNUfsGeA763!O2
z=)dx%w+#S6z)ZE_bHLN1tKJes{A!T>o5XqIqxvPvx9;rPbAZ9~669qq7-)Nxt1tw7
zLw#E)O(cjB<AN2=x#AyjE6>
zfnWRDGG|nhGYTV@&rQ9d<3!2Q(f)m;kB{=dtS+jgQ}9l-vXHFN&7Bm_yvD!vRT;y{
zx}R9I;{zPm_biGmZ;mdmluqnZT;iW8T?B3`l}>I;`=8nJ$F+Taqf{rcvPmrXDF@4o
z6^&EAqzbtWCusBsxErXAfBzIBo$brYXozC6YHFQ;Nq0fT<^VtiBENzv6T^0(viSFJ
zQDhV9Skq4XDd0FNN-@0Cg~8Ynfc(vkd}SarqJ=;-~GefMKl
z?h`$kAZzxfMg_gH&y~uMu&usim64jR=qU&spW&1m3~$4_smaFP;jNhUcQiT;TzCez*nFscVm8#Tzd6Xho(T+
zP?eg~mZJF;49&u5Jt)QMS)TAd*At#jkM3S-T-~4Db^vGjhtJ+g%YeD_o(*Y$_sPkL
z`dHtr4gTjBFmaKsn4=BOVPN)>)@ftgTZ(jBF#8?`a`O0F_b7{%>p(ybn?wjM=J+oV
z7szQ?4g%4k0!pE=@!B#5bPs5=3&4E_q^_+XtyEF7H?9f`*~laLxSequ>*Ed4^2e;j
zxObsu=)3DGMclL06v$}8QHx3@GV}nF2LlD%`jUdLUu-Glf6!=kk9WQ$R=i8MJSUCe
z;7BOb=(PE;NeQbWw0WvaXW%0iH;bsA6{Xe&JMm_2iNm4koA0nD31Tt^0AJY(WmeK&
zz@5R13F|qS`xTbMV9LY+0{pg9P0nD2DxJFH0rYQ;1-kFV$W=Z;oG-J2T=#vBZ0#gUPJpi`mHb^P{Qe{n9Hk!>C;O7(S1gI!R}l
zS2$V^SWY-l-~8qJ{jp6I^;hxvjZ;YmB+QjO(3nIm|IzpbiF5F;l>0LnArJWxCPf%v
zW*FYXX1JU_W9w-kMbS84Q3Ce!D_E-|zA%d5Km!B%oe;YGJN56>6WBaAt}1;tp~0PH
zE{!66P2;j#s9XZoqPd6QtxkiG8X~w`7JwG&B4J?Xs`#bMQLK()WMk*c1ACSmxk*ts
z3Zo{`gtag?YnPu~RIlGqpW0zz*PX1di#@gR4(-d=#@XNG`C8G9O)PD`mT#4^BwNX!
zdWvlJ4(uv$J9k11)fT(srGfN9EIjy+>aj*8Rd!%+v3X4uK+(~CY1sa
z`jE^P%Nvst8I7ph(H$#5V_nKyONP%JH7jkV5_l6NR=GE!!57h^4!qHXtz+6R7|cO$X1nosr;mD
zyqo1wpRK7$GxbWyk_5OA0kQ1!=XNxVI`=I6UvJd~KqbMH>(RY3&q+SJyh+@Vn8mx6
zJzk#>kw_xz&&hfRdbQ-zLL=2IOZaD`X7cfI;Rp8uo@G;4J~Bj;3(AO>!oqf{sg<`%
z)W+_o7z=6gP)myuqMYXv61T0uUl7I9D|qKaiX*b;b8t;!W`p+)?*x8}M*%Yxowh-MUd$Za?mB1IpTAJ_KEz*bV(8
zk2KAXA5XjlXc;042r~d|uCm|M2R}lXdh+@F8TA4tFPT8uPYUD1q_MdhHW};wJrVMz
z8PIqTD%Esdd{Zhg@77b5a|IpxssOyof(ZrHabNNzGDqd52GW?a*h1$<)x2g*kM}!>
zwH}?saAe6+t7Lz7@qtn^wZ1!~nUAfn9jk7vT
z8WAVTZ(^y8|Ja2mETBUbfVKnSgMhpow;MBsN*o0Q`M0o!7`WDD#*UG@c$GJEe8AUJ
z`m6j0B)o9FeCu*uOerPM=9RKVWZtC2z~WBYPlY}c3C_?}iA+@u!tt*A`jk!%w2VuX
zq^p*!T%^`13ttBr8?<#S#%~@FPYA0wm+3ZP@+Y@oF|dD=SePhF6!NG4@AwQRK~QN~
zH33~$wK_cr*8n&7u2i1*G}D!vTWl8-{kIt!vN<4
zXR^HKA0LKp{?5hZto?VLd~DF8JAZ-R4_QEh6iN<%6TLZL?~t>qKG+16%2n1Wemzk(
z-VjeLsP7tbca8BqHKRz%Z@?5kY5R&8aXIB6DtfV?ZUKbeM8s^h(NP(2F+K
zYx%=cb>Rak_IG{qM~}ve&o))o*$5VHl#`y~eXTTJD^k)TNI~24&Y!}N-fTC7=WS!t}3EJ=$}KFQW$Qr3p~QvsytQBzb|zIvsNk3MDV{2H-(
zkVuaR+Ow0t4*@>q<0llIibf5zvb~g}GjW)8bWy4F=M^bq;@F5`w!Qr#?TDoVV1nJ+
zU*Toy|0}!$&7Sh{As(hlwT$VxWuG9O-tekSLn}
z4`_Padmbs7rfGMLleMN`J!E5(V}JAP%V*p?D~rDSCubLWcPS5U*@hySt(HBxN2K-g
z!JGUi0kfBUp6O{g9{^yMO-~JWvPLbqCw2Cr3(ht_B8RrFB133pIDd^|C7ka|#pcM%
z3thg5=NI9v==yikepZj5Q??iE>))X)sxTT`Y>z%Lsr})d>V6NRwp=AY5(06S<0@ZQ
z*1<$DqGCi4Fz_#`2RSj+%?8ymZEBZIsQu+SzICGf2k@h%7%+H6id|^A2e}WE<&8-|
zx6DxuKc)2U2)jG?>7qG;Mf69b^&Bpu$B@q{lgy3th36-3S=)u0FRmTQ7*zXzjFYb=
zugY*;Z2P}zy7G7^^FOW}r9>!U9i^p+nqiIW=O&}fjB+Gv9GgfvR*fS}lcSnUsUeAR
z6t=?B+HvJr<;Y5t-9eLkddV>?Gjd1#KF`?w{(;vF=6Rm)`T2a_hrzWtlky2pi7ioF
zcqy{H^R@Q(i(#VxmZM;%jt?LTM<~pJs)Yq);*CenpZyXg>Wtp6oHjb2SFda8Vg2d#
ziDYSaF`xLWbWm?>va$15l&wNFg}7@3``OuH8n!*OzbPy05y+Gqsvz4jr<+4q4-G@q
zLw7a@&zvQoXw-Qz1;&j(HnQ-;6kMCj;DmZ31i}x>jGJUL)a0P0LKg>G+fPk$iunO^xoi;3MT>om&&v-koIdFznjov!m
zTF`i9ZbbA{>x$chJ+7xuJKNjljKAwSStx4wAvWmOrPD5FIS1PAr7&glmSfIiP_2fA7gFI(iqf*aVM`T_4
zNq|eq|Jq;R8fKQfYK5-%5<5n5w98T*r$*-=Z;@@-kXuyJLOJ<9dX4h?V#vTaaSe=0
zjr{cAaW7#)9%YTO)A#<})5W4uh`h5m$Tz9qS@~b8y(5p<*AGT;L{h#G=86dvKlW@+j85x
zxR+$97sGLe(YC~fl=Ok%zAh1lj<39Nred*jyORH7kH?$co|K!f$@+Zl_oRX31By2#
zM{-Z1;v|-(r1E5>L`!78DoT*!Bs_Lejn<4bMUScD_!2c_MaHg={@gE0{{+QUX7(R1
zWZb?Gld~sH@?Cs}QgiS{&w$XX0Wk-bb5O#d)+9@72P!kFJw;S?Gj~icFi%?qKrIXK7^7jx3g9i26y>
z4)T*SsLCR3UfE_4!!l3;X{49hcbcP|Oex1M-;j8LmG_otHyt1nP}jJZeeWz_Kze
z7&#@(4sCus6+4cM7l^$8l%WPkddSKj+zXiYgDsWF{_|g>clGG8zij~}lXHr1qQVYu
z?ys9)iQd%{j>0hczgNvq-jg{^%r-yT?Iv_?=Aq}md2U|V`#ot-RAPj`$iADtXP>N^
z8j$+{%CxC$Qf|>{{(goCR#yaPWb1PHL))jhBJ&Lg-yxBVY>k@1-N(u$-=Q
ziLRm53^RVcd|G=8kiG#EysPZT`e-!xpry6j;qmwqGQi<#Kn`2`$Pq-*0+L+k^fQqc
z;B27x(2!C}tgA90oceykiO7#%fznGwO|EFi);7sCpWTw_+1c3`%UDhsF}7){dpdHi
z#OGV`z`%e)+l6&X!3z4RQ>NTn;{mx7P~r)Vz*R4({_=8+vwC|SFP0JkNURFaqyIh^
zHa#Zz{^ZJd-grLkXcI~b37N)Nj9ZX50>y|m9)W@|pTIH>fFqvb8Av2-zmF*PD%<2r
zG$8NMQi*^;Me@ii9b}II52f$d
zl*Ap6o*OY$N#Ryn00~3ksMp7rhYquy_V2C)1>$Uc;LlgVvw<;uDr=_~9};TQ>p9!S
zULfh?$JU9atMi-PZdaHwMYk>n(N(xNL>ol}#2{LEq{{-X^&)?`69`O>SnR6+CZaS1
zsTHLG&U7S#aeScd^6}*rM1~u@UgfU?2)-O7tlSAY$3Qp^coXhM)0*GE?_Q8b0o59w
z*l|x!&yvf4XDPYlW%GVI5(KXT0MR621vpkj%NuSHM4T>z#a*tzAQp5zoER8{h5<|(
z6|Y=m%~UgwAqhOyjY3txTyWCl@B#T~)EEL$pp71yQ`P*rA#Z}8#0oeEbvA_mp_kzM
z->}bl;vi83){er787TrOQh18+X{i|*oQtao2?<hd_E~rjY>YMF_*$b2s7F}anGlA%_p3v;c{!8l
z?tUDH+a)R?b)k~z?d@HnmLvk`?!fNnr*`~xB4dsSJ>$ba^wkUjryx!4gt3-UNh!dvFXi2fc1t}8?Q}dXVwlenasqXzmb7D)3|Z%Zr4HLd%!(?
z1m3)$&kK-+z--!87RH~8fdLGXqGIZp3l@t9QS4Sf2ipt8QpWezckB$8847K^weiIX=3*WlKV`5@xq@cEE9VWf5
zK^m$&=mw3!_`%RN9;s@3Du&QwbneX^?tzo21CPaoGQd#|ad?-)L
zqzoQpr)N)?y`AN(Mt#fK&65N;xmH@y8S(I~d-2k={fBO6YNKQzbBBTTn
zP&dZ{&%Pua3(GawSP~E|JqAHFP`HLKa+l43lMsT&v_ri&(P+(HI8F|gG>p(l5)fiM
zKUIJ%@!ZC;>abzFySqDW8nFBxKxY7&j;Jq;^w+#s*8pGxYk2j?PM8@mm$>z1QM_XO
zyz1!k)HnYPJe3p}e;pSl>AFxgw^!I*xgDO)_thsMtgVXbJC9)q=59g7H(5&iqoDpv4&|2K`lUt9BXH&UfSqx0L
z^`iKEH|D|22t3~{J#KDLoZ7}A3)Z&{#14~1^iqz=?HDI0cK&{z(hR6((1GzL*8Ik+
z9eQiNG|*ApX(@B`Uh-wZbXBQ}N!%k;iDop8|FJv=AZlnp({RHp@fO
zjY#d#FH?tgbPJ!>W*xk>lS;iK*0-L*{;(iDy^*v1`HPYQcq6~bCO=;#C-$<&vp-wP
z)$9V8k^uGUxj3C}o(#PQIoU72pN0*|A}_vkd~QkS&Gv|e&2{aMw4$2l&W+yJ?J3Km
zmNozAgBp~|WHFUwOysi}kUC$TSN|(-Zhh3phPan5{cMUDlW5iX#46d6)+#6U;RgbR
z;}WYV{>Dj4tYGc6Hi9Q>7HliZ3Im)NGw;Z;A7Thyp#T5?

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-severity.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-severity.png
new file mode 100644
index 0000000000000000000000000000000000000000..d411f09db89cc88a14dc0442193b770ba8e94c38
GIT binary patch
literal 40626
zcmeFZby!tj+bxWOlyoZ{3W5lzgmeiA0!oLpf^>IxgNUG@v~(-oAt6dPNOyPFcW-~s
z^Pcy6&-2IkUFYAkFShOtYtJ>;Tyx&{xW^cC2fvV$#KydhiG+lN{Y*++0SO7U5DDoT
z2|6nL<~Rmh2>!#cl2W%tLc;lhcwUQP!6AoVqS-x@eTp`ZiGB^^?r-#uCrC&%NYBJY
zl$^e-PdKV68j+)J^Pz~++#i+Unnikw_hNuKIbTDw+`dGEFHh_6d+DIb$FUsB2YLCF
z4i%-uEy|J;vq%cozCPE8@JCtvqUO(#pS_X4v2jsdpgpzp^XHQ-=WYz=B>pYDtU(jb
zpuZ0)zeReOr_MpFi^jM3P+-5U3q`K=rqWFTclp_%PibMbBe<`uP6+`|lDGuvtu5!YDWh
zG7Js#wfO1i=u!hEl2vjC^R>|FQmbCSd80Q`RZ7O8&p<&z@p!zyzrXm+FT*f$ZmPw_
z#e6kUI+uZ%*x1?Q;^uI?dWI}c>I9!W86BZ2!+sg{l8O1f
zn7lkSTirgv`317Z`70zm&kNq6LY>gBKg88E)b(~l6?-aeNjukIU`I+HQ3PIIl0SWF
zQ&H{MuDx26}t{U_`>6X_2$hRD;t~E`Fo1f)6;4z$K+gjk`5{)
zU%q_V>HAgK&^1~2Y}kEg_QrjkDipTbb4-_`m77Q}?!_Fx>Fj=Y*k&(YEHc`8m{i#sr}%jfq_BjD0P>2RIzpXMrWmJr@LG{%Z0^laXS2x
z(o$L?%#?Ix!BIb$hKI%D@Bi~Oe5v?z!N%-Q(Y0#=u1)>@ihGW^MMZezLxpW#-pDhv
zvwa=u40LoRnjxW~I}8p`rd7`2nTj*b)&G*wi{xB%#kt
zLNhUMViq~|ihj+QEI3TW=&paks%^f;QMdiQTktHeE`bR1hTz3Mq1*Q5^Yi0o+~b`<
z>LQ~fi`Ry4nkMT6uyW6fdWm{pzErEUxl?7g(nr^3iZL_8$G%tV*vrC>w=q`wI}$Uz
z_~B!sseBFpgN2=LMYGro!`ZhCC4BF%(pB5!XMS1(*toM?VL_w2m
zGo&u8J2l667>C8iFN9BkjKS-$ek|Oz!w!r8{9styY_jH7U0oesusH6)pR=QlW*E5M
zI(OF(v9Y4eF-?7a1OWj7R(5tjqUZyAvlSUTBNfHP!&6jpiv`Tc9n5gW3bnnR7Dx5A
zSBJ1M{jYCQ@|HO5=FkXHv&6FbK6gN-mkgJp
z&uA$*xz>^5x#_t%-!UXXTn|OdEhen?3?K6Ix-?7)A^9**rNB~Y
z!F>8XF?#VmDT&E@6%7rIc!%w|9;$+1n3o#)Lkz{tJ_i}^rPG}Zm;2)@w#s!pn=5Uv
z8hUz=xVXwX<=8tGcDYD1=jZ3AOS2WN*A`__Q20N|q1b1$8D?o11qTPm99o7J+u4@b
zt?v}+e~S%bqnAq*M~lSS-re;PrV)Pqnqe&NlQ3OWLz;o)`cyeC6(yhGy9iDQ^pVWw
z=H{=zX3ovF+}z&T@!zTas!;Oy_R{4Ensf|-$K^G=&=#h9_Zl0K&-7lu_M3D+<*G7w
zy>!ER`0!y*rlrpE(6&1@u`|h3!K-WD!Z%^|1n3AOef$1xdw5a+57XbuaqETU*-`sU
z^Rew3iIcPQpi@NE>^(*!qmlCRz@()5yN8e1*@edv_?#Bw^w_iC&%Isa@JQ3(7dSuP
zZrWoLmShlhJGVbCwr6n&2%OtvBWaqNs^O{e|GFVN1vYIu_QCceL{5
zHY-$Y%4;g=3bYFtWgQtEy@mt<`p=&~k98iXs0{TGuh2bu
zL>Ls=;&z0XAjb7#`+*C58{o?P26?2O!)*K
zwY<<7dWojrzp-GPT8DL5TcL}(<_5kjst@QdPwmgQCXS|8S5cAP>c|kt>g#&l+Ugp3
zK5Sy4=l$#BgPGQFr~Q?2(%|5Suj=gZ6*Fsba3dqEtgL>-uzaMAk!Td6K@xDiLC5pj
zE2B6uCdOZ@+JTObk6d3s0FhO?9z1X|>Cs(YS<(B^{!;B?f|+6JdBJ0ayp%B6=hO4+
zejhZ;lV1>tKmv5!{F<7aj0B5P>iy4T1?H4HM0B)*R2yS)O{>?!G@dx@qt6!Vw2k*q
ziEwZ2x^B#^-Q3y~RI9VYI9#6${u!M)aI#KJLPR$salOjPdGOdpU0uEQ!064J{81t1
zhXf(B`dDP!ufvzjyJ~m0mq+rJ=Jg!jr;OE}O}bjy+6KPT4iXE*nYoC2#9_DmqK13V
zeR*w-`=mm7?n5k@`B6o#hLN&z_|3Gm)FO)u-rt{g9zbfOvN8T#m@#6|ojAecu+Oyk
z`vU#$-Mjg(n$W~jUeG*ZA@r_wH7%>GtTgs0dC1Q075$y?Jptj&4!UC)WE>YfUMDBr
z;V!GM=@TNZXlNf|VrEWDc_8Q0va#XD-MYoj#UU`3Y)1QW6sVsk&P9^@+^Z
zu5ac7t(Ho=9e@5%z*MIp3B||5^U6%T?e~Pbt97gXDjxMVH+Oa6=#5|cNij6p
z&b6jFCe;nPChgm7un#rHQ91nT0hqj^J_3*LG`&JyT`1!+1VcM
zpXYKCZ4n9V&K)v??~egeRk-ur7~QW*P{m>R|lj&TD70@DJr6%1rBHg
zG&NlpmwcM?xtzPoNkxwT2@g-QsxD1xS}Fp`KC-o)pMPyIp5#flyM7DiSc?2q-S*Ck
z_rkAOBqXi^olNJ$P5Fmh8JB>St>)Wlom^c_c>|S{?HSYzwv=rX3GWt;1w>HtH4YDx
zBK6dJ;+@3W-EDy5aA*14$?ONxy-czbSUClFj^~r|s2FA{glaeZW*1f}uC@W-R
zV@J*W=eWM2DZ<9a>gn~~XgCxN$s)dwG57#r-3W7qnjojRtjrtW`Rwd$PjfeQ<&!5;
zAMT{;TwNj-6@djq1KfyPakrS5n1s=Aagm4>XU#?CM;{@1H8f0;@mcWi@9!roF1$QfMi)GKYPken|Ltu`veSLM_SX-Q7HadM%-BBvfw6tC5<%;WM$dJ~
zj6}o9No*_lC0tv;b@rz>a*^?z1XE0h^cxmd)|RCtwgz&`nuzoBbLsKPq$h+B@ILW5
z;w*M0Ap476OLpV+PLanIaXOAL8IF&R_Wc=sS8wJ09rT;y0njz}*W0=j{7%AzL`*T#
z>yx$Q^paSTUiH+IZhP1ackZh29(D^|_^E#vY?yx*{Vp*vLYACce?Dj?-n8b*iI`w^
zj$@;A7;kzj5O*>uJ9{n1UPaMaH6TFrZuHDaFrn2--_!HM@j}G4Y;Rj(xvV~0pQ_i{
zOVot%gH~e7l%?e5+a#$wpB5$x^yV7L=cyG_q^GC9$Q|TyKmD*MC?I5gU0=UzQ1i;B
zvS!F=;nMWXU`+*!`Y>;imw7W%iMeI@C4E$Ue8|b(qTX`97#;};;i
z6&rnZ3b#2>AoSBG+o0elflI9sh|4N=J9*eCkiWL~k`xf)?E5Oo*UZYya<`PnEHX5?kY1gLhrJSRUhy&SZmr&r<1oj>Lg8><3g6Q!V~
zMQ^eCQIUb`rwrEXNTcfNYNZc}khWV=TRt71?~PO&amyv~rjIhx(^CTKZ2kI-4K8=8
zVPm|!Snp!YB&}FRM&{k;=un4^G2`1sRr(zF@3SHyJq_7y{i>!K2Df-R=A-tHam%`h
z=D^E>p|Tw5Y$g4xOLwOG_r1DnsVg2md-unILS5sIu
zm#v?Jo;c#%I2z+qz869Sfx+wZXV+5WM3n2-#^T~rrCy>`zKZzrh2p+W8PU$pFo*rv
z+OgT>^^tN%FV{evW8K3*c6RoLtX_j6tKN@A`S0yao?mEH+T4O#6`zQxFF7jUpIS4^
z91k4@9TQW6+tTt2-x2Ny={M1HUIPP4vR@QvSsp3&HhpLSNjX~y
zQzvQjopgHq@RsGciZXsEg^&l9W$nq`>*p8jOUKLlqH{Xd6Y;s$OFtLdV`xXMfmlX29I%&U?(}xt+ctdgL0BrP*ZuYQsl`8tFbS
z+A9Ksg0h&!kdb-#p3E8AJPZk$Z*TwYC5&XZcldz1(#>)x92kp|N9JgzrsPD##52P>
z9sy9?*)Dp7l~0{e>+9=7HCwQI*p#g}Qeutla^tYo2cUIdU(V2!oA>TZNx*(FhBa9*
z!-VDKaYsiNHtOjEarF+4a;Fy-{JTjXwE8XSctu3uWYlqC*PiYBr^gTr>Qs;!v_|AQ
zXa7j#`1q9TZLm)n*&KKEV1I!Y9}qSv$whcJl@u}`-F$zkKA2ld8rJ>U
z_Xd$*$}C2&8yS)AV=V_iGLkd(u!`g-#{iJKy{;hes|s*^ICH_nlvCrdIRYGtyhby}cqHF4YJZaCI}&+!hA-7&h4&uR0oT$ZlHCuzoiWYT-zNijh6mA!x2
z*Qap4-E8vbd0nvm+OXbShAjJIc0Yw|aU~@p!INVHEcZqA^$SyKm*W$?8B!e@R@VHk
zQ?wUr-xZ>2WMpMq{BM#L>CN4(5pZ`&e`vokMqGb+$d{LwhaiQDtmp2cprSTSPEz&u
zzKpNDlK;XJVKGrNv$?5lM9H}{nxBtjF;O)*?UKjL%#3Nfdo<$IUd4elHfdk9Cvu!H-Zy?H?K8Ty!_pS8_}yoJ5$U1m<*Z1NuXhR^+%gbx%I2a=O`gBnBGAGEWXXJhF
ze6i#5{P&X*%PFdxb!zBP|BMuQXeEU2zJE`Ur*p;^K`G$#EIPBHCEYC{Gc|S0HD!YB
z!2=Sg<3!F5H#iK}dC>huKM;LP{#vq-nZfypJ1{%$*6WA2Y;0}befSguSXg`vp7qBv&QKRD2%;Xp#U
zz8uoR{`heo*Pw>jT46~EQKtM;1lHp!D?8Yn`r#VJK3B?8V=-ao}!upE{T%j+%06q~k-@5jfI6zm?jB+##3|}=Y
zN1?8s+v_IP-T%Zf;yF!oSJngn&Yg5ze(lq=ET8g^ge&9z2K
zLY076{TZ^KQ9V69fBZNn$4&qGRhT)v72?MlW$g)#!N}=q@dH#;RA6x5MeSIQi=-Cf
z=DX5Y#7N&M(5}Vgs}5kbk`ou-*GauY)YLnAYh`5xG093Rc+|#68k(92HYxdOWIoWc
z@R37CoLQg8f>7T6n%in&_sw&+%NsnrPa6CCZ$iaNe|M4M+qZ8tP~F#xp@oq>!30K#
z?D1Q?^K%m&-t3h6VJIr6=Yt8CXO<#&2onPn5-4FV_~qu3GrZqD^m-wKE{5!DVs4Z?
zv!ew37Ze0=q>g1~OWEzY^0yxoOowN!&X28Y_PVY*TuV-mb(edLtj>Q}GyUqA-r9;}
z`N&2O6at{Kpje6K?kU^=35l49=%l2`TGt~Wm6KXZj0>B4d+|j?8ka|k3A+*ne8a-9
zYIYVii@tvstM|C*DfIOG!ed>dfy?6P=r}SyJ~!(hisY56S}2;XkRn5fOop`FpUH-b
zO9heNDC{=pZJ<6KH~)x0we7Gz;%z20%i0kc5AwVS9M|J-^k;Sa4Ap2?nddq
zHVgZx<8dP*A_7j=3?SlNe7r_Bns&9r#`fu&Wil|Vh}y`YHLN8)lr$<#PV1If`c)_!ooOor-fyGb$}^&_>cf1h^~c&_F6H@bygl;-r1IWiZpoWkT4%0
z@DQ-b7%VI-VYeQUFvnmnb+-+uU)c+=oH#opA-M;mbceeZwBGn_Z)d0b_ALlA*Y@{+
zus`Gqh>0OSMY}=E{16k4Z2$Sw`!R2o$j^=p!Rjh~>je9rcP<0@-*~j1JwtFPH!Qa{
zKRsNy181j$i?@{bM8jv4r@P02KRHpI2Gqw*hem0t9aa
z+%=SKv;@KI`*B7HT?uM9AZr0mSPYHb6cu}}mo
z2$9sQt)n!k#93GdQq~hq;%Lm9SfI#e^Yb_#6#4$UqHl+{1?(O@xn)^@fSU2#
z!-cqmlcy)PM_-wMaumcK>*49>_(Q_O;p=ZFA
z>e56t^t7V`kt?h1n45Co$jC_yyyo`7LGBQ0wno|FpWH=$#(_iS64lQHXi5j&LRU1j
zv{c^>J0)~=X}%;RK%%uGVj;q|5LyMMjAzJP(5*Jp1nEpd(Q?9w{&*`fdf
zV!=$t!p7EvIn5?7@8o1RV7FThwb<_79ta*qn+7Xu1|vm!+xz=&(>n_7Ue}g;n+wO3
zs;`Tj*az9S;9-{PnVDg^2a78n{`$y`vIcLsP)iJW;fl&iF;!L4f(Hc<
zV8sB%D<~*TLrue)f_LxU!kVc^sZ-S5fzA&{mOvldKf1?j)qP3%6vz|*4B0(7gN;EjtDZm
z4}jq`&@6Qg3>4>-%(1PnO8AaGvOZ$D>Db@5J&~h)Y%!Q4z4em$iuGe$W!&P`N1*q9
z1QU)N4eNlABB8H;uyTck9jbUHII(o3J!h-3XFbf_EJYj$7-Hu_T#E9qZ>$o
zlxd>Kl2b0t*8|03KLvgJ_Hce_iJM71?!$+HuSVrrSy^4Y6*}ezBak(u&+Y-awKv3S
zceJT}kJiA#qTtrTG87e%#DQ-h;;*g2V+|kL|6YX#c^*$?Z}gA|IR7!lK#t+
zxO%X9*g1^Rl4p`4$118~kNkAX%%Ax-Q-O1Il@Q6%Y9QzJQ
zXfJSCnRImTAg&k~5WY1w7J0dEX&^gseX5z*%-p=Uu^AaM@k=EozrzhmxS0Xvnf1tu
zii({cqUI@!mKJ~{GguX)kg`9io_f$lp)W3y1cldzG&PBmk(1Li@{t3vY;`}TfA!y9
z02>>hL^a&9vN9&7c1d;hTXuGKk8NKK4>YC#wgSCV%);V#8!!63?O>&?5zIs>M9)z3t>oVs)^$K
zHLv^xN|Fbs3bt%^CM(8;cZgCIm%7l$%dqhoNkBBA!W<&8#=S@iG+HgVR&``nHscE>m5Z7Y}T?X{@veT@1
z=*jj|O6Ic0mYHAwh^ncPbtUixYI0j5q!(XQ+=6`%SR%5{PwDXO?8FE4Loy)AN&rlR
zne6v6O=50;MR9qoRI}8c;99a`X4fZ9Q?5GAQcM;xRsHpm;!mezrT_yUay=ZfLo!Au
zCnrawc0`f@dJj^>tN^PY)O3@I^!_)*j(fKH7qRbl)^$>Kpa6KAwD1lxVgJF^!65yS&zqk
zYWV$!f}6lXI9o|YnxL|xssVyPD2bU97CF^X**(;J&#X
z9B?D}OCWxV%vK2QU+%K-JbBX8Ie~3ivtyWk#y}Ffmggxc*~Xg`lVM|L=T~TnE1oD2
z3Ki!5<^&oS7Zy>W{F^O-A6RF0=$DyFQWmEYox}l@Jy@w$L
zCfjwF!yl*irudYU;d#HG%WgHdx=B#Qo(fW9BgA$mCnp3=jDdks^u4@|G0AQ0D;1`=
z_|dQK?zUF!wcbiwBeL7KQ(kBXO;kIi*7_ownQtVgrC~o(eDsBv_!_sPBU4BSD5tfu
zf>R(3S~1gIpQy6;Ei1!$A02IVs)XX>BSzCZ90Y-$X50Ra%g8%IZ<
z?or0X#d({1UV5i=OoZMvn-d!S0y^#hkUteGPjt_4Tq17l5dpJ*EVR_jPxWhk{wrK7;
z2^y2pa!h_7RaHR_z6tEAzjm#Qh_;d+tSpp3EU#L3S2Ya{{a=f+@%Rp)OXVH>x$ccb
zON(r^({uyD^PKK)go1hkK!*w_*#Lk48{kV&Pkdcn{%#{a$+KxYieArHFLlz3Ei$bfs23|ZIO)=vsdLCbv)^luhZ-5F2#cNOmo|S?-+75hc)4}RU6md-YyJN$RQ&G@h)6?
z6C7F>q$_JO)9bT7b8Qh#0|P{hh6@~#;yToF5pqF6JQ%>;si}YLw$n2;MPo5FU7xHZ
z><*{K1?J~RORVGJ&E-+T1YXD1GNG%6#EI(ZC2B9vuf5>d$z7RNiis)ZM8&4^K``H+
z3+u$Ml4;(qEl;E+MW$nq#?qbnVv>hRprjptj7Tv9BNeByLVBS^!1a|({F%uFg>kHA>e}27D+88
z+?~kD^$8nTLh&iaBKtL!^W!;ODQW2@Aj?oWKwc-L)X7hnB~p{M*8`oW>8@+8w`!h5$hZVsGR%1-~{{4HX
zbahQs1YMp(Vc0E%)D}tE9Mv57666BV)7D47lixYYsL#s3Tys^qZ6~Xt0eUek{bs1G
z-o?hE!U#1?*5Z?tVF%(|gipVFhkA!Q{&bz|E6!?eTMn=+r-$y>Gv%I659@e}C@2uf
z0Ru^`;u#6pFJ3!)qS`S~A-ySLV;mwSsciSpRu75W8s(k6AG#&Y7rp_ZAS{do^+{X>
zT`EZmSRa9pIzMSs$y2K%GW9$o25qH{+_DavkdRP{0hLU^;l8wt%uc7O&g}e8LXh37
ze=a?GM>c)9L3F-9hpSfXb}xcLFpO3nx264M8kigq)~-pnHS^bouV`S=TATm#-X=frZj!0JP6Ok)GsRGXdiN+9?c{N&cr>)zBNd+fw+XR5x3i3HlsY;z?wEe`{VQTLbDj-CY`n`8FV{T1J%
z$t$Fd&G4e{WyOtGlkT{{Q675?mLIz{^25Lh%gEdu8X7{!!9nQ4$2)CL+a%DdzW{?2td!xhO1hr-FWhe
z?8Ao-4ILeriQ3x7m(|K3Pi5J=)Pf%Xy9b5I-Sr!1<#MW_NJkM5&WY42*0LVsS_BEp+Mi{=NQl&m~XvTkLp{0pX`PAhMzTr2!r>v47;^
z@79P7y&jTS#>CSjT%TZTXY!@Kme9ej{&!BRfY0sh?e&b6k3Q`Gb*K!tE@v@;r9nhf
zlRSaXv9)@uQ{2j`=q?iiMrJ0t2gIbXurIXSdy)NNdvlVqKeImVNq}TqMEv^K$VmC{
zB`E3<#2pa%AU~jP~7KP}LCu+an?$UkW-E^$Ak)Irv0c;?|tBlDBttwPy9E
zfu)p<`&80ZjGi96!#GoJ7o3+zU3Pv2=OhqS0z*StfJuAz4o_!o-vt0JLZ-IfWdK9L
z{`Ow;mrCkJFn;)M$=dJyicczj+bjAhE>3UVw%a%(A~*k%d^c~P4OAC{Bv+g%Xi*`X
zXzKpGt=bVV2!HzgSq!RNPN{;NC*2nA2qG|#85W((=_z9JL9DrrXbZ?YCyPHkolBhn
z*gOQzi=6lF-q)-X{a#y~6a|ucx$NMFZZ!Pf=G4s0z>nG<>0R!;j+;J~vG;RJ%zuw8
zJ-+gsnPp?CU0hl4*YVU*ohu&W+lH|r!*t=k5>)2+rN1`+~losLd>b*;K0qR7{GKc+9Re8Ckj={yXhN2mIcC+Ik
zjVVo?N^ETGofFc~ReqtKa|E998;eLk8uJ7xa(TE==!jKpI9kuwi-~N$-a~px%NjM`XZL-
zaT}ghW2O#=hicm`O}tY&I{d^$6h6t*?_7S34;i?5Yvfyu@jLIUfll9$ndEWZmCqF-
zMM9fCgN())MJCAa=$8}|8Tz*Fx
znkYTg<}H0^>u{67t+(Cks0dw0sPBmqu*}8VCQfV^C8^+0;jh*
z&1nP#m6(b9`ud7IE_h$@cv69n$!(rc6-vlw&z>ExWG1~((a2Fp4*9!bVYy!VAC6w=
za-SZOQGfEv!C2M#xf?)kvbEv-r&8@+CZVB((0XrLBn#b@B-qMkHp(acK+QY3Nz%~Y
z|GhMHzzkCJr_)uI?Y+IWnvjW_7<@O$a!GpRj)fDpxDvd>g=
zx;lU=UpTA+9#h240xF5!c{h|yNUzC&``dd&*Lcin5Z8n+AOWv3vEdHFJ(Q&W*DJ(3
zc%*Xq{)F)VzaA!!KGpoMcmMZ*e~-oghk+6U8Ff5g3-#|u01l?Hnr+aPFtF!?@?lm=)&CG#!
z0PHZjpp?VLg?HfD0=jmwTL+1dFdFsa$(An~!i8jHw1iqO30ooZWInD=bPx0s>f73O
z*4x_HKt$E3;k9Q5DF{jUZnWOsqU`!iKph9TnlIPWcTS3F2pxQF0T^_l|=z|{lgIXie2
zBwjt+%X*!eA{{$a8~p-Jw9tr#y=>6TB-mB>zwL>#H;tMf>|9gb8Qt?;o7mdxMC-ki
zY_pp~caQF3=~cqk!NEa(Y|nKhP~`jq3e3cfKR;l6fK%=3vpTUg8qKKZuCtpXh`V-s
z;N+zJ^Ao~!qwb-~q{cjT_E$9(eO$rfKA_ZqK$!hOx7uok|J%bypI>F<{45Ggd0utn
zjikyzZM4*Ntw%=aTQb^z=Qh5;bJ#Hidzqq&63~$lc5S75DQWa38>u}8U-L?cuCreA
z6TPfWja5{5g+&>Ke%(8{G*mPa1DG|yiOZ`Yn$=7L!uh=B$3
z>VKVzFhF2T0Oa)Ik+kV*ZlNyx0xA=LAcmc1P0fxC!?Mo!|tA
za~}ijSm6IHWA^T>5d3*)(TuV_h4PNilPYnP~Gh{y?
zqJB`&Sb%S!{LEgVit3qV|IkFf)?=67Od-VWon00i`aK4Bg@j1K`dAt&5*hb9%nroV
zG6#-jj#P#0ch=nb@ayoN94$JKv?76|HqGeET^%VlP{Y5C35959Q{`O*e+*|KHJ`(Nirh<8T3+7U^%sYx>E^zus?_;qFy+H2I0?XTlp9A-
zEUIKjgfLEkKO!h5C8fgc#3nqgmkPyMk9MrGdafNDApnq`KYwnuKJpUfa5H?5g98c4
zU)0;)bl7Aw4loC-zaH4IL&0l@9*9E?bxN>diI&*Jvub4UI7nSR34~^kPnMFlm&({*
z)w$gQi;PK3uO>0vPmik$?#@#Gz^#U=Qd5L77$0Q<1ZNPBGXY|Q1K1Z+U<(&;M)@j+
ze`B$UCMqhLzOI#Sx_QVfLEfv{x)^EkNES*;{QW!chaR8`82)fM#WTUstR@3r2K&QV
z+o!Bhrz45Y1+ejn=NBqVY7ZLCXGMi;w5=+MBlLD<)>~z8hY_>tU{Lklmk)pXTFl;o
z^POgPz!-Xuwj#8I=s6h~nbH`P6=;rqo5?!$mqq?&1O1`oI{A3s$_C)w3r5J#-9=-ao%uV<*NsG!z+eB5>ke
z*H>3DZ_4~4sjkb&axo`fAPQ}&EFS;p$
zjyrV?O%e@pjZm_J15c=DPhhjkVI!dPGq=b~CD<_*X!5fKw&m!yhB>m_F@ojDzph_~
zF;P=%efawpP_^seS+atc2rd6#8$o;1geS&sB)7>K8{dB+EiXT>m#>KQU!e{m2O;c-@QJn<7F8PKW?R0{7X6ytj@4hR~siwQH?ZA_Bhz@SqqH{@#JgZJN@G(dA*jzWqx)Kt6I7rX|6
z1wm;AS#PX6Sxk&y?XC9GzsUVO6|=TGI(Pi`PlL*PHY%*HAGU@S%d`O6kizQ(5Rpg9w5EB2~#!CO^^UEr9
zENs2~PVN^|<#*L&{f35c=g-ak%eHKLzFFnEGN#~^mIh4EkqX>!%XjEcxOp@~cwSl+^cc+gTQoqjnz$PAe9P1<>^c+zVvIStCrfU&_qI
zt431EkxTt^wF9Ue_D@-5p|IoS<;~Z^a{0ZyvQqAVzs&La?c0H|r^#($!pSW!RU^sr
zhaMpP0|oGv+nyn3r^AkCQEj!Jv6kev=P#ou?zFW0{XFOfBI!#1$o5XX8}|nwW=b=uDpdT{oW~GAY0Nh?XAmlf~o-F^qYdZ$IikaSgxp>8rgE4YL3J
zZs1D(3z+nJcKF=535+uQu$zxP1}C!eI3rLrb8V55pdh7b=XM8RlNSLBL*4i_KwSD5
z2;F5FEDgkJ?fp+-vYE4xO5pi_H7{ytco!A>HVP>zDU_G+0|jhaD+7>nx46v5P;g;~
z$^r%g*5B4~eZgZ)Q~J2T`6=%8e|7nP4)_%YloZW3*=oFk2^mew1eQ^hY}@y2IGW
WORj>@~Ep?|!MpALsQIV1c;tC!kQM+y5()fDtZ!f?#
z=%U}+aG}9iiE;by-#=hXwtq4vCCeuXe&RB}4VIP1g~~OT8xw#ANlaSGHbitf6Qf^88TvnEI9JB?4-$_E$jPi*;RtIxwNkTab-xwOs!rtfR
zSXNEgU0-ZDB?z=r3UJr)*%+#@hdE!fT(D=29=eiRHTZay88j3)1^jSZ{1FCxmRZws+5DmZ!qb_zQ;Zjp41v=lly7gbT%|Kp9hZ?~e3%NQ{QN3|5^gK^|
zcK7w&o8B0D&w@Es=jvQBed5H*QKYO7k@sVEL`h&nyCKXHIKN-
zs4i)IX^--VLsiG!zWi!8rKaW;y<`Nx$%QUE*}(6(M{mB5+U>NEnhqCeVWRpn#!$l7
zJ!EdGC8!Q-IVOCOTjHRm#zGzJ>9P95Ed=>XC7MxwbN9SU2-ya6ZGfZZIvkGlgFmxB
z`@;t!^O2&)oD~wsHo5E+#E3}DP#3T&)ET-pyg-S;EBO2Ny$La
z?gxj4GQdHO-A?w_`XO0*cIDH^Zk?~Ln>B;0OhL5y`S~X1#<48-MiK8Cb%m`DdG745
z7}yj2cz1frd#CdK>&VdWyqNmpOam#Wr>75)@7GTig5M`!t(eYje5}+|8Ez~{64LLf
zT$X8}7r)jHOuD{2iRW`HU@)GnajrVstZrs31cqM;jwH9J5P>Zb9lw7ofwK=qM{ixv
z=>}X1jUjuDz7sJ^e7xrVF*V6*V$$<+II9#*PnNKlZ{LaK4J@VVsZ1wH9|Z*-JyIA&L9ZI>=!w^7d>@fUpyuaML>r$(=iHqtR|HL+fpQ`(1H!BNEKe)~o
zj?V5pql#Sm6p4&zn?|K*j#|Rh+*~=ixN(&%hywipy*;qmqV34lGfR-$2M6%ty;p?NtJ|7$*MwpWfpz
z=jas;4UycqO`ad&P1a9@l~w6KLmW2vLN)UcCqR{5PEu0p01a1-5_tkIYDSp`?;V5e
z7oL~z9~=HAOV7y2$;pxKOSv`(TNe(-r!Eh(mMs2MyaZ2IM^{&bxY9o-LFFyfWrt^g
zc&3ay!6~%G5zxg#7T%S+Oc*s2)4kN+=&KbuKR7t}b7}9{``8CsIbdCQ^ZK=&bJ*0@
zaFhQ{d)TK(b!6(wpJ-4(i}H7H;yJ2(dMR)MUp@PY7!hk;E$QXvZOm5bXU}2;BH$9l
zmX!B{+qaonSY%+|qO!AdB||p!cB^JDg5f7jx&92R!(dhcuar=
zFJJw;#M)54A{gwP+5TRF7rKElO_;m4h0Iayg!v!4s+
zW)>6#^HBQfXt&4R%>L1ZCsdJ=fXO?$yM-2qUzM4~kvw>n1)(A>@$5|wGmDb4dL!rX
zE8EV0|3hwt-5_qK-KYystbaY<+G#(f)?^|&5yC#Z@aRkw(A2p)9phB;?=={y|m4pVqUxe41ZoF9i8sg1||Z_7VZRY%f!}5YQ*w~P)P4q-8L7+
zKukj7;Ow?kv=${v6*ayw1VF~_7i&2aADeiV0WdLvU&2;E;o%P0Ofi(=Htgq
z30Eo&!lh^KA&v}I3a9}&lckC)w{F?+5ahvt^iEC|2vj>V+b$ccNH$`8du>kh_k_oo
z99(w(2NV$~mG9r@!QzTuw!7CQ$A%vk^CiBcUX}gBgoUE?)Z<)(Wb%Kdh8|?Zr2cmw
zd48g$^*R%~(+xQz0v-~Q90lK{-eXuuhy{gs!s}Gre+MGE{~t@aVNCdMi!OA~3Sw#g
z#}*Nx?RJ7HJMzDt@VYm!)cfxz_l5t{aALvtK*3`<7_Oo5-`4^E{~hap4RtbO>K-O)
z+8(B1@;^_Bv_0li_J1HiGMc{K4Y=wXk9z)j{v81|a&$zq!ni;BgduFOeDeP1`8R~X
zqDTDED=`RSO4$GWR)44V&+_dZ+Jse9C4$<#*-uMO57O+wHe
z+4zsM>)*qX0U2N5>U__pdScO?@IMW?De_-zu|kCv>I*B;UNu5LL{VpE6D<6
ztbdXWgeFkl@-q`%q(RluqN=x=Y1+QfE*wrBfN|@Z+sT5BZokX{Epbn|?Y*q`q&PY2
z22e+gg<73g5pHnDk?;i0J?i0G7E1M7FabH1{c;D8sk}_aSc*s#
z#{C(_m**!CH8cPPwnk8rXSZkMKze-75`2vWixAU3tFA8bnhFsDH3T_(3%KqN?XTpx
zY;Zp7^RjdkQy+ds{|vffvU@U6VwvQ_$%(l+nl@eMZc>o1tb1f}!(mG>WeY#)1A~!7
zfP$^fX>d4z)sDyuA)sTI+QpqlsnEJ#|a4s8Chiu8hsZic#2%FXkfmU-`6OS
zf|xdAS~#3LjC19js>n{J}KW*}nbXC6tT?B^eEp-7rE%
zL)>JK+g2gj^R`EmqR5SuEqjx_Nyy43WbeJ*w*PUd-|zjs&-1+R|Nr;Vlki;keVx~N
zp2zq5J-)|rng*$)YMybeZ^!7QAW#R#Z9AiC+MR_ie;_9lcl}`6LDVs_UuL-a7?4Apukw
zH(}24!n?*|v68Z~fW=Vfst&!l#i91)F4SAJST_pUwe3KrdTGPCwxOXNcKtT!F;kKT
zb*2E8AvpTz=~ck0-(T^_hWJQfd3Oh@AbYZAD^D|_=j5YoHa?3@xvh0EZ}Vv0asSSv
z_x*@a&gek-f@l)QF*$ML=}4asA9UUNx)axif7uoF2#Qe5^~8x{S0h^=wzrcgVchgf
z?&cQOiB7BD;lwZ?2RNeQv{
z*4FLc?N)Me$L6W7*)O~HNKN!$j<{?k&Yv;(xF%E*9~HxNvuN{+4>IYNw%SMV#(Uxn
zE|Z=2;rGy=K3S2S`5aweuj@KT!!5z9!iPc~>(~hNKvoqj7jEMY_SxRT&M8&Y)5~M{
zt!#_IKS&!mX;P)vX*NDSOv`u@5mQ1|mJ$$KT=cx#-WHA#CX@b-DR<;D$^QQP^LDk-
z76IxUNp?r)^sL~#KmL;eBYNkDfD|FU&#$O^Y9aONk!x!UhACV-KQqPYI5>1RR!uA|
zt;lKPqbu&D43ia{Xu07{ac=1^45OD5{iVy~6!UeJaUV-iDU8g`F&Y}d&>(>O+za7v
zVG)^WBTBnp)Bhv#Mm;(}a)^fN$rCw&y_BcVjPP5O^AZEmZ*SeC_W_OAM}P-p%0%PT
z{CnW{EEx6{!oCU<*Vyk#dR&s=v*
z*<7#DuVRgNf_C(q+Y7VcG(O^zVjp+?WAEWhb6u13ef%0x~b@$CS?2))o|
zp3meH(;erJ*|4rXJk$ppDf&A*e#RH1Xej4mr!7lWoE2~i%XtpzoqOIl=X8U%U3rw0
zUlFUnE3{28o9
zvAbz*DS6-Sdif3NF&6Yn+7t%tuBI{IuM&%F+$9sVjd$(g<(d1HuxZ*uu7y!aME=>?
zk@&cRsNLk}x#ES}f#Yi;&zzVwdKrNcD4j{9E`Mrl=>}Uz4U;SzE8doAyX6)=oRct{QPwx9TOa
ze59O&b{YnlhCHYdnw-drTK#rX_9d|%ZH>_!qSq}=;$a~
zVZ9S9-zl2;EuMKOlo#EC<7$;Z%aVCFW0widMij&3^J@C2>BG3_==%E*(~JhhPGj?n
zvm~Zi;i9Fj9b7bw<>h0C<5N>*VAC4hg7iG1ZoqdXa3I+P0A+z(
zNMc09Kz!QxqW#K5l#kKkP$fjlclBN<)ZKbwAE8*gxqNXPvc1%WIo!MBy|{H?LCkwZ
zPd~)1SZHkBvMpT!0_lVu={uAce$9Y|oz<3~!iN)o@^#`y
z<+TMOz*wwDKkrsuQ?t{ne|o2))XA~u(z3CP7qXze2s*mHY0K(7HExVQ;KBkcN?J6qJSS
z&Wemaxo&scz-4wSDaHGhc4A6~{FcbB>a!^$o(*TCwXJqdjU*)S!&f8A2?@)X@cHNx
z59)@IT;Tl7oCbQ0KWHoTO8J_cAm7xEFTXNRijSAOb?X_g$%gFC7&9T+GYADez)%x(q~=YgO+A2dnuY
zReY&*FTT9PmmqCyXNxL1K|ZrTtt?E4WUePS;@!=vXT`AKwzMh0QUkeTEi?~44Mf7ob#_9K0=X?LN%LiebMjEfAor$g{5Fd*6oqStN7M9
zH@DTvejS0~wVHouqR
zYKOmlo!TyUk%wP8fcl2e=f6^D*}EQ?(6~fzn+h^MsNt004VH$|t(KumuTk4VWUT{j
zVG$D2!f`+RddT5s7-w8E)B`JPY9_C&*Z|2{i$?PUrM-6rZ#d6R5P&B87{7nZ-?3us*afnS5Y8l=-Yk+X2y;
zHyPN#bo#$8?a!g0e>;D|yX_dK>}@m#2$+1lWZre55JEm)Fz>1Wq(v4E=tEt#4APitzMH54cp3oMp1*Ew1tf&q3wnCq`z?!^@{9
z=|Oiq_P6(oP~;n7ZhcN^-3JfoYdLYeU>lJ7IW**d)hq;NU~9b7ywKbgV|=1=cd=0b
zBMSr*o{eE2H4#EovpYWM>)+HgBmq!2yEQJdI{8@)7wzS`=j7FjY995fU`KZsn)QxX
zB=Z>CJg7Tm>bit}7sB5nP
zI8VaOiwLZjs7d2v^1Be(7{s}$C+4}JPD_9!Ur_J@fB+w&x2VQumuT-5%?qPj2qC)I
z2i6VU6*ZyRYg5EUH!P1&L(DrBcK{WF%uvnw{2lj-+Hn!U5
z9rrIbR?KhRrlc74)^eD8=z|9GK9l#qCKdt6T8!;6RjG!HUH-FNev84N?C65p^KZ__
zE}x4{65gKQ`>?W+a11q;KfnhemPyR1BelJw(hIrM8wZe4gRA^ivwF(ZQ6G{Z=TvC5
zx6?mL&r>^fL$qG-3&u=K-WR3}EFM$|i4?&{S6kOsTVhD5J6slNxRl|I;7*G%g=UkIVFO(#SYeLfw#zL(%
zU7Wp`MG_G{xc>?x(86+9)C2h^Uaf=gAcodiuOl6`y$bvlx75b*YPb^2&b!O
z`4w3B`6cTbl&2O3r<|(JND40BXNr!!$4-nY+6&)HDDWgf(AhX8l^PxK1lFCB^77W^
zwDLx0=~QUpe1|eu(E}_as?74rZ<+nC672exB(>K*-L1XQ?m>)k*qh&DG5mh4qSRH~
zIEmbK?bDR-juNrRjuK#!?p)X6wG0AQt@AEG#i
zdV4ZHwF96ej&XEv7Y|df%(T=bXIwo64KL=AN-EbyxjQ3bnavOX_WtoYPEHCveX3FJYl1H@Ki4T4%iS$
z(?1`sU^|+{%l)LkaK4tFA#J;w0i$`y)tX|a>mdf9PI2jD{Xr3j#H6#
zbU9QmklZsOAp(L7tMLv`TRY3utG9IGqXqzUGhG*lMl%Qwi1F@nChBXo^~TDIn06?&7rW-{BjVLz82USq(N1
zTfo1bZWaIW_N^{Oo`8tRP>`J)L54wtX)YRfuiq{lR6TYXf^&V7ZOAUjXI6lo{}Gll
z$k!VUtUB475EW;#zA(5sli8@GtQ-SUF1iKBBxN&~KRyLgiqpC!up`CT`_0h!2*UZx
z1%X@tPI%rvdFg)B%OfZKeSObQE>k_{`(^Qh-hSYKbhxkUtb<^+?-=Wz%DAr%yk@`R
zy};s#TLFPp%mfTwUVoLr7itd{Vp4F7WF<4#j9)kt2KT1=x5{E_C*v5h``Fr=BV&VT
z2=TK=-MD9a;=t@@Bruc%uoOXVIijKn3k521aEQ#8ZyzegP7LQ;BQPRmuae8AhGFjsY%VwS
zp-`b@wC%CbnCV
ziV6h8VNJstXK6}o%Gx310mdC{)F7u0|af%9J3z@(qI;~0Y_w_
zpmV&&MJLLa&C5Lzj_+kg3+(Zg$`^UrjUEuHsazhLd}ZCJywNIaJmTXTy>eAI+4~SG
zj-8837817pkOy5Ftqbt;YaNaDgN$jEk8mQWgxtam}V5I
zj4Y5&1KpLx%@s0|?!>o1agSSSDM(39z7M0WRbnnC_6qu0cyFvj&e+|Z2(o43tQRgo
z66G)171pl;7$S0j?8YzdegypIJu-4qo2p|3p9HcoD6}5J^V{w7nAY7Lt-0wU;Lqos
zT^3qpO9d1qJzJ{Z%I{@1s_a=e25kMZZg*?DTq$nhLfmw=h|j<~$jFErF__6rC}g9X9^3}>LPc&T`=M16W%d1owG
z9BT)mEOyr*oCDuk%88$7o^tC@lcW>=6(2~n!ip$34BMSnRfVS?)7RE|n9vTbahaZ^
z6XhpbT2|h9Fmwccy1x2D2!DA?u>WBt^V9gi;NT=gjxHDrGWK@p-@*6y>tnUYk3_>G
zlm2u~EST4{1-4J_!J|8+p_gRCl3|RVOtmExOvVP=z$O{IrY_?SyCR}>7tR&1IfH5F
z(@lEWbtP~rG=T}V;AZ2bjnVe{;_(L0@1S-6x18h8+oA80uV`7Dri5V&^?kfrOZm7j
zd-u0Fg><+RZS1Y4-Kj{fc#*Qh;1azS8>=fU%+EHx9Pq-!Z5B|A$#xaV6QGppi?il+
zzPQi9xn{}$(E*(-=mXqcUrnnkHS|N`OV!R4MuqvHjATPev805AoU?NgG>O*Bh4JAH
zZWz+5n%cga8WnYCc6Qdt*jQ0Y%8N)ZM3tGtu>_HecRgMej5D{&ZWv?3(t~)6KY#)U
zy_QzM%OQ#D_$@Xfp+Kl;XhW5a>Nr^8?h(?^`2TQYdl1pRBU~wX;sy)B9p(Sc{&Ka*
zGorS1S9uQ~I{)OmexPAXqOwYL`4JMV%|t{eTmRO)@!s*ctb^_C)y~`eVqyggxux$c
zBqI!fptj?#H!AgZq#)mGho8X!SR4efmsT3)Rx(5G0i^OXD6O!W*_^Fl+r2HI!p)OA
zvAE%7(-@koPDgn4wweJMY9!@Cn$|S!vR>E^qOS@FqSx{cewL`pvlP&s
zQgSJH;@i=S4ZK8~ar-ptm_r7Sm6+@wH%EOLT6jN~teYz!YW`(w!7!;jQ1g-H3F=4)
zcAMSG7{irD*VuzT;(S1ghqO59E^}eD#9p;8qUs<)FagYm5xrqOu6~wCG&giFxc_qB
zXvVC-BipbJSZ^R)2}iX
zfKjI-7Ujz)qUiWoA;fI__=gf8@ya)-h|{`tBBUMN-JeBuqYxiO(DMU4xmSvwXV6Sd
zwe^*QX=ZZbaKi4uf!|gHF^Tbnq-Pr&U#c@xuBwFc8sZoerrI$aG6z+4`!`oNZ3b_5
z(UFge?B=ywqC%pr-8L1GO%Rd{tIckEx$w;hyk|x#uWI9<#CtZD8ia$skqO*nY_cOn
zbZ6EdGW}FB@c+p)w7!6(0@X7fy<)6^T@$`Wa@Bw?Hk^a5>bfItJlKqna^{_L4v&sMt4f#P
zxN3xMd0)qs%X|2Kz{jxEw~$$e6j}Gi<}{Gr3$Ai5a#|m+4LoI%1R~!yj(`pRo~Z@de*s7Vvy-JE2WxjAOd#>(m+
z8tT$E3w#TlydOHJc?41)+7>UmGa5FnFRo~<9#r#iN@LY=tQley9Vx;Oyf8{kkcTBn
zqpkV`ON$~x)A8OP@52U0H+DkjS_FRl&BJjrV-PHZpBPz0MD{-7&B0&R5~=*W+Hnr{
zcd(&-j55>ttv$!VNh2p~<(1VU6Kg$RYr8Gw1~Sp9pLtS=9~b!2`E1t^QHT8+<9xK8
zDwl3*TAQw6VdL7Iz?TM^@P=L;cdc8t025Y~wom?^>uSyS_inA19Ks!{;CJyw#;CD>
z%0rk$zTa><3|Iuomk={JL(*OmGLNj6FHc@W^
z#ZPxVnmHu(_Z+NlL}kqb|Nlr#BFV?BoSek$m``A!002R0;G_GL@J{y?2ux(~b-OGiw_g0yWC4>RK%d)@a_hs9kd;FGruKQKW5AM&D+q}I>!qZO
zjPP7gIie8T{j&4`X9@T&8{CdF8;*NY;iAg}wI%zNxt6kzoYeF3Qfw%kPplcw6d-@#
zEhhm6ii_x$iSRv5;5HoOhsy2`hdWB*R+@)>{)lBywJ+>v-2UR+3xAE(cKHN6Wprf3
zCcj~Pc`~(d4%hJbs9Svqzhe1=E88D|jey~WO-M-SS3-O13@FeoktJ*^^oyK<*N&1f
zqI&{4GH;MQ@aB*eiUFn`09l}Be6Inlp-Xktd@>hZ7YJT;_pEl9=7OGsawPl*?-uig
zP)uVSnr
zrre-W#2kC*PBxvTWBXx{oc+tGn!FexZBx^o&ifR;YA)o
z0&waTe6zf&h~8g
zm7luqBaT}Mwd-$xnxV@fV{OzO97JhkjsdeRkYw*QTNq=isfima)2Bg5*o+^iElC3(
zhw9E3)ZL$ee!7=N`~(J8jfMf{*K@fU0?U1^b=CIKu@1!WCSg-Baq0QszYKAtY4@|7
zMkUc6GM6IkY753_kS$&EfsOmw~^ql`(c&9XqaG_~zmm5woA9xzZX18gB#@Ur0lp#hvJ@V%vq(ntILS);Z;*wo`{y>4=#lqOz5#+%~)z
zC*K;j0*XNib-u6TRFt&MnPOwhHXfBk&}99f>4Co+GY12X9CTVk+yeYKKc0c2Wq^!c
zOtEony1#C~tj*Tluu2*pIHXj(nW%o2#vk%WlJo*?Q#VjeQK1e!ra1EOl7lE}FU6F<
zr8hj_(zdCp=O-6xMQ#1>B$L184acUE7ENB-e{g(5pzt@Cb>;+WE7aZUt0Y3X4~?V$
z7RD#L)P;D7a1Gu7X`*AMOWpND#2D#-G;t-Smq;v^WZ-+MDT2{yhF$OFNRN|}Hs60Twh
ze5MBMYViEev5xF4c;KQr+_s}C(WrAdh%o$jBkDC(7yTF*%J04*$t%rKDc&#W89^Fn
zLigx6R1Pt&Ukha;;Kvf8nCG(0U8LYeyZ6e8i_iq3_d(Aq!1pnK(CmA+qG+A7=IhI8CSEqL&Dd
zA~WIY%W#&5e@iqLwI6sSJ-*;s!sguEnOY#Z_VQ4B(N=1ZvoJh*4Z0&ba*Khbm)rVM
z5x^Plx&xB}C9jVtOwy$r?}Q!Z__fx1`dN|f1-6l$=fqTbLRJLqohL(9JhA`VhGMZ)
z`=C(UP3wdU=7xGvUCen8k02yQ@sfHQLNDqA1JN;h2F3sa5ffqMQ7)L>s0*>6K0z)N
zNr&#EMIobx2LSDmnwJMxE~5c2z1t@Fs(6f)NLfMQLTSHS{Z?IVE%-r8R`{zONiX>P
zR}A^%{jC+nYUHw}8~A{uhZ!F)4vZYR3@^aZlEh-@5@6XJ+a?eaWxi@
z_+AuG{9RV0o^KTcbcu$BMoCWYTzDgMcq0OQ7pxtTb}obm4~&kFGhoA8C)>6+mb1aq
zb<$O4yv$2cwd0T98hMw0vPReB4Eo!Txnpj4L%uR*bQH1^a-f*QXo;`C4R{8^6f%BQ
zZ3(bwWQFu$$4plN6A)Z9223`gPILJMD=kvlt~-uMwE<|YnF3)py-G
zaR(p~6lNBwA_fx&s&bbJFMNU;1CIcy!2uaBu;Fp5KZ_zb6hjsy%Pfbh48b44>N;UCke(-L|VjBQAsw`
zWC$pv;cLS8*wHkutvdRMiu$U6)QK4X+q&iL8rqy`_l}-r1b|
z5Jc1UGmaD$mpnRfONj5m)7!JNK{laV_9zip(Fe
zE#56)+)Ql}ii04B?%vHURSSu>BgxJ+p2jiZRL>knJ+9drq+kk`);P_ja+b{#718sL
z20Gp%*pEpL9Rvji3|Ae{N)t#aXhW1GF0jUe_{_D}`G4nof6Fvr`gyDL>!eDdLnaW+
z_Bb7p-}vvC*smyYHkRv((!$}+^Th_(5N!j_$`7FE+GP1(~*;HeQnXQ
zPEBWhQ0I)mmHy(d%klzm5t6zZu@PWGPfkusN=pYYzM~fsaNYu^n6i!zn1T?Mh{w3&
z3E0McJ?$01O!I+p-v~zbJpS91=(Mw~z5c)g{S8Xur>Z!71p~m+Wb#8#=XA4qNdH=E
zmJz)SW-Z8)GTqFY%6eEqgm|GqYY+~XMOt4&R_u3?2S-|`Q(GtG!K#b7PD~VjO#sbI
z86aOJ+A+|(Lq(ZZ`^*h+XCQzgV>Zj&O#{I%ke(-ZU3!Duej<|Z|7+#WaR%)TC^`e{
z8&X-z_$Tn?RLozV)+C!)-mux*!T-JHa917D@_%fBNQ9Cor9`)+^7XxEB#WIVVLlH_
zKwnluuECuQP+PKhtFcn?S`a`}Ffyxy=>pkU9|iRe9xjz17{1tXhX7SV^AGL~M4y7!
zfrs7(&5kQ7pyDn8`n0my*azaFgr$NY@yzwdPwEFbgJ6S3DW*}d3#_Ht&G$s@p4LA1>UN^zC{^9^%7^I`
z4-8QOvu5wbB}6UKtlq@-qdO&V!W+xs?akdr4)m$-iisZlQ)QJ82c>6yxH~|aKbtGK
ze8G1}adYA6enp6S`h#cm&I`Aopcff$$O`-1TzZXYe&b9n;k|^2
z4zu7-K?oF;+-+~amBnBAtXn>NO_O|m@k!eDaprb>0HxE1%v~DwfAb?!Ka67g|^534FG+9(&T?;{wpZDt7lJj_>hu{N-QMie+P6}
z*6LtUP|q<@ThD=0s)UxlUxeZv_}sU`0#XH&BrNoaxx)FmCG7IQoqPcS0b)ZjHW>)y
zN919jb^N^SE#P>z9!@nAigadx{}1RV4^
z$Zk)Fc)R{8DXmL5pUmw^fkZgNatS1qhEq@6>{|vot0H`Se4OoeFh$`{ASO`96kyzR
zE{2?eesSLCCk~KkVsDX}a#~5^c|t;!>Njc)+1ZFM5{fx$H*(!T>O!rsE~59*1glQE
zs79Ex!g#|cU63*+HehEc7Z6Ol;qot)#bT4h-6%du5svtZ`(1J*qa)_?8uB<|p>e4o
zCA17Nz9vM}dR$KFl4m9QQBTfkZK%~ra@Tat4{sR1J0G_|=Yf
zqG>48wqjyZLyTSjckgQHQD=QCK6*hXzT}HAuc0GUj32dpVIsMBca4zyM2DvahMDZSEJ6!yFnHT
zbBk|J7zOZ8e?=!O^Ij)!l1Z_VOI{9wL#&Q4wP!e5l28B6;P3fuVhZq$SXa
zj;qREe&0UGhC9jNY&PvmqL31ZRusxz=Ht1}fpUTM8s=_%qZ>lp9NGV2{xiTOM|$$)
zL2Hy0p5+F71W)B^thK%J#!}rW<~JPSbP(!hVuRUb4x-+J<$tghGkWxtDlHMp@t-Wa
z6ctHkLv2*`BlJ9yP<8chA>rFgq(GtDN8|%|AMTWHNP_}{BCji6Re_;4*jpAcGB^5y
zteN}&l9K)`)IU(HH_Hiz{;Hx&>
z>EFvnt|ajv!|1-(-?vkpgYCo9@6qBmZ>fCm0JWel*OB
zls6*Tubq53{fU}qeU-Wc+J$edKUnJxi8+YH^-+hB)ul6TrDb_)iS9pxmy0AE7?QKfN9q7l3ZkJpg
zS6+;?$MW4*>;&$QTd5J*Q4D@jt`KlWU}494+{9bY(0+Wy5Z&@ZXZK5kFA5c#BxECT
z;tuh_G81aM**Z3v@(M@ErkwES2(S;N5YhU#bD
znXZfCh6!eCE0^it{G^kSFI*f8rYW%!n*$Nd^hvrPEvk$=n4DH_GEsSR=dAfe$7r3c
z2LbAp2Y=dogFi2@|4PofKaz&-EKYIijTNfz{nT9}dd}1!ug*F@*NZbWdfJD$3Z0IGX04R5)!52kWfrs`lu-O1FqCZdr0`&gOCp^>#IyL)$0;_m$3N*wY{!dJHl
ze9fa4^UQVzFBVpmow&|zFO_lJJ?gHj*hRj8`oeK|N}O`1ph?B{ZYF`IlP6>T#+YSl-;67+B6iO_E-
z%gdi9c6fF38tIEjYcJBuB!|s`)1~hj;bkzYj1)6HamWjkZO<6MbWm_Kd3&DVK*Ve3
z&4F7xOANcWFs{4S?=%ZzJy)k^$&a8;wGWf&G{K*AK~i=C&Oj;7(}B<5>yVy#{c0dJ
z;``HW8ZPatHfC2NorPrK<|=a*8+Y&HR(A8PdBqi+Q@6LrhlQ9RRTpO3Geb^{vLH^S
zVp|#TldZiUN3}gjF$>>AK7PI(YQGunhepN&{h65bR6{|ipmKpxfSFcFa`~=nVFe58
z{C(0hc`#$L`A?wAoZIOI7|~N(#|YD3!d6Mjgrz`<1^$QeOt{w{(0EC
zIg9xFcpzg+oc${?6&QpLm%*dg6j`)(@NT(+A%r#
zrOQG@?;r{_r{I9ireALf^!Kb@l{xpo4oYp2H+2af@jz9uIV+DqqHJ5owSFp-@}_6Y
z_&&t-_VZ)M>@OC4cQ$fM>(oYjV^Hen!c}VWuUq1T|NH4i>Vw>OTWe_CZIO*P4Zf5m
zcF4-}>~k-6QqFKKzHpjrs-l0p3T~k6REFw(aK&FEy#sa0pwHTRygUf_6Tl{O#T7kj
z_ib0V9|Bz)@Kr%!p@9j7-m2r;)=r0`YRR_i-dlbIsv0zgsrg7h6Maw>!kBh$bS$8M
zK6i;}`3V$nvY!h6qGe~t=kSWQYr`+}bk|19&!6#6xCQhJpKvF_aa$q3;P4pFdr?NF
zrVU+0UOq$ZbgGqX?xZiJcPBE#+ey+eu#SCo_PXaRNK|Gvu`UbYdn^@`Z7VQ$G%hg`-gtp*IjX@{B{_4&fMM
za7+7Q((gveBdAzqPU4H%H&t*>K$j}LpjfE#UHN*H>wZ@U^ccv@Z0+Vf@n#|+E=)mJ
zclfg#dA;{gJ8er%bn4zxAdYc<*r$h<>_aAT$qEyilT;YC=`Zm5Z>BKPfh*7`gHDR#vS;u?mOJp)s+D49BYOb*)_}Z
zjK$Q7YUfUgDDt&9=lAudv`xg%^%Mkn4W=tUo)GoKWa@qwMX3s?bhJ(ER?{mEb#N5h
zttIykvL9XSsn}fDdVLw_MKuL8aO73#>3u1~N
z0_-i{zrRj}-c!T2UDw1~;T)n6><-NMEuzOQ{r%ysr^r35Q+s_eAJMY1K4EaWAWLy7
zV?sfJIwn=KxvcEzql}NxV=Y^^+B;;nCTTRKv{Z+OhlhU_^4HxtrW!KZ`p|WF6_0QH
zIn8>#XyE>x_(y~JGvotiVo~zhxw+HO?*JPA_<^kz>g?Ko{R+W{V`o=8nMTb^l57NG
zf-%H47q?5y+=*?5S?zvwF$LVe%+DJ;@^jsql|Mg(_N<~2d!(LKy*e{bb6Chv&VcMW
zy`J>~au3BHxD)xH>RSbTS5pYe4l(4){t%k_CI{D2Gio?3KzgTCLo2plYd70{Z(gKE
zIpfhSS1xjo^B%1%9u+JVgCA9GzYl(VV*U67U56v6VfWS?Pu96tuy|NoX?V0o$||L`
z8_nMf$Y)!k!NX9VH7{mDciRkzYU9aJXKFHDo>ni@PIB
zEBI@5!&_Hc4GTs3s>dt}l+;yHabK(gJ_JbL3^Wi5ly(X&?7Kg0vMK5HwRHVe-*&Z|
z-g?=YkDPHz+OalPZA%PNQJ}AYXwHympXcTQ!H+ntad|(PXXuk
zbZzHFu~1N2|egD=xER^MaxYEn5b=-cy{Dl?8M
z@A@>ObFx591DVkC
z3xmM~wmYqWzeY)4KPJEro8JcQ*VQB)u&aTIo{f@3jqu2lkwe{zr+~v!
zbo+-hV=E&yexRX39169v7S93sOSNM9@vj1`lm|H-(wswlu=bu9KHTs!WzaQOeJnPc
zh?v+~=Es~eD}Cdn1683=G_od_UmOri)lxZPY|D{~5r;j>?R%DKRVUt@aZG%RS2=Sw27@{k*g6{2
zA{d|bD>PeEc(%Cyi&K%y&`!eqyHXtmZBB#Zr;p-vKb5x1ztboA_9n0Do_MBXuzoRL
z#?6u+p`B7OR!)Sstnwv6NlN|FVigeJpV+3Hs1PT`~6`~7vb{)gl=+@(h?9jl=ROR^jV~3wqdL~3wzsG#60qb}c^rSq~
zKRq?201+(UdROR~Yu}Sb!5W?v8Ts(XK``)dA*=V@5vhTo}VYvVcPX9_)dHuu7mZw4r^2PilX`Kr;!pt48&1!!4o997fEF6Nqc
zJ91XMZ@p3#o~bQ3Zf{g
zi@*37oCTf)%>Y2}pM;tZ(DLEa6Shz6ls^EfWNhhLb{d?gF}W~Uk=d6*F5xHEe8+=a
zI{ykSDG_$=7e7EfRny=5GvL?NfHdbyqoYJGkZp8z79@YPepsPbm`Fn@@{2bZm*=yUo237bcayDab8cJM^`l
z)cuiP$2QmGLDZ#Rl@7~$8~3IU5*=ihZS`;fw5<8M;w|L2!<^>$(JgR5Xbkkc9Z!Y>
zGi??IZlPP6qr_95e=rQ{E_TWV1j2-dWAA_Dqdw-V;=zTeZtX*0eT3*mN73EPhM0TW
z4+{VlCnmBQ=haL?5Nz-7H!l`xUGy$ehr?)Jd(-lNhAyV6rk{Svexr*FZtP}Y
zkZ`RAFKDaq%F{5&0&crEU&)`Pe(Wnme-2VxHEP*diB#9(J;Y
z2@)#kmQU9WvP^q;6G7$v^C2bLOqB*$HOyh`3^e6bx0Ag#_M6$kFO;>&`CDs)DKqK&
zJ;C2>6Z!5h&GRPa9T&p7o`clQ!xJN|H5t3UBV-PU=j~=D&vgA9;3liQ`nrSNk6%
zJzp+sS3bI$os(00g%o-?!n{$R2OGi}_wyB3M(|tKIq&xQk22tNm|j|1p`;aZ#>PpH
zGJg8!%!u3B;UBr)EyJZbHx`+hn1tXOKjqZBUUNJ8R10BX)qQhwbNtKP020oEk?eW-
zfWM30o~hn^R7OVgW)EtH^6()mE5}%Cf0M2a;ZFSB$2t&9YYcx=cvbeg&-SZujuFzA
z_L{UJvrI@6*r%zyD%${;Kno=nKJ%tK6sQ_~@
zFWt$x-|BA|1T{ykou#{2)BciPZy%BorhXxMADFK&yOb3buj_}xg!5okr$K=
z^Y59}{w90)K15%f9-W(@fIxCE8N#FBOb?do8I#jo+HKH2Q&~$ZMV#K@n}D~$yj>+I
zuBo|MSre~LYpedEIILGg84r^k;JkjecvSP5M)@!LOTFXE4Vyx~EJlE*jiD0GYiIHI
zBVm^+v8Q@>j|#db{``3v-Cg2R2rP#C%9RL!tiaxYjljCk&dQ2UN~-JTJ>``E=>6Th
zcgU>)9~xcWU_=A#nwp($$j{t>BpT94H18vY#t2(KQ$k9LG=M@d((;QK>};-%+%P!}
z!wG>SHWoyFC{2S)z_g5mae!mbemK;ZSPVV~0tS(4WqsI3V-~iboDUF&k~RA?bUlD?
zO&A{T(KGwVZ!^*4zqSz)rMKjgI)4P#A7mS+0x;U26lnJwqM}qykUM*G7pcR9CTM6J
zbdQ9ggYUEfXUTL$Xy6(gm9)jGP>Z?>D15Qf9F~r>mOD83(DYZ{RfFQ)-Q5s+
z4_sSoYm{kEj(nb2d44Ouq-{y#s?dJ>K9t<$56+85oKS!UdqxpxU-^S#&nEb#%^=k_gF|9T8n~A
zBK@hF9V+f*cjX7Se{V39QA|2TLBcjNzgaa;y%KctYWLEE>5Aleqkk3p
z8ygwLk{0s1{0!Y7&nIG!b{-X!BZZ5@Bjbs&4-y*Dv9`_(nE#~x3OF`Qeg9~dYGcTg
zLj_`Xc6P(&^4fgAc>~!YN?iUA`PlKT&=Tf9`%F2GOB-e`EJ>`btt5_9yC@#cWe#zW
zd0rj?r-#IW+Hz)IAvGnXJw_@pdBX)-3SZZs^Mj#GI)*}?xv);=EQ2a3ylzj9X)A2E
zjPJ%*;dkLC1oex5s~Nyy(Kt@cyayZxInX>5diCx2&jQ!&bKNqX=GpMR&C|(WyW$)^
zkN-U)Peb8>OX9-7I20;?m2`jjeI7q82sudL|M0%1rlvqy3UgUggP8n%c(MMc7exAr
zPX=M~rlzxRt;6;DXDNQNFl-11ik>@Ham8wl;^#v+E0M&b0v?U5@J2N3MWc)Ml<)2#
zOS$4omJ{9#mU|so0YJ=wQACEsDm#Oy%
Y8jiDkJB*ebL%xL;lewFE`@!@70|+A~H~;_u

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-version.png b/windows/security/threat-protection/microsoft-defender-atp/images/tvm-report-version.png
new file mode 100644
index 0000000000000000000000000000000000000000..a500131ad0e42f152622dcd817b7b5b57ab2162e
GIT binary patch
literal 47460
zcmd43bySq^*FK6;B4yD63IZzKF~mnDlvKJyN~F671rccl=~598>F%LB1{iAS9=dy&
z;djsHec!Xb=lu6uXPtF^vlL;Nd7fvU``&wB`?{`e=xbF4@|*NG@$m4-U%ix7$HOBk
z!o#~pe}f1-6Rp!P3;rQ-da37%hey$d`+F^plY#*}N$mDYMUHs+=8bDa^cGjAC3tub
z@LtJ2)AUN+n(;J@Te<4or@4Rfojg#$=m8G_hxni(L)6G{ww^xnveHwe{KD#eZ>0*N
zM@w5jYIsEbRUhF^mKSeCy6%YWq4C87$(;Qfhj-CXX(nkV_Y8C@y0*x5CS=pqWc;|M
z|8HJi-tB)M=K(C7hqT(-+Pb>BrhK$~qN2o2eSKRj30p0H$yfgV{mVxmsj024ZfqPC
zk~1#Hlk^4m=sM?boFKgQUx)awuen*xod5Z=jj)gx8_Rz@3O*AR$^OUV_vqk!+`mWr
z?=R)_^!0cC;}GApUj*s=#{pP|-@n^a{Es8Z>XVZjhyKSQUgrJ$e}56wGIl$EyB3A%
zpOLq*A*rnNn0DDLkd-^GneV**Qqt)IFYGMh`-_mhql3j&1NOW0^j1C%_4TQ{jRwt=
z!nTjOxqrS0iJJDE!-$DVjGQ#s^ZR_GJE-xqeQC$4h
z5oX*L-=9)aT58qS^(~@)Q4w6w`MG!gCDvEO;ViPJNAddg>owj77L!${MW^Q`&~rlX
zni>KE0+-G2Q+vmUketKWicQB=m~@Ik&UD9zk3)Exbdi3SLm_P)4yXkMCf3Jdv>#Hp
z?2Ns=sfQ8_TeNhdCGwVjXJsF38Ju)Uf#}D#3oCEvMhn3qN48EO2X0lR6?OqT{1K%JUsmT
zAe@(0#82$mvu89l-&t4=u9`#da(JP(Ma7N1Qi++Nw7$N?coghx`@1?O>@2@Tt5j>q
z4`WL@PUi|tmp+qAUQ8@ir>#g;!=;V>xrCj`n?L@up2@++R$|v(_2^NXhLKTZRWzk}
zXH=$+Y#U+ttK_hpu<$T1?=fWofhZv__-_UWyIVz-tF&`_)2?tS&+N1adDg?#ft7yI
z)!Y8vY!g#cDaH`!r5L58lMKXT>xW4rwx1}aySsbZtMzySGJ&XZMF~>xJU1wLD^4kO
z#(QzR8y&9H%0O^_ey*G%5qDHBba5np#h_49Qex=7LUpvm_-d-s9)9jxT2_`Me#n;3
zRq$?iH(+)}B35+HE68&en)2|)XH#=?*MSTTZS9USxO8g_+nh@`TTpRjCDDV2(&?e&
zM!hAO3hPr<8S7RpI;1oLwyR2H5m8pHpXYST-{FEuS5GhPxP;fkAWutQzXz4!-*K?g
zyEa}VLrqPcD&`!>D}9wp%v7DBCUgENFz|Y<`=-?e|CwW6Vc}{{22`@>0-IBlh%z)X
z>fg}H!>!QvWJTt$Ux5=7x{^{-&TejPb8{KTo8v=SN;HUyhb&j#qobo-2DP77dgF(S
zOacmPeeNyH)PWBm9}>mLdp55%w7=As0ts1O4vJ{7x*rrm);#ibAHyII^yecpHNecU~l5_CLE8LYd==I;wMabzQ2X>IMJgG&IVj
zK(Eq9Ml{)#tD}q?eD+W0Ajmpjwf^0b3gJ4>-Nl*nT|T#WWJ?`trsxy9b(oR8)(+A6#!chCO6|Pb+T;e`
z(}T99=%r1Rb=cME_EaZAO{yKYuRF*YZrr43nVLfV`hFXWKBX4HU?GeU_eYYF_XPz7
zD;;LSlu|@M3?gz}t+k8v<-mu&VvYSIE4v&J9vn=F)YIFVJQi*6k(>8(d2Qpn<>7I8
zOw;j{_1hc&;*ye|AXA$_jU!`Y@8T25XB;orq(PRt1_rE5-Gs&>kEAN?F|k#%sUb;8
z;^swk3KkjC%PXq~h-ev5y4MDOF3~N;9B+>8Z;ywQP*OS`(e}4%T>JR(tm2SWK%nOy
zT3k%bX>09GVeR{S_Ntp`kVG2gJmtxW@cl1N*q%HI#gLF38!NpMZv*L$R`T7RT-`bL
z%IM9T+vt-Ww#FaxZ)sNYCnhEah4VRcpFFX!woa++!i|BNz8o#!eL}avH&C!I#mWNh$cKLKtR$N#t78mtdSy@|CRWu*K
zhWP3=k9RulDKnHn_R9!;@^4iNdU8TRA-Pu+QVkCBT*7U>Cr^H1XJ?=}DDdwY8Wq*dzN
z>PSFD=!{%py+J`?);D4MQbpyVF!yolz)Xz_!}aUdU{Xr6r!zOYifQ
z-L08+2}%2&_$54?)A;J67H1=-7M2~g+Yp`Nn510v<%WDDQ!75Dw6e1^iA?_GfM!(o
zJsPT5H@?uYo*sD<84V0LJ0jCs4Ix8Hs??*JYC2J@q#}50QzBz`!*43oP!a}%eG2h3
z2ifI2h}cRUP0hVdW`i$b5sx0f=48X(#dc#3JUBS6w{`9cwhIRb2XD>PB>=dycz00+
z%_Q!U`2G96+D{(mogKCAS-*etnRmEOOPo`CY@PL%V+Mb|kUVc&a$6hxSk!nPf3iI#
zc$k#{5J}@ZON`@~r=A|2c#XK*)z+H+OR8gqMz)jCqqR5MMaJ!IU~_}|D4+SwDB!C9b0h;T#KSIAN#zPbM%0Q6
zo!@`{e5q!He2Iu4;MoyJp-|?I){e<$ZvbY6=jjOg^wA=e-w+cMhiy)C-T8JU8Pxot
zqC(jBWa}ZDaBvgCp-&|K&Q5{}bQP2#@8xfuP97esD|&(?>x0)o{KfN}Q*&~17B)Dr
zfLtY-sAXws9~_rO)p&)4{4_HvDJ!#mo!!@`3_IJ>IN6y&nCe08lLJG?P2e$(jSsnn
z;|9{|oDP=__K)%#-~IuKk5z$UX?rPXsr%lC!oor^NYz7b?zpF!-xy0u2ndOnP~(Mi
z?pmivzm6Woh>oXr_O=5HT??%f6O+kS@l%tNi`&~OmoTp$MJ0yI0tl$3+VR@DdIoO*
zn)t@5ur|y#;zp)Msb*(qFYb5d)F2eXZE0rqEF>yT_Z;K7yt=xuY1@hYMBrENzejn)
z^mNDQKJU|(+1d2+a!n9)P7a8U?~|rOzlypfJ@TLZZ3mxB+Gvk|e;@7S>~6U>n8@Dy
z+R(7=#C~dRHj~)QXtT(|W)3EWxj3~(SK8w$?&^*z6w0Io!^9T^V4qo9vf*cDu8-!4
zx}y4sOc!V}QYMY-B$_*sBPL+?ZH^aZDMT}6lThVA{Pzy*8uJcqIIc)Jn+-T25D1Yx
zr3DtU>vYz2Tf%J(Z>0PjtaJ6rO?WuzPcySe%#tr{UXgg5oZOdA
zRdsOSX>M-bQhV9-PUtNk?L?I)Ge~sh_M723IVc&Cv4RR~xWm@=me)m+wf9L^<{
zfl+uvgOuoupCA(xlQPWx=IOLl8mLNpkWS5N)Mlf%<4;id!@_!e8c{N!wE_D@+ia&3xPiN4-9H2*R$R&x+A~a4En}ouJC>YTwPPHc3`QjtOVE`iguUkjpzAUUjF^#P{M0{^%4kN>!1hVs4CXU0*l!ocS%!!ToP|i|0<3+q{t7oxMEP;i{>r
z`A4OvX}e?!EE+p`cZy?ubHC_}EEFpJ+BNoMHN|1EUv&1}k)ZAAT(vX4sG&?K)E_P2
zxpQApRpbNcvnuV7edOb6EWdQr9IByroSh*X{wGSju&&KAYr&0;yqBt~>`(Z=DKJ65
zfHw|vJdNRC3h2|E)lW)FlH5NtKMD<7jbONbcgf8{*jXl&UM(W-Bewz$4a~k
z4K?&`f2p0X>+p0uUCK968pCrTD<@#F_W+9C7R9@H^JXGu(w2-)^2@^@Vt&V2Lk<72
zLh1GKDqhURiREm4P4<#7?xG>tDw%4UkD?_nZ_&}wegFP_Z|?=={$&JRHuA&D%8I0n
zxqO3tg`Yp>1__1Lc%jih{mO?8z9&w{f8GG3kYqJ)X~o0}fu!s?EF4eDL!q$sI;j7N
zT|AFb%h%>0TJg68jh6>yHrgig@S{Fc4<^1k{$S&=o-Ay;c9-fEK!UFYQyjJuhuS(iD*rG|mD{xT>G2ABb=}I(
zSHtL9SX#z>`vww%u;?|=<34MCX2ArJAF$azQr>QPCj@@id^cJ~z7ghM<95ae)33gj
zIW%!}{O!AD(G1tcMjp|z(NxqbJRn3Vgi^2q!)+jvvf&hAPFGMO!-I<;vZ=;GMX6<
zS6z+({=uehPgR;ZI1Fg0$td{-1jKV2DO#ubORe37WdQ|-f)Qe7X4X6hS@ODS
z@C=QDeF}i5zewQu>36w6e80cz$J&|mY|0fyjd#to?-l;E_qf|4XqeZ|_T{5ZwDsiy
z@O}7@k^Z;5fS_P&`)J&7sXC~|piEouq>jH*mTVe<>@3&N@y?GIN-;`!fC|af32wb@
zN2K*?zRo+}$sY*h$Q*#iFO^g*yS^sM<0m50;GXWVZCNZDG_X-%xtt-Y?b3h>$^_|;
zNy-j917VuZ5$K7iNkBi?6o;z}
zj;}#I$FRxvsVYYwc
z*`;fb+DLRz@NAXus|OO?c(=Kl$TdV@lg!KG`uksx!i#(Iy6
zN|+%}TT83N=lH$GOa!A~^4VF3x$%dvgPX9+15%CD3YQf{z(%BqI$CwjKiiV@J|r+j
z4Wt=L_~|y-*u6W2Te`QuKchW$
z?u#GXWP&cg@$*y7!sp`UNkd((y{ziR*940`4q{pE`xZ4?Cs0TDq=e6k|o+>qkP
z#H44ZOj7T)(dm7)-(1#i@f7laBKI0VjlgJ`N8;xX)FjV^aLt0Vv-4%~0Xi8ww%YGk
zv8Qx#%-lrE+uw#jHQxdf1_rGuhdF*RHhhv}JRAr=f
zIy9NHs5Y57KwoaRtBa_2Ydrrv7>Yrc__ccy5D~dNW(&T}s&LR6Epss3r)P&O4Gt!4
z6mrkMd6V?~pqG~x^i8DF=id*)T#Pd?`k7B^^<6IY*Vor2(R~QrDc!@Bmf&d#%bT1!
zg+dL+pgL2^t~py1)*0Z5tO-u8WbU1p|v*)|I=FI=c>cZyBPYk8>i>})Aox6vVOU2wyg
zd1q&*FC9bgQR%^DRGC_HNYAWUXs=*UX}3^A2S417$#UBn4hEPbwGk^3N5l#mZ>rve
z!zO%6(5xNeR(qwFKBIly5M!XPpML5MXq|+>%j??MJyuY33O%;~$y72QtG0h|unKrx
z%Y~Mrvl5H|)TPi%(jz|stPJZ#%ri;RC2yajwdS7PM$mb}oz5(n
zS$Q0YL7%EzkM*gquU|)0F)z&2jwrgar
z_*jA%g)xCr4BEH-7A3*;p)wj1=)QMZ+QGqr3$E9}0aei%$)q1Yl2MXz@gh>B1%;nJ
zdEp3f@E(3>i#shDQIFbp4P)m84a=IEx}}X(c^4M}!t?Xr_a$UeJVtvbC(Yg6p}&J(
zfo}Huuf@gWkA(*=P>j2jnNgh!AO@T~J*@#7uc^}t^Y?wFqQoXF9PGTrG1%Zs85s1U
z+F|iGdq#!2O}?G8i5VO;G7z8dfP0shm37p(sQ}uC`&*1nePp%_4EGrs8IBqa^aF63
z1F}B!$GoYZ{+{93;d$XeRa#g3!se!urY7^EM@O2W)SFlVKFNB6Sk7bpMG###Ht9PQ
zm;)jjf~0mEucSMpnH@!PKqzTztz64%v%rMg|6;Y3R6=dpDbX@S%LHpanvP6nU<#f%@eJwcP6
z6Ir|V%aeN^YtlLJ|{jA8K32h7~tDM
zc>?84^nBvu>S6?7;rIc?Z78+z9(I0WaOsE9En7_>nzPg>Q8q9!k#O63IX#dpjrrCZ
zB3>LI1Ktbj{cCkYWsqfRKfABYH~%jC+gYocD)vmpLj=M?V;!2t#}lBKi@W#l2R8Wk&%F++xu!rI;*QLURe>iXHmg$uZl`Q2T3
z7iZxQ^UkQPsk#IZf>7OaDIl2fd2H!|sHT;HUI*IF)-;{9Pe5O>84xpU6g%(Uz1#Zr
z;R|PXcgy*vkGM|}5fS0TSn))|f%WOru))FC4rzXz0aqANo17J0yY+qB?P)p%GqZ=D
zbN-ZR5YLC;MY&aK!VS>+;;$>c39d73p>1t#pc3@{-Yl}-O_#c_Ed3I2i%$R$JvZ&=
z$}b3TV0-*HvFXDHpU&Jrf98Q?@!R*5Y1(rRgCo5_-2o~h9E%~bn<)N>-l=P}5^*jv
zHuPT6vYV*>_-iT0Did^pOW@OT$8w0C->0OZq1mZF+G<
zF@KQqJ;B=p8o~a)jna7W=iW=u&;XX2g^ew^{?g9_(-7X&^iO?517L}*cV`;_tS__P
zWqSVNg|myx`*KM1=2ATtHFH$I%)=pe+N^D+g$apa$~WPclAYRQ?4h
z1EV^R+w{~{ijITBpp-c~zX?Cd8#SyuJA}&s#(TAJ-E#@t&mYf%XobA^7(^ZTW+o&t
z7k>b0^TVLZAtHnCXEXolu9|6ovhcKXXWG&3Tn6}1I}Ipfz_%JYQp4gZgaK_q3c3O^
zddWnXKRRh6uP}b(>O9@r)bxQ)H2vtiu!l-YN+1dHi;4p6lZe9_#ZEj$Oc7z#_4T3K
zHvPb!S!-^7zQyqGO%e){g@ay&c|bC0Yp>E3p;m!lb$c|2l2ezI7MSY77hvJk0ztp!d*lE#NU3TkFZq#x=bT9dvzg$&yaMQ|5Y3
zcSq0|w~z^fR($73;@bas0j%`tzGq}~-i?;(Sx#|WK6w(0taRrDJ35;o7r@1dsWinI
zOLJQ#@JtYjeYCLj>C>mb4wlPe0NV~Ezh=|oCR4Mfj*ibz3^AXO6)g}(YpkZdfFc&^
z_}1MAY-z^^{%E5*>?+70S!#2z>_%Z}dw-l1mBo?4OZe4$i*}XBwXd%~7YJ=|8La8f
zX4yK`?dF-&S?de52?U?BQPp90Nlxxw!aeh$E=N!O_fJo!{b^zyVc)t%=en#jc;1!Q
zR|xLK+_@|M)eG-KrL?`u6y=uMgD3nXpqG=BlzPI+y)rRm-sUhjFf!#}dC)ISy@}Z3pkk`H63nb8al7U
z;m|UmadnKmk(bK?=tYM9$B#QA7{fs|5uNe6i%*>H
zV`b)w(E+@x&vBS3Jbi|P<8*YyJ_F{@aAbM+E@iRDwmy^3*=?S>ErH9+OIkq>E|JPg
z?kKJ8tu0#N_xC{D*dO?YhK4RAJ1^}W9xipHIQ&Y>U@n=eS_0C;{KFR$mF^6kq@>+&
zIEROC|L^vW$&Wb+G*BpXYp$`8eW_!%!EJX4-^4@)B>FFEUr=4&S^+;fRHK22W_zmxkf_5+!G@fVT6m{0Ly70Etco|K%#tiv})(
z9NVc%ZlH88id;NJ!3eZV0a@?(D9RsY^djMrbF0Rqls0a3|)?b^qF
zsIhJ6zS{VrwedAE32~h9pt4}9tE&sQdO*c4^n7t;CoUne;N;Ss1c2)*hvN~Tz?{}z
z-vmJA{a2#=(t#I$)6!Bm`zIv)#L}{q5=zZGDTWclUESRa2e(-_wstigKeUYvMD@ga
z-`{)>3Qkt`h$KOsLuYTLYKSz4XhNTPComaQd4s>34dd_fTY#F4#Sj-;_FC0`4k?rJ
zfbjG4i-|+Vl{j?t)mxf_h}V&sIqNl473%8hU`3b5x~oQ}W-DyPR*6V)h)cW(ZZ+Jt
zdE>?n&?YctTEo-H2M9L;c=0?=JODQXoIhZ1u}WOr!Co#=UL0@tjujY$MufGMgnk5?
zri8}p*G+)gm}syTHEOMWYi|AmrJB|avJ|-%OV(M=)(J0Q-<_HSZ&#FnOWO?=)=aOnZwf$KD?G(!Zy@?-A}<54YrJo)
z9gj&$qFYt@?fdQ(CL|;z1L3WmCaLD@8zPTiQKnTDi9}AB+1p2sc6%&uZ7HXS@H8bA
zp#(`N3X?`%9dGOO$!p}!QsK<$B!R8cz|cXU@%!}uk>cf8TeRA%FBgTsvYdq0pUvs
z8WeFtLPE)tHjV1Kx^dqb;1OwQxejP8T(8y^de_2=Dbs$c62v!vfFISU{n{pMJNWI+
zvW@{CPf?zgljFSDMv`Ap(B0qvGrzq2S(xO9N*Js!^*C(3uGnr-{M9NEzR~j+dbJiL
zDIyMSGCx*pw82xL_FmTeP=PLs;EdSR(OMyE=u1Ks4GaoZuEi3Oxnt!GrY3Fy;yq^Z
z?E&e5jY5Ba)2~GqRU!V~fq{W^&|^c-y@kKMdE-`e2+2rJ?g1?1`d9;lYE)FY{S^2C
z${{Lxnx7Gj9KOg?nYvFq;fLocJvVw@dAH`QrKP2~wDj#27Bex0e50iWWWwFU3uRAF
zPYuZ5DNj3|s9Xtg)7`D*PYsydv)@30iewNi-N?xRg6qoQ&(G^OH&3?v$ccbrlq*Sx
z7#WRO8t>_ab8tXXe#}46P*z7HE0Q-GlarG8h1frHWO${5dpl8u=rMKv3%0zo=W?o^&+S{0R6N>cI#E5nWWZ-GKoVdnQ^|HM=UIXy*zdK?HRxe
zIDE%=))?0w037i^@Q{|ZsQL~brJ7o5S{f2&&&k%#2CfQEnAFzJ&aT?^Vum1fnn-vF
zW&GCZF`bz>vh(}9zH;ICR
z!myfjNG)6L^yd3ll3KdDF9GcZz_R+T^wqk)Mnphu8GSw2|CwqT(p<*nUw|>_+t;s6
zDx!05pMC|jEFiP9lk5Ph($uQplIvOD+Ssj6772j2`FlBP}F)e0s@$N=Ha3Y1?^q_58}Ed>G00H~EX
zV77W5_=4X5DhW7nV&dZD92^SQ*_8owB;*Kqnf$kGYs=2h&(F!-y&d4pLNg=e8Ct%t
zzi)k{qgr0S6?caKXr+z9(N>Y2(TeerVV0@-uba$03x*sCF<{12m=rKwfAWheund
zd!M9g6o+-4}+5kVgF1P**rTC1$tq1Ev@!wnL>+^wUP83cvVFX4xI%
z=;Z3knvW~m_`rAab|)1HcI(%{!NSY^&Q%}r!cB?P^no3tfV+ZrV(T_GzjLy#3Fn0e
z1_s_ByYbuKH-MV=;wC96>7B(TWX9JfBhR^@nk2du(W@w6IUBH_OdLMEPLS@$^U}hC
zSsJr!4!zhXmT=$cTa+`oJtkZ~l=PM;=x4Jzn
zCS7`}e}-Jl^-7rU0iH~whust`67(hffSDl@CHb)r6;Bn{7N#Wwy?tB+Eq@>&wc}_^
zyqIKU8s*D)@Qz`fzkabqG4l!?+kh|+{j$~%v~Zl0;~GAZi1?lbFnS?513giVt-$Aa
zgPa^V^az1F?wu}eIP4+}IrV^x4ASWA7c7>bbyQwk#i$82uCCMZ~jW1v9I-{0SV=z;bK3k!2{
zcIGF4?hZ=G(5cWUPkupua-`HS0zof@1+;{q^YEj1Zi9{#$39j*zCW{`0OxN%2VC_+
zGchv@5O-g6cUM=}9?S<(3MYxE152DAKy-I$@3noNgSL;3Qh8P-OUE~)FSD
z|Br_+Ua6=wBM`Ck^S8)|NTX;Nt*@{ITU*;Cez_WP;p-4$B*Yjn6<|k{Ql_DMgJU4Gz2W|1`odx|MEEfPGg}
zOUwD_9g)mc{p9!01pwmH=Ka+Lo_3s_X@2j>MNYw_Wwk#gQPh)ynBu-Ea8Cl3Kj~x}
zLqb8ZaL6l-S{ot*jQ}u}nJXCH2Rc5`xj8{U!3Xrv(f$JDg_@$`VkV``1Hfiv1Ynce
z!>RdAam11>lL*bdd$K7a_CULw`V<^2oJg*l5EO*}^XJcO$-Q(A#QX$AY%t5!I-b`g
zsw!G7T;71;E-mfL&L~E2^mf&k@Tq5p(-hK|^BDO}yXL@Xa6`>NPYRNS-^D4jY0uPL
zo(^veCDU@xX`tOD=AFgG
zfh
z`wo#!esV$)k;3;8c*Kl-kEx(n{;U{cGBMPW_yojhxywx2>q=_1-#-nU%1uWxibzcPJ&tIXKvW3CFI%<(8WllxuTq8`*K=@H`&KV4Z3lsh0NNk{`=YcY)co2@^hwTzU=R_d
z+2tqO^A*(S<>p7U*LpDO2`6VOK+B?{qS@0TRG_q3HJ&`h#Xp!^XsQhb9Xc+>oW-i)
zFuBatL<`79mY7<195(~p`2-2Eq9hIee$`hdlpt-lT~^I4w$oUBjZKRLjr;8EEEywx
zD@eHWnA17?uNV1j$2$MzAKN?G&#ls5a6_Su($pZ|#+rd53n<0?LwKHE#d|8SKzs%D
zI1B_}MTRz}Z6FPTEVUE_QGpa^&Z`m2F4-b*djIPO;4Zw+&$(YVq?$OGNZ-3_`1vCNf$+`0|R9ALSJwp
z#~6SaeV6PgHp&}t9G9Ti;3JGnItI1hONWQ8%tvSHJaKA0@bRc($!(!7qoQ+u{gV~8
zuT)j7unRV`c3Zy#9EPofiHTO|eBdGhXuBBXD*|G|lnseTVxKY<
zq7ODNj)6Gotco#CiRJt@26X>$8s0@<;PgA}9|!59=2@CBO>cEg%}|-O8o(5Hf%peh
z@P}eziMZYveXIj$FWiVx{$>de5a)=<>HC0<{_HF>`sJ5s)Ql$z=ky!W^7toqd(rT1
zw8?l83i!>z;0h=aSwnFn+>r<#0`Nuv6V@2%UO71x6BUA5BGb{=7Xc97YtSwCRA0*}
zb^fRSN7zjFy-VOmTPR#V1p^AL`3c6$&BQxPIm|lA?9OBi&?l_&#?2dAGW#37f?!6#
z&Mn4zW~q~mVZc0ECbZdf9-&6Pw}9S#V+;-S-L1<=G;8GtxeuJ_O=c(GN%B5UHqS}-
ziU30dZ_WPDdC^OH-LOx!-D%jJt;lP3*1x01DDFpVYildnkgWDolo@{3r0yl!E(F(80lHMvcJ*}rW#ODRdhp8h8XLwgOav%t(;C$oQ7zMdeM12Au?
z7=LSNKeN`uDI+6O*svo3Qh`5Iw2S{k^^U(q3LvJB=|=Ht=z~gcy7L
zz{A6X+yPI>^AZvK>C@hpE1chRz|f&)g}RW=lYCqywJVA-;F@sRphNAs6;}b5_sWVM
z(4%nT3OTT}ZGhFRxs8Ox$c4k+4orJTdhlKQ+|g!g^llu>p!a7
z0m5~(ZHG~7fkt*>AQ|Z3fbXfLmlwWxl8Z>@;v6w7m#RHAZSG`Fv6>qldj&VX&81)7
zB~-U<2>Oyea5#R)9m8yuv>qTC;H;1@Ri)!3EZ!-TReE^z1)%Juv1_bgFD44D``~V!
z26F1+;tuUS*|?IhlkLfI&eN{gC-}fQgex1?fX+Xv+g%N!oJIX4W^QY54@U0weW
zBQ)y(Wj3FcROYo=AezJny}!Cj^edBC^dyo%RuA~lEbT%5sge6l6GoZ6;))lsM={XtRg~+8~
zx3wk&T%;iyj0pH&99f=aS*zCIMnAy)I@%ib;y^1GjgL-yj~*NyEiWiA+ZNAEP9}pr
z^15udKyN`R;wOLWfNp%5nXPT7xtb)>w63869}d*>{NCHcKk?!HUO#6mXZt0qY2Itg
zMli?#JvAkxViy;(7x=WoK4h8l(KZJS)=#T4Gg*0ILV3ug*7E=y|Ni@UZLA>W3HqNZ
zhZ*H5Mn=XY3HPUfRCo*gH~cQkR5-DV%cyoaH40&PAMqV{c1vARs@bzp2Aq8#2%Y)o
zD+xYmL+JSp;5VU_akvk>50conSTIY2s*iHyqpf!Dxfh`&Z#9tm3OK5gJUWF+O9fQW
z<-e~cAp$XKGMG<$dk$`Y$|m!80MDH6>p;W|-IL~pC%@7|lE_EhZ?;S@8nerPZ)@HQ
z=8t-S+fN&@3&Z*pG710fuDve`l?<>$w%|;F|NQd+x6dCw%wgvR$}l6~l(x1R=_O;&
z-Hg-IKYjZ2H6=l3x8_X+QcPV#o&Gns3}mMj4#!4VL|(a0Rvu2EUgxDxC)=CYLjQds=8_mUMyXJ2G0@
z8PmF)9F8lWwFP;Z-kzSna{Puyz%hiIPvA)RsYPPIWzc!IQ-Nu}FruRKi*uaOAq5Zs
zi@6V9n9~XftwyZa_w&Q_+>dQu)ywJs03CdLIL%>e&#pnL0O0Ipc_RL6yv>Wr_cF8$
z$`jLd6`0>=4q7i@$a}Mk{AFDiSYMI%{~R#2J}l#u8|Wx8SMZ+yNK7l}qa3cj8j2h6
zG`yksnAdvyY=6marZx`Df<-tlb%-Ws82#5cD7FSrK%nsXVb85KwKatehb`nRZ=q($^3F_sr^LS(3@t_5YYX{qkkxe}4Dh&;B1W&-#DFQ0@Qz
zMT7&@$#6^HzwV_WUp)2aaHCJ*iu~#SK68oC0|fBN+k|KTZh+;$?jA`naO?EuNypuP
zS3W=@i~Jt$yZ?Ut|1?bezyG=aKbUC#-@k}((&J|wrKMeSHHQ)CiuGAWTgqsnDIjF%
z)w+>@L`o(iB7z6#ko^`?co|^K*CvHiy&dbHfrd{PjFrOSiPxIY%ziIrWeFT%`$QRj
zr9Wn^$6#aX1~((xm_$YDqO+3dbZQI+$0qZeZGnW&ABKr#Pi
zY*Y@abMn!PtnbvK0Th)dM3>j?_(ex#LMAVmASd)-x*9h#1M}U*F^t*%?|VrTjq?n~
z0Gqf|<0}D-=qNXexD|Pd9dY^g&{cRda)zSuRu$3I;o+h8YElkJG6A<~X>SZ#Bmn^{
z$p>wZCwaJ47C|pu+bo`8&v5;ZMDoj(^a|@~I13k%>+V;gDTX@gjmpT$(sWpZgWhIk
zgR6MR@6<;W7L4yan3aOq8m5jrkR3J6wmBxGDsj1N<7eU(nSb9`X2->74EsS`$^>tX
z4p5UGt`-sgFrNBjFjhOoyIk>)9L0TOypCV1r)A`Um7=3lnpO65F1;3r(?MgbIsX56
z0W|e+XZJab6n(cl2WvhN#0k9I+}mJ?cQjO=dQW9sEVvft&p3sJx6P+U|Z!ao+IzB4;s3MMa#;`?GGyns!V~7qq}?H
z;YkrAFnMERy*f`gS*8J|XQx#*)vW_H0Rb`XfC
zE{CdH5=4#Nz=Php5Y6hkOCUtP6>q?l7`3iEWATq!LUNlb!?(1Zy(}GE8?nD+
z^v>q|#nudZT+C&;bK+{!_N+|i%2o29i}|r540f5eJAbxc=-ogE;eWVv<-2rKnl7x*
zXSS4zn#=!4gHO%II8EG@2re~6gt|EH(N$3)$L?2*4-cFJm*r~>ji3OpW36(TD@pA_
z!`zXJU|z{j{%BZa0>tH-k?LG``5Pc%2|crhOgpaYvR!<;s{KXNBO8urQjX
zbjJbj^u3Cx@>Q+M@fI-KJvcWj^J>3SxA@5C@adH8Lf1ED>-=>vVLP~7!6*IDd>78U!~sJx$TaT$
zY5Q3;{ZZg>t0?&8qrgVY6wN*gE*X@aon5X^d9|jHTu*(A?)m^mr8HDHh2C2K@adgU
z)8!tjRBtpRUia=?lA!hA$jJAKF}otd2j_>L3yXyL)vj_o6>1mTjsfAon%?I<`+`zR
zXbI&CX1C9FPGO>rpP51aenXO+nD~!g(tBWFe|S5ZHT_Ggg}|oK&A6|jx@3XRJ`8mQ
z6up!h+ILRuv%1mJ_liJP^m)9cZ06EqUKCoT{hw1yd~RyelO2q$-=;ypHxcO0w0J~R
zoqW}YxVdMTV%+Taj?*)*~C=ayx;4XmU0O#Ifuy>tC}z$kg`!J+f|am@e90C*UFb^^
ztoAv63cHvvf2Z%te6n@Uxq{2#EK--Yrv_(mUXOtZsMlKJY}T95&1Dl6P4;hFewgLj0x##O9v8J`eE*23Is-jJoM;khv+r(02$g5y
zKj03_%gf(lV$j$zsCEJ(?9-CsY*4)pNTkn~@8UJp?Vc=b&Fjs~-GUx$nshF-$~;FT
zqj9U8oz3od>3pGX1xA}gT+kqlGHv?(&zdP=(M8pU=RBUDlauKs_uFEG&Ew5D~cBfsJwbN3BO(@`5g9(B9c9Qx-=00PlvBoe0~2ZhkgYRw{mJ~lsv}u
zx`Rdk-e=JA=vKVf8XMo<+jE)})-WNRyP7@S`+*1z4yRrzSpA-!&Lqa{_h5VON_nSl
zSK4nEEz?v6mkMd{z495O{9|At}slSNk*tHdCS*-uG#EHqmvGaZIt@WVUj_vzD(zOTK7-Pw7482~t$H
zbQg{w$^=i6@Y51#a(BUH32VIxr|PeN_-H~o{{fZpeWhq1Ra_7yj0-RA>6%|Z;*)zS
zvPbgc1RWcLs_Km`bA=n^SZ-e)<#eJ_F{MAUiA*pX$s~X8H#%oShvJO^hFnIzz5uq9O+(n0`_U{!<7bda&(_tV
zIeUq$N^KBUhSgrzRBU%N;`a=Gzc@52Or{uQjo--l_|l9gx)esO
z-b=XyswgN-XV_C%NH8hQ#+zCe4Hcz$9`3*6EgFp^Brug)~76oe-
zPLT3e$7Rge6-@!tY>p9nzmxgleTvLYliIyJ6U-f6$t%A}%wf;=Q>TIBO+bk51YQ*5
zg90$*Rys@gx;wP}?H9RDWD|?lD|K4=pl{?{>RONQ$p%*hg6|@^IBwkxo@jb{hY)i3
ze)O-F&AF(5Lj&%A7oq0S|75NZef=fu89Id$nz=lv?5KG!a9tQA0z;S|-EPAv(}(5!
z{4AyTfp<~$E5`%6ci!+KQaHd?Kn;*TEenWZluGuH`I>sXAANN;cbKg8y}Kot)S7Ef
zTklOMuyZZu$Vf$j^n%NQ)-q^hgucf3`pj7k<^*-E437Tqzwe7W(u*{3L>d;UT~BGk*a3m|Wac^o}9_S<(vz!H$}`;YX`E>X;{
ztzc=Onp*xZ%H9K>>-GHu{@QyLvXZ2dy+;XUXJv1Zy;lj@3W@A3LMeNby+U>fiHxjJ
zM#$#5K04?8f4_6i|NlHsFXx=^OOEg7d*9c6UGM9Cy|3%m5v`-uisv*?jk5>VRgg#E
z8rszOu1lxQ(Wm}Qs^k*=yPfcO+-u8da|_VF6wFK;-X1VKtSKACXQEGviR+IFZ_f;^
z`C@N2er@-BUiLy(MNhKe1=9ED&uEzMhkT@XDm55KepyvQ65mARY60SVr2}rfJMC20
z_2N{N?0Z~;!3VMIod!(;h1S;Ah{NcNQWB^kg2o>8xFTzC?nmDj#adyCM694?p?;Nr
zXGo|29=TUmQia$rs``xwK0%191~29YepCidG!j7ITj}65QTP^tEgwhi#D6NTi5<;|
zHKkoYe9dd^wR>&y26)?|;@zh^OIi(C4>eVK%I3z1kH2vtzZHt%KH++5mQb3oF^B%c(AdtKlJzei8G+$yI!TRcJUC?3HkmQt86hZ?J)>$e2gJy
z&|S;O&b1Lz*4WLeO3Paq@|2-#$uo5MXR<@aetOWnNa1dnpySw?`WI~yIV-fQ;WMkE
zA-x_-k5w9{AF}TZWHjqJabHbsjKpYYy(|%_)2CO_>@P!qNZvj7c%+8VAa>2?Xi+8Q
z&}^QX;)))9Q~(U`$l_09l52)}NkO0xYMgdN
z$@Vr|+uH{Yx*s~k+m2YAq7Ki<+(6aucF%kk5k^2s2D*mt>Zd>Ekx^V~m<$J>Wzv^=
zofH!-EG%qo*Aq9W1s6M@XzWL46-@XN@;UPSyoG^*0ZgTYeQ5#L!}(YyImenWoj(Jj
zn9`x{Gvgd6d8JsJaJqO@?3)bVohWkYdnsMmQPnro8BRHI(8?}F&SCmD*&wJ!)o$Fbww
zPxQThrVuCi7@}L*%Em2$M8eNyU{BQ9
z4!p%uy?*JWh`676{`~oxM;$b!pZomz^L(vl6ce4WGbRk4dcV6~(0Z5j*SWyjx{G$>
z%UgGW$3=>;01vZ63w27dryZ#>nCFjPev6ChtS!-0UqT>#Fu8PM2ce5_JTcQ&C@ilw
z8y6M9Mx8c`Xm)q*(h`}&C+WH^Wxp;m@1a38f+I#lO*^{vE(4}4vK{3y(`ibczIT<3I0zEu5iy}N
z#6eE$Ut5!pKC6FDaF^083f43~9k~QAtxe`NoTf|sklzS@giFSLyeTM1<+d-^RWUFi
zYM3kxB_bxysHo5sURhjh0=L7L-?zNgY+cUMMSV)qf+taEIYj+(h-Pm!;}9s(T!tyK
zZ;=wF+}Du&REtgOz`!8Fj2ef8{++V-&uI7SlwW9&&tNo9Vda;o
z^-{pxkm8I$;U64=GgAm7C>aPU$B1r_I)cK@b0fK9E){wKxkN+=Z;%$*jR}-hB7O=@
zmSgb@A@;(TT7S05+t0ll&ShrW-u|GF-Ob9#FZGhEEz{O8vic;VzzYx6L@jkX^{ziZ
z6AM3a5C%-KyZc$&I&kn_26IMf>1nVs-j&i(Tk7@&CS2jPrHx(W?KZczjG^&=%}r#(
zM})=w?|zXWS?l-OOJZ49497BuSlZaAJv&Q`nQirL3hv`5KAq#hghE;0UN-LT9JBf%In^xxVt
z{H7mO(vxK7DO5QA_tnKG*E?D8NXkEcCOa%qtMzdg_MaYznS(|aOzQW}{PhlhSpthX
zJYFpK@2D_<&RZyJ*ImoPp)U~ed;8wphQCv9>t;RqI|BIOa_)_sw~q4^e>@>2eK<~j
zetra#oG>NkdAqS%cV2LxsKy_ztTTp%XHX1sr*!r7Vx7X(s?@L+pCMpymXBIn_
zN~Nq>-|z$`fLg?utHfPu$ry~^cq8QZn_JSP^#!%HNyC1nSMPZk)ppJKvvqa4!f-F!
z$@;Sb$%*yT?F^%RonLvc2*JY!hq;Bq0HP3tid7|MvnUwM{#|sH{AL
zcpeWW2GT~5F&4RRn9D{zs;?J?s)0roj4+}H2VFF3`xaWP&`@v!Ak3`oA68K`Lnx(&
zMMD+_iLD>ox^ura|G7B*L{wB%je$h8Mx~>q#6e_)*v6G(vHQzQOO8heyJa@8P=P@~
zP-tHor)QF%ANu$T_ce#!w=E9`OZS`A_mNm_M3&Di=rSs&>d2ly7E2?X*8Km{brK8T(E4pmh#>dmtGZGRKmUecJ*}A}nCA758Fv;C~@IVm!
zFnmFmU^-uUuda*vyj?~z$oT+_7U?7jNI
z#Yb#iaEctO^gAc(1Uq3Ri;JD46=P##VX@!~X)^?1V!!0{X7dl^@jo`^ZfCfA=>4e0
zcrMx)h6njE$t68P`b3aFRv;b60bP;WvwTff=vmluo*NUXRoru19@EZM
zMNnd#bFj;(`p2iLHbXuYD5!44%_S3;Z@GzB+S<t5-ivOo%R2!8wGvKoV0t4_10B)teqvL=~*RNmyRQFKOb#;OWbrJ;~CPm?h8d&8#7jbuPoBSXN
z0H*kx5Uuu07CHPDORf?>sT};r{%?vji{KRin49UOwAxaPt39lRBM>X{`7%`HFPlc=
zmlI*4gMA?`STx-gbfX_Xel(h__u8=5CwhJk6P5QSe{lPgBc;$-s>_#ZF6{_k>XLLi
zX*DdPB8IEy#VI>gIEGQu1TSULOKua}l%M6&CZ#zW#1@n3(a+Op)bxIc`~6K}O7{A*
zT)}U@H{k0qw|`a6$0TGFt(t6`Ibo#K{ThW^6-o=`rc}*3H?SwyU09u
zxO?|ZXuIUg^TICsopa7jbIv_f%7;XXF^Vi3Aw8_BYLfVw-KOT?LHTJ2o9`AExl859
znHd(lYtUf|hc^ttM%;VwATvK-kvf_QukZRco$L2cXhAJ#C;)(#_V%g8q0JwcuhWwl
zKK#KCvISfyf4A;h@l0||wHy;@4;6edVPfoHr?2vUSW&z<<8i7J6@W+D?Q2x+J!aJD
zEb^nas#h-A?vj!)YSA%Tc}zrh2~l
zLa&ZuDO04CF@M>}`yE1AW4;3{r`8W~NoLWP?St(l1vy9|SyFPhZL(L+?ou?~rPE>&a!aSA
zawjg{#)CLB3;~-PiE-{WhL2l}-RcZQ_P>{QY9n5NUL-g!j`I8Gasqz_W)tx95Jx~G
zDS7A4ITWIc;WalAey&tjUfyJ1IWyZ4EgUpK`Dkr)w*Du**K&fQwLld8qNOvTtmNfw
zZt-VIE3d2?^iCE(PQ(5hnxsO>d!O0LtP~4&1qMnc;?3yR
zO)(Uen6|Cy7xw#1(%DAev!vOYE7s-nRoUZ+xgf)jtG<@_=?fI8OSWaY?KZ5mSJoFx
ztg60w^r*!IH~d+1uMexN)CH{rX5K_$wLtZ)jpTSoO*$c092)7yhTD4a6{7s<<*@wh%FKA*^~plO7G7_NwfHEl^GAGW`c;go5fa!z=MY7htr@Wdd
zif6NNii}AqulUP5_`R^TW@l#eigz$kR~+UR6u8VCY^k&OnnU9@FD3FArW&&iy6Y62
zA@uOULG~~ts(l8T>stiwFE|4i*b|Uu@%>0qOcrRGS#LBiZ30-N)2HT=SZByNTzH4%
z#977^3Z5z0Q2sZRHX!d-;@+C5CF#POfaYZ8oUE87QmnJlT0&=0BdXV{a})imj{RlE
z4ijPQcQVn*^n`JynIE*#s8|apIdT(tQmt}RW{yHkO$vD$(**^d&LDCRC%)C@xRdBxNWnYh1IJzqgiStjgI_w?H>eS{-)G>ov8pF0W0=
zVr>5O#Tc`r)b9QL=sDehgsMdCxb$_)BFh~w@O&(a5Yp=E>LA>^Z4GJhrk=*dMDh|C
zJb4B(ZeUpe3*Ig$EG%qqY($}qApLX{ipnJdEJ#sUzsI7ht2>|S)%x$qFP1*zjNh6=
zl*6SsryrUbdj3W!wwJzbF1ATBC2~@pOHM%(z*Y!Vr0%K+>-Bm@hZDgZ!EZM|Y7}*P
z!zT1%8(JuaQ(fAE2wq#2#fMit?{hIjhs1R>oOzYT;x(4HOBEoC76(KH@=EMawgP|y
zFavG?w3$1quD+Tg<|8^&e$H!?ta*AZr6*TkPb)j|u9ugWkmD2z{Oo7d$JyMBe*gs}
zTl<|W^sruk)OTreE#H2i<`iSK#>;1suE8DReXjzYa
z-SLbJyLF7=*~@@U0fkmfqGqX1jVt@Jv)2NFu}ba4!>IzjTRi&FKq8a291W|tlNzGxpU9vU-Fs(jE#ceH!--_O!4)DHKh4?
zzUg%0!nbW31iRLEdrFe2u)f|fVvHFdun&q-EZX_B75HgK@uQ~ZbKARD#-gm+pMr~W
zVh0Z^DJf`aX^D%J+Tzet!dj*qp-CY|M`!ZrS0!Zf#^pJ@YQ{!JC@2kS)gN_4Uxsh4
zzrPTUk`?&;PfQK@@Fs)eyn#lsJ2*dg2CB;z*R$Ww`lloeyvH}Qx@TtTq4>x*;asrc
zE&FV2Z59IOf(7onV*bogGmK8_sO0QG-kRWGSzZ8I+LiXtoo)YO1G?>L=;$O}TzFB9
zbIw<~ez~7uioWL$VlzJuJSt&hO|7V@|5FPFpdBZwO73C4=jiI|Bm5G;%Nad&TBl9cM0scNp%NKT+QOQ3APo-^Ul
zTc82xVhp*c4`egco}%ZVdRYuLblng!=P)P37$=wp`MZgY_M(
zdn{cQ1*-2}Xnd!^;L2a6Ea|&W(D6fB!NEJ06OE0vz~L)?qx0q4_21j-Majr0UO5Vd
z8gad08;l#dwh3K%n?6CZ6gUR~X_u~Q?GpY>g?~$38Qk$8X!EFj4g+-xmFz5TW
zeN1zHB8k54Mh7!9f~7Ox+O3~@&U&HzKO(zHuM0SCdaq5DSHk9yat7+$Vj*~HZ#TV0
z)ts4Gv@waV+W($HtW&|fH|D&C7taCr_orw6D2@lai991{IHc-YeXF*r%8ZlZ9_uho
z;`@o>#oh9WSh%|(R@B7Ix#fqT>*40SmMK-RC$8){^vLv%!=UIY1B*gVqLe4Q6&>co
z&lkfAKHBk4ibLonbhfQl>iKwUacOBFgOSDg@0l7B_f<(c|**>6r6J&xA40_yu6SMqoL)p7sIUwL^%3LW8{%zE*^lo0+!ukLnsR*ZgRtU%
zPvtf0AB)MZ2qVAg+puxb2|Va&pTr4lAkp8)nmUf3H7~iGto`8otSuX3h8~3p0Q_QY
z^66r3fkIggvMZrH(TR`=3|VsFK5YeNAp25e1X;CfY)>wu@rN2;J>nC-C_};C=hWL{
zzO}|{9piPtg{
zV@9nJU?TH>;|xO(9;qkS6F&{BjT80txrY`~*KM6ryMr<8?uX-pH@-{MsEr1e-P;h8
z61Me}(@}tuOy$W;hTqEyZMML*Pj8SiZ{$m^jF}mvNO_4IpOGwl8HgWJ9VG^;+N=lE
zF&6|1e_n}wps}vwwG2}?GQO(r3O5#$d=kPRFFmKdbKBW-b~3uO*xMY-vqqTqX|OED
zUvv}o#;zx%){hu)c~@L&z5u=M&(OHMg^mJ>!^S3;XJy^ZnG^ADCF=7Okx7iIR5L2D
zB?g&I3}5l!#dV++S%|?@qWKaZXtW~6$5?%%iyq5+VZnFf`io!5;yOg6@xCP67cESl
zdqGe
z;;B<$>&3=LS5C=vtomFu{l1TVK2rlNaqq;2Mh
z1;3FD&IpG349ln{)KDC+K6f!(*z!1!i>}Xc1|gf1d*TLX44$?!d>6~JO$3;P@Ex(S
z9ix1IBgC{;lp}7@|J$*D)Q3J0B)-ezIE{lm%=kclW0DWra07{UobnNev(jn~;QdtK
zW}xMhD7+m*N2&Metsb|eu>WAipu&+ewE5YlaC+N&bvwo+sKpQH%%OVGSjvCGuv|~M
zIRl;5;Ywn}63ey4h}hnWxj)>D-y6OusgCa9;Q>=SD9z?SLhBv3h)5{ZjhB{|%Gh$7
znr?iA2^j_srK2B)hXYqu>@}9wJ?h|s7^gNfT!^>8mGut{WOSOSSpCV-{|6J?dB%!o
zHAEg^j8*DiC25^UcHdqTa`RuSlZCUguSyCj*>xWU24d4)y@xCA9H@ziD&YDF=rOz_
zd?$(t#>1QgGZ4N$fgX+b^B1LAvUSCL%*gU%AS8haI3MzrNbC;F^}qXk`NRpVah~Sr
zp4?j}_Qu=?d2g^RztZc|Fh4Emi#-m?_H!8?9C*MIuU=t+h{2x$7cf~POeq1Db836P
z*l7kKhtW__?2J%TqC^=vTQw^{J!9>AY2VjTi!_ZkX&IT~`^%b8L{HMuictYxrnFF2
z@wZ=wR~q0B*eD4s?nGKcJt4(QgYI6U`>#u-VGJ<
z{?So9ow)w7F@m6$bkDGf3Bx&>_^#N8Xg7a#&t~5zBqW>~n>-SLdf11-!2oE%vN)hk
z4*t8N=&;%7T;96*e(h=H12exn72Eedq^w&c`#Rd046c&xF9`*Qu*pX;zN5FA`qb?Wn(F{G6@Azvjw6}*)
zA|G;LYm%xx7a6vs;f4m@POhqJ}&?O8CkJI>AD#rP~P47pwUJ^qTC&y2(_VAl{b(u8pP+px2Qfy9R3_D?_lNydu%?5pl1b22a=@$nE_j{@t@Od_|*lg(IGz
zgiRvO?B4zRO~8FDylPX^v#_`dovTU~6!q+lnV-8hVluD~}zu1e9czDFafX
z)#oV+CV$tR8+A!hppa$dcOYPVb;AEhy2$arflBOc1B3if`6v(w|C)}~GW28X(ysRu
zhEYj`45Q!BQ95zlTwK1-o)JUHLo^L*%>)2O5}bPU-&!(cvr|4jFCvhG=yI5@gnknO
z=z0I~%^OT#q1^ZJLKhxpz{n;?fb+Zg*x}}LOxv;Dh(Rzu*Re+y4)d$$U`Vi~z;E&d
zCI-rUb`zol{i|Ue4eG=AcqoLSe-_PPqqG~muY;RGA${WCU^JiIF9gDx{XHB&3ZN^`
zPW%4EFev<&%EcMcF&}OfJPLlptn>edI7E8W#KdNnJvaMhZe6g|+<0Fb#e@fCN#3|i
z-2zILm;M=TS@XjVuT~YFqzJ+IC>JE=g)oPFs(DZtWv2nNlq`;Zf_|@maxxqk3e-0!
zwZDHas}%l#oid>4*s;y78Z=q7NSX>|nMx`<{;G3A}+^o0+cN^oN*LFVm%N$xcOi+lZ
ztTY|ZlJCihGNVR3TFn
z{n^&Ui+CILdnrnnD;y>Z*wDVY))YTjH3UQnv?HiGjDh8a
zL)hYnfivY?#aEDm4`N0MwyV9^l-akUnz?8~ZH*#xKv~3+M***_O@;k#Grz;ujAS0H
z@r@D~P8-+yl6exHCDqv9ijCHugy`wy_60>d0a`#_=AqZfz8Ig+u0I)^he%yD~Z#5uzPEl02n;MeMF~+(}A&b!F76VMch$UCBn?Jlz1}qwa0bWmzzmP@j_3uSZe3_)x
z4L2LG*n)pN(Pf+{0OFCfnd;94NPt!A-;UbPdHB~mE=TQ?BC?goq4_7`zQ55JiCVhU
z&k4l~O%Wa=82>i1ULRN4K&KrE=h?=Fl}S#ut=5q91ni#V)16-bP;a>OLw)L>sZuOu
zvxVO$ibiJ~qgi!N2pBBlSyI04++0U^T)*lOl3Q|ut)d>WQ3&S*~Hg=s^AHf0V`TKc#+{4N)8||(&{O4W@
zbPo7AEbHNrsh~Lv(S7^zqZRPjK-;0W7*cRSYO9~%-VX?+j&q$9h!P0GQYR$!TM#HA
zL2mi-V3G(02Ose-ldFCCr0|ZN|G=>Vg=M5i3{_{e7U7)$NZC@3r;YQ1KWDaB=u3kk
z%P_O;JSbAA2%GIIS!W`~G};pbik+9a9SA
zD>BX()(}3!@2K@YWdu-a-kk<|=(F<&EY)M)wYXl;hKTG^wZeY>ila7xEGt}ek2%$2
z>53W5?jZsw)p-c8oK%VoKo{g=GEnocrH>Dh`2XfEpfJoHdc;yySS^F3MZv-5YU_!!
z-Z7we3U;3RXLtkm+3WHAzf))T93jY|npU?>c7M+CuE@_hL-7@W4Qj-~tm?~3?XcYE
ze;_#U4L6sF7D)zkkt2xb^Vl)F?^$CzB4Xx&e@
z3IdUk<4UlCQ*aMs!~@lZkDz@P7T9&LaYXWQ61o~;hy`Tr*l!r|VwwZRmC48X^-~0553hpz+K>Za2HBzG|SA$xnKjdL|az=MxMt8hK
zFrK8-uhG|%f*CnEx~r$&yyH62ZN+|m*-^{7%yPoFF?P24??*r6I4cVc8{!PUpyoz`
z-}qZH2!6LrUPIOmEDiu~h#E-k51t9mECfPeTJkhm1#CZ|UJoV?&UEOCQlo%b(JnE?
zL&P?~5CJ((NJMlaiV2PwRLgDjvF6mkblhy!S9#vNlU1eaKasA221NE_TYLnG5DE{79+9U%2uIe$Z!=<#_P8{{a%j--rv-5!dc~ecD+JT$YxWR@-km%H^xq
zu2~={^#m=e_;7{S5R7E1C`$)CS8Re)VK){CS}r;vN8i$dTM8^2ow_R7P}aT)oS@ky
z-tIa5s}Uc0PXro`MzaHcFP}l&vbaNmBLEKqhrIG<{6oa8p;M&EtwAGPGm8cHWuX(Jh&zW_FLD#9Jq0ytG^^yf7
zmWWIXT=pZvG#YvSbl4a0s37?v#l?g#gax37Bqmj#C7pp*Q|(pUc=m7SA0o-J&9Xy)
z?0*JzS#NEI9{8014i`})^RXvK5hN&@ZK`NRfW)vO^iyB_C4_U^nGT9|0U_H@os|Qr
zL*LEwMmcEjbWieG#!kf^(+!q)7c(HzJZnqTy0;8TI$8D=#>d?BX5h>~3&WUd1TUgH
zYcsyS=qmA310lxmLZ%sv93)0OsME^Sl#y>6Dtc?Lc|nap~ig;EaU95t^%FxF~HE
zz1J&FyE-UwZA1Ly-5XmCqM+;fgAORBY^O*=L%l0V@xz0=j_A*P0YV@MVr=q>2sCM5
zGQ*wppV|_Cwgn#|ba-1J<3KI~kpO1?UWep@6ONGYa+M~em?(r3MInxM1hBu5$0jp0
zMSyakK802*>FU0SW5wAwV;JLGX}?_wvmhScPGyH6od7nPNo@TV>6e%PEpZP(L-EY7
zQkMQ7<)JE&s&91z8-Md66Xb%FXM@T!R1p;joJZ*ZvU%s;dd96sH*ctGvl?+Z|Dwp2
zfK&PSrmYbLUcdwvoNAEJwE%l#q85*H??j=bWTXEI3b#{`DnZQNWqIJ587==q-COCm
z*Pm};K-bv5gXRR;7hU=3MmGH
zaY3R6lW^1P>Ohu?$cA8ov!>|txW&`fe-RT_Y1UmePe@6<&vEJcb@nZ3ogjxW#Ef5?
zN1Z17^7Xf*4)D&iGAGbjz;w|T=s7?k*TaGX)30*If@(g%mt1G~?{#?U62s`O@2nLC
zvY>Q&g0Kma{hb#v{UfaR9
zAi{IR%XhrH^*r7#P}5Kr5`Vx_xqcA6zDa8oD6L2!P_}3OV0VMJO%(2P`b%_RR{Q&`
z_IW6B$WOWSH#X0$yYYAj3ycj!4i-i-;n`PSTV?HdcbEH7yY$9hg8JV7#X6{GJwUs7
z!BgOWFjd%_9RA2*VH|
z;Yv<_@R>u_8e23h`d|Zq9zb`|n74q)K{YjRlD7&M0xJ*6q>G`s@jn#TwuadkV@Xt|
zKm1ObY0IaMW<`IyX%M;DC@efD}O?p?|`ptxQTIR=3mi1DOB^=m7TJimp!Wqa4>&OfyP&<6BBVqAR^Y4-F7(fgebo$F_P
zYR|mudR@@SjFJvOWumAs(WEhqQpT093%qQ@>aKNI8c7(Z-H7;}D>A&<-s^13_i`ku
zi+?0-VQZhq`;O{lG+l!jEEr#p|0J5|y8dw;Kp}GqTuh`v>DMn;NVNYbCV=z%Lv#yu
zf>Oiir&yN;L(P`o6hV}S91{59Y3TKXnNBjpSs#J2K-ALUAZv%tJZ&X?`m7YBqfsxp
zLa{G^t~BR1b1=RQ7QCW4AtsCcG?+fss!A~80}f3j;tro5>T)n>>ceU0V+%DmxpLZw
zo0=gGuPBDvh#UTmNBVlaB7u;%y_1ksF?u8huPEWtYMOKXXu`NcCw2nSNO&UiK#6ov2!S%F$Yz8C*Z;-1Md_${ow-s;-gN1C_I%(&
zA;Bn3Erl{6ROx0AmKg4W|_OOO8cjXu)%&b=iRWOJ%>quTq<-A)%p1+QM`rO#FiraOC)
zc+`*V5UdKGgK&+R~Wwp(sT(Qv1nkb{g
z7rzvZ;?nu5v~j46qnLYg?<}1pR8B&4ZtJaQVrSG{RWAM2VPQ2>YQTHhdmx_~Tr0G4
z%)E*>^dI}t_Mlh_X5<~#L;DUa&tIyHCplOhSgb#L(GI9a
z6l*-m-4=YX?e|FOPXwGRyUOz
zo>z0WZ)8n8YcqSNs>gUJMAIJXbW`^N>(Hm1l&f*mM~iyG7PVw#Uup&8F=iUD=-qJM
zSbwac$)I)K9gqS|GfX3CvgB(vlJ&kV&0KuE`}%(szy5<{7uvW*G(E|*{WT|r(|uPR
zg<5NvP|KH+iV2uK<@fut
z#o9}i&9B%J-Gp1XDy?E}(9@z;hnKI1rIc@=g#U9lq5g%8o0U`EQv=7Sf-R_bNUEcD
zRG?~tu|K9=TYwEVL6DwJ!|eCQTr?xK9ffZasB5_V>lx4Ek*P$A9BS7~nJ8P@)~
z$Kz>N@TDw%^w-@U$+Ap>SK=BLtOW3NlJzu^jmKc=M$gM4H0iW!nLQkA>&71cDkd%Y
zG7zgF+Sc&#L_f&H7||gZ=KM?gr7FR4CgZ1z@biiFVG2}Zpf2k$$B1ZX>>H|YkzV}V
zURipKY8%UYKOEz-MlIvk6~Zbk^`+HAOe8~Wex|UQHOI_r=ImZHO1FGe*NmH7PUxCT
zR*_wqKeEbOv@0cfYh~y+%OiKOV*KJ__`gtoM7K7UQd5+Un>eLWD4%;I*J>p_Sa@-n
zd2vYi2#g$Co)x_4FbaWh~hKC>7_*TFDy2_}eK%q+eB;RmL?5
z{BX@`8_5^7iFh-s&LlAtn>Z&a`I7Z0>!gc?EAi)!4C$9slKnXk@YMZta^Bvh$d>=J
z)2do$fFU9n{p+np+q8|%f^8YHL|Kmg##+`4z3@@yMmCz_+aKqnB_i?MZ@I7z9Yk?6
zwoadWdVw_6SBy@^Xz9n=*1q&5i^qqTBKA#m6|vQ0X>S{(j%&rz4u-S0QE%UAc<$Y;
zz?Ff1yO@SK7wu93x{2tE=JW?pjjZJRUpii@b*4)@yq>vhoqZi8k8NM`04+{qeN0($
zsRX=T47G7f*x_A4#@5*RI582w#cF~a2=iaCbZC(llS9lPSE#swxXQ7dL(AanYvoSQ%Lq
z2rgSZ_WB&R&p)k=p1zLhKhxo5DU#|<_oVOb@!pTknRPts_{(44ie%YeN*HA}wY7h8
z34_hdzoaq&GuSM93_Cd5B(7w<@AT#NgmcnTc1^1a0)-yFX5mXf<3)0S?Cg)+?+;ZM
zs8xAa9wJ?Oh(Px)PaiPsGf*bRLLn`QO0Ri;EQ2Kf?H7Bf@qV%uJ{SO%=ic#H&GDMR
z(lzC&Rq75g>7&SV&QaKx+o(dq(uR*qm*_Oeex_u9ZWVVHjx2o1lz0^jN$I>j+E6$IqV*lmQC*piQw$fnSFXBR?p8
zzSZYI`DR(obAyu2JmOZI8Njig+_Rp7uiZ>~SZ`qt*Jel>^{|Er4%gn|Bs4V0O@A--
zT=?ZjZdL4~AjJcW^NdNi;xrm*a7IjvA@F
zeVoWqYwTHsOpLd36kz4ARQV+oq@KsBm$@+j+OoSim-wnhw`G*L?X@VMmLa0)hnwLU30q#(TTu
zd`t$i(6CT&-c46udn4qOAAce9g!TqY9hcjEcIkaIGu-zqm@gAKm&y)qox8tP6?STc
z`Ri?K#*A0JEcits=r765O{wv0JQR!ZZm^qpJ0@*u`Qsmy_=g90?6s|
zdE7MW!nMzjW7DR_yHwCg*}iaLnY}wa#v=nW?|{y6j*rVR5IF|JraICfjJ3A0>8aKv
zaGHHj20EGE{9cV1KS!#YV^6ReI8;h3%dcI^2Q3-&WTSlHcGy$i4U-47$lTb`QVTQ`
zBl2O10{613nXFWey^3&1db^~@A*S*_8JW7@9}~gd7PkK
z6#W0%syW%+zkgh=kc2*-pE+}8hrQKjE9WyU&G0v5fX}}ur<4_(qTn>K`Y;LmdIW!l
zq`zJc{Zx|ibJ4;=S|S@NqC0xeIRiAvFJU!m-eSaOv?3*NW{bQRtm!iGDXyGc+BdN&
zS5S3~m@$Lgefsg4B9JY}WuwE?OrQ(Up)UmPj{>BenUR4GM20ksf`Ust`agX_T1G$$
zkF+8HNj$#}M8f{|YCCYm^D#Fa9}itMyDE_J7#}-`jE?4J)93qmKKb7wRf&U423#*l
zy%=2Nv(cqq#01ev{l@dv7l#8i){(^olnuJaZ^!O@eAeLbyR<1K(BJi?p#{90r3@GQ^`*U
z7{*mPkXJRv^`Jkz=g8WA*ZwK7|0v~{Y~i@q15JAnmMiz@qN4;RI}0^+V$qzw
zgyEt)2(X?H%4X-}u(;JtB;1#hl49oM6pRl)d(HfrM+yt6barc!RtzqD$n~})twpI1
ze2Vh-FANMfoI#m*PxVe>RL!Za{8Tp3TDLeJ2v1QU(;|s!V)^+LC>WKiR75tB;&FGe
zD@EhBR1A)csOn#!`)qnTdL~!h(fpBpl
z;pD@$YuWbr{k6ajKu6;g$)4z<4U9K
zW9M~>7G^3+W;;u1c2C7|sxGs7c;_^ZB%Ioh{LV|umbl85^eqyEhAMQxF&MM);p-{c=Oo{h$NdAB{0?L+5w-b|GV;-cQJsvQJ?wpW)!Q;sq(ifw0Bgh%Qy>rPwWBz>E_1If&S1Ictb
z0gqt~!_0oeS`#Dc&XFlcy{8&+#hHaE7ur{&XO!MoT+Suk+fv)!)4r;tafFP}*DK1nK4z)_sXH{ln`SeFJ^|w(d
z57Oo5=MN5k7^hS*%*!bP-6YrI2e(;0c^skak>dLtLVG5V=&cfQ$>la%bJ
zd?!t)x^%I0o`U_{-;R?m^9l_;uc}boga{!fxLZATR6;R=(iextV>yK}w7oKG+fA
z1p19y0!}VWrhNZCc+dhX16S^=;uyJ)yZgb>jrEJTj4}qV$hiACA%Y__A`o5`9kijq
zX`&iu)?bvAI1lVu4*r;Nu7aZfsV@hML^Msg*)oRD7vuX~tN@JUE3Zo;jnM@0R%Asp
z!=4AVj}&$``qY{58y;*dlZmQ76FmBP$+N-ZYz4&_*Qw#Pjmn@8n*(NUg`qvi
z9WG&!T7|8Z{Xn=0f>k9)kXPdz9856J{L-f(BlGhWb@2A3I)|8
z1Th@`hJW3@6sS+O9`)lOOht)<-VMU)r8+2?hPbahBB(!YHKpjAaNTO7p_Z&MD8Lxi
z=%ql7cojL1{rkEygTypA<(zr2`~+wI-&}qwb@Mt?^Z!k{K4F-JosOaMf9+;1!g0r^5Cs{C2WesGF1gY-BZ@K)nS{6`tXcsDjgDJD0Y$Zl}NX&|GSur4P>~DFN
zoVBUh#(WPlg2q#HGUeB{n+T!}fKoDL$HtF)S9^XSjoXN7cYIvr3j4IeUhP8v!u5u!
zxyHw8d!awFDK7UBA#m_x$XlqQS9P0lxFmMz&;KlEo2=#_I9{h@^%T?t-MBmV}OL8#>ZtMeYHz{ix20E5bkS@B`nAAsK!h$DF`DeCqV=!u4
zPCL#F%AF`ELLfyF*h?B(TC{I|IdBuhS7^NE#ZW;CP%wKGL%f049@w!D$IGu3d}iirwQKhWX&
zY&}FZp1yO4SzqZzpZ2`E0Z(59E#{DvdC%ToSB6~dZvnEwLRtH6c|d5Pb571p6>=B?
z0rlcMof?i-c6pNiNzR2muYn(~?VjO^Ws&`)srJ_cgXj;GR1L%9f{Kf|Lmx{gUXA#A
zD=wfYm@)SR)t_05n#g@P8hMsyP*EaiF-3pG%U0>&nEZrCd-$gKaci>7{kudw%z}v3z1AfH*IFPXh>)0Eokwd
znGQN9&@k9pLRb17+5{i?Y(IFDmxstn*}C53=JF1bOEbzdUFG*?ANbC^7f;
zJb>H;Z9Kh*<+CClAv$8nellLXFdA6z-$&+&y?B8Fz?`annsud&Tl^RLU4e*)dfi#6
z@|lheXE0IY5A?k60#paTqWn;_24A`A@LLsMh>YO@u1tfDP$fp#)X
zu6IyspLU!AkT?IHRVU8E>j;GJwFf`DP`(&A#0bU%LFW9MLby&>N5;$GEN#FC*Sqv$
zCxc`ZEv6S
zFSw@fygPRGwF*%vd(J4wF5L+`q`T>9pV-7}oIG#Oc^2ZaWE$%}6^06UQx
zY*>HY9&!Vr2($t~w&-@aHKL-aiG70jg6Uomtd8*F82q-eO`L69sC(
z@^T6!F&UxOnF3A(^G1UD=^?7vRu%1$OW9T!@sFkjw-(8-VEFtRCPht&d6{eQ=pi=7
zXOT9_U_A0#3;n|&POqF2bp+Y&T5mt#bb?c7nFslZ0NL}eeuE1V88c?z>lHf>fc)+%
zlow!>QhH8~^)PJ`5MWRxgP0Gqp16gCEVG``)6)ycj4OBZ$!tWgmHEl{8oiu|C8w?3
z^QjAf-Ni@k4BN5oNF!@8!aJ!QZqiT}qBRlUzqic#W`CSba6;R*F(lu&P@?c*?Dpa;
zUraDF7Q~Pb(0u^Xs)k9D%CRsc9ov_SdIXn>rNG={xSkXghY}ASY{&FjeY9Ko_AOys
zDm0dw`h)d@?qi&jSrj@53?3QDgsFRokuc{Zmef*^lfQsS3Z*ny!;Fk(I+X^CK6<2)
zL-0x~nv7x3$ZaM!vl?#m`}?$LsK&!&O(Q7*pL}@qGPhA4$%CGAUg*A}d)7>OJ>C(K
zSGm@7(ei}%s-ss6{7OZVa~S4WwW8FbPpQh`p25Os>H}$-7A^8SCMM@GgMy5a_^W0KRiS_)b5lm%
zr~Fe_yaUnE;4*iKGHul_zq1b
zGUqSKHLrZBaXLQS&V)8Fn6@NgWtA#p%Z)8s=mRD=7Jv~4}d!@cK)Dd>j#
zA`GUe2alr$#WS#w#t685)3{vMxLBJZ#KRo(2C3?J$qr9_XLb(0lnOFr3IB1C`HyPy
z%FwT7rhJcH>xECJ<1|DsWqmlsBOnl1{DC<@i(IRO?vYd(7o-pTLR8|<*n^r_LueHt
zlT2B1!;uQDzd73RkpQd3*&iCw^4fO*4oiY1K8jsINB^*ufo
zvlrW)R7$CX0b2ZN=It<`B4g8ecG;u4F|FZxsENhpg(Cqoa@4Ng)^1}WQyI)(LP22I
z`IB!t;Y%wQtquFXzMC5IB&<&d)+s61d*D7o>y9R|+3vj~%yvbv4`urODov52AR9DP
zcr91gH&!5FPyygZo8=`#sO&JdWec4(N~U5ro1}j9#Ib@_P(MW#G=88>8d~=B1~ZN`>Ra!YBAHNVC#L
z*b(yhqBUfU_nMKQKd3f;Gfr^%=XeLjr(I)8lnegM!9kEFkH=Aq{nd-#lAx`j+M9?7
z-3P^7xiA^mb?!r}{}rg2!P#OWbR!aUJJ!e{*!mzrcUUa>Dk6UJ@tKd29PughWuJ?n
z%T{8w%{->{m|!q5=`pO?t}2XI5!7HGKKOTxBq6_xV%2U9XWh)qY4vq%I9?cWMe8@0f+#ihictB1eTQ^VMY;Z&Q?{W!DJdhE;mm#!l|B~-BoUcK0oM`xj
z<6TQ4Lfzs_B&{O{_RNv^(8!6Fg?AViamnpav}wm~iqx|b
zU3PFN{^O69o=Wmn&?@IT(jljx)TdQcBT~IbpIs%3Ol`LB{61|caJrwrM?+#nB;22c
zjXY7Z=WJL
zq&bbHA}*fd<#kL&#%^dIj{_pQ(3senXDx1w$sVsQDI?tIIhViqBawr3(Y1LM^<^>9
zb2R__dS*o$9J0K#KZvY6zCWqPv0iB`5iDD#oJZA+GqI#!Rvr**sBAYTZoSpg1
zI?OVh#@>7n0r{U6Q`SpqycCVhGqYQ@x>5uLGW|z5-GAz`hB-GqBPu4QM~JP+22;VJ
zJ^$l|IU^w}#4Yd~9YD-asz0#6lE*8U_mc@A1iP=Vs9zm8w*|!rBZs?QeBX_~lB(KM
zfCM#wn~lzOfd8e^xUo||tz!YuNW@FAWU0=pO!RMw9v-;?vE84|Adj3x8JO_g<d8|xj)IcQ)W!?R;|`@
zg*(!`d_NHL6G3sPPWR!rf_+bP2#g<_XtXI(=zBlW^!Ggt79cLR7FoT7lEDw)D*tMq
z&e~OGr%eUL0VAW6M6xmvTuZX3=Ov;;K(zOGUuXs~0?1u7
ze@{btw>#nlk;@66s-D@TJJJTmPyqnlO!hA_kr&zN+gSj*_LrF;H2VD@T?Y1Psh@mD
zI=hFV=YINjA{z;ik%YEOP0pFP&TH0u_dSeBnNA;91VTDMG*}Q-N@Yxvg0Cya}4WSk}^MEoO|*2AsuI9mz@S6~kaN?HEB>4xaO1p^4ZZdP7^^
zO7Bf!shveR!%7zd#F=``WBO#$rTfRhGX2b$`{c2t%U-nAn{CcFM!nOm7Cv*O)Bz})
zX2%HHG0fD|6oWuR=kkx0O^6iXOGp<>{P259KJ}GN`F4z8dLzg%V2_G@>iUyVkw
zK%4=P{AZrms`rzZw|8yr>|~){7Ff#$P9F?GQFspT(GRk?kILGWNBiMJYr
zc~2ltwM}?zDj1}htyW@!JP9b%AR;!^p6hygLD17dWytxh?+<{pOiaR9_ZFW3_5*wl$Up%x;`nzY1D8nzOub?7{HF8
zbow&M;jO`nuI_UCKHdQbmG??$(Fm-ah?JK03%8WPwP#1BU)1<5R0iW$63>okzM-MD
zLb=b4r~MeYxUkkfZKJG9wz+Au^&agEa4wk72B*ttL@BNGZ+Q)uT3t)>B}0pv08kHY
zcM*ao$`rr?=(}Ol1s4jwBGj)#X%nGSK!1_|H@A$huW#!;Q0tD4J_CU-Axin$H4S6q
zP=H(@KSRj?S8JPAbpp%+_I5lZS3Bi2of3ab9!4Q1WEvV&K>mh@_6_IRwx`gd3xsS)
zRc*+R!@t@l5JTkM-md2Avnrt+c?$YwpD8blVu9y@N-a=Pzh$DWP1EB{-h;~rb>Ij%
z8hcY1W_F9Y17*+UAcg}IMp;+amCUO?hG+%j_ngjXA7%xkXQ81JrFdb_@i}>Xy)U`p
zNq-c9V9`0W>S2=SU+Nt~KCn>5)0LApQl7h#r~N3Q@Ja+V_u!UX+1WiczF>~Cfrn{p
z&D#^_&}3+{1UHRg>`ldx6s%n*wJOC|zC0;bom3u1EqRJxOmkZDhedbkZT*So6JoLr
zkHiJ|%2KwjV|e<_cCh|&o1~5L3ztMQ-VoDHG38w4@_VC`A~n7~y`_S`gc?)Q_p-H5
z=LQu4xa`%Km&C1T7AF3bMdwbgY=)<#IFGG@k?r#GGU!O$Z$GmB4&TPc(z*Jaq9^A7
zfFL!s#!&ah4RhiX@Nxr^gRpSzdNdh%-at`p;i?HVd6N*HfAlrJT@!!=cer23!%a_5
zkNavTx|aW=o}LQaql?WU=|}kkdovA-wU+HTFD_2+YAo{7x*Xz;giz)JxZOL`wkC6ClmvgivJUV-e
zwzP2YWiZ)752x9&YG0Fvwn)0UGJd%x12XpYFA`xz$sJO&QXF3F(s)C~LUnRARdR)=
z9MbBr+Hoo5RX__FkCXTRRCU$7BKogN40LtfE>z7FHP5sV;V13@4*^B!mEqB|3I3T}
zhsOqsV^T~7NnQ^-hWZP2zj7RX>o#`58nK4(@bLJhOQaO(GSkU^P>unj=|GaAM{}ve
zSh*SItG%tQ|M0w+;vF!YZDjRBsvyjl6AsyVoGt?QSRevSk=g^^i_o~?AF0N>bPecr
z>ciN<$#bs7lqUOw%d!*xoqO4W>Z-{vMN>AE8(O|1@)%jef?gXMD}nDCPz*mOt5>E~
z5F?C|?GsQTt*JB9nWW2WP1BCZiZj!j+*bEY{#@5&;e_9aX|j0Bb%KDzpL?dm-q7@~
zRS%z=mMJs1E0%s5K|^BS#0?@91Oq#5Nn)s4HsmTyqpfIk^mV>f{2Ffc=~L-rj<>>e
zD_iw+-v>y4Hkx?_9X%(UI=A{yON#wER|qInt&CM3ZJ`$tLI66dYfx+-{}b24)GGg%@?W
z^U79fI?Bw=`%*9Iw*1uj)1{L2AM&MAg2w@(JO|J2F|6O~R|#WV9ziQnSE4UyXh>K-TT3wAK%I+a8?!Ps5x83)ZccH`sb_jz+w~
z0FP||P_Vg1J2=y75o{dNGc)T9`C(mPqm&V($J|;}KDl!eJ(E#nFLg8c_15^un{;Cz
zkHkvV^abS8GqK27i=T)T+)MbYVVY1GMc6DK^ewD}1^uxEA%fb{CsM1Uu|I}qBQvi&$g{i7A)B_ex#ZSRdh}Q@Rsq{n5MrQn
z-cfSEbgasZp?c{GhKLhWExm#z7g}Ct@(9w{mV3zdvm=*rUS#Mbsjym7d$}rJLW`T8
z;s)a||1)A2_L)zQzO}gf&2T)v@=5&uCUd)y)P?zlG8cI>6@Na@y$AsZnbDgmz4w{d
zP&RvPJottvv|lCBn90-b-nxZKkt{_H;h*Zl!ys)$E;oy>aKtgkxs|Cq0AB)-h^b7{r3nKt=gmVuA2Hri=2e^eJ>OjDF=C$-UI|
zC+4B{7Zs!TATq~RGwOCf+bxhd1^)87<)jH65YXx=`zt)D)XEiNUDe?*P{9TX$-ZZ!1c
z$1C6|o{Gg11N#RQCEUEc%5FWj5fN4lpqYR;Zz0oB;d*{a2^9?u4T$*^ff@un2gIc3
z{=!(Ce=O)$LA!Sw){~XMaY7176o`SK7eHMfW43%Y)G(}jp_YY)pp5yrqDpnbZ%OSN
zHv&Pa;4oIj06rqn^h)T}z(8>fmr^A5GM)T-{w%mr01RqAR6_&vjFzDxd3Mj!pFiz^
zdIwbbL!A$@x~7X}!9g#6Iv*nI=@h>)mFjn3st4_(PPjvYK)}X+I>gqxh2I^wK{1us
zJ>}&3ySeO!$h<2^V{oltg^vCpS_D(yrxlP}3te&G1?vj_Kf+
z?am&0M##QNa%(1I>Mel#aS@uRmllo3VeXWnBy!z0>>*>MoBLfkdAw{*oJw%lBMhZh>~XS^3NE4$9Y1lpQ5;kbZA6?A$3RI7pNS9W_4<2
zb<@`x#J^CLnA&X4>9Wb}hVmge2O!L+T+M8HdR1ZBp7L@gJz*in1qgt_R$6jxz@qG4
za-&~ovq1lT?s~hFUfRS2EcoK%<6jySLPrUZ%Al+ZCSyYXx4ISQey03Z%sh|jCFP%T
zQ$XV+LF)8GVNQ-|?{moL{@%FTvS9XidYu7!I{3?}(dVraz%Te`i`wh1n2H9EFGg$0
zgJuHzJ5OiG{P9n!yZ?UyPrkMr*i4*REVyJR3%3uPS*UEL#4@zB>N4QsS;
za(x4Rfe_=h*}G~Nzbve0fFcM|A;8fAREOU{0WRE1!rEx{)BHWI6~$A+_4(CIEs$Lc
z?GEbMNQN!FmWkq3%XV#cEgqgvE=g%F#XMp4r3Z23ltemSEIlRT?c1T9VK(K{u`TCw
z)zxtfrw#7`h9D5Y*jt2wFar@i
z1pbiOf}4jl&rC1KP{5~y5S5US;IgxE8&Xkt-H|X5LTz!cwX>qC53qKKa$Jt$@jLSy!vVFv?=q(+z&ahqRVUx)j|h(h`ne4n1q
z01I0X@57q_(xmWHr0@aZ)`dk|F~BRO=;n4F@_8id1QHrxIWI0jHhOuseF~&GBao<8
z#i{d974IEKL5K@2=Vi>yzGe37gNe(wcvjNcmIHrp0uZ{yxhY)a34NQc^;Fj{W&S*5%@-Ws@}ygm5b|3f=Fse2=#nCW4NZ(tXv=v7K}KVFK$OnLCSo6hY~5|8B*v;LFF2vW
z)R7}?qM9%!rnn=Ml9&sO-qF^4e-{-J5@OL^q^j~xq#us`6s}Y)>Nu$L;Hg;zW_R)6
z;Tl@^oG`plM1!RiMd|wC9=t?Q_P4N@EH8cyi$IweWtX{dk4@CmU7w0|(!bwmt(&y9
zeE%%PD5Omdkd)8#Ni4ZbB8{4W>2&#rQS(7%e{LHp`;EO)60TDi1`;;qXm{NDn}pw+
zPa~lk4sG>PArkW+EB5mAyso1|Tb2U6X5ctLPa#qi;sV{~F0^J!x<0e5$4b_;gaeOoKN7N8xq8=4bS{23QPt=V6}#pXs`;)Jvj~sffNGK`B4%{ZhU4y~^-~f=?f)?L<_L|8RP0bU46M<6?bl;$MO&bFn7wCXsT}`_`!J_=9lf6QBU(mjv
zmC8`*8xNQr=Q=pqAX-9Mkzn`h0PtCRbxLrq+K08FQ^RycJ3-F#+$#CA{ak{tFx!>SF)^

literal 0
HcmV?d00001

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 0c34e4caa5..4d2ab06e7a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -86,10 +86,43 @@ Examples of devices that should be marked as high value:
 
 ## Vulnerable devices report
 
-The vulnerable devices report shows graphs and bar charts of 
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
 
 Access the report by going to **Reports > Vulnerable devices**
 
+There are two columns:
+- Trends (over time)
+- Today (current information)
+
+### Severity levels
+
+Each device is counted only once according to the most severe vulnerability found on that device.
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-severity.png)
+
+### Exploit availability
+
+Each device is counted only once based on the highest level of known exploit.
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-exploit-availability.png)
+
+### Vulnerability age
+
+Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-age.png)
+
+### Vulnerable devices by operating system platform
+
+The number of devices on each operating system that are exposed due to software vulnerabilities. 
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-os.png)
+
+### Vulnerable devices by Windows 10 version
+
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS. 
+
+![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-version.png)
 
 ## Related topics
 

From bc9f0d31fc68190393a64842fbb57df887ae28c2 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 7 Oct 2020 18:13:44 -0700
Subject: [PATCH 024/346] filter

---
 .../microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md     | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 4d2ab06e7a..bfd68b825f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -94,6 +94,8 @@ There are two columns:
 - Trends (over time)
 - Today (current information)
 
+You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+
 ### Severity levels
 
 Each device is counted only once according to the most severe vulnerability found on that device.

From e96ef0be4444fe28b16f7597e282f6ea75642e69 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 10:22:28 +0530
Subject: [PATCH 025/346] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index e2c454f055..50877d13d0 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -1,3 +1,23 @@
+---
+title: "Onboard Windows 10 multi-session devices in Windows Virtual Desktop"
+description: "Read more in this article about Onboarding Windows 10 multi-session devices in Windows Virtual Desktop"
+keywords: Windows Virtual Desktop, WVD, microsoft defender, endpoint, onboard
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+ms.localizationpriority: medium
+audience: ITPro 
+ms.topic: article 
+author: Lovina-Saldanha
+ms.author: Lovina-Saldanha
+ms.custom: nextgen
+ms.date: 09/10/2020
+ms.reviewer: 
+manager: dansimp
+---
+
 #Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
 6 minutes to read 
 

From 7463080770d58b657cfc54abf5f94af2e3f8952e Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 10:39:50 +0530
Subject: [PATCH 026/346] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 22 +++++++++----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 50877d13d0..d4c3163f0c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -10,15 +10,15 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro 
 ms.topic: article 
-author: Lovina-Saldanha
-ms.author: Lovina-Saldanha
+author: v-lsaldanha
+ms.author: v-lsaldanha
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 
 manager: dansimp
 ---
 
-#Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
+# Onboard Windows 10 multi-session devices in Windows Virtual Desktop 
 6 minutes to read 
 
 Applies to: 
@@ -30,7 +30,7 @@ Applies to:
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
  ##Before you begin
-Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/en-us/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
 
 > [!NOTE]
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
@@ -53,7 +53,7 @@ Use a management tool to run the script.
 ####*Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
-Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
+Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
 
 Follow the instructions for a single entry for each device.
 
@@ -88,22 +88,22 @@ Click **OK** and close any open GPMC windows.
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
-For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
+For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
 
 > [!WARNING]
-> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
+> If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
 
 > [!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
+> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
 
 ####Tagging your machines when building your golden image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
-[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
+[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
 
 ####Other recommended configuration settings 
 
-When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
 In addition, if you’re using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
 
@@ -126,4 +126,4 @@ Exclude Processes:
 
 ####Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file

From 0f29629d0bcfca0a6c0418c6f71240b4a59811dd Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 11:02:57 +0530
Subject: [PATCH 027/346] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index d4c3163f0c..afe964dc52 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -30,7 +30,7 @@ Applies to:
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
  ##Before you begin
-Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
+Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
 
 > [!NOTE]
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 

From 9f00bd7b9243e3b1b6705a59bcd51a5662002155 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 11:51:19 +0530
Subject: [PATCH 028/346] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index afe964dc52..b8dc041943 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -10,8 +10,8 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro 
 ms.topic: article 
-author: v-lsaldanha
-ms.author: v-lsaldanha
+author: Lovina-Saldanha
+ms.author: Lovina-Saldanha
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 

From c2c8dc57eab1a00685d1ff8d3b7985f7ed0fca93 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 9 Oct 2020 14:47:51 +0530
Subject: [PATCH 029/346] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index b8dc041943..e63e6e10f9 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -27,9 +27,9 @@ Applies to:
 > [!WARNING]
 > Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
-Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on the needs of your organization, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
+Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
- ##Before you begin
+ ## Before you begin
 Familiarize yourself with the [considerations for non-persistent VDI](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1). While [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) does not provide non-persistence options, it does provide ways to use a golden Windows image that can be used to provision new hosts and redeploy machines. This increases volatility in the environment and thus impacts what entries are created and maintained in the Microsoft Defender for Endpoint portal, potentially reducing visibility for your security analysts.
 
 > [!NOTE]
@@ -44,23 +44,23 @@ Microsoft recommends adding the Microsoft Defender for Endpoint onboarding scrip
 > [!NOTE]
 > The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
 
-###Scenarios
+### Scenarios
 There are several ways to onboard a WVD host machine:
 
 Run the script in the golden image (or from a shared location) during startup.
 Use a management tool to run the script.
 
-####*Scenario 1: Using local group policy*
+#### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
 Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
 
 Follow the instructions for a single entry for each device.
 
-####*Scenario 2: Using domain group policy*
+#### *Scenario 2: Using domain group policy*
 This scenario uses a centrally located script and runs it using a domain-based group policy. You can also place the script in the golden image and run it in the same way.
 
-**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center **
+**Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center**
 1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
 - In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
 - Select Windows 10 as the operating system. 
@@ -84,7 +84,7 @@ Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard
 
 Click **OK** and close any open GPMC windows.
 
-####*Scenario 3: Onboarding using management tools*
+#### *Scenario 3: Onboarding using management tools*
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
@@ -96,12 +96,12 @@ For more information, see: [https://docs.microsoft.com/en-us/windows/security/th
 > [!TIP]
 > After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/run-detection-test). 
 
-####Tagging your machines when building your golden image 
+#### Tagging your machines when building your golden image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
 [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
 
-####Other recommended configuration settings 
+#### Other recommended configuration settings 
 
 When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
@@ -124,6 +124,6 @@ Exclude Processes:
 %ProgramFiles%\FSLogix\Apps\frxccds.exe 
 %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
 
-####Licensing requirements 
+#### Licensing requirements 
 
 Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file

From c3163f787bb73bef04ffbd3e308a4a6582956b03 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Fri, 9 Oct 2020 14:24:33 -0700
Subject: [PATCH 030/346] updated aria text

---
 .../threat-and-vuln-mgt-scenarios.md               | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index bfd68b825f..e85d9e0e9e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -100,31 +100,31 @@ You can filter the data by vulnerability severity levels, exploit availability,
 
 Each device is counted only once according to the most severe vulnerability found on that device.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-severity.png)
+![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
 
 ### Exploit availability
 
 Each device is counted only once based on the highest level of known exploit.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-exploit-availability.png)
+![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
 
 ### Vulnerability age
 
 Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-age.png)
+![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
 
 ### Vulnerable devices by operating system platform
 
-The number of devices on each operating system that are exposed due to software vulnerabilities. 
+The number of devices on each operating system that are exposed due to software vulnerabilities.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-os.png)
+![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
 
 ### Vulnerable devices by Windows 10 version
 
-The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS. 
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
 
-![Graphs of current device vulnerability severity levels, and over time.](images/tvm-report-version.png)
+![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
 
 ## Related topics
 

From 021ee87ae20c5a84676f39c2157744b933c08a05 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Mon, 12 Oct 2020 18:59:26 +0530
Subject: [PATCH 031/346] Update Onboard-Windows-10-multi-session-device.md

self review
---
 ...Onboard-Windows-10-multi-session-device.md | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index e63e6e10f9..5431501ad6 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -39,7 +39,7 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 >
 > Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
-Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. That way, it is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
+Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
 > [!NOTE]
 > The placement and configuration of the VDI onboarding startup script on the WVD golden image configures it as a startup script that runs when the WVD starts. It is NOT recommended to onboard the actual WVD golden image. Another consideration is the method used to run the script. It should run as early in the startup/provisioning process as possible to reduce the time between the machine being available to receive sessions and the device onboarding to the service. Below scenarios 1 & 2 take this into account.
@@ -53,7 +53,7 @@ Use a management tool to run the script.
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
-Use the instructions [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1)
+Use the instructions in [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
 
 Follow the instructions for a single entry for each device.
 
@@ -72,9 +72,9 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Open the Group Policy Management Console (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 1. In the Group Policy Management Editor, go to **Computer configuration** \> **Preferences** \> **Control panel settings**. 
 1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
-1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Then click **Check Names** then OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
+1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Click **Check Names** and then click OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
 1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. 
-1. Go to the **Actions** tab and click**New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
+1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
 
 Action = "Start a program" 
 
@@ -98,16 +98,17 @@ For more information, see: [https://docs.microsoft.com/en-us/windows/security/th
 
 #### Tagging your machines when building your golden image 
 
-As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center.  
-[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value)  
+As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
+[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
 
 #### Other recommended configuration settings 
 
 When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
-In addition, if you’re using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
+
+**Exclude Files:** 
 
-Exclude Files:  
 %ProgramFiles%\FSLogix\Apps\frxdrv.sys 
 %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
 %ProgramFiles%\FSLogix\Apps\frxccd.sys 
@@ -118,7 +119,7 @@ Exclude Files:
 \\storageaccount.file.core.windows.net\share\*\*.VHD 
 \\storageaccount.file.core.windows.net\share\*\*.VHDX 
 
-Exclude Processes: 
+**Exclude Processes:**
 
 %ProgramFiles%\FSLogix\Apps\frxccd.exe 
 %ProgramFiles%\FSLogix\Apps\frxccds.exe 
@@ -126,4 +127,4 @@ Exclude Processes:
 
 #### Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements)
\ No newline at end of file
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).

From cb3d1af3a0db1e075eb41bc15cae9b92afe208c9 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Mon, 12 Oct 2020 19:02:17 +0530
Subject: [PATCH 032/346] Update Onboard-Windows-10-multi-session-device.md

minor edit
---
 .../Onboard-Windows-10-multi-session-device.md                 | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 5431501ad6..c101c03c30 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -74,7 +74,8 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Right-click **Scheduled tasks**, click **New**, and then click **Immediate Task** (At least Windows 7). 
 1. In the Task window that opens, go to the **General** tab. Under **Security options** click **Change User or Group** and type SYSTEM. Click **Check Names** and then click OK. NT AUTHORITY\SYSTEM appears as the user account the task will run as. 
 1. Select **Run whether user is logged on or not** and check the **Run with highest privileges** check box. 
-1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. Enter the following: 
+1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
+Enter the following: 
 
 Action = "Start a program" 
 

From 0ae16edbf546b22eb319b48325b064f163f57c18 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Mon, 12 Oct 2020 19:05:06 +0530
Subject: [PATCH 033/346] Update Onboard-Windows-10-multi-session-device.md

updated author
---
 .../Onboard-Windows-10-multi-session-device.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index c101c03c30..80ce12367f 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -10,8 +10,8 @@ ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro 
 ms.topic: article 
-author: Lovina-Saldanha
-ms.author: Lovina-Saldanha
+author: dansimp
+ms.author: dansimp
 ms.custom: nextgen
 ms.date: 09/10/2020
 ms.reviewer: 

From dbfbb444a6d37079e610dcb7832f4f90a3ea8d45 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 12 Oct 2020 16:59:23 -0700
Subject: [PATCH 034/346] new info

---
 .../threat-and-vuln-mgt-scenarios.md           | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
index 6f340c91ec..5e03b94532 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/threat-and-vuln-mgt-scenarios.md
@@ -88,41 +88,43 @@ Examples of devices that should be marked as high value:
 
 ## Vulnerable devices report
 
-The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
 
 Access the report by going to **Reports > Vulnerable devices**
 
 There are two columns:
-- Trends (over time)
+- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
 - Today (current information)
 
-You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
 
-### Severity levels
+**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
+
+### Severity level graphs
 
 Each device is counted only once according to the most severe vulnerability found on that device.
 
 ![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
 
-### Exploit availability
+### Exploit availability graphs
 
 Each device is counted only once based on the highest level of known exploit.
 
 ![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
 
-### Vulnerability age
+### Vulnerability age graphs
 
 Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
 
 ![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
 
-### Vulnerable devices by operating system platform
+### Vulnerable devices by operating system platform graphs
 
 The number of devices on each operating system that are exposed due to software vulnerabilities.
 
 ![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
 
-### Vulnerable devices by Windows 10 version
+### Vulnerable devices by Windows 10 version graphs
 
 The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
 

From 7ef2df3d7c12a6573443e407b7f31f2d40416b85 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 10:55:30 +0530
Subject: [PATCH 035/346] Update Onboard-Windows-10-multi-session-device.md

minor changes
---
 ...Onboard-Windows-10-multi-session-device.md | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 80ce12367f..b533b8a3ee 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -36,8 +36,8 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
 > - Single entry for each virtual device 
 > - Multiple entries for each virtual device 
->
-> Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+
+Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
@@ -47,8 +47,8 @@ Microsoft recommends adding the Microsoft Defender for Endpoint onboarding scrip
 ### Scenarios
 There are several ways to onboard a WVD host machine:
 
-Run the script in the golden image (or from a shared location) during startup.
-Use a management tool to run the script.
+- Run the script in the golden image (or from a shared location) during startup.
+- Use a management tool to run the script.
 
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
@@ -110,21 +110,21 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 **Exclude Files:** 
 
-%ProgramFiles%\FSLogix\Apps\frxdrv.sys 
-%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
-%ProgramFiles%\FSLogix\Apps\frxccd.sys 
-%TEMP%\*.VHD 
-%TEMP%\*.VHDX 
-%Windir%\TEMP\*.VHD 
-%Windir%\TEMP\*.VHDX 
-\\storageaccount.file.core.windows.net\share\*\*.VHD 
-\\storageaccount.file.core.windows.net\share\*\*.VHDX 
+> %ProgramFiles%\FSLogix\Apps\frxdrv.sys 
+> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
+> %ProgramFiles%\FSLogix\Apps\frxccd.sys 
+> %TEMP%\*.VHD 
+> %TEMP%\*.VHDX 
+> %Windir%\TEMP\*.VHD 
+> %Windir%\TEMP\*.VHDX 
+> \\storageaccount.file.core.windows.net\share\*\*.VHD 
+> \\storageaccount.file.core.windows.net\share\*\*.VHDX 
 
 **Exclude Processes:**
 
-%ProgramFiles%\FSLogix\Apps\frxccd.exe 
-%ProgramFiles%\FSLogix\Apps\frxccds.exe 
-%ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccd.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccds.exe 
+> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
 
 #### Licensing requirements 
 

From aa5f497d660564371f4e6fee4a64dfae3e7d894a Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 11:04:22 +0530
Subject: [PATCH 036/346] Update Onboard-Windows-10-multi-session-device.md

---
 ...Onboard-Windows-10-multi-session-device.md | 32 +++++++++----------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index 80ce12367f..5ef021c345 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -36,8 +36,8 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
 > - Single entry for each virtual device 
 > - Multiple entries for each virtual device 
->
-> Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+
+ Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
@@ -47,8 +47,8 @@ Microsoft recommends adding the Microsoft Defender for Endpoint onboarding scrip
 ### Scenarios
 There are several ways to onboard a WVD host machine:
 
-Run the script in the golden image (or from a shared location) during startup.
-Use a management tool to run the script.
+- Run the script in the golden image (or from a shared location) during startup.
+- Use a management tool to run the script.
 
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
@@ -110,21 +110,21 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 **Exclude Files:** 
 
-%ProgramFiles%\FSLogix\Apps\frxdrv.sys 
-%ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
-%ProgramFiles%\FSLogix\Apps\frxccd.sys 
-%TEMP%\*.VHD 
-%TEMP%\*.VHDX 
-%Windir%\TEMP\*.VHD 
-%Windir%\TEMP\*.VHDX 
-\\storageaccount.file.core.windows.net\share\*\*.VHD 
-\\storageaccount.file.core.windows.net\share\*\*.VHDX 
+> ProgramFiles%\FSLogix\Apps\frxdrv.sys 
+> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
+> %ProgramFiles%\FSLogix\Apps\frxccd.sys 
+> %TEMP%\*.VHD 
+> %TEMP%\*.VHDX 
+> %Windir%\TEMP\*.VHD 
+> %Windir%\TEMP\*.VHDX 
+> \\storageaccount.file.core.windows.net\share\*\*.VHD 
+> \\storageaccount.file.core.windows.net\share\*\*.VHDX 
 
 **Exclude Processes:**
 
-%ProgramFiles%\FSLogix\Apps\frxccd.exe 
-%ProgramFiles%\FSLogix\Apps\frxccds.exe 
-%ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccd.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccds.exe 
+> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
 
 #### Licensing requirements 
 

From 15855b8eee90fc6fda66c0991317c9554b84b5d2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 11:26:49 +0530
Subject: [PATCH 037/346] Update Onboard-Windows-10-multi-session-device.md

Formatting changes done
---
 ...Onboard-Windows-10-multi-session-device.md | 35 +++++++++----------
 1 file changed, 16 insertions(+), 19 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index b533b8a3ee..d458346a5c 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -77,13 +77,10 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-Action = "Start a program" 
-
-Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
-
-Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
-
-Click **OK** and close any open GPMC windows.
+   > Action = "Start a program" 

+   > Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

+   > Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1" 

+   > Click **OK** and close any open GPMC windows. 

 
 #### *Scenario 3: Onboarding using management tools*
 
@@ -110,21 +107,21 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 **Exclude Files:** 
 
-> %ProgramFiles%\FSLogix\Apps\frxdrv.sys 
-> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 
-> %ProgramFiles%\FSLogix\Apps\frxccd.sys 
-> %TEMP%\*.VHD 
-> %TEMP%\*.VHDX 
-> %Windir%\TEMP\*.VHD 
-> %Windir%\TEMP\*.VHDX 
-> \\storageaccount.file.core.windows.net\share\*\*.VHD 
-> \\storageaccount.file.core.windows.net\share\*\*.VHDX 
+> %ProgramFiles%\FSLogix\Apps\frxdrv.sys 

+> %ProgramFiles%\FSLogix\Apps\frxdrvvt.sys 

+> %ProgramFiles%\FSLogix\Apps\frxccd.sys 

+> %TEMP%\*.VHD 

+> %TEMP%\*.VHDX 

+> %Windir%\TEMP\*.VHD 

+> %Windir%\TEMP\*.VHDX 

+> \\storageaccount.file.core.windows.net\share\*\*.VHD 

+> \\storageaccount.file.core.windows.net\share\*\*.VHDX 

 
 **Exclude Processes:**
 
-> %ProgramFiles%\FSLogix\Apps\frxccd.exe 
-> %ProgramFiles%\FSLogix\Apps\frxccds.exe 
-> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 
+> %ProgramFiles%\FSLogix\Apps\frxccd.exe 

+> %ProgramFiles%\FSLogix\Apps\frxccds.exe 

+> %ProgramFiles%\FSLogix\Apps\frxsvc.exe 

 
 #### Licensing requirements 
 

From 3eb4e1cfad30f6674b3fbae8b47521709c5ef728 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 14:47:27 +0530
Subject: [PATCH 038/346] Update Onboard-Windows-10-multi-session-device.md

minor edits
---
 .../Onboard-Windows-10-multi-session-device.md        | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
index d458346a5c..067297e90d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
@@ -77,10 +77,13 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-   > Action = "Start a program" 

-   > Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

-   > Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1" 

-   > Click **OK** and close any open GPMC windows. 

+Action = "Start a program" 
+
+Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
+
+Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
+
+Click **OK** and close any open GPMC windows.
 
 #### *Scenario 3: Onboarding using management tools*
 

From 016d149f367ee3bfa5ebbc6f836c69bd66f8ad32 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 22:33:51 +0530
Subject: [PATCH 039/346] Update TOC.md

Updated new topic "Onboard Windows 10 multi-session devices in Windows Virtual Desktop" under How-To > Onboard Windows 10 devices
---
 windows/security/threat-protection/TOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 9114b320d4..6a72a748d4 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -447,6 +447,7 @@
 ##### [Onboard devices using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
 ##### [Onboard devices using a local script](microsoft-defender-atp/configure-endpoints-script.md)
 ##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](microsoft-defender-atp/configure-endpoints-vdi.md)
+##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](Onboard-Windows-10-multi-session-device.md)
  
 #### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
 #### [Onboard non-Windows devices](microsoft-defender-atp/configure-endpoints-non-windows.md)

From 4812278c1faa1ec6374d02cced89df04940a1ec3 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 22:50:33 +0530
Subject: [PATCH 040/346] moved the file

---
 .../Onboard-Windows-10-multi-session-device.md                    | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename windows/security/threat-protection/{microsoft-defender-antivirus => microsoft-defender-atp}/Onboard-Windows-10-multi-session-device.md (100%)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
similarity index 100%
rename from windows/security/threat-protection/microsoft-defender-antivirus/Onboard-Windows-10-multi-session-device.md
rename to windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md

From 5ec742476631ba2ef32e026db70198c0a5fa945a Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 22:52:43 +0530
Subject: [PATCH 041/346] Update TOC.md

minor correction in file path
---
 windows/security/threat-protection/TOC.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 6a72a748d4..b3c478d48e 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -447,7 +447,7 @@
 ##### [Onboard devices using Mobile Device Management tools](microsoft-defender-atp/configure-endpoints-mdm.md)
 ##### [Onboard devices using a local script](microsoft-defender-atp/configure-endpoints-script.md)
 ##### [Onboard non-persistent virtual desktop infrastructure (VDI) devices](microsoft-defender-atp/configure-endpoints-vdi.md)
-##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](Onboard-Windows-10-multi-session-device.md)
+##### [Onboard Windows 10 multi-session devices in Windows Virtual Desktop](microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md)
  
 #### [Onboard servers](microsoft-defender-atp/configure-server-endpoints.md)
 #### [Onboard non-Windows devices](microsoft-defender-atp/configure-endpoints-non-windows.md)

From 497b1e8449c31433b10bb4c5bdaebaea4c939625 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 15 Oct 2020 23:03:05 +0530
Subject: [PATCH 042/346] Update TOC.md

build error fixed
---
 windows/security/threat-protection/TOC.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index b3c478d48e..47a8e22219 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -1332,3 +1332,5 @@
 ### [Windows 10 Mobile security guide](windows-10-mobile-security-guide.md)
 
 ## [Change history for Threat protection](change-history-for-threat-protection.md)
+
+

From 7c8d2d023f955e23a0b26cc84f6da20f97458642 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 23:27:56 +0530
Subject: [PATCH 043/346] minor edits

---
 .../Onboard-Windows-10-multi-session-device.md   | 16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 067297e90d..81970fef04 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -62,10 +62,10 @@ This scenario uses a centrally located script and runs it using a domain-based g
 
 **Download the WindowsDefenderATPOnboardingPackage.zip file from the Windows Defender Security Center**
 1. Open the VDI configuration package .zip file (WindowsDefenderATPOnboardingPackage.zip)  
-- In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
-- Select Windows 10 as the operating system. 
-- In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 
-- Click **Download package** and save the .zip file. 
+    - In the Microsoft Defender Security Center navigation pane, select **Settings** > **Onboarding**. 
+    - Select Windows 10 as the operating system. 
+    - In the **Deployment method** field, select VDI onboarding scripts for non-persistent endpoints. 
+    - Click **Download package** and save the .zip file. 
 2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the device. You should have a folder called **OptionalParamsPolicy** and the files **WindowsDefenderATPOnboardingScript.cmd** and **Onboard-NonPersistentMachine.ps1**.
 
 **Use Group Policy management console to run the script when the virtual machine starts**
@@ -77,11 +77,9 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-Action = "Start a program" 
-
-Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 
-
-Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
+> Action = "Start a program" 
+> Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

+> Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
 
 Click **OK** and close any open GPMC windows.
 

From c7cd6ebfe57caf98fa8f28dd128d3fe29693f901 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 15 Oct 2020 23:33:43 +0530
Subject: [PATCH 044/346] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 81970fef04..b0188d926d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -77,7 +77,7 @@ This scenario uses a centrally located script and runs it using a domain-based g
 1. Go to the **Actions** tab and click **New**. Ensure that **Start a program** is selected in the Action field. 
 Enter the following: 
 
-> Action = "Start a program" 
+> Action = "Start a program" 

 > Program/Script = C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe 

 > Add Arguments (optional) = -ExecutionPolicy Bypass -command "& \\Path\To\Onboard-NonPersistentMachine.ps1"
 

From c559f3db8193920874381af96d18f9d6afa7cb0f Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Thu, 15 Oct 2020 21:01:10 -0700
Subject: [PATCH 045/346] Update Onboard-Windows-10-multi-session-device.md

---
 .../Onboard-Windows-10-multi-session-device.md     | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index b0188d926d..baa60e50c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -22,10 +22,10 @@ manager: dansimp
 6 minutes to read 
 
 Applies to: 
-- Windows 10 Multi-session running on Windows Virtual Desktop (WVD) 
+- Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
 
 > [!WARNING]
-> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender ATP support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
@@ -53,7 +53,7 @@ There are several ways to onboard a WVD host machine:
 #### *Scenario 1: Using local group policy*
 This scenario requires placing the script in a golden image and uses local group policy to run early in the boot process.
 
-Use the instructions in [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1 ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
+Use the instructions in [Onboard non-persistent virtual desktop infrastructure VDI devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi#onboard-non-persistent-virtual-desktop-infrastructure-vdi-devices-1).
 
 Follow the instructions for a single entry for each device.
 
@@ -87,7 +87,7 @@ Click **OK** and close any open GPMC windows.
 
 If you plan to manage your machines using a management tool, you can onboard devices with Microsoft Endpoint Configuration Manager.
 
-For more information, see: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
+For more information, see: [Onboard Windows 10 devices using Configuration Manager](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm) 
 
 > [!WARNING]
 > If you plan to use [Attack Surface reduction Rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction), please note that rule “[Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction#block-process-creations-originating-from-psexec-and-wmi-commands)" should not be used as it is incompatible with management through Microsoft Endpoint Configuration Manager because this rule blocks WMI commands the Configuration Manager client uses to function correctly. 
@@ -98,11 +98,11 @@ For more information, see: [https://docs.microsoft.com/en-us/windows/security/th
 #### Tagging your machines when building your golden image 
 
 As part of your onboarding, you may want to consider setting a machine tag to be able to differentiate WVD machines more easily in the Microsoft Security Center. For more information, see 
-[https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
+[Add device tags by setting a registry key value](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/machine-tags#add-device-tags-by-setting-a-registry-key-value). 
 
 #### Other recommended configuration settings 
 
-When building your golden image, you may want to configure initial protection settings as well. For more information, see [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
+When building your golden image, you may want to configure initial protection settings as well. For more information, see [Other recommended configuration settings](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp#other-recommended-configuration-settings). 
 
 In addition, if you are using FSlogix user profiles, we recommend you exclude the following files from always-on protection: 
 
@@ -126,4 +126,4 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 #### Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements ](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [Licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).

From d6ff8c6bad5c8736d46729ebef04b01127398ed2 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Fri, 16 Oct 2020 12:11:28 +0530
Subject: [PATCH 046/346] Update Onboard-Windows-10-multi-session-device.md

Rebranding names updated
---
 .../Onboard-Windows-10-multi-session-device.md              | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index baa60e50c3..94d68926bf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -23,9 +23,11 @@ manager: dansimp
 
 Applies to: 
 - Windows 10 multi-session running on Windows Virtual Desktop (WVD) 
+> [!IMPORTANT]
+> Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
 
 > [!WARNING]
-> Microsoft Defender ATP support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender for Endpoint (MSDE) support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
@@ -37,7 +39,7 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 > - Single entry for each virtual device 
 > - Multiple entries for each virtual device 
 
-Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the MDATP portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MDATP portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the Microsoft Defender Endpoint portal (MSDE) is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MSDE portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 

From 9ba48a690c095eab588fe6c9378d4c3005ff26bc Mon Sep 17 00:00:00 2001
From: Rick Munck <33725928+jmunck@users.noreply.github.com>
Date: Tue, 20 Oct 2020 11:15:29 -0500
Subject: [PATCH 047/346] Update security-compliance-toolkit-10.md

Added new baseline for 20H2
---
 .../security/threat-protection/security-compliance-toolkit-10.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/security-compliance-toolkit-10.md b/windows/security/threat-protection/security-compliance-toolkit-10.md
index 4941242b47..e8dd6ab29f 100644
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@@ -27,6 +27,7 @@ The SCT enables administrators to effectively manage their enterprise’s Group
 The Security Compliance Toolkit consists of:
 
 - Windows 10 security baselines
+    - Windows 10 Version 20H2 (October 2020 Update)
     - Windows 10 Version 2004 (May 2020 Update)
     - Windows 10 Version 1909 (November 2019 Update)
     - Windows 10 Version 1903 (May 2019 Update)

From 20545abfd3681a634befb8ed81249c23494aa78f Mon Sep 17 00:00:00 2001
From: garrettburk123 <55765124+garrettburk123@users.noreply.github.com>
Date: Tue, 20 Oct 2020 12:44:13 -0700
Subject: [PATCH 048/346] Updating to add the most recent certifications

Windows 10 version 1809 and Windows Server 2019 recently had FIPS 140 certificates issued. This update adds new tables reflecting this status. One table is in the "Modules used by Windows" section and the other is in the "Modules used by Windows Server" section.

Additionally, this update fixes spacing issues in the "Using Windows in a FIPS 140-2 approved mode of operation" section to separate paragraphs.
---
 .../threat-protection/fips-140-validation.md  | 144 +++++++++++++++++-
 1 file changed, 142 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 262058bf1d..e86723ea32 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -28,9 +28,9 @@ Microsoft maintains an active commitment to meeting the requirements of the FIPS
 ## Using Windows in a FIPS 140-2 approved mode of operation
 
 Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation. This is commonly referred to as “FIPS mode.”  When this mode is enabled, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows cryptographic operations are run. These self-tests are run in accordance with FIPS 140-2 Section 4.9 and are utilized to ensure that the modules are functioning properly. The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by this mode of operation. The FIPS 140-2 approved mode of operation will not prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. For applications or components beyond the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library, FIPS mode is merely advisory.
- 
+
 While US government regulations continue to mandate that FIPS mode be enabled on government computers running Windows, our recommendation is that it is each customer’s decision to make when considering enabling FIPS mode. There are many applications and protocols that look to the FIPS mode policy to determine which cryptographic functionality should be utilized in a given solution. We recommend that customers hoping to comply with FIPS 140-2 research the configuration settings of applications and protocols they may be using to ensure their solutions can be configured to utilize the FIPS 140-2 validated cryptography provided by Windows when it is operating in FIPS 140-2 approved mode. 
- 
+
 Achieving this FIPS 140-2 approved mode of operation of Windows requires administrators to complete all four steps outlined below.
 
 ### Step 1: Ensure FIPS 140-2 validated cryptographic modules are installed
@@ -89,6 +89,76 @@ The following tables identify the cryptographic modules used in an operating sys
 
 ## Modules used by Windows
 
+##### Windows 10 Fall 2018 Update (Version 1809)
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+

++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+






Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information

+
 ##### Windows 10 Spring 2018 Update (Version 1803)
 
 Validated Editions: Home, Pro, Enterprise, Education
@@ -1336,6 +1406,76 @@ Validated Editions: Ultimate Edition
 
 ## Modules used by Windows Server
 
+##### Windows Server 2019 (Version 1809)
+
+Validated Editions: Standard, Datacenter
+
+
++++++
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+






Cryptographic ModuleVersion (link to Security Policy)FIPS Certificate #Algorithms
Cryptographic Primitives Library10.0.17763#3197See Security Policy and Certificate page for algorithm information
Kernel Mode Cryptographic Primitives Library10.0.17763#3196See Security Policy and Certificate page for algorithm information
Code Integrity10.0.17763#3644See Security Policy and Certificate page for algorithm information
Windows OS Loader10.0.17763#3615See Security Policy and Certificate page for algorithm information
Secure Kernel Code Integrity10.0.17763#3651See Security Policy and Certificate page for algorithm information
BitLocker Dump Filter10.0.17763#3092See Security Policy and Certificate page for algorithm information
Boot Manager10.0.17763#3089See Security Policy and Certificate page for algorithm information
Virtual TPM10.0.17763#3690See Security Policy and Certificate page for algorithm information

+
 ##### Windows Server (Version 1803)
 
 Validated Editions: Standard, Datacenter

From 77c3c09e42e62da5739a2e2a9cd2787792d2c2d8 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Tue, 20 Oct 2020 14:33:32 -0700
Subject: [PATCH 049/346] vulnerable devices report

---
 .../tvm-hunt-exposed-devices.md               | 45 -----------
 .../tvm-vulnerable-devices-report.md          | 81 +++++++++++++++++++
 2 files changed, 81 insertions(+), 45 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
index d02858e0d6..694318d1d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-hunt-exposed-devices.md
@@ -66,51 +66,6 @@ DeviceName=any(DeviceName) by DeviceId, AlertId
 
 ```
 
-
-## Vulnerable devices report
-
-The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
-
-Access the report by going to **Reports > Vulnerable devices**
-
-There are two columns:
-- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
-- Today (current information)
-
-**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
-
-**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
-
-### Severity level graphs
-
-Each device is counted only once according to the most severe vulnerability found on that device.
-
-![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
-
-### Exploit availability graphs
-
-Each device is counted only once based on the highest level of known exploit.
-
-![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
-
-### Vulnerability age graphs
-
-Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
-
-![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
-
-### Vulnerable devices by operating system platform graphs
-
-The number of devices on each operating system that are exposed due to software vulnerabilities.
-
-![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
-
-### Vulnerable devices by Windows 10 version graphs
-
-The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
-
-![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
-
 ## Related topics
 
 - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
new file mode 100644
index 0000000000..bda9f0c30c
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -0,0 +1,81 @@
+---
+title: 	Hunt for exposed devices 
+description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate.
+keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls 
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: ellevin
+author: levinec
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: article
+---
+
+# Vulnerable devices report- threat and vulnerability management
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+>Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
+
+The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
+
+Access the report by going to **Reports > Vulnerable devices**
+
+There are two columns:
+- Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
+- Today (current information)
+
+**Filter**: You can filter the data by vulnerability severity levels, exploit availability, vulnerability age, operating system platform, Windows 10 version, or device group.
+
+**Drill down**: If there is an insight you want to explore further, select the relevant bar chart to view a filtered list of devices in the Device inventory page. From there, you can export the list.
+
+## Severity level graphs
+
+Each device is counted only once according to the most severe vulnerability found on that device.
+
+![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
+
+## Exploit availability graphs
+
+Each device is counted only once based on the highest level of known exploit.
+
+![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
+
+## Vulnerability age graphs
+
+Each device is counted only once under the oldest vulnerability publication date. Older vulnerabilities have a higher chance of being exploited.
+
+![One graph of current device vulnerability age, and one graph showing age over time.](images/tvm-report-age.png)
+
+## Vulnerable devices by operating system platform graphs
+
+The number of devices on each operating system that are exposed due to software vulnerabilities.
+
+![One graph of current vulnerable devices by operating system platform, and one graph showing vulnerable devices by OS platforms over time.](images/tvm-report-os.png)
+
+## Vulnerable devices by Windows 10 version graphs
+
+The number of devices on each Windows 10 version that are exposed due to vulnerable applications or OS.
+
+![One graph of current vulnerable devices by Windows 10 version, and one graph showing vulnerable devices by Windows 10 version over time.](images/tvm-report-version.png)
+
+## Related topics
+
+- [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
+- [Security recommendations](tvm-security-recommendation.md)
+- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
+- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
+- [Advanced hunting overview](overview-hunting.md)
+- [All advanced hunting tables](advanced-hunting-reference.md)

From ff1b1e6b9d5a95a5749bbaad59675d90388a6045 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Tue, 20 Oct 2020 16:08:50 -0700
Subject: [PATCH 050/346] add deployment ring table

---
 .../deployment-phases.md                      | 21 +++++++++++++++++++
 .../deployment-rings.md                       |  0
 2 files changed, 21 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 147eb07fb2..98afe5e640 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -41,6 +41,27 @@ There are three phases in deploying Microsoft Defender ATP:
 
 There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
 
+## Deploy Microsoft Defender ATP in rings
+
+Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
+
+A ring-based approach is a method of identifying a set of machines to onboard with specific timelines and verifying that certain criteria are met before the deploying to a larger set of devices.
+
+Adopting a ring-based deployment helps reduce potential issues or conflicts that could arise while rolling the service out. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise. 
+
+
+Table 1 provides an example of the deployment rings you might use. 
+
+**Table 1**
+
+|**Deployment ring**|**Description**|
+|:-----|:-----|
+Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing - Focus on the security team, IT team and maybe Helpdesk
+Full scale pilot | Phase 2: 100  systems 
 	Phase 3: 150 systems 
 Phase 4: 500 systems 
 Phase 5: 1000 systems 

 Review and assess if there required tweaks to deployment. 
+Full deployment | Roll out service to the rest of environment in larger increments.
+
+
+
 ## In Scope
 
 The following is in scope for this deployment guide:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
new file mode 100644
index 0000000000..e69de29bb2

From b74a41aa5209232bd45c956b875674094acf337a Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 20 Oct 2020 17:01:00 -0700
Subject: [PATCH 051/346] added content

---
 .../mdm/policy-csp-admx-bits.md               | 119 ++++++++++++++++++
 1 file changed, 119 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-bits.md

diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
new file mode 100644
index 0000000000..96a81a6e58
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -0,0 +1,119 @@
+---
+title: Policy CSP - ADMX_Bits
+description: Policy CSP - ADMX_Bits
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/20/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Bits
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+

+
+
+## ADMX_Bits policies  
+
+

+  

+    ADMX_Bits/IncludeCmdLine
+  

+

+
+
+

+
+
+**ADMX_AuditSettings/IncludeCmdLine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
Windows EditionSupported?
Homecross mark
Procross mark
Businesscross mark
Enterprisecheck mark
Educationcross mark

+
+
+

+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+

+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+
+If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+
+If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.  
+
+Default is Not configured.
+
+> [!NOTE]
+> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Include command line in process creation events*
+-   GP name: *IncludeCmdLine*
+-   GP path: *System/Audit Process Creation*
+-   GP ADMX file name: *AuditSettings.admx*
+
+
+
+

+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From d2706507ce70c61026d0909d51f9fcaeda0b9474 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Wed, 21 Oct 2020 09:53:16 -0700
Subject: [PATCH 052/346] add line break

---
 .../microsoft-defender-atp/deployment-phases.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 98afe5e640..4e23d893f1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -56,7 +56,7 @@ Table 1 provides an example of the deployment rings you might use.
 
 |**Deployment ring**|**Description**|
 |:-----|:-----|
-Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing - Focus on the security team, IT team and maybe Helpdesk
+Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing. 
 Focus on the security team, IT team and maybe Helpdesk.
 Full scale pilot | Phase 2: 100  systems 
 	Phase 3: 150 systems 
 Phase 4: 500 systems 
 Phase 5: 1000 systems 

 Review and assess if there required tweaks to deployment. 
 Full deployment | Roll out service to the rest of environment in larger increments.
 

From 1e194317db2d5aad0b1adab0e47401829a98bfa6 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Wed, 21 Oct 2020 22:04:44 +0500
Subject: [PATCH 053/346] Updated login user example

The login format was not properly mentioned in the document. Updated this info.

Problem: https://github.com/MicrosoftDocs/windows-itpro-docs/issues/1656
---
 windows/client-management/connect-to-remote-aadj-pc.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index f25c37dce5..13ee43e312 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -63,7 +63,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
   4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-     > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

From ffff4cf5772e245a48ab0043bf6b2ffcdf4839c8 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 21 Oct 2020 10:32:48 -0700
Subject: [PATCH 054/346] Added policies

---
 .../mdm/policy-csp-admx-bits.md               | 41 ++++++++++++++++++-
 1 file changed, 40 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index 96a81a6e58..c4a92baec1 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -23,7 +23,46 @@ manager: dansimp
 
 

   

-    ADMX_Bits/IncludeCmdLine
+    ADMX_Bits/BITS_DisableBranchCache
+  

+  

+    ADMX_Bits/BITS_DisablePeercachingClient
+  

+  

+    ADMX_Bits/BITS_DisablePeercachingServer
+  

+  

+    ADMX_Bits/BITS_EnablePeercaching
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthServedForPeers
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthV2_Maintenance
+  

+  

+    ADMX_Bits/BITS_MaxBandwidthV2_Work
+  

+  

+    ADMX_Bits/BITS_MaxCacheSize
+  

+  

+    ADMX_Bits/BITS_MaxContentAge
+  

+  

+    ADMX_Bits/BITS_MaxDownloadTime
+  

+  

+    ADMX_Bits/BITS_MaxFilesPerJob
+  

+  

+    ADMX_Bits/BITS_MaxJobsPerMachine
+  

+  

+    ADMX_Bits/BITS_MaxJobsPerUser
+  

+  

+    ADMX_Bits/BITS_MaxRangesPerFile
   

 

 

From 45e02efe854350367849904b29e4a4cd7049a1a3 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Wed, 21 Oct 2020 13:36:06 -0700
Subject: [PATCH 055/346] new deployment rings topic

---
 windows/security/threat-protection/TOC.md     |   1 +
 .../deployment-phases.md                      |  21 +---
 .../deployment-rings.md                       |  92 ++++++++++++++++++
 .../images/deployment-rings.png               | Bin 0 -> 37348 bytes
 4 files changed, 94 insertions(+), 20 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 632fbafb38..52deba3ff6 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -16,6 +16,7 @@
 ## [Plan deployment](microsoft-defender-atp/deployment-strategy.md)
 
 ## [Deployment guide]()
+### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
 ### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
 ### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 4e23d893f1..9d66c621de 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -29,7 +29,7 @@ ms.topic: article
 
 There are three phases in deploying Microsoft Defender ATP:
 
-|Phase | Desription | 
+|Phase | Description | 
 |:-------|:-----|
 | ![Phase 1: Prepare](images/prepare.png)
[Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Microsoft Defender ATP: 

- Stakeholders and sign-off 
 - Environment considerations 
- Access 
 - Adoption order
 |  ![Phase 2: Setup](images/setup.png) 
[Phase 2: Setup](production-deployment.md)|  Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:

- Validating the licensing 
  - Completing the setup wizard within the portal
- Network configuration|
@@ -41,25 +41,6 @@ There are three phases in deploying Microsoft Defender ATP:
 
 There are several methods you can use to onboard to the service. For information on other ways to onboard, see [Onboard devices to Microsoft Defender ATP](onboard-configure.md).
 
-## Deploy Microsoft Defender ATP in rings
-
-Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
-
-A ring-based approach is a method of identifying a set of machines to onboard with specific timelines and verifying that certain criteria are met before the deploying to a larger set of devices.
-
-Adopting a ring-based deployment helps reduce potential issues or conflicts that could arise while rolling the service out. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise. 
-
-
-Table 1 provides an example of the deployment rings you might use. 
-
-**Table 1**
-
-|**Deployment ring**|**Description**|
-|:-----|:-----|
-Pilot and deployment planning | Phase 1: Identify 50 systems for pilot testing. 
 Focus on the security team, IT team and maybe Helpdesk.
-Full scale pilot | Phase 2: 100  systems 
 	Phase 3: 150 systems 
 Phase 4: 500 systems 
 Phase 5: 1000 systems 

 Review and assess if there required tweaks to deployment. 
-Full deployment | Roll out service to the rest of environment in larger increments.
-
 
 
 ## In Scope
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index e69de29bb2..e43f88673b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -0,0 +1,92 @@
+---
+title: Deploy Microsoft Defender ATP in rings
+description: Learn how deploy Microsoft Defender ATP in rings
+keywords: deploy, rings, setup, onboard, phase, deployment, deploying, adoption, configuring
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- M365-security-compliance
+- m365solution-endpointprotect
+- m365solution-overview  
+ms.topic: article
+---
+
+# Deploy Microsoft Defender ATP in rings
+
+[!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
+
+**Applies to:**
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+
+
+Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
+
+![Image of deployment rings](images/deployment-rings.png)
+
+
+A ring-based approach is a method of identifying a set of endpoints to onboard and verifying that certain criteria is met before proceeding to deploy the service to a larger set of devices. You can define the exit criteria for each ring and ensure that they are satisfied before moving on to the next ring.
+
+Adopting a ring-based deployment helps reduce potential issues that could arise while rolling out the service. By piloting a certain number of devices first, you can identify potential issues and mitigate potential risks that might arise. 
+
+
+Table 1 provides an example of the deployment rings you might use. 
+
+**Table 1**
+
+|**Deployment ring**|**Description**|
+|:-----|:-----|
+Evaluate | Ring 1: Identify 50 systems for pilot testing 
+Pilot | Ring 2: 50-100  systems 
 	
+Full deployment | Roll out service to the rest of environment in larger increments.
+
+
+## Evaluate
+You can use the [evaluation lab](evaluation-lab.md) to gain full access to the capabilities of the suite without the complexities of environment configuration. 
+
+You'll be able to add Windows 10 or Windows Server 2019 devices to the lab environment, install threat simulators, and run scenarios to instantly see how the platform performs.
+
+### Exit criteria?
+- Able to run simulation
+- Able to install threat simulator
+- Results from simulation is displayed in dashboard
+
+
+## Pilot
+Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. In this ring, identify several devices to onboard and based on the exit criteria you define, decide to proceed to the next deployment ring.
+
+The following table shows the supported endpoints and the corresponding tool you can use to onboard devices to the service. 
+
+| Endpoint     | Deployment tool                       |
+|--------------|------------------------------------------|
+| **Windows**  |  [Local script (up to 10 devices)](configure-endpoints-script.md) 
  [Group Policy](configure-endpoints-gp.md) 
  [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) 
   [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) 
 [VDI scripts](configure-endpoints-vdi.md)   |
+| **macOS**    | [Local script](mac-install-manually.md) 
 [Microsoft Endpoint Manager](mac-install-with-intune.md) 
 [JAMF Pro](mac-install-with-jamf.md) 
 [Mobile Device Management](mac-install-with-other-mdm.md) |
+| **Linux Server** | [Local script](linux-install-manually.md) 
 [Puppet](linux-install-with-puppet.md) 
 [Ansible](linux-install-with-ansible.md)|
+| **iOS**      | [App-based](ios-install.md)                                |
+| **Android**  | [Microsoft Endpoint Manager](android-intune.md)               | 
+
+
+### Exit criteria?
+- [Run a detection test](run-detection-test.md)
+- [Run a simulated attack on a device](attack-simulations.md)
+
+
+## Full deployment
+At this stage, you can use the [Plan deployment](deployment-strategy.md) material to help you plan your deployment. 
+
+
+Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
+
+|**Item**|**Description**|
+|:-----|:-----|
+|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
 [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
  •  Cloud-native 
  •  Co-management 
  •  On-premise
  • Evaluation and local onboarding
    • 
+
+### Exit criteria?
+- Devices show up in the device inventory list
\ No newline at end of file
diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png b/windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png
new file mode 100644
index 0000000000000000000000000000000000000000..2caccad26ad86d7fdd82b4335c7a96404eddede7
GIT binary patch
literal 37348
zcmcG$g9NbiF8R0EiDKrEz;86B?1!C9nvM;
z?>(O9{ocReqt5Ww^iJ^Jw~6AKkCd<>!lsF3~(P
zpNeEePq$pOVq#4H9&X99?fl+9K6R?@yYT)Y0)_cve;~JxK*N`bu>pfD<~QH<{(t`Y
zk9y(j+UXK^4u8VIxM7Vl2cDwFIm&+UnN~2Ib&+i;9y^yJV
z0B2Y6z2I>^f@R@!I#vI+&W_b#d6D6s@woqFwEEPf8w!
ztcM$!CS%G?1h1p_^}SGLy>4#1e`UH_$$7IRkHpfo-#>bL{9v<}7cTOHkQ&?#B`ZrZ
z54+Y1T|@Evn`8X;4{TUu-XXnbjLna1>
zc
ziiT%q*qgdkO(lb)PiBSv-rp?Iff0{V&uTt7+{QxC(9mo;2yY&`@H=eM$1Ac%C?{W>
z>ObLOvfZ67>~a%6{NdMj&@OW_x-kOR6zui;wU2C?Cw%{YO|yTOhgW2)iR5cuo|LPr
zNL*ap=6dCZc-HTRjeWzFfgBq@DV{rU^OD}VZd$ABttEqEEitrWA-XhXF+xlX$)=Ap
z)n@!z6A_4_;^KDdD?K}PnTMuR;?Kl#KPC9WQLReXT$$|oQP$Ri32dC4A;(pFc4x^F
zD4yTeC|iQc0Wt5~iAN_hi>+mct(+`LD3pxd-s*Ei-AJ)nqmF8(8XE`4MeZsi#{2j0
zXA5c*U4(&}`}0RuPVnCS`}+4{r|c>jC;C=)8;tJVWM!2SWMyT2)t^Q`BVcfOM&#n7
zk8Pu@viu=v#YbmZ*kxNs0uEURCIulLh3=V~2lek%ldAdaJ>BipT80Z!SS#(^5|HtZ^uRa7q2PF^e446dpY{`pyq
zjy4q6u9616)w6h4M{cWUBM^(Wf*iUv)bMPq%C+(}I2Kn|QBR*f?LRgt)`V|cTidCr
zdM|ixBxf9GVt@Zd(tD%`m|>e;t=dD24s@?X*TRIDlD&WY_#y7@o2kHgBP^
zAHxckWUP*kiSdKeeOS2o$U`Sj>dl)wa3~w|X#M_;*nR>}kKSGtmK2^$tJiJ;L={Jy
zF@(?b4?@+mo&JQ%i~FM`he|DVhu(6=n2ingy)OQ>WZUbGc=F;!V0?W1*S>wj*si^}+`2p1*?^g8wN)**6d01#9AS!m8C-dsSU7CX{i&0U
zo!x&#Zl~sWozQuGbGi}X;k;4Jw|uIetA!uf>=_*$oj*8c!KauY=<{}=D=94v=gpfp
zus-x#s}KKtN|}(#R1?qWQ($|V9eS_Bh5ZiY5>JOT$$ez>^yS0)0
zi*nTM@{xc4+QbXIy#$Z)wmiPX-cjPP3+L6j;^jtM1ldgVbI@xi{T^!UXGZ_GgBO#_mtLtxzrpScAl0P
zVMAQb%gN5nlsRx!&(Xv|z;wCndI+zg9o=uMjlkrK`
zZ)Db{)T~`)8gd{^P*8BDf?W9?tj6%Nq4CfGC8zwk%u-D8QZSGTp~mv~C^du*^e~F>?d8Hu#x7EuH_G#>*odLWRMd0sI5lE
z#^UQabedR2)zIS&RlLh8qUC`fD*&VdajyC?&hh3A24*BW-7;GKENu}V7o%*yK_61>
zjuR?4(dy{_d2E^psr&&BAgDdt%}dK`_PpsM{(ijDzV$boZl;>S{`xq~pZBmXx)Oxa
z!n#62t~v-O=C9m}l2ubv`%+Ru&dki*8|nJ??fw4OyhWOCh8EK$Q{Ml69Tm;CI#y1y
zz0e&q!*~7iM=^KNtUso`dJMO`&gv1y-Lj3{x@NN_@u){yoX_O@5}fx|^`CMxkGC-?
z<)|AT{+)N&>5*zYa%y1^5~AX&J-G)n%;&M+RhjlL>RA%-C2i=W{PZbVZ(m=5{f17N
z7AG4iLH6^)OHol#Lq(>lO~<5UWYaBFmQDA&g&C`HbJTD1mQj@6WRAQ15uHBNyzZv8
zM%Umaq%=E+JKc8+g<{IvA{Q<$Ee&-Hl1zE@^y%-9mG_&8yG?{7=NA?j#l*yB%*LvN
zSV&ls*=;jlAuyoC*-T`S?s6N=)t*$66`k#+r6qQ>FB%;l>~BJ_bLHxE#q&ZvfxmYX
zEoRh&m3hX@5&R(bh}{27!1XdyAiYf*DGm6_t5VDAFrZD3X8YKWPrli<>kemW?#1uWXJNaklF>
zY!<2VM@#F-qe#Bk>p3i+EV5C6rBT8qn4
zE3D&XyIUj<8NsSsD4Sjrp08iOeyAxKU2AJ^fAsDhZ?^jFZ&_Jk5fRvd%@=ai3BBs+
z4U2f9;8b7LZoz&wYyb#h>{~=S4*Biih+n_`29$CQnro|X+q0o|CZR^7qoc`9Pcym~
z9zz{#yQ`T){_fp7hqJ?ldAu+*+LIee<434{%6}H4IQDA0jfMb;qkJn0c67hS>ALAg
zziFHD)Z#Djs%yfV2-w|40b0Z|GBXI^dD7<~OEoy4V(2kYmUf6>^Z#-|p65I7eA8kG
z2!=hv+1Xh<@41?qcXD#Fa_C*kU~bA_b^%{Bi{HQiW*~fbXjmMrgH5OfopHCaSEwVN
z02T!Ffi?+p!u5UfdlSpenx}w~4*(wOKA9A%l?XwEcQM~>&>6F(7~?%6(ks@)j7*d)
zPL!kD2QxDU2#=2W@b&t2?7uJ{0eug&fH4)%
z8}wu9gEv4VTVA+{cY%_MDoH&n?DJ>3zaztiuK;{7R6hgk(b6I*yz}evrc*WBojc82
zv#kZjosIvA-)$D!aYuJ9|E3xynYRV*?17b2UA}9`-Pf0u;r`h
ze}Ubg$dp8jlY-W1@g|f;KxYq^RiV7?lLaK+)zjKonF^}FvqWT
z_R-_V*nhXT!x9pLkB*$!eY3MU`UeL?j~rEATcLP7@~Q)77D>ZxPN;b
zL4x2rf`@a+hsqWf7DI1gTgE|T>r@NQ2oREU03I(YLb-@&R^Humw2tuY;d$^N#3^U$
zz>}otc)ju(!fNqX(g(w89WG(oYk&X#ZIEQZ(%YJ8*6&Ws$bf11`d!o8d-v`k5D5wH
z4563h|qJ=$HFRU8``8A+~T
zDG?7S;^Yl4NZ)K`KMdT&73CpV;EKI%9vF(c{#*0fY@pcLi`Q!*_jS(Bd~U+UrG_kP-af=@Ge
zY3`~Y8g0Z9a=Ah)H~%cblU@%9nQ}LPZ$NR#VpiWbr6|B?egNhi+_$Y+lU
zutDp#xQ>#N2T-hl4P|!rNmB-20;1K6-T>y;TJzI(`TX
zLl!)xNNWkAK`O{$uR9JjiozTr#UQFm`;BP3J?nBU6Em~Nj*bG$%gd?c5@B6$1rxZh
zUq<+nux)8UO$G`gQN0jCBcyjP_7@bam=2uJ-F{H1tN#ADZJqOpdrm)m|`uj->#>1quKPbHnBjzsX=G1}vjb{7$C(3`jCqaVK1ECyncchIH~wBv6Y~XkI_~l+?Gh*+_TB{n`)^
zkAJ>q4!`5yRJEs;+}95_uB7!BDWSM*cT;vFX#a;iJQkfF1&ZN$`bVX}(;WK#vg7OT
zTvUY5;7W5(iqzJhPnHHyWdKFk_@R_xE0T+vWr^^2SC6#m6GT>z-S^lF(aD|~NZ|1g
zdP+0;>z4v-|Grb--Aog-DaV@hviDwhw>(`o;Z6Krw@aB?4bSKmZ^fd}9#d
z^XE6>6&F4(P>_?$F5u8@Sn)qmSNHw-Q+{c8Y)lLAAf6|84Ie)N&>Wb<9~=PKfYza`
zu71g{5xHCAN$(vG+|97Ya`Tw5rUrOPVyR|M?>0~)rk414Y79&*5J>3qcJcM3uQM+6
zaeV+9)Lre4C0pNkl9Q9Rjf8?3!jPK|lNN9@#4k8B1m
z=%u8j+#E6tm9f4=Qh5i|8}reUJInjBOrXOsg;C#_oTzp#a6R7pC@RH}Tp*u?vR#jV
z?yy;!fy8U0!B?J{2PLUpQBF>-$&i6r0w%1={NJU%jI>nwlXEB$EmiifUS-&7`-o#f
zwcLtxtEH1nLBj6(@d;Oh^ac!&0nj>WB_&+UmZ%~d;3`UY>((uRw2k3Y#~Zb}0UN)P
z9^YO2e8=J~9wJLUC%{Q-b0PWn>o7ox^e6Y(frs`jU6#rAI@bc_Ep`7Ed0Oy*_M@?D
zTB+(;)`QyiH$_Bf5)u;lZ5N4PxKG@~;Pjh6Zs#>c@?T<2>VawI@-;gfrK+mhR&F+!
z+YIXs;e9p?C~(Ps|iDzM9%{fHL?5=IaB^g(%;=m-rL9tV`nv
zYNG#xaa4B;cAcs*G(B=Bw$pgbx|QbUhJctD-Roja$|T#$@f4Pqp7hd#s#(8NLRd!D
z><&)P(D?a%OHIC4sNh*o?;ocrFH3KTB!KsT*bq`d8`XU6Ubdp0gV*d4rr(QdU-$Rvv*G$T+dxDt1<|
z!>>Yoi-6Mxo}i)K3lOJL+$MqF``B9H(ekn|Q0B3JM(C!!-EMu1
zUF7Vr+g)_oB(>}hsRxfNKP3L5nyu25sicZv3%5@t1Tx@LDcQs&l@S}BNTV7%89$d0b3CYjZsn&FI`8(I1
zKM0g7b-dJ8aQtI%8=d1Ea><&*e>Or%RA70(vwDBxwn#{k`bRXIj;biK+G3AGI6no)
z>#^2#+50hrD^cm+f4_bwzjD8MH>l2PtIq_6EB9miu-Bk!2*-rK#O5(*KX)laOnKry
z{5jvK+EyG|F_>A~KTffu!K-oC(a~uNtJf1uu;}lWNa=Z)^h8=W55RZ-3JzB-n#rNa
zF53(XPsXWLmYR&9`J;qF{p7PS$$5X`N2~J4u_({{J?X>2vL59xfi^C8mc+Y^sNcl_+S{x>fJ+
z^CuCK3)9dF3*P7uNooJ_Bb=5?BVX_5tQ1N7Sg1ORtX;$3&?-LC;i?~YY;3F{Eo;dh
zU%hHwx{Dy9+Mlb^Glp2<&tu7D7>XXF`}4#-a^t55^BW`9f3Z0uGh$~C7e2=f
z97rs`xl#2ddCZl{Dq3aVKk;+$)=-l3Eye{+c;fDoC|8ct7VB|9{Uh+X0307mACAqefS<|tSQXW6Y%i>;
zt%a*6J4Be<25I848ycrnniz+o9`*Y8zVbr%=g_6HsipO)F2=eM_w5VUZV^+6ub%#Zrr%hYnai;Zpd`;@-us>+eX6$hPY5NTUM(OC%fG?
zMHfV@wH?gNR?52ledzJHW90#Ugav$tdcih5yxBr2Y8^wCES`|bc
zt|-6^ysYD>7O43ljGPs
z&0?HK58)BCy}GCA(%0NCi}JhR(7#nPrcaa>R7MysozW-pCXrLUw-We_XdFo~kfx6z
zgt?N}EUuAd0hi8XcjHhPlF-R}rs>S9PL(`mYJV3TS^^)2_18OU1i5qWOKCAiK}LVS
zYv!mVgZm??Am7q4ZAA~RkG{{t87`+3vPJ(6g(haUS%Fs^aPdHqC{1&|e)Ukycnr{E
z9V~;dZ@Rlai-kI`mrIQtfDKR&oXwyBqtL86SQAc8tr=bU|0JEiaxaVcv9}TJ-k=x(wPv_|Th7T+^z$|2!W-q~<<{-|&bo%y>;NOP>krxsCctEQ4^&N3^3vYwaKs1kXpQJ3G=5;&#h1bhL6QLN#>$jO
zzL#WX;)AaRYGdo|ys8U`gW+yB@+~cEzr3lp@H%Y0vcT51i~&6e}W=Aa;(PHxozvgrz=48K>%nCp?M50
z80mt^LhyV+D{UiCwA2+C0vWT?&yIg?Eb(vY%;4>kC<)&ri}vsE0BIekc9N?)4+Ias
z^p7FwD29H@0m(Y+AJe=9C3imb%=IaH&L
zOP(>8%Em2V=0UxcqE;@^;4tJ|d0ykXT=rLN>?6fk55ob4?2nV6b}4WL@WU7r5upuj2+vR`k~
zwjcM|*|D{?vzq}N+*{n_z^W+?Sk(&_A1(|Oe8X-3dR?qh<5JG^<1K)W58d)fPcS;i
z-Cz@PGO~K}2aOy1ayjn|#=~SS0DOa91`MMY?*~-%0+&M@b}S$cC^@;nox`R|fjSfp
zmn94w8ynjP$qJ=JVSgCU$d>y$Q08h6J1zCVd{WQSFV@U>gHyqOO7&)&V9R-Bb+}O9
zU%7~r22?|@j`@a6)r{2I7c-m|_4nx*fg*&&wMiWF$pH$1YB6t9zh=h>dIJ
zt!Z;U?|@dXEZ!t2o&qepjWM)ocht(wO%#@m*A=P<(kU*0hnGbFMh#g`g=K4%695T|uhZ(I_Zry;j6{ZDWr<5Fvb+uJm4N%0}Hxb70TV(DiU0R)!FbsF;}9pRxBr=t*ziLteLjFD1Z?2!^w|1fQy-&2
znQwgUTLPu${nIS<=BPQC1=Ary>vfiH+f>w`K*_oQfy87aFrIJHIXCR|rosJkT-Bt}
zXdoRX#Us{}rA0+NOvvhunqy*O`&(dlXmF5^!SP5jD!|J@L6<=%r36WidjFokKY05M
z!F&^F04R#GSH0}dWd=k>M@RJwhk>7jfoFc_MM=<#ru~>T?mz8P2*i5u=(c`6zQ)YV
zP89LIXTUXJoV)49`>lAAz=AUu&lqiasmxVZVU^8E)5>wqwU5Ql`|C2JDx64`cMJp<
zH?LK;=ol&R3^$LGyiJD12?7R52_u><+6`^!zhC%kWmo2NI{Y$FpdOSG>pLRoSCpE0
zgRQ%V@;in8`)&_i+}%LiVAq`_-}tP=GqZn`5-J)ndGd!3P`$ksuogz|7ma~m@=g-OVilcxNY08xR~Vj
zu9VqnG{MZ|66o`$W<%lO;bodu3cL{|8cUGuzC$0)u7(;6dKSGJPgIu*5OtjBp$HIt=P#LBpVh_#SjlqNn|Jxl4C@
z0tdpSiM;a-Qo@p(fxCha0K7C!m!o;WE(NZ~K3A2EG{X2zIz$BkQ5I?5IdMCWT>NlX
zC*lFJ`mEylfvz*jC}9{H5ARf;!ZhPna#)jh|B@}ZIx_gC$$K{Et?nmMh&s?o$yCbM
zcAe5nWI{!c7QMUujmInAVNB>@bL8#W1jScPiC?yUba(rK!r3uTu<{46sr2m<6L6L^
z4F1?v761cAxSwjFW`6!kSNPNru3V6jIk};9aJg4{#+THfUOnH}*Ec`F^$}6(%cqP|
z4jB6+slcd*tp}Z+bb7om7b=xC!AvQWsn%e^Gn3>;OEBzYpA0%n8gC|`
zmSq9<+^rJL9R0qYSpincU`g!4;mavKY`m{NgYS&^l9GZ=8_KG`;#_Ju84?~&3>){q
z#qkUCsG-DhUr#1SU1;p!YVxGLD``#h9lV?4X7DDHtE(ZXqP@(-KrD9KtNz2zo43y(
za8NmZHL#iC4%xx080dWI&F19TUS>LY`^dqFEF$~4*vT4b!1G89R8UJtN`oLH>K0DuM+W1l^9+JHH$d!$;TC|lDq`D!PGILJ#t5x
zh(Y%9)?}(0g*$QnVumI2+QMWiC33Ay&_m2+teGhiO`M*ceHp9?Kk+0y(;B)JP6+-*
z3P;>RD%84NeIPgyBXpS|PV&UfeQ4r0+%Qz)KBsXqWRDuRDRB=NwhmiL6jpy!*T0}p
z{*2_}h(@x%AR*}WQbv#t|g6lhf;&oP03)n7lhrAJ@QN|XcKyb#k>rho9A(RG@Rx1;5kXg
zoIjkx_|`CS57_r7%h&e^UZbId}HS12>Uu&W#Yx%D(GU{w-Bo=%xSS6M7G^V*C12
z>u29AWbO~eSjGkV=vH8rx?9tdyKY_LsMwVp%Z>NrnmiG3u`0M$6X>;A_Q2cB^`Vk3
zLc|qIYZG^Bh44$IC7y^Y_TthCom-AQ{1c1gqZlEV`I8@~128NquYYrOv967<%c1i2
zaP>snF6~8Xyj}R&FzGtW!g2fp=bq)MFuB{-C6mavJ$)2)eiXPSl(M>o-hGPPlw2<$?NLKZ=*dtd-juM__u4V@2k7b8oO+)@Xf4+=1zyw
zUHek(isu)X*I=JXm@w!&cQpd8q~$|6Y6pTDkZ)unD@`_KTgW2Ft~xc&K5DshFfnL}
zT48myIzGzZxQ6X;(%k(^s7_rE#!FRMmbmAW#mB}qVRmEPG(wX;`?pRV?wzI#Z
z-A)|nUNB*1&_x*~R31cmGk0yiTRv88Q+X#iaHpC~Vp4rZs}-SRxz-$~>*{-3gc_3$
zjgtwF13pDt=l)&VAMw>9F7TaPt@n(OMKjEy`mBt+hO$y@ck-4=Ma(QtFG*!d-d^aG
z?4(){@+dOC-;
z)%n)Xiam05_Wq?=tz_g-mJo$K-{s8u{EDF3STrcB{~%Y8#(84BWxTe=dvW21v^?j99-zJQzGQ(u!m8
zU*(!aXAsu-=1u%{tlI2)DqMaZ{$CcBG$InEcGvQ%&dIC~9BTC7_MIy)2x~$VZd*L=
z?74d4F8>fl$t0dQ5hGJh7vF!zeSNCv#8!3Z4RZ;p$<*HN%zJkVtE9lEn<$hG1UV5N
zdwX`Vj5h-&vr)Rg+}{uhDOzc|3AR`5UaC?%Q#fJTH#;aDtjOPe!UrjmxDwEr)NVZ;
zatH4OlnW3qZT$F|fmJ_DQ%TCsmS2BjLM-RN;50in93TBz^4p-xmCjIiTskf3#`DuL
zGU{`}Pdy|(KLJO8g_U{^>N&u+_3{N;I7J)HL@MkUkkz=234SuWygr*ZR##BM-FMq2
z9Mat6J$Zh;3HzM$%ju6Vn9)e<2V#i@Ub*WXybFo$XN~|Th4+RG%eK3OlGJX!40_^b
zTqv+?2AE8X^P!>aA{vA7Lwpsj16E!cc29D(lpNQ*PpI9H*zM59)JOzCQb^~`&Cl0w
z?9YO%1#TG6JTninddXM7VfW`eN+(>!3Uw61-ZS?ZE`9BYPn|wdogCp$CB4d&U2;Kt>EAs971w$kp){pj1XC@
z2?8GIW@>Y!KmTuLmNgacTSWz>Cy^^3s3HE}zkmPmHe21Sf4154c1EAT@=8xGC{>L!
zKOvAa&=TTeSudd-CK}N*p^CwaBIXZ9KW@mJP&dDAJrXwgD?3El6Ox7PFxB{$XOPBoLNVy4$Udp-aNoQ+&}!}{uer$3O-wX~WX6gg
zWQ)|iH9H}Q6+F?^{haTN=jl=Hyng`!@t6i3G1ns=I4N*C5|za{yGnf?N`T^
zi%R|TZ0)q&rvy3&e#{5
z{DYxtXM2t0=K$gK`28slDG{&=0IWlJ^25NB`h{R>b`UFCO5TjJoJ@G0uD%k(_CU9P
zmrRjqGfCn15xs|x<4f4^pAG@3Au8)~afp;i6B8gXB3%?H;0abik%IU#C_mo|2dBCp
zy%ljv$GCC1qF?DN{Gr&|KX=5J>dNP0Ln6HRz2d06!1m
zG2aoxdaBbCF4OZLl}5t?@L_I-c#VRwNu&XcLSNqJU}&I_ZAxR4A*el-SaoC~`LwUw
z&{If_!<@X70nY_Qew6|h2%(jj58qo~2{t#O3v3Rg2t9UV@DaZ|Z6=R$a;nJQzxE*3
zAZboon&C)BicWOJXf(Zjxo0DDvtLBFIb9@XGbB`o4XL0Dc{KCWDWkgsPEW06-Hh&y
zj*U_8#`kE7`VR(0$_J)=4!aoI#?qm&&ks}Dqc()NZ-;l9H`xnoYR)gaEHOLr=jn@+
zjg73WMv)jye7Kznl%_hXm+m}%*XS-GK)+CNQvBCgAhm{jbh6zo<)T9^BmDM{eAD1H
z8bQ)MEn{OA(9>bHROwju^Rq$_F4XbbBO(m4f5H}Cq8`N(iVq5J!WCw
z2DZHFYi8c?vXH+J!q;Djm1j9{smXu)9~Z|$VC-z6?v>qSP=)6NiZ$;v6K7312gyq|
z?I#OWm*OjRx0d(ZpC8V^i9tJB1(npQoF3`8rK
zt~Y(2zzkO@t{BRdfk2>l>4Xy@NShFWE>$b*@9Dt`ZDrJcn+hU0Yzj#Q1$XDFAn%}6
zZi7QcM)ox)=ZaAGKkg>7>V`-~2@GMRwUH4`^PzmK=g*%nE-vCNc~Q!2il}F6AZ08QoJ3ac!=mApgttbMJFQNuw|IE+JG^_Oxmq1ja4m{Td_W$z9K&9Eh
z!YATY{2v2^NNvP=#uGM-d#tHRX|viAOa(?SM86@53Olml5l53VwWy26>o;jn*uL~F
zS)HHmvliVUQ?P&_jh=YpOR339&!@FVhRHKY_+|6H0zVj#~tUm6DM+F
z=9Zh?|BeX34@NuTgw(XZaUbUEaeIkog!mC`-9bV~8Ulp->kUOC4$_QsjTryo!ra+7
zOd2*WyhVg}()tY|x7Nz_s}{$;JGSn#2|QJij9CnTdQEB1Ajm`da9bb*{bRa)thV{Q
z>XiH>!mAb!@+Cd}yz7~VR0~~_+m0;BnR|=-Y6pJtI0x-=31fHtjkA}RUqgnNl$;z=
zu;^CI&omWCzcv@2(gSSiDkH&gDaa@*8FBFVHdwkNmBzQ93KvXX(VIbo9;}
zg+-h4O<0c|)G$iHgJl_iCXXX=?q%+r`tTWcGsX@TEf7zfn?D3RVesc)+*0@tbn{&O
zuhL;bc2kw;21NhfXfY;>xOzE^4#qBOum!xZ_~I1Oa=P
z_4{8{*C8Yd9!kg13cT9SZ(iY1gp}I>yZ5d
z85^Qz%YUKBrs@=d>!;uP;=dNFR_L=z20v-0c-(?do`nQLNRM;b_sSrg4Q63)oEiv5
zG_Q&^(^gOc5<#P{i^c!z&YGJ8h<@|_eF#38_Rp|DXlct8Js7+*;ZOWh%M2wpQ{x4cOQ?|_XhsQ52B1h(5laHI9OF=`o14ooG5
zU6VcC%)|t5X(!*Pofty0fD!eFzrO_0748c53WyJSbuV~n=179`<*~W(xd&26m~J?T
z`e=ZE2ip@c2}sR?x6%;8_b&|%3Zja6Ybc$RgappzOO0isQppZY3Fxa=aW*GjJ&QmR
zVrjfPR&Y4Mz2Pt?#??+k&=Ul?<*iw|bAG17%YU{UU=9H$g3bUBFlW)fPk4%7zIv5X
zQ=@Z~#-M3E4!C&wUl>RH+cJ2p5QcnhW>)aebf!eqK|2UG!eKt@nYdfnmQyvq{W>+`
z3*0D(ZV=c5N!Vet9(VTaW%K{bM(=0Pyra(b{R6M7|FA#nzfQq@mmRAB#~iczcBFThjY^0+sbhhb8~OS3_`QDRJB`M
zDRifJuuoRnt%XZUh|pd`Om*m<*|cqe?kTHI!px6PW_XK>%dgp>9uVDQV&zYrmk#Ey;*
zjE9Vgz`;ZEX8oL;ot=%IteoKztzXH3H3HSdR#3a&0ou^oQIX-C>jr7VrltoU{7o9h
zk2|^aOj}$|j!a_4l8D+{09$2~-qRdbpoTZVO6|+J?
zlIherxcN$-sMa|YUsS=;Kq$W8f1xQ;)sG0Pxi;j|7KE=2Me~Y^)MQbibYh8{WhSpR
zYTZNv0s>|Pr8uPjI#oNIY_$SH$amZ}2Ah~sMp-f@G4U$Bt;n9VygEDCOk&)I5pmp;
z*wP6P*7YBCA$&vr9(dOi8NjTTp)(~Vl=e6X@bjDvP=Be^H`w4qh=l+oLbcBe78$sg
z2znzC+gsyyqi+zt?gBvrhC9F%ms8}&jTJ~mvH_@t-$ESa{XO5o5w6n8QUq%xcC-@T3`6Zp=7&f>f
z0jR9)Eo3rR%RR^cGI70;5jR!*exWNtZkhOktO%F`&{Y)L
z>gDNq0b;)NjEs*prK;Yos7FRd))^G&ZA?_F%sL`^B?;?;B*AMh?57qxC}T}@V3->c
zS}((fs0vg^h%I1R+Q736hJFC=+HUZEGNp2L@?vIS+iHxu{VcW2Kb(CX+0$K7HgCl6
zQ&z4q`oa}+4iIZ>1O?A3R-PLhr$ZR&yZLwp8NdTbL%?YXe8ipZ{Ig3{M;zP0Jp~8=
zaQ2cH7I^xEb?!8_ZaWS7PD+onI!7?
z5;p%}eUoYO_gWXm2RUU|gxtC>Ff){2EFE-QNU%2$KkidI{)%&O0BnDb(
zlBewCY{+&6=!Jx#?j3}9E(mPO5t6X!f|ImlRyZuYeDnlZkH|!=yZZ$O7TN5sE=AC*
zpm_?S3QvwKn*+$8YJw7>QmdM5aK8)@1dJYXAw9-MKN{(!ACQ=ju?qpLnR9ENFP6Fi!?EX~ClrpNwVRPTUr65Q5ttr~z`o0~Q
za;G=^(PuBfa6&tx`#|2bKU<-*+Pj}?9TaoA5i>OwwUWPZhb37x>L_~HK_A;$k{H?Z
z^ZPQzg7w^I3a0rH>tJ-3EVdJ_0AxS2M@2*Fj3$C8CdygBuY#`#Nf)@f#%dJ1Xv@>r
ztBzSzr(RmRa_|?XfZND~glJzK^4rZ4De-;{t6Wn!xmPg83;}Yo|Aga9sOq-$-JBx=
zyV`M|TpbqBV^OI38CvAaF
z5Kx{Q0wdMC1w2;xjk<|4C{_Mn6jKP&`t-?my_TvYEvm3OzAw&O%*s^{D)BfUd_wnRe$j))&wW{|i(ClEN48n*%lU|B(f)bt@L8ToexxLbR1P+3<(%
zUq1f9yB=bM*zkD|DAX)8==eYe6M&5^cN>KSBOMg@5>(?(|5D2T2gDvY;1Mchjuexc0
z*T4rRxc3`^UOUfCgZ=}QnYp8?=|R)z{nT>^?gbxcuLWVjr>bI0s}z!#xTP}!|)dnKEQlXq3%IT
zXu}6e=sznmU@CBOpEGf`q7EZymL#w6A4CqWXmXG*9ZV(Pdqng^Tbt%@Y!Lb9_?fO-
zP)91>O_q~Mb?)9w{Nh{jYfWm?
zJIQJ*wvk_kx=e9G?b0(8oQ!P+-!|P>PdJRT4SAJc>p3gm`r?=12;mbmsf^ebO|wsZ
z#1iJ3W<-`-Et2KBZtmR9pFUi~V_Lm9aJ)Oi>}#}9%*S@Sdpmmh&KS};iZ8>p;7I`s}cQfnY@n7^370w{k%1-&M#`W
zXa+_A(!oVFf*SwzYuofY=*#ed?Ls!q=G*c@#dTXF_$&n&;dkgTIg3u?`yiPAd1BN=
zmIi7XXnz7H9JV_ZT~$ZRSwoffd5vF7Atwr-^fHk1;?S(Ct?ePO((__qT90$og{aNI
z4$*r~4i)h#*)F6dS(Or3ZRD$)Q?gZus!DUUuw
z$&{YiS*sMqJvxYw`0C`f!qkA~>cwEI<7`ML)&rMM>EVAm%*xCRY7+c!1r6C7-A(2&
z=>zX?RaNosV@CIqQd2M9i~af1j6Fwv)Kq^E5?~1ikk_?KEq8wM*#sAaVSBF)#b?CT6QejIs2uPQb5(3g8B3+6C
z3W$ITh=fRYqaxBEUD8sLl6Nf6@80{@{qLUVd!F;0kGam
z$Eg>i^SCp-yc%5;@{x&yj^%pW;l=LwLtm4)%r>OkG}gzs?meiU;BtSU;;bYCK}oGy
zh%htJb4k?flly#!%O?9m6nLprvPEay{%gWVRVn=7mOVZ`K5@dhAc@yz}_}cm)ek=>av^v;TU-b*l?~~weI_+_@?XDxh1|X4JXJS3>jf1L
zG@%l|+SXTS9Rpnv8|8DlH^M+}1E4vuJy9s|eHoe`srn4P93euamP>iD4POF6<-ts}
zX&TgKwpTBMlgGeS+_dh+-FmloZ{9Rr5x(|P9T9bg_#ZrJy}j9ZI2R)jtO(dZQ|U*A
zadwLt#aXksA3&nKUe8iG>I}gmWCyRfSNiptyM8k9Omgv{cEYTx6!V1gp`Pj-Jg6YS1KjRu
zdiwXx=r%K;wR^mZ-}vD)@w96JBHa_?!o{@D9tWQQk-hhM)ajNje6h9vom$3*zk|aS
zcq))MLMAZTU|whdMo$AQibV@45HB6QK?bLD=g!y4Kc$Vt8|L}?Jeh(dFR$JukdsV%
z^(y-3Pa}vrxDZu*j@K*ya_+C&0NGG>-DaGD(e8z?m9<41S?|4RaTF&l5l2{}EYcdr
zn)&%yA4;De>DPTg8D)0Hy5y(40lqHa?XyIo{X%u26u+U^q1;$KO^itD;qRGZHhzAh
z9@*oM<5%W4>N+xjJsQg-#|RrKa5GQr(;;(F%xV6!(B<#ub->QSVb$|m24bKBh@t^G
zfQJKo9APShcg*M35kP8eKsOGQT;AYr)pz7QG6(77uhS+1B|(<0s;Y`Y5w_ld+XJa?
zeSd+TK#C2Jl99F*R5Uc4hnhDvt8r#O8_%YA>5F4Mr
zEcAz^_??Xf)RL5Q3Z*{6Q+HM@Hrer6!hBpH|Al)t8@nBiy5efu(PtR`_t#IxVzNR9
z`;O&9H;Xp%#Fo&JtYZ^n(S2A~$QDkP8zchUvxxUJ7>W2O
z4JJ`P!w8mFX3RldTq;vT$q8Au$wW~^3vl9-dd4~}{M!sTJ
z2KZB!0`vLYb|i$OyY^{XC>k>A@K@mm|MSIuqDfWs#hF&E_UtTXWVKnjfJwA-PCo_2IjZ@5?H2+2dqhLI0IpgRa`~H0B
zJN(CN4#=j5$MP1pCLPka%3HwffknOg0EF*VE)y?Ke0t%L^
zB6v@&Si^8*NXcl!D&;=5y>7Iik~Bqr+mN4TzV=6XSScU8dW9(VdLVfZsngY#Ay`T+dCeA{*-@7_^CBt
zU_feb$_==^-4FMf^pAf3lu<>G)^L8OX`T7J^RaRcpGMtCsOaxn+g6U-7_lT&t}Z7B4;Kz4LF9$S08NkfD8?O`RLn(Kan@CH=HI
zjhCp&!nnAe*t}+?Z=G*DJkupAGA-;d%q`AocpCj3`Cf2u4%+jEt(bwRo#Z(D^w5&B{kpqCe3dKeuM@{GQAS`E=%<1Q`)|`TAAQ4dZiKuV{RVocCEe
z%R)!>Pe{<#qh-nf{moC1@HI3}096#;YvPUJd34#Q>Py!;+V*SFB9hWHqGgKuLJ8km
zxB7qEmx+kBI#*v<8g+lwl&Y@pOmBrQ~#JDHfUf
zU3L9gwKYYTwKQW7INm2}$#2Fn!EikL%3Ir7;e8CTWfrsx07*MBG{cl%}`3S3p44n+12}$jTE%
z+?qa_|onqd8b6gsJ5_i5Rmot3{-^N0Mt-md{1g{&ak
zs`t~JGcji(iz6UviN35*A86F5XEqWWshyRBr+$8&3ui8wDqT{I{}mp~BL&u{(CkC@
zYQC;HKttps(8^6aeyp@)tQ`~-^DI<*>wPUIq8gELZ$9{Hb*tcY{@%7aJlWNNF$ha^
z0o0Kg^#)opGs<}Q0kU7;{v6}v^DA+s=Fj*%bVKY0pC=6lvH+ZRXz0bKvl)``STLMm
zU)D^xOo-F)Z5&!_Iek?h?}3|Euf0gBuuZrE*&uX0Kt(d~dcac15+GCJ;+4GYbl$3~
zG=vO6las>A$)lHR{IV+Omyt8FaxxY{U99LB~Olk-;_17mcb~<$JYimA|!c`(nGe^-`|fyK{^XB^WjTr;2p36UIJ!MFjJs;
z-wce#tRcrqPGcERkVQg=HbUZsDhH%6Q$fe~p?I&7*uQ0F24e%>n-`#Wfl^jed#w7d
z1$3^TJXdtVZLuRK6@+4lPeSrthK+*SO$ED=&OUpQlX@+6b+o1?u|-vKT3XEDp#GVi
zx&-u6qq3~Y7@6ddf6=}&33MlD9uhBq^XDO!?RIm?lry;`
zedEDIEO%J6vHOv~!Ll|UOQ61$6-(w%)O{5M>qd&zau4vL_&wdogetLY#>_3w1p7$n
zZvu_Ri`(<+OLb_}ThidT*6$^^j)YW%DHV^{biWdn2skY18d)FxjH{xeLTq7D-ef6&dr|hx{;{`aCaM4+yKg1*M}#0VILR4^BPahsIV`
zSpy!m4+3wD;}w9uNpHxPC4w@Kh|V8&U9C+}Qhmt)~gVM_@of0HnH?{EjR(z#n+SWYolb*7`m5FlWFLMrl4c8QCgdZ@*b&O0;
zQAtul7=Ad@gpu1hmO$l|(tS?>nx9a*{O1Wbztxqg2gntap%NUg5U6YH!}sxEA{6x5
z^BCQ^&qe8lD?+B#$zq6jSy}FJ6vH-18Fa!me=U*RS
zNT5QXc99J1mi>e!T`TJ{Di0U1=QaI5Acd?P&#Pz8FvG3D&}~kHwud7mhFWluNecWo
zAek4Tjnn%G?*?E(q^eZ9rIjfg2c`tq+c{IZ{)X1<7lS`3wAG==69^`LGV>X&PtFi(
zmrJxgG<(`I>Li-jer&5t^2gO;o3Q&qDV0RsVKq0l(vY&72lcPM0L%SA5fesHZYTc+qMfL;R!4YDcPRudE4xr)t3vbk=4E*q@k;S!O1dFR8fpLvI|*
zo({uR4%4wGY3&;LXy2hyeb>K0NBoBW@Njqc5argx|P&<1Xhb
zEm$c(51(0cbx?gxI%m=&y%RfNV`lbwS@k%4A8=D(nUI*q&$*k%ee)7c#;4#!p)}Ja
zn&mn;6zZXSRam?OwVVHfG@v$n-?rf;0uKyIbP)Ghd>IPD{kUN|4RD6k$fNFQ|asYe>KM#QoA@jH}
z6$dID7tN3-y|$!z-`Tkwm6}R(vuBzCAeU6AKf#Lz&{+})U4;f~WgFyM-Fu@<*REf`
zeD!5)=Iaz?b|0`TKuJ(t8D0C`9bVvqJwZq9z4#*|=Hw&*iI!|^IRmyv+_DU043rF^
znVOrmLpuwGPC|an9N8Ou0nFq?MBRrQT7rq8VNn+(h49oSsk14JkIrGVo+TCQbX{0Pz39{eZ*oCTym;Um+e&|q@du$a&xt<_>A1(<`+gX^02`$
zj0V{_W`U_9CEGka;n~5TQ!nlgu)6Mu*_#zJ_K?&bl1=BJp!^~uV
z#Pw##_zy3P$enB{Mzw`6v|hgRy2t_c*w?
zypK$Q;qec>N>}_*y*UeBJcs4^MZ;~Huca?H)wB1dRXx<5_~LB$wM080Gcp|KX2x7l
zxB8pUKUeb~Og$M?nFYp1_#V$5A(Z`gnSoR{O!jIE-s(c@9nhJ4eMw3wcQz*wfO^u7
z!a51y&EK!uO98N3vlsvbSlgP#PXWn9dJJ^{sAv{{HsS-WLVc?Zyx)X(1yy@70HNlS
zeCWQ{3Yb!D0N=($(X)1>opL~Kp;g>-R=u9kQ|@YgCpq}FOwof$XR#fX_XQ6vkg;tQ
z0(r9AxO(HM%mH?#iywd?E=g8de*?^~OH1H+a1uAYStd1Y960#kdb5!6e{%uecNGs=
z>IdLyTCDny3{&*Tl1F*SX+I)o2}9jyL-cSkOAs3eZpz5GxC_0>LheHornQ`!0H4C3
z;REIk+i(!S73e2n;|Tt~4=XM)Ik`jp){?oQj?N?4H~?hFg*{!f7|eQLws}f2p=5O`
zItvwmhRQ)sK>?KbgwfK$U%iQt)!}qUWiOSMH
zWnm2nuKu?bx49xdXONfqKxYl{g-pKh|G5YlMnG?@rN4tUcH{_JZP=MJE$m*w(^KnJ
ztA$m#P7`Nnb~eUa(R_#K2zD#0ZahZ7IU6f;0K6O(EbD>`TpzxOr3c+V_xxmH6>UTgx>Xc-Gmxr7cc-rFpyh?{&f?ADkz=!`kN&duiTvs>xAcnPH=n8vamJ8u
z%_%}+WR$$u#mb>s%z?l}6M}K_{gKO4l6Q-*@2~Sq3x)D5VOTb>(qA&P7eT5+vS+ZQ
zn9jCvg$M`cz1}wr77z)U7(Y5+eVmis*--z4{c>Dnd=j<|H(SS(0{ypWD7^5jAh$-C
zdC!uPK-v#EY$LT_|mwtN1n_9jF@5zea#ka*A2UI#eCY3!cq9yq%zx}oPY`iJ3BURh9
zT2<-_0t?8GHU!r8viQ6miP)OUk>46n3TKtbbG`kNX?31*&
zXZ}~o$&5`tf#2Q2eyLXE;QVNDyP61q#pbO?)N4^ESFEogI#=lT%DH6LKn?;_f(LDPKp~l_d5VVc+k?Zwzf`rO$W8ryggp;@FvoN
z26I4m=tpA~{R{#8Osxcd6P;~vG8gsq@U-)ieE6(rL_>A_^xOE3O}SNz7xP#-p(rwK
zlj-whcI<3u;`|=3)LIsb%z%9hb}Uo~)G-pYP?^YtiZwh(N6b-c?Pg@Z+bkYw*7v1O
z&?2Okd~VJWL(<_@0pJQ!gOgigZ#GT!6P(<0nI66Ga6oM+0aoAa3!J?PL3yp9%MW@|
zRHZh5L)#0e_7@2Oe+A*aBI`QZ9ExV=vpxuLR%14VvM)*7NbPk7F
z@|%*9615Svy5iFwg<}$L@GU^Dz2$*cG3_aY55l#ee3y@ydkS$4x;0+j)@R=adp|-51Z3U!^yIC_YjzUkNDZWb3J*4e
z_5oA_VBB*0XZmI^h__3eMg-K;CCH#BAbVX2$_d!)o~z!?6cE~rf!Vm4X1v`Pv+!lq
zUvpX8@8j|=5v8qWlZ1*;!{@!zr!8NEglW@^pAbJjOjUg+50pOC49w~b&TQ~VGH@Dy
ze+e3%S;9eg?z~hW|Deq+glJdV+Q2)AmMQ3v<=nX5d~@LZckLQ@^%JY)>E^dV28)3L
zM{3ARak@%TC~%(uqh=}g$B^|dC`Iw|^8P($N%~sivuz#WK?Hrel@r>yjul35H$@m2XHatBS!SHQfE*MP5&199{=~@kaxP2mM_5&Pj
z>B;#sG?%=ixO<0_M1koCX4BrPe~|ti%q_$o8H&%>3c=7cI@>}E2WhnXG<63U~30^g=&f2XF#cz|N&^kuVj5MB=w>IKNp+hask46x5
z0cHd@*?I)0dMdLgp6mj(6Z*RM>Z=m|dD*Pit>{S$(~hJh0LA(uwaMZlaYzlFNX-Jv
zEK-u6KgWhN1$D9;pdDf+hX3*HIld!Nb@BxAO?4>Gy-MDagHekv~a8-kXQ~e(w
z-JrlMUPKjoc?%2M!Gc$=Y=86Rr;1UKuLd?t%6JL<1rg~HwxaCm?mVnCe{mSjH2_>z
zM#9#rbcdPb4j2Id16;$EBWF%{$nLU+3g5LA>E~>}$e@~#QED)6ph3aNIC)TcLP&za
zk$oC=`ehMZ0w-mQ^YS7yjkVO&JX8lESF0)O@C1&+$J13)by*iNnd1-K4aGXeb|
z5PGY1h`gh>hfiKwWk
zlX8fTP^7WKkj`%+>~GLnK;IS8VGzB6_b|}k=G}?`@Pper$4M%~Lc@gn0$526a?yfbP-m=7AG6h@`gk!m_<^b_1)-8;+KWF2G0So
zNWaydbjsUrwxt4b0k70K^$iW@ftQt6RMY|J9k^UJCw#!c1OgIBlfcI#r?iwDh5>G3
z;bL-K^S#g82k0#ADzo94cyXI;B?#rjT~yFk=HcO~+1q&yoHRfRW)gx=5Sv)U7d8`=
zqyi~7%R1wX-McJ9{9RF*;MtjLqi5xDZvRrDJe@^uE3M`S{yR8Xa`eSh6Zs{!{|bj%0CA@kh}vba56$AX#TtG
zJz#vm$VqNY+278P_AMPSs;a8?r~}+vQ|{XSK_I|<#M2Z4)gx@B%2#zrqZ)WwqWoDhxZO
zxA$PJ6mN`2qIxgB=))3_91g>B1NSOrfKwno9WanpBi&0wh;y=69K1Jn)brz~R@bZU
zMS;ER>sm0jGrLAwiUC!jrLZ=~
zbV(eLUf=~mVNx5w_A)hf`MD8P?SR38l?@b1v08qxN&N>UnwlpV6fBIVR$oI_1x@wd
z(C2&Iq2|Tj%G}i}oBJx<2Q>hoZRb2)Pg;z(wX>7r@OLbK)rg~&E*nT2;!$}q3f=!s
zd@*C?cLR`-W(zB)<2%$|O*i+PnPUeVKtX;kvt
zld%qiFzkcLHMV$NUEM=W8pDAdK!<$$k=
z?gRD{gQ=&qI^?O~{Jk}5mkGw{S#V?n_;)e57$iP_9tJ=Ocz_h!(cl2ZJh$C@Vz>CT
zl+b^Ij>d4UsG7=lgHa9)lh0`me3e`!s*|lZejZR)aHVvCQ2;FK#$h)C+&pR2Y1mPA7$iR{?oPQQKouSlSTYNw@%+!ctyT%znn5VITW-BTCD3z
zx1Gi4GE=LM??OIFuV@Ou@%RcGY}?dMsbfylvcRmfg2*YL^c66=*(45}qNBKn?~4=O
z$RaE!Il-xbYf0e9_53*{I4l#vB7)){HqFgH+=c)!OsAd|2cJ5ny#G7yks?(63?k>i
zyvN#Y8D9;5vufP+k@gz3
zc;WgD8>63dM;`K*o-g#h2+BDnN?E={NeS=h?YnnKj%qH|0MP{yt-qOpfN{7dC~YkD
z1#yP>f6U43q2SU)RaF|4@k*+-93Rn9Xl=Zx1o8;n04cbS3BaQ@+8DT=1vk5UF`eX#
z=UZ@Pld)L0DdE`6>)C7-9Q0gd(5!r6UK5k>&DCoAx!dpSqX!kIbtco%C8U5;YC%m4
z`QhPx2>|EW$?+Q%6Rc<|<0{vcK1!;|*FTjQE67`}gX1%()L>%|AcsjNb^5OVg~!7e
zr+A;`;wg`@%8l3euro}0zTbY+lP2D?ph!5`Uf&GJP1X1kY+L{iCOk`xqZ8j(Wl{C@
ztsW<9|MB4jGMsUm>R_pV>?{wJYAMrq4ZUBfDm#22fSqt30eMHp_-gOdABq7$6T)cP
ztUTB|{%z%^&OI!BMWLlvIZI)MY+Z*}pF|0tAzbUk?ek?}ouJd#;fGBV)gFI)5M5+U
zdkdG+em(ExigOvf2(O>49}0deVO5={O3kShcmH^g2P%<~+=YSu{==TYNrSvbpgJMV
zHBl!jXg6f_*@M1Vaw0P8+C+_N5d%fPMP*vD(s1{Qbt-mx69l
zuWOUhVrhi~AAG%qADlk~?y+1(ccDK(`Yt0&z}N(NgAn2T(8~VnL}hlPN*4w=kHt`I
zX=eCrW4dvA-J@!+Z2#Qikhf6_jqwJW-N9d9aeLCp{AqvUn0}H)E9c8?x~yHdA!R~g
z&8h%p<}L{1lD9LNfRW1bXiYU3>;r#V6*p!`dHcP4B?||b2^Lx3sc8MxZT-n-ups
z394?lUkw#9Vi7z!>+cACBE+Js2`u<(D39SD0CI(W%yj>vC=H>2f2g11e?U1DUYatz
zFsVS!HnAcMA4%VM@zu8F+Y4TdiCRH=7pjGJY70+Q#p-3ou}#clCV|Weum&I%2Pt3`
z2@13dA>3SA9dHJboi?}v9mHvssI^-K11mMs1iUF-NJ|pPp5k^12+X>#*y$|hUl{2G
zAZ|d3Y?Cj{sV{Kz2Z1;m6w!-=K%IU?luF3?BoIam-mWXdBWSbCpp_p6@HV49=
zR_?&x?mRaoOjfcBV;`2q-zPje8x%FYM;At%YeJaJlm2;VCjYo~`%FBL>vH*&a|?60
zA{y%!c-N*>dZbDFK8VoB$^<(bc>WT;u7e++r*Q^fq*w&KJm+XW{qsu7TL3T~@PCg&
zo=fk+HM<|bw^EG2F0MR!)9@QKO9lp>0*Jb4>#_L#a>JNK?ts^!8gyfK@UeRLW89(m
z3`lzg-`Y~ihH@I=Rj*xNPx3<<)p%ZkCUUSA73iY2F5U%`5}(!lTxh>QlkGev0I73y
z;p9Wr2*!AZ^-}rtJ$8po8Go^J56ec3n~;Y?{o4!zZ@RU8;$&sQ8V4y)e(n074_2X>k$Spm5L+A&_e^H8!+1`~t}6My~CF
z$Ego!GY&o6zXlr^Bu^I;Ekwd8hgk1pYqP2^wdcB8>NGn*V65QcB5oSaRB!sjP#H$t
zUJze@mFD=&{c`zUpttwCs%6W6oGB~Mi)#bkEQlFbT{9w%Y|n$M4bLfVy<$g+*_e=Y@mKmhlTwZQ>Py+EGI*4J)Oj
zq)=lceQ`SKm~s!y%A31NcCNE0akP1i#J}eX_8S_f@Kl`hdaV-8IiD)i6C@!-+jkCJ
zg$6O;gu}|uA7{~sU&aAanrfuUJ(9+6XKOoidN93|%X8h7sTV#}Q@HD@#rkvx0wKbr
z)k}w23K_^{V{tqvU#rT!~a0o`Vb8?hNY!Go)|w(j6+V?xK;%hL1Rt$
zrpuu9=x)Q)*r10E7z%S&5PY&9IotwxyO_*Pz}d=ka_l&x=2W1kOkKM*QfJrP6GVB@
zA>9a&uHTu-ez6S0l{FX$^Qg@mV4XNTGPbMicoC&s-eaTh*vhj{TbLA9i*%A?@m_rqU?R#NV8ko
zFlx;`-!;%DOj3t-QegT=pUsSTRRJ#$-YO3iKw)9n-&2LL#L_f?pS2w=`yvvv=}n%c
zw3q;Ku`Hv{>8;V4dmn##P&K~lvTO@!D$G9rWy-Mn3QZ#w8=VY{qE6UZPLK8=^>
z%O{RWL(&;@TyImu5zWZT-4&Q)P7gDML@*;tFTuk5l+fimdl1|hX_!ekL9koc`QfPu
zivfc4ztw|{9LPr6++#r&z}A1Kiw|A3uSuI;HlWP`S{iZ_U8O+OK$t~Cj<;ab0NUH8
z+XO)I$O(AGBWzG#Am{S%yntLt0!p@!3T&{cljn3APrb#Nw7rz9`p&EYIV=t#^1v>J
z1}hsB=*-x7dAk;N;GhsdC}6*WiW#sP6bi0|G#zUL%;jr%x2Uuq!m6kI_KEPU%oEf6
zr=EbP1mmdBA+9uE%uUS)?0<+vn;yrT1Glu1dcojUT1J{Jgak
zm*c&?g^h#tlJp;^j#2ofI&#t~fKSTu7&jocFQfqO1}CYc1y4AOVWAXbX=b+qs!iho
z87}Uy1GSJaxL#nPzI8F+T31o&0A{Uu`w+oambqCP23^T@-V_!N#C+AQyIQ+8Kz}xK
zPlLi77I50@_*Tk0GnWL-?xt-oa(Qo&YV=XaV@?19ib6qZ;{JEfsx=$~rI{()E!Uy(
z6wVQ$0<6>S69*?}jq{p_*Q!3M2~L+e>;%{X`VPAJzm#0Y(`5WBTroM?G#gdX7|fjN
zu^JaUtXBqEkfsUDOO~DWtInpBF~>N#Q_<08nbWuKdysM_yqn4nOKeI>OY5RO_!;c>
zL~|cb2F8X%RzO(|Dc?n4_PLo14pIPCxcSGUTK3)Rx^Pkpyt>$qi_o1bSsTT#Y8jqi
zt{#_<7`S`fP!s;>DT~jk!)5b%<6$}!icC)heN(^RaF$@4&r_N4&H+XY@N3bxy|4tv
zR>KfpX^lpfHnZ69DPKaMdlH(p8P5MiICxmN#BTs_1mH$sm
zcB!hLLSx#iCG03PX%zZ!x&2sJQnn;IM2!9nBUsLxqS1`Tr+Y5p`OxgoYCq|#*Ub@r
zU7HPH@hIdR#W&-fi6ALK6lRdh`EUqmLC=K#hDou$w~XR69GEdh7`3Z+DhB%xbg9Fl
zZyg@@Y$`eXSP~IC5eLO=7ERyW(0f$Lb$TwP8@Kp|Sv^C!T`i3Cyp_WNoP#t~#tumd{b67
zm@7<*xjUclOH4r)``%!N>3kdYEa>1}@2t4zz^+WV*4JyBsB%9eXHfqOSDA*|#u
zVSa8YEjT=v^qd7yqJNn0CuqFH(qAWs{PWki=>4g>%bB0|wDW8=C{ba=l
zC?AkfL5T45n{q0yU)-9wqW3<;iU!6X1Z1pYVpK5uXHA5B2fz>>pk(N>AsU^||KWS=
zxKqrjo%*4lQ!rg7bTFkkBMUKkBrtYH^w$06mmofQSm3(1$1(TL#;byz2|MEOCNgq>
z?Kl9*9pDVmY6q=Zv(SNL5cKAnErp=DhheYA11F6GmVv7B#GSaq-SOb)}9Y|r@XUCg6U8H#196I1UF{595
zXk?~$F+QU<&es)Z*b^OKD-?gKME=3Ct@n2$2gKEv($d(j0t_KJ7LzR`h9~~|;sTO1
zYD`R=h{&R!7wDad0HT*Yrd$dB-zjagCR_HymdB5UZc||myt;x>es33|Nsy_fqN%M1
zNa9{M3`Sa<6cX$(UXB!Q#pHbmUFa@=t}dWbCET-{o+dWLlJ`Ai?_;64OpSwF;I_v3
z1g)W_`iz%&+ZR;PW+2T7
zg-j{^q=%h74ln(~Zknh@YWbcTI$X@gEadh;=3xV4!Tvy(+7@>{j!!{F0H;7Ll{J;~TRU
z=BxVbp2}tqk964{Je+Pba-iI3OsK$wMAG6zQ4#D7it_T9$$WQOf{{=Kb_WDcLN~ot
zBa0(F^2HyUuvn9!Q9(yvwA1U2V+K+-2^e%!>P`F@qOEj{WSme9hgoFat5`XlafMFp
zN_MN;gOB?XNiKFStnJymY$yC|Rd}2zk*w&1&l30;&3e<`p4%w79jeVJz?i`j4^&Tc
zPpHkC=v?a_<#8Je+zJu=aeIDtyWui(_J_X$A6y-q1*fGF&aXezfr0_b|Pqh(Kgjwr{_hR!8pm)?ViIo^E;SL3HT;hm<`oS7sH_f;5DX_qou}
zQxGf|;dGi4eB{3=C(!uh?R4OyN5b7cHY$8?-L10}{(Q-lD`-wQZ(Pf}B@}ekpQeK-
z_tq|wQ#0qF%hJNz!dR`8u^WySD1p&GETA4kpsEwF$aD5*01iU5)Y~&0z4!5YoAu7D
zqdE=4ZT5^!Y8P_j~GeagR(8?;So{#r(U*-iS7
z`(J+c`)8O~*=bvHAB^6-4<5K;nw(4iU8M8J)Aq_!JF}Njl=DI-8u_DBG+?I=0$Zv3dy%F*8|=Ycbx}N
z1Rr*qg()h{{q<$rTE@Z>cEpQ&hEykK(X?a!qvcX@d7ycFCYRAnJ?sc8Rr%YYgtLVt
zS!Q}cXGQQJ9)o5=+b!(buPU>txpvC#VQuv$@#s=!>b
zy*Pe*XUAI#dgGZO%!(u=$^Q2XjS5lrsM?@Pd{Lrqqm$eL3160y_p2B)jY|pb#joif
z)oFeBw1&3S8mYY|#DiCQX!&KXokm7G*8OoP*(FYSTV+z#*2kobgy=AwS=Vr0`3OX1
zv|Hme)a~=vVVcrbk9F*#BV8I9BVR}Hlw3l$(nloS4a<6ZIEi_^gE$u5oGU7EW>(+J
zf-g@c*dfKsAs=xQxx|O(;sW!_ybUkO-hTLNPD;iau8duGbcjb;tV&olEPvO~v4r`Y
zuI{Ywz~}Ea_eYJGjyLv4eXw5Tm3y?s`eHzQV>y;b6Oeg~_ddZYjJVUrzp*adeNC(B
zK@P#@NBS@hy?jw%O+u!WK;CCACd7mN*hbzefCIk~q&={iI62&J7bL#3wM@s!u4+=U
z_Sc6mAcS1^-=dBu*TI0S0*@TSX)(4f>-SfhjxYj-XPxTQo0c1C(=$t(>FupHA%WMi
zwv(N&k!a<7Xs2>ymL%t;SnZF^@|;
zjnPeokCEl0yqSa6w{$0K#v{RR8RNPu@pn~0nTGa?r}CtA38)Ru#ElZqiNcBOTW|%5
z+qCS^%#yMH-C~tuR9+^stH4l8oQ}2rEVGR5o%I~2rv8w1^!f7ViZiC{mbLBX9`-LP
z@$vzbr+NS6ZDe+F|
z9fW;+JZB0cko$~ug%}wDyI`sWJGqjDAIc<{Rmn5eXgRT_+q$4V=D6XB^CW(Hl^fA$
z!Y#}5Z;!qNiIBq@kdIJ;cTI}X_d_*k<0wNhECPGBlF7VjQ?7^<*xIQ)G0mm<3QxBa
zu~R<0+Bzup3kaydsB|(8BQ8`Z`wVX{@$5^A6t4~|EpyTI{kHX2oOQeL7dY%(2pHl=
zzGq64-qDMg<02sfvs`cYk9B0hawc4!MglslFiYRc!3sd3jEx_y9&rZTcE>Ha*w{W=
z0Oi;(QJpO7y!Xl_&Z|P~agi;ZcfEvei_GylVYy7~B|OztMHI2SN^tN4?(K4oNPLox
zOxfDl%+1O-4PWKRMO`mTanr|aq%hw-K}n0n-)t}B47hv0X@oj$`$aj%kXMVT;6M56
z5t}MHO3e$_rK3ap`-G1_J=>xijxy4P!<&C^VLw7eN;XdY6uNlfsfS-kSg)ukKfK|3jUSyO6f79f%w@uxy>ZcsQ-a^MqK5lx?m>
z$V!>LgCxGGt@&xHgb3|C2N{hpGv$)2NRwaA<=bBTc}^&(Cm3Wm#L6UO4W{=G9`)UX
z@r2~c8!kQBGA#P2(5WN2(U7^v4PS$Qw~+WEam!&dS*nl(IjCUCK+_7GPT^UWNFowN
zbtBT$ElYGn6d46$Y^soOc1tKJ17}C$=>pC&F>+1UB7M=B0So282hOVKV+<27Hu%Wa
z5`|&Ob`F8*hY!?}Z$m_^+^~O~-Fww*g}@~Bj&rVBN52o4?r)EhC|k>uUglBkc;1|M
zxbAs!zugvQ1(hTp5(;)b%0|8Au5$BWqY|&m5^I5;bnTne;pVf85~jo64;}x3TQhIa
zWlYg=_Qw@H^sR5UrpettzsDax^TiMTdqPk&?La9Z`R`iPBBIkh?TXko-<#Y{{zN^k
zs&L?xH4T*0rNF^sph9BR5eD!PQ6V?`?houI#Kp9?=2&Zw{0x=Ltcn$vtB?IQu0MfL
zVM#Z0$aLnILEF3iw3&vHj=<}i@=3`V83fNT$8VMpy8c^viLzme=qM91miwD}uTzCk
zdUu6?RtK=g2l>-o=;)F--18FATN3@gZM>oDimDXhiq<~P+y*>g
zS?k!IJN@~m|0*qnP>PWc4rK^!nB_j)fNZm9H*Sb;(%e&N0V*q&n^mSmsK*OpvI329
zJwFU*L4t&l!;ai-B7C@>6~Y}VkqA#=agaqhjWVHkhPkW^)8bCSw$-S{$xba#z{A(?
z{~-C;St#7{S{tk7Oyhn%Zpi5Tybu_1)V!yHspr07%&%!?xqY{t0ST7hOQ(~g5|dM+Z(tLpXu
zyW20gMZ6UO2oe_LF=!gg${!+p5_kihLaAb}n*Y>P{JO@e+~yf~jGW$6C`xHHIV

literal 0
HcmV?d00001


From 914da70c866aad5a2172c8c1899caf37fc38cb54 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 21 Oct 2020 15:03:38 -0700
Subject: [PATCH 056/346] Added ADMX_Bits policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |  14 +
 .../policy-configuration-service-provider.md  |  48 +
 .../mdm/policy-csp-admx-bits.md               | 965 +++++++++++++++++-
 4 files changed, 1017 insertions(+), 11 deletions(-)

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index adc08ab268..23d7fa91f2 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -174,6 +174,7 @@
 #### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
 #### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
 #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_Bits](policy-csp-admx-bits.md)
 #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md)
 #### [ADMX_COM](policy-csp-admx-com.md)
 #### [ADMX_Cpls](policy-csp-admx-cpls.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index a26052c419..e7d26b7d56 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -42,6 +42,20 @@ ms.date: 10/08/2020
 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
 - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
 - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
+- [ADMX_Bits/BITS_DisableBranchCache](./policy-csp-admx-bits.md#admx-bits-bits-disablebranchcache)
+- [ADMX_Bits/BITS_DisablePeercachingClient](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingclient)
+- [ADMX_Bits/BITS_DisablePeercachingServer](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingserver)
+- [ADMX_Bits/BITS_EnablePeercaching](./policy-csp-admx-bits.md#admx-bits-bits-enablepeercaching)
+- [ADMX_Bits/BITS_MaxBandwidthServedForPeers](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthservedforpeers)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Maintenance](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-maintenance)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Work](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-work)
+- [ADMX_Bits/BITS_MaxCacheSize](./policy-csp-admx-bits.md#admx-bits-bits-maxcachesize)
+- [ADMX_Bits/BITS_MaxContentAge](./policy-csp-admx-bits.md#admx-bits-bits-maxcontentage)
+- [ADMX_Bits/BITS_MaxDownloadTime](./policy-csp-admx-bits.md#admx-bits-bits-maxdownloadtime)
+- [ADMX_Bits/BITS_MaxFilesPerJob](./policy-csp-admx-bits.md#admx-bits-bits-maxfilesperjob)
+- [ADMX_Bits/BITS_MaxJobsPerMachine](./policy-csp-admx-bits.md#admx-bits-bits-maxjobspermachine)
+- [ADMX_Bits/BITS_MaxJobsPerUser](./policy-csp-admx-bits.md#admx-bits-bits-maxjobsperuser)
+- [ADMX_Bits/BITS_MaxRangesPerFile](./policy-csp-admx-bits.md#admx-bits-bits-maxrangesperfile)
 - [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile)
 - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index ec0aca468f..36abe447bb 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -245,6 +245,54 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
 
+### ADMX_Bits policies
+
+
    
+  
    
+    ADMX_Bits/BITS_DisableBranchCache
+  
    
+  
    
+    ADMX_Bits/BITS_DisablePeercachingClient
+  
    
+  
    
+    ADMX_Bits/BITS_DisablePeercachingServer
+  
    
+  
    
+    ADMX_Bits/BITS_EnablePeercaching
+  
    
+  
    
+    ADMX_Bits/BITS_MaxBandwidthServedForPeers
+  
    
+  
    
+    ADMX_Bits/BITS_MaxBandwidthV2_Maintenance
+  
    
+  
    
+    ADMX_Bits/BITS_MaxBandwidthV2_Work
+  
    
+  
    
+    ADMX_Bits/BITS_MaxCacheSize
+  
    
+  
    
+    ADMX_Bits/BITS_MaxContentAge
+  
    
+  
    
+    ADMX_Bits/BITS_MaxDownloadTime
+  
    
+  
    
+    ADMX_Bits/BITS_MaxFilesPerJob
+  
    
+  
    
+    ADMX_Bits/BITS_MaxJobsPerMachine
+  
    
+  
    
+    ADMX_Bits/BITS_MaxJobsPerUser
+  
    
+  
    
+    ADMX_Bits/BITS_MaxRangesPerFile
+  
    
+
    
+
+
 ### ADMX_Cpls policies
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index c4a92baec1..b5f4b7b748 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -70,7 +70,7 @@ manager: dansimp
 
    
 
 
-**ADMX_AuditSettings/IncludeCmdLine**  
+**ADMX_Bits/BITS_DisableBranchCache**  
 
 
 
@@ -113,16 +113,86 @@ manager: dansimp
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines what information is logged in security audit events when a new process has been created. This setting only applies when the Audit Process Creation policy is enabled.
+Available in the latest Windows 10 Insider Preview Build. This setting affects whether the BITS client is allowed to use Windows Branch Cache. If the Windows Branch Cache component is installed and enabled on a computer, BITS jobs on that computer can use Windows Branch Cache by default.
 
-If you enable this policy setting, the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
+If you enable this policy setting, the BITS client does not use Windows Branch Cache.
 
-If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.  
-
-Default is Not configured.
+If you disable or do not configure this policy setting, the BITS client uses Windows Branch Cache.
 
 > [!NOTE]
-> When this policy setting is enabled, any user with access to read the security events will be able to read the command line arguments for any successfully created process. Command line arguments can contain sensitive or private information, such as passwords or user data.
+> This policy setting does not affect the use of Windows Branch Cache by applications other than BITS. This policy setting does not apply to BITS transfers over SMB. This setting has no effect if the computer's administrative settings for Windows Branch Cache disable its use entirely.
+      
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow the BITS client to use Windows Branch Cache*
+-   GP name: *BITS_DisableBranchCache*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_DisablePeercachingClient**  
+
+
+
    
 
    
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computer will act as a BITS peer caching client. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
+
+If you enable this policy setting, the computer will no longer use the BITS peer caching feature to download files; files will be downloaded only from the origin server. However, the computer will still make files available to its peers.
+
+If you disable or do not configure this policy setting, the computer attempts to download peer-enabled BITS jobs from peer computers before reverting to the origin server.
+
+> [!NOTE]
+> This policy setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
 
 
 > [!TIP]
@@ -134,10 +204,883 @@ Default is Not configured.
 
 
 ADMX Info:  
--   GP English name: *Include command line in process creation events*
--   GP name: *IncludeCmdLine*
--   GP path: *System/Audit Process Creation*
--   GP ADMX file name: *AuditSettings.admx*
+-   GP English name: *Do not allow the computer to act as a BITS Peercaching client*
+-   GP name: *BITS_DisablePeercachingClient*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_DisablePeercachingServer**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the computer will act as a BITS peer caching server. By default, when BITS peer caching is enabled, the computer acts as both a peer caching server (offering files to its peers) and a peer caching client (downloading files from its peers).
+
+If you enable this policy setting, the computer will no longer cache downloaded files and offer them to its peers. However, the computer will still download files from peers.
+
+If you disable or do not configure this policy setting, the computer will offer downloaded and cached files to its peers.
+
+> [!NOTE]
+> This setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow the computer to act as a BITS Peercaching server*
+-   GP name: *BITS_DisablePeercachingServer*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_EnablePeercaching**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines if the Background Intelligent Transfer Service (BITS) peer caching feature is enabled on a specific computer. By default, the files in a BITS job are downloaded only from the origin server specified by the job's owner.
+
+If BITS peer caching is enabled, BITS caches downloaded files and makes them available to other BITS peers. When transferring a download job, BITS first requests the files for the job from its peers in the same IP subnet. If none of the peers in the subnet have the requested files, BITS downloads them from the origin server.
+
+If you enable this policy setting, BITS downloads files from peers, caches the files, and responds to content requests from peers. Using the "Do not allow the computer to act as a BITS peer caching server" and "Do not allow the computer to act as a BITS peer caching client" policy settings, it is possible to control BITS peer caching functionality at a more detailed level. However, it should be noted that the "Allow BITS peer caching" policy setting must be enabled for the other two policy settings to have any effect.
+
+If you disable or do not configure this policy setting, the BITS peer caching feature will be disabled, and BITS will download files directly from the origin server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow BITS Peercaching*
+-   GP name: *BITS_EnablePeercaching*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxBandwidthServedForPeers**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that BITS uses for peer cache transfers (this setting does not affect transfers from the origin server).
+
+To prevent any negative impact to a computer caused by serving other peers, by default BITS will use up to 30 percent of the bandwidth of the slowest active network interface. For example, if a computer has both a 100 Mbps network card and a 56 Kbps modem, and both are active, BITS will use a maximum of 30 percent of 56 Kbps. 
+
+You can change the default behavior of BITS, and specify a fixed maximum bandwidth that BITS will use for peer caching.
+
+If you enable this policy setting, you can enter a value in bits per second (bps) between 1048576 and 4294967200 to use as the maximum network bandwidth used for peer caching.
+
+If you disable this policy setting or do not configure it, the default value of 30 percent of the slowest active network interface will be used.
+
+> [!NOTE] 
+> This setting has no effect if the "Allow BITS peer caching" policy setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum network bandwidth used for Peercaching*
+-   GP name: *BITS_MaxBandwidthServedForPeers*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxBandwidthV2_Maintenance**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the maintenance days and hours. Maintenance schedules further limit the network bandwidth that is used for background transfers.
+
+If you enable this policy setting, you can define a separate set of network bandwidth limits and set up a schedule for the maintenance period.
+
+You can specify a limit to use for background jobs during a maintenance schedule. For example, if normal priority jobs are currently limited to 256 Kbps on a work schedule, you can further limit the network bandwidth of normal priority jobs to 0 Kbps from 8:00 A.M. to 10:00 A.M. on a maintenance schedule.
+
+If you disable or do not configure this policy setting, the limits defined for work or non-work schedules will be used.
+
+> [!NOTE]
+> The bandwidth limits that are set for the maintenance period supersede any limits defined for work and other schedules.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers*
+-   GP name: *BITS_MaxBandwidthV2_Maintenance*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxBandwidthV2_Work**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the network bandwidth that Background Intelligent Transfer Service (BITS) uses for background transfers during the work and non-work days and hours. The work schedule is defined using a weekly calendar, which consists of days of the week and hours of the day. All hours and days that are not defined in a work schedule are considered non-work hours.
+
+If you enable this policy setting, you can set up a schedule for limiting network bandwidth during both work and non-work hours. After the work schedule is defined, you can set the bandwidth usage limits for each of the three BITS background priority levels: high, normal, and low.
+
+You can specify a limit to use for background jobs during a work schedule. For example, you can limit the network bandwidth of low priority jobs to 128 Kbps from 8:00 A.M. to 5:00 P.M. on Monday through Friday, and then set the limit to 512 Kbps for non-work hours.
+
+If you disable or do not configure this policy setting, BITS uses all available unused bandwidth for background job transfers.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers*
+-   GP name: *BITS_MaxBandwidthV2_Work*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxCacheSize**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum amount of disk space that can be used for the BITS peer cache, as a percentage of the total system disk size. BITS will add files to the peer cache and make those files available to peers until the cache content reaches the specified cache size. By default, BITS will use 1 percent of the total system disk for the peercache.
+
+If you enable this policy setting, you can enter the percentage of disk space to be used for the BITS peer cache. You can enter a value between 1 percent and 80 percent.
+
+If you disable or do not configure this policy setting, the default size of the BITS peer cache is 1 percent of the total system disk size.
+
+> [!NOTE]
+> This policy setting has no effect if the "Allow BITS peer caching" setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the BITS Peercache size*
+-   GP name: *BITS_MaxCacheSize*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxContentAge**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the maximum age of files in the Background Intelligent Transfer Service (BITS) peer cache. In order to make the most efficient use of disk space, by default BITS removes any files in the peer cache that have not been accessed in the past 90 days.
+
+If you enable this policy setting, you can specify in days the maximum age of files in the cache. You can enter a value between 1 and 120 days.
+
+If you disable or do not configure this policy setting, files that have not been accessed for the past 90 days will be removed from the peer cache.
+
+> [!NOTE]
+> This policy setting has no effect if the "Allow BITS Peercaching" policy setting is disabled or not configured.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the age of files in the BITS Peercache*
+-   GP name: *BITS_MaxContentAge*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxDownloadTime**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the amount of time that Background Intelligent Transfer Service (BITS) will take to download the files in a BITS job.
+
+The time limit applies only to the time that BITS is actively downloading files. When the cumulative download time exceeds this limit, the job is placed in the error state.
+
+By default BITS uses a maximum download time of 90 days (7,776,000 seconds).
+
+If you enable this policy setting, you can set the maximum job download time to a specified number of seconds.
+
+If you disable or do not configure this policy setting, the default value of 90 days (7,776,000 seconds) will be used.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum BITS job download time*
+-   GP name: *BITS_MaxDownloadTime*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxFilesPerJob**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of files that a BITS job can contain. By default, a BITS job is limited to 200 files. You can use this setting to raise or lower the maximum number of files a BITS jobs can contain.
+
+If you enable this policy setting, BITS will limit the maximum number of files a job can contain to the specified number.
+
+If you disable or do not configure this policy setting, BITS will use the default value of 200 for the maximum number of files a job can contain.
+
+> [!NOTE]
+> BITS Jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of files allowed in a BITS job*
+-   GP name: *BITS_MaxFilesPerJob*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxJobsPerMachine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of BITS jobs that can be created for all users of the computer. By default, BITS limits the total number of jobs that can be created on the computer to 300 jobs. You can use this policy setting to raise or lower the maximum number of user BITS jobs.
+
+If you enable this policy setting, BITS will limit the maximum number of BITS jobs to the specified number.
+
+If you disable or do not configure this policy setting, BITS will use the default BITS job limit of 300 jobs.
+
+> [!NOTE]
+> BITS jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of BITS jobs for this computer*
+-   GP name: *BITS_MaxJobsPerMachine*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxJobsPerUser**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of BITS jobs that can be created by a user. By default, BITS limits the total number of jobs that can be created by a user to 60 jobs. You can use this setting to raise or lower the maximum number of BITS jobs a user can create.
+
+If you enable this policy setting, BITS will limit the maximum number of BITS jobs a user can create to the specified number.
+
+If you disable or do not configure this policy setting, BITS will use the default user BITS job limit of 300 jobs.
+
+> [!NOTE]
+> This limit must be lower than the setting specified in the "Maximum number of BITS jobs for this computer" policy setting, or 300 if the "Maximum number of BITS jobs for this computer" policy setting is not configured. BITS jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of BITS jobs for each user*
+-   GP name: *BITS_MaxJobsPerUser*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
+
+
+
+
    
+
+
+**ADMX_Bits/BITS_MaxRangesPerFile**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting limits the number of ranges that can be added to a file in a BITS job. By default, files in a BITS job are limited to 500 ranges per file. You can use this setting to raise or lower the maximum number ranges per file.
+
+If you enable this policy setting, BITS will limit the maximum number of ranges that can be added to a file to the specified number.
+
+If you disable or do not configure this policy setting, BITS will limit ranges to 500 ranges per file.
+
+> [!NOTE]
+> BITS Jobs created by services and the local administrator account do not count toward this limit.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the maximum number of ranges that can be added to the file in a BITS job*
+-   GP name: *BITS_MaxRangesPerFile*
+-   GP path: *Network\Background Intelligent Transfer Service (BITS)*
+-   GP ADMX file name: *Bits.admx*
 
 
 

From d8ef639eb5170b80b412cca61df36b26e9834fbc Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Wed, 21 Oct 2020 15:28:40 -0700
Subject: [PATCH 057/346] ring

---
 .../microsoft-defender-atp/deployment-rings.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index e43f88673b..266fd081ad 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -45,7 +45,7 @@ Table 1 provides an example of the deployment rings you might use.
 |:-----|:-----|
 Evaluate | Ring 1: Identify 50 systems for pilot testing 
 Pilot | Ring 2: 50-100  systems 
     	
-Full deployment | Roll out service to the rest of environment in larger increments.
+Full deployment | Ring 3: Roll out service to the rest of environment in larger increments.
 
 
 ## Evaluate

From 06bf32b6a8ef7fe0ba6acfda163a358a2fc6b397 Mon Sep 17 00:00:00 2001
From: Takeshi Katano 
Date: Thu, 22 Oct 2020 11:48:04 +0900
Subject: [PATCH 058/346] Incorrect WMI property names

SignatureFallbackOrder and SignatureDefinitionUpdateFileSharesSouce properties are for signature source order properties.
---
 ...atch-up-scans-microsoft-defender-antivirus.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
index f176529dde..31c00d261d 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/scheduled-catch-up-scans-microsoft-defender-antivirus.md
@@ -100,8 +100,10 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanParameters
+ScanScheduleDay
+ScanScheduleTime
+RandomizeScheduleTaskTimes
 ```
 
 See the following for more information and allowed parameters:
@@ -138,8 +140,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanOnlyIfIdleEnabled
 ```
 
 See the following for more information and allowed parameters:
@@ -173,8 +174,8 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+RemediationScheduleDay
+RemediationScheduleTime
 ```
 
 See the following for more information and allowed parameters:
@@ -210,8 +211,7 @@ See [Use PowerShell cmdlets to configure and run Microsoft Defender Antivirus](u
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
 
 ```WMI
-SignatureFallbackOrder
-SignatureDefinitionUpdateFileSharesSouce
+ScanScheduleQuickScanTime
 ```
 
 See the following for more information and allowed parameters:

From f2752581be06136f47f7f01ee8d4248e356cad2e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:25:54 +0500
Subject: [PATCH 059/346] Update mac-jamfpro-policies.md

---
 .../microsoft-defender-atp/mac-jamfpro-policies.md              | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
index a56afd0ef7..9a095843cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-jamfpro-policies.md
@@ -776,8 +776,6 @@ Follow the instructions on [Schedule scans with Microsoft Defender ATP for Mac](
 
 8. Select **Open**. Set the **Display Name** to **Microsoft Defender Advanced Threat Protection and Microsoft Defender Antivirus**.
 
-    - Manifest File: Select **Upload Manifest File**. 
-
     **Options tab**
     Keep default values.
 
     **Limitations tab**
     Keep default values.

From 911ac4e7705d8f3d08b3a5b4dd140c5877a119bb Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Thu, 22 Oct 2020 15:45:14 +0500
Subject: [PATCH 060/346] Update endpoint-detection-response-mac-preview.md

---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 4d724bc3ca..ea1b4c4883 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Endpoint detection and response capabilities in Microsoft Defender ATP for Mac are now in preview. To get these and other preview features, you must set up your Mac device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 29a6378eee6e63d1fb85cb9cb8804a709f159f58 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 22 Oct 2020 18:17:42 +0530
Subject: [PATCH 061/346] Updated-per-4571179

New topic created per 4571179
---
 ...ft-defender-atp-ios-privacy-information.md | 102 ++++++++++++++++++
 1 file changed, 102 insertions(+)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
new file mode 100644
index 0000000000..919925444f
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -0,0 +1,102 @@
+---
+title: Microsoft Defender ATP for iOS overview
+ms.reviewer:
+description: Describes how to install and use Microsoft Defender ATP for iOS
+keywords: microsoft, defender, atp, ios, overview, installation, deploy, uninstallation, intune
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: conceptual
+---
+
+# Microsoft Defender ATP for iOS - Privacy information
+
+>[!NOTE] 
+
+> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization does not see your browsing activity.
+
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. 
+
+Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service. 
+
+## Required Data 
+
+Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected: 
+
+### Web page / Network information 
+
+- Connection information only when a malicious connection/web page is detected. 
+
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection/web page is detected. 
+
+### Device and account information 
+
+- Device information such as date & time, iOS version, CPU info, and Device identifier 
+
+- Device identifier is one of the below: 
+
+    - Wi-Fi adapter MAC address 
+
+    - Randomly generated globally unique identifier (GUID) 
+
+- Tenant, Device and User information 
+
+    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. 
+
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory 
+
+    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
+
+    - User Principal Name – Email ID of the user 
+
+ 
+
+### Product and service usage data 
+
+The following information is collected only for Microsoft Defender ATP app installed on the device. 
+
+- App package info, including name, version, and app upgrade status. 
+
+- Actions performed in the app 
+
+- Crash report logs generated by iOS 
+
+- Memory usage data 
+
+## Optional Data 
+
+Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
+
+Optional diagnostic data includes: 
+
+- App, CPU, and network usage for Microsoft Defender ATP. 
+
+- Features configured by the admin. 
+
+- Basic information about the browsers on the device 
+
+Feedback Data is collected through in-app feedback provided by the user. 
+
+- The user’s email address, if they choose to provide it 
+
+- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
+
+[More on Privacy] 
+
+
+
+
+
+
+

From 294e55a611e6c01fdf7bf22ee7676e20b9fb40d4 Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 06:24:53 -0700
Subject: [PATCH 062/346] Update windowsdefenderapplicationguard-csp.md

---
 .../mdm/windowsdefenderapplicationguard-csp.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 59f3f7c19e..446d2447ff 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -125,7 +125,7 @@ The following list shows the supported values:
 - 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
 
 > [!NOTE]
-> This policy setting is no longer supported in the new Microsoft Edge browser.
+> This policy setting is no longer supported in the new Microsoft Edge browser. This policy will be eventually deprecated. 
 
 
 ADMX Info:  

From 72aec0fa09fcf82d6482801d394968e638aced12 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 18:55:48 +0530
Subject: [PATCH 063/346] Update
 microsoft-defender-atp-ios-privacy-information.md

editorial changes
---
 ...soft-defender-atp-ios-privacy-information.md | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 919925444f..f9602e8075 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 
 >[!NOTE] 
 
-> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. Microsoft or your organization does not see your browsing activity.
+> Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.
 
 Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. 
 
@@ -32,13 +32,15 @@ Information is collected to help keep Microsoft Defender ATP for iOS secure, up-
 
 ## Required Data 
 
-Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. Here's a list of the types of data being collected: 
+Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
 
-### Web page / Network information 
+Here is a list of the types of data being collected: 
 
-- Connection information only when a malicious connection/web page is detected. 
+### Web page or Network information 
 
-- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection/web page is detected. 
+- Connection information only when a malicious connection or web page is detected. 
+
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected. 
 
 ### Device and account information 
 
@@ -52,7 +54,7 @@ Required data consists of data that is necessary to make Microsoft Defender ATP
 
 - Tenant, Device and User information 
 
-    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. 
+    - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
 
     - Azure tenant ID - GUID that identifies your organization within Azure Active Directory 
 
@@ -60,7 +62,6 @@ Required data consists of data that is necessary to make Microsoft Defender ATP
 
     - User Principal Name – Email ID of the user 
 
- 
 
 ### Product and service usage data 
 
@@ -92,7 +93,7 @@ Feedback Data is collected through in-app feedback provided by the user.
 
 - Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
 
-[More on Privacy] 
+[More on Privacy](https://aka.ms/mdatpiosprivacystatement)
 
 
 

From adc3e359a9e4a4c7f3188d59d20d7576c5cb4f07 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 19:00:20 +0530
Subject: [PATCH 064/346] Update
 microsoft-defender-atp-ios-privacy-information.md

Updated last sentence.
---
 .../microsoft-defender-atp-ios-privacy-information.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index f9602e8075..3a98443e13 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -93,7 +93,7 @@ Feedback Data is collected through in-app feedback provided by the user.
 
 - Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
 
-[More on Privacy](https://aka.ms/mdatpiosprivacystatement)
+For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatement).
 
 
 

From bcae3bedeb31e1589ee5d70e0b9a332bb2210ee5 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 19:04:18 +0530
Subject: [PATCH 065/346] Update
 microsoft-defender-atp-ios-privacy-information.md

---
 .../microsoft-defender-atp-ios-privacy-information.md         | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 3a98443e13..40b2a41032 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -1,7 +1,7 @@
 ---
-title: Microsoft Defender ATP for iOS overview
+title: Microsoft Defender ATP for iOS - Privacy information
 ms.reviewer:
-description: Describes how to install and use Microsoft Defender ATP for iOS
+description: Describes privacy information for Microsoft Defender ATP for iOS
 keywords: microsoft, defender, atp, ios, overview, installation, deploy, uninstallation, intune
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150

From 007a98c19ad46029c933b31cb128db32ed0897cc Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 19:05:12 +0530
Subject: [PATCH 066/346] Update
 microsoft-defender-atp-ios-privacy-information.md

---
 .../microsoft-defender-atp-ios-privacy-information.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 40b2a41032..8dea1e1b65 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -2,7 +2,7 @@
 title: Microsoft Defender ATP for iOS - Privacy information
 ms.reviewer:
 description: Describes privacy information for Microsoft Defender ATP for iOS
-keywords: microsoft, defender, atp, ios, overview, installation, deploy, uninstallation, intune
+keywords: microsoft, defender, atp, ios, policy, overview
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10

From f974d0d68f8795c5b45a339cd392694aabb7b228 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 19:11:29 +0530
Subject: [PATCH 067/346] Update
 microsoft-defender-atp-ios-privacy-information.md

fixed warning
---
 .../microsoft-defender-atp-ios-privacy-information.md           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 8dea1e1b65..42757b9b13 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -20,7 +20,7 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP for iOS - Privacy information
+# Privacy information - Microsoft Defender ATP for iOS
 
 >[!NOTE] 
 

From af14dd3c3ef3e9372cf18e0116477f8c934e3d5c Mon Sep 17 00:00:00 2001
From: Lovina Saldanha <69782111+Lovina-Saldanha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 19:46:56 +0530
Subject: [PATCH 068/346] Update TOC.md

Added a new topic "microsoft-defender-atp-ios-privacy-information.md" per task 4571179
---
 windows/security/threat-protection/TOC.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 632fbafb38..80e899840d 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -275,6 +275,7 @@
 
 #### [Configure]()
 ##### [Configure iOS features](microsoft-defender-atp/ios-configure-features.md)
+#### [Privacy](microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md)
 
 
 ### [Microsoft Defender Advanced Threat Protection for Linux]()

From 5dccbc972ae9732d954f3187eb3db54c65f94f69 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 13:45:09 -0700
Subject: [PATCH 069/346] Added networkconnections ADMX-backed policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   27 +
 .../policy-configuration-service-provider.md  |   86 +
 .../mdm/policy-csp-admx-networkconnections.md | 2199 +++++++++++++++++
 4 files changed, 2313 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-networkconnections.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 318c9478e2..3d854f3d2e 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -199,6 +199,7 @@
 #### [ADMX_nca](policy-csp-admx-nca.md)
 #### [ADMX_NCSI](policy-csp-admx-ncsi.md)
 #### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
+#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md)
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index e7d26b7d56..33601d8c10 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -186,6 +186,33 @@ ms.date: 10/08/2020
 - [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
 - [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
 - [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
+- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
+- [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
+- [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
+- [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)
+- [ADMX_NetworkConnections/NC_DeleteAllUserConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deletealluserconnection)
+- [ADMX_NetworkConnections/NC_DeleteConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deleteconnection)
+- [ADMX_NetworkConnections/NC_DialupPrefs](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-dialupprefs)
+- [ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-donotshowlocalonlyicon)
+- [ADMX_NetworkConnections/NC_EnableAdminProhibits](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-enableadminprohibits)
+- [ADMX_NetworkConnections/NC_ForceTunneling](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-forcetunneling)
+- [ADMX_NetworkConnections/NC_IpStateChecking](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-ipstatechecking)
+- [ADMX_NetworkConnections/NC_LanChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanchangeproperties)
+- [ADMX_NetworkConnections/NC_LanConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanconnect)
+- [ADMX_NetworkConnections/NC_LanProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanproperties)
+- [ADMX_NetworkConnections/NC_NewConnectionWizard](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-newconnectionwizard)
+- [ADMX_NetworkConnections/NC_PersonalFirewallConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-personalfirewallconfig)
+- [ADMX_NetworkConnections/NC_RasAllUserProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasalluserproperties)
+- [ADMX_NetworkConnections/NC_RasChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-raschangeproperties)
+- [ADMX_NetworkConnections/NC_RasConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasconnect)
+- [ADMX_NetworkConnections/NC_RasMyProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasmyproperties)
+- [ADMX_NetworkConnections/NC_RenameAllUserRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamealluserrasconnection)
+- [ADMX_NetworkConnections/NC_RenameConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renameconnection)
+- [ADMX_NetworkConnections/NC_RenameLanConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamelanconnection)
+- [ADMX_NetworkConnections/NC_RenameMyRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamemyrasconnection)
+- [ADMX_NetworkConnections/NC_ShowSharedAccessUI](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-showsharedaccessui)
+- [ADMX_NetworkConnections/NC_Statistics](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-statistics)
+- [ADMX_NetworkConnections/NC_StdDomainUserSetLocation](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-stddomainusersetlocation)
 - [ADMX_OfflineFiles/Pol_AlwaysPinSubFolders](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-alwayspinsubfolders)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-1)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-2)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4b7f1c4669..f87ad5c5a8 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -769,6 +769,92 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
    
 
+### ADMX_NetworkConnections policies  
+
+
    
+  
    
+    ADMX_NetworkConnections/NC_AddRemoveComponents
+  
    
+  
    
+    ADMX_NetworkConnections/NC_AdvancedSettings
+  
    
+  
    
+    ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig
+  
    
+  
    
+    ADMX_NetworkConnections/NC_ChangeBindState
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DeleteAllUserConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DeleteConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DialupPrefs
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon
+  
    
+  
    
+    ADMX_NetworkConnections/NC_EnableAdminProhibits
+  
    
+  
    
+    ADMX_NetworkConnections/NC_ForceTunneling
+  
    
+  
    
+    ADMX_NetworkConnections/NC_IpStateChecking
+  
    
+  
    
+    ADMX_NetworkConnections/NC_LanChangeProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_LanConnect
+  
    
+  
    
+    ADMX_NetworkConnections/NC_LanProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_NewConnectionWizard
+  
    
+  
    
+    ADMX_NetworkConnections/NC_PersonalFirewallConfig
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasAllUserProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasChangeProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasConnect
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasMyProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameAllUserRasConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameLanConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameMyRasConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_ShowSharedAccessUI
+  
    
+  
    
+    ADMX_NetworkConnections/NC_Statistics
+  
    
+  
    
+    ADMX_NetworkConnections/NC_StdDomainUserSetLocation
+  
    
+
    
+
 ### ADMX_OfflineFiles policies
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
new file mode 100644
index 0000000000..fc26c1d0f5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -0,0 +1,2199 @@
+---
+title: Policy CSP - ADMX_NetworkConnections
+description: Policy CSP - ADMX_NetworkConnections
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/21/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_NetworkConnections
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_NetworkConnections policies  
+
+
    
+  
    
+    ADMX_NetworkConnections/NC_AddRemoveComponents
+  
    
+  
    
+    ADMX_NetworkConnections/NC_AdvancedSettings
+  
    
+  
    
+    ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig
+  
    
+  
    
+    ADMX_NetworkConnections/NC_ChangeBindState
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DeleteAllUserConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DeleteConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DialupPrefs
+  
    
+  
    
+    ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon
+  
    
+  
    
+    ADMX_NetworkConnections/NC_EnableAdminProhibits
+  
    
+  
    
+    ADMX_NetworkConnections/NC_ForceTunneling
+  
    
+  
    
+    ADMX_NetworkConnections/NC_IpStateChecking
+  
    
+  
    
+    ADMX_NetworkConnections/NC_LanChangeProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_LanConnect
+  
    
+  
    
+    ADMX_NetworkConnections/NC_LanProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_NewConnectionWizard
+  
    
+  
    
+    ADMX_NetworkConnections/NC_PersonalFirewallConfig
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasAllUserProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasChangeProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasConnect
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RasMyProperties
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameAllUserRasConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameLanConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_RenameMyRasConnection
+  
    
+  
    
+    ADMX_NetworkConnections/NC_ShowSharedAccessUI
+  
    
+  
    
+    ADMX_NetworkConnections/NC_Statistics
+  
    
+  
    
+    ADMX_NetworkConnections/NC_StdDomainUserSetLocation
+  
    
+
    
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_AddRemoveComponents**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Install and Uninstall buttons for components of connections in the Network Connections folder are enabled. Also, administrators can gain access to network components in the Windows Components Wizard.
+
+The Install button opens the dialog boxes used to add network components. Clicking the Uninstall button removes the selected component in the components list (above the button).
+
+The Install and Uninstall buttons appear in the properties dialog box for connections. These buttons are on the General tab for LAN connections and on the Networking tab for remote access connections.
+
+> [!NOTE]
+> When the "Prohibit access to properties of a LAN connection", "Ability to change properties of an all user remote access connection", or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the connection properties dialog box, the Install and Uninstall buttons for connections are blocked.
+>
+> Nonadministrators are already prohibited from adding and removing connection components, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit adding and removing components for a LAN or remote access connection*
+-   GP name: *NC_AddRemoveComponents*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_AdvancedSettings**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
+
+The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced Settings item is disabled for administrators.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Advanced Settings item is enabled for administrators.
+
+> [!NOTE]
+> Nonadministrators are already prohibited from accessing the Advanced Settings dialog box, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to the Advanced Settings item on the Advanced menu*
+-   GP name: *NC_AdvancedSettings*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can configure advanced TCP/IP settings.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting, the Advanced button is enabled, and all users can open the Advanced TCP/IP Setting dialog box.
+
+This setting is superseded by settings that prohibit access to properties of connections or connection components. When these policies are set to deny access to the connection properties dialog box or Properties button for connection components, users cannot gain access to the Advanced button for TCP/IP configuration.
+
+Changing this setting from Enabled to Not Configured does not enable the Advanced button until the user logs off.
+
+> [!NOTE]
+> Nonadministrators (excluding Network Configuration Operators) do not have permission to access TCP/IP advanced configuration for a LAN connection, regardless of this setting.
+
+> [!TIP]
+> To open the Advanced TCP/IP Setting dialog box, in the Network Connections folder, right-click a connection icon, and click Properties. For remote access connections, click the Networking tab.  In the "Components checked are used by this connection" box, click Internet Protocol (TCP/IP), click the Properties button, and then click the Advanced button.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit TCP/IP advanced configuration*
+-   GP name: *NC_AllowAdvancedTCPIPConfig*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_ChangeBindState**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Properties dialog box for a connection includes a check box beside the name of each component that the connection uses. Selecting the check box enables the component, and clearing the check box disables the component.
+
+> [!NOTE]
+> When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the check boxes for enabling and disabling the components of a LAN connection.
+>
+> Nonadministrators are already prohibited from enabling or disabling components for a LAN connection, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit Enabling/Disabling components of a LAN connection*
+-   GP name: *NC_ChangeBindState*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_DeleteAllUserConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete all user remote access connections.
+
+To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
+
+If you enable this setting, all users can delete shared remote access connections. In addition, if your file system is NTFS, users need to have Write access to Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk to delete a shared remote access connection.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete all-user remote access connections. (By default, users can still delete their private connections, but you can change the default by using the "Prohibit deletion of remote access connections" setting.)
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can delete all user remote access connections.
+
+When enabled, the "Prohibit deletion of remote access connections" setting takes precedence over this setting. Users (including administrators) cannot delete any remote access connections, and this setting is ignored.
+
+> [!NOTE]
+> LAN connections are created and deleted automatically by the system when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.
+> 
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to delete all user remote access connections*
+-   GP name: *NC_DeleteAllUserConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_DeleteConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete remote access connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, all users can delete their private remote access connections. Private connections are those that are available only to one user. (By default, only Administrators and Network Configuration Operators can delete connections available to all users, but you can change the default by using the "Ability to delete all user remote access connections" setting.)
+
+When enabled, this setting takes precedence over the "Ability to delete all user remote access connections" setting. Users cannot delete any remote access connections, and the "Ability to delete all user remote access connections" setting is ignored.
+
+> [!NOTE]
+> LAN connections are created and deleted automatically when a LAN adapter is installed or removed. You cannot use the Network Connections folder to create or delete a LAN connection.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+> 
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit deletion of remote access connections*
+-   GP name: *NC_DeleteConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_DialupPrefs**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
+
+The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Remote Access Preferences item is disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Remote Access Preferences item is enabled for all users.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to the Remote Access Preferences item on the Advanced menu*
+-   GP name: *NC_DialupPrefs*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether or not the "local access only" network icon will be shown.
+
+When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
+
+If you disable this setting or do not configure it, the "local access only" icon will be used when a user is connected to a network with local access only.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not show the "local access only" network icon*
+-   GP name: *NC_DoNotShowLocalOnlyIcon*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_EnableAdminProhibits**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
+
+The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
+
+By default, Network Connections group settings in Windows XP Professional do not have the ability to prohibit the use of features from Administrators.
+
+If you enable this setting, the Windows XP settings that existed in Windows 2000 Professional will have the ability to prohibit Administrators from using certain features. These settings are "Ability to rename LAN connections or remote access connections available to all users", "Prohibit access to properties of components of a LAN connection", "Prohibit access to properties of components of a remote access connection", "Ability to access TCP/IP advanced configuration", "Prohibit access to the Advanced Settings Item on the Advanced Menu", "Prohibit adding and removing components for a LAN or remote access connection", "Prohibit access to properties of a LAN connection", "Prohibit Enabling/Disabling components of a LAN connection", "Ability to change properties of an all user remote access connection", "Prohibit changing properties of a private remote access connection", "Prohibit deletion of remote access connections", "Ability to delete all user remote access connections", "Prohibit connecting and disconnecting a remote access connection", "Ability to Enable/Disable a LAN connection", "Prohibit access to the New Connection Wizard", "Prohibit renaming private remote access connections", "Prohibit access to the Remote Access Preferences item on the Advanced menu", "Prohibit viewing of status for an active connection". When this setting is enabled, settings that exist in both Windows 2000 Professional and Windows XP Professional behave the same for administrators.
+
+If you disable this setting or do not configure it, Windows XP settings that existed in Windows 2000 will not apply to administrators.
+
+> [!NOTE]
+> This setting is intended to be used in a situation in which the Group Policy object that these settings are being applied to contains both Windows 2000 Professional and Windows XP Professional computers, and identical Network Connections policy behavior is required between all Windows 2000 Professional and Windows XP Professional computers.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Enable Windows 2000 Network Connections settings for Administrators*
+-   GP name: *NC_EnableAdminProhibits*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_ForceTunneling**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
+
+When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.
+
+If you enable this policy setting, all traffic between a remote client computer running DirectAccess and the Internet is routed through the internal network.
+
+If you disable this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
+
+If you do not configure this policy setting, traffic between remote client computers running DirectAccess and the Internet is not routed through the internal network.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Route all traffic through the internal network*
+-   GP name: *NC_ForceTunneling*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_IpStateChecking**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
+
+If you enable this policy setting, this condition will not be reported as an error to the user.
+
+If you disable or do not configure this policy setting, a DHCP-configured connection that has not been assigned an IP address will be reported via a notification, providing the user with information as to how the problem can be resolved.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off notifications when a connection has only limited or no connectivity*
+-   GP name: *NC_IpStateChecking*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_LanChangeProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
+
+This setting determines whether the Properties button for components of a LAN connection is enabled.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for Administrators. Network Configuration Operators are prohibited from accessing connection components, regardless of the "Enable Network Connections settings for Administrators" setting.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Properties button is enabled for administrators and Network Configuration Operators.
+
+The Local Area Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
+
+> [!NOTE]
+> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
+>
+> When the "Prohibit access to properties of a LAN connection" setting is enabled, users are blocked from accessing the Properties button for LAN connection components.
+>
+> Network Configuration Operators only have permission to change TCP/IP properties. Properties for all other components are unavailable to these users.
+>
+> Nonadministrators are already prohibited from accessing properties of components for a LAN connection, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to properties of components of a LAN connection*
+-   GP name: *NC_LanChangeProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_LanConnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can enable/disable LAN connections.
+
+If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Enable and Disable menu items are disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can enable/disable LAN connections.
+
+> [!NOTE]
+> Administrators can still enable/disable LAN connections from Device Manager when this setting is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to Enable/Disable a LAN connection*
+-   GP name: *NC_LanConnect*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_LanProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can change the properties of a LAN connection.
+
+This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled for all users, and users cannot open the Local Area Connection Properties dialog box.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, a Properties menu item appears when users right-click the icon representing a LAN connection. Also, when users select the connection, Properties is enabled on the File menu.
+
+> [!NOTE]
+> This setting takes precedence over settings that manipulate the availability of features inside the Local Area Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a LAN connection is available to users.
+>
+> Nonadministrators have the right to view the properties dialog box for a connection but not to make changes, regardless of this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to properties of a LAN connection*
+-   GP name: *NC_LanProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_NewConnectionWizard**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Make New Connection icon appears in the Start menu and in the Network Connections folder for all users. Clicking the Make New Connection icon starts the New Connection Wizard.
+
+> [!NOTE]
+> Changing this setting from Enabled to Not Configured does not restore the Make New Connection icon until the user logs off or on. When other changes to this setting are applied, the icon does not appear or disappear in the Network Connections folder until the folder is refreshed.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to the New Connection Wizard*
+-   GP name: *NC_NewConnectionWizard*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_PersonalFirewallConfig**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
+
+Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.
+
+> [!IMPORTANT]
+> This setting is location aware. It only applies when a computer is connected to the same DNS domain network it was connected to when the setting was refreshed on that computer. If a computer is connected to a DNS domain network other than the one it was connected to when the setting was refreshed, this setting does not apply.
+
+The Internet Connection Firewall is a stateful packet filter for home and small office users to protect them from Internet network security threats.
+
+If you enable this setting, Internet Connection Firewall cannot be enabled or configured by users (including administrators), and the Internet Connection Firewall service cannot run on the computer. The option to enable the Internet Connection Firewall through the Advanced tab is removed. In addition, the Internet Connection Firewall is not enabled for remote access connections created through the Make New Connection Wizard. The Network Setup Wizard is disabled.
+
+If you enable the "Windows Firewall: Protect all network connections" policy setting, the "Prohibit use of Internet Connection Firewall on your DNS domain network" policy setting has no effect on computers that are running Windows Firewall, which replaces Internet Connection Firewall when you install Windows XP Service Pack 2.
+
+If you disable this setting or do not configure it, the Internet Connection Firewall is disabled when a LAN Connection or VPN connection is created, but users can use the Advanced tab in the connection properties to enable it. The Internet Connection Firewall is enabled by default on the connection for which Internet Connection Sharing is enabled. In addition, remote access connections created through the Make New Connection Wizard have the Internet Connection Firewall enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit use of Internet Connection Firewall on your DNS domain network*
+-   GP name: *NC_PersonalFirewallConfig*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RasAllUserProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
+
+To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
+
+This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box is available to users.
+
+If you enable this setting, a Properties menu item appears when any user right-clicks the icon for a remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and users (including administrators) cannot open the remote access connection properties dialog box.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can change properties of all-user remote access connections.
+
+> [!NOTE]
+> This setting takes precedence over settings that manipulate the availability of features inside the Remote Access Connection Properties dialog box. If this setting is disabled, nothing within the properties dialog box for a remote access connection will be available to users.
+> 
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to change properties of an all user remote access connection*
+-   GP name: *NC_RasAllUserProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RasChangeProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
+
+This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties button is disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting does not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Properties button is enabled for all users.
+
+The Networking tab of the Remote Access Connection Properties dialog box includes a list of the network components that the connection uses. To view or change the properties of a component, click the name of the component, and then click the Properties button beneath the component list.
+
+> [NOTE]
+> Not all network components have configurable properties. For components that are not configurable, the Properties button is always disabled.
+>
+> When the "Ability to change properties of an all user remote access connection" or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Remote Access Connection Properties dialog box, the Properties button for remote access connection components is blocked.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit access to properties of components of a remote access connection*
+-   GP name: *NC_RasChangeProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RasConnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can connect and disconnect remote access connections.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Connect and Disconnect options for remote access connections are available to all users. Users can connect or disconnect a remote access connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit connecting and disconnecting a remote access connection*
+-   GP name: *NC_RasConnect*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RasMyProperties**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of their private remote access connections.
+
+Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
+
+This setting determines whether the Properties menu item is enabled, and thus, whether the Remote Access Connection Properties dialog box for a private connection is available to users.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Properties menu items are disabled, and no users (including administrators) can open the Remote Access Connection Properties dialog box for a private connection.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, a Properties menu item appears when any user right-clicks the icon representing a private remote access connection. Also, when any user selects the connection, Properties appears on the File menu.
+
+> [!NOTE]
+> This setting takes precedence over settings that manipulate the availability of features in the Remote Access Connection Properties dialog box. If this setting is enabled, nothing within the properties dialog box for a remote access connection will be available to users.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit changing properties of a private remote access connection*
+-   GP name: *NC_RasMyProperties*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RenameAllUserRasConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename all-user remote access connections.
+
+To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
+
+If you enable this setting, the Rename option is enabled for all-user remote access connections. Any user can rename all-user connections by clicking an icon representing the connection or by using the File menu.
+
+If you disable this setting, the Rename option is disabled for nonadministrators only.
+
+If you do not configure the setting, only Administrators and Network Configuration Operators can rename all-user remote access connections.
+
+> [!NOTE]
+> This setting does not apply to Administrators.
+
+When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either Enabled or Disabled), this setting does not apply.
+
+This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to rename all user remote access connections*
+-   GP name: *NC_RenameAllUserRasConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RenameConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether users can rename LAN or all user remote access connections.
+
+If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.
+
+If you disable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option for LAN and all user remote access connections is disabled for all users (including Administrators and Network Configuration Operators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If this setting is not configured, only Administrators and Network Configuration Operators have the right to rename LAN or all user remote access connections.
+
+> [!NOTE]
+> When configured, this setting always takes precedence over the "Ability to rename LAN connections" and "Ability to rename all user remote access connections" settings.
+>
+> This setting does not prevent users from using other programs, such as Internet Explorer, to rename remote access connections.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to rename LAN connections or remote access connections available to all users*
+-   GP name: *NC_RenameConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RenameLanConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename a LAN connection.
+
+If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.
+
+If you disable this setting, the Rename option is disabled for nonadministrators only.
+
+If you do not configure this setting, only Administrators and Network Configuration Operators can rename LAN connections
+
+> [!NOTE]
+> This setting does not apply to Administrators.
+
+When the "Ability to rename LAN connections or remote access connections available to all users" setting is configured (set to either enabled or disabled), this setting does not apply.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Ability to rename LAN connections*
+-   GP name: *NC_RenameLanConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_RenameMyRasConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can rename their private remote access connections.
+
+Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
+
+If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Rename option is disabled for all users (including administrators).
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the Rename option is enabled for all users' private remote access connections. Users can rename their private connection by clicking an icon representing the connection or by using the File menu.
+
+> [!NOTE]
+> This setting does not prevent users from using other programs, such as Internet Explorer, to bypass this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit renaming private remote access connections*
+-   GP name: *NC_RenameMyRasConnection*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_ShowSharedAccessUI**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
+
+ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
+
+If you enable this setting, ICS cannot be enabled or configured by administrators, and the ICS service cannot run on the computer. The Advanced tab in the Properties dialog box for a LAN or remote access connection is removed. The Internet Connection Sharing page is removed from the New Connection Wizard. The Network Setup Wizard is disabled.
+
+If you disable this setting or do not configure it and have two or more connections, administrators can enable ICS. The Advanced tab in the properties dialog box for a LAN or remote access connection is available. In addition, the user is presented with the option to enable Internet Connection Sharing in the Network Setup Wizard and Make New Connection Wizard. (The Network Setup Wizard is available only in Windows XP Professional.)
+
+By default, ICS is disabled when you create a remote access connection, but administrators can use the Advanced tab to enable it. When running the New Connection Wizard or Network Setup Wizard, administrators can choose to enable ICS.
+
+> [!NOTE]
+> Internet Connection Sharing is only available when two or more network connections are present.
+
+When the "Prohibit access to properties of a LAN connection," "Ability to change properties of an all user remote access connection," or "Prohibit changing properties of a private remote access connection" settings are set to deny access to the Connection Properties dialog box, the Advanced tab for the connection is blocked.
+
+Nonadministrators are already prohibited from configuring Internet Connection Sharing, regardless of this setting.
+
+Disabling this setting does not prevent Wireless Hosted Networking from using the ICS service for DHCP services. To prevent the ICS service from running, on the Network Permissions tab in the network's policy properties, select the "Don't use hosted networks" check box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit use of Internet Connection Sharing on your DNS domain network*
+-   GP name: *NC_ShowSharedAccessUI*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_Statistics**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view the status for an active connection.
+
+Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.
+
+If you enable this setting, the connection status taskbar icon and Status dialog box are not available to users (including administrators). The Status option is disabled in the context menu for the connection and on the File menu in the Network Connections folder. Users cannot choose to show the connection icon in the taskbar from the Connection Properties dialog box.
+
+If the "Enable Network Connections settings for Administrators" is disabled or not configured, this setting will not apply to administrators on post-Windows 2000 computers.
+
+If you disable this setting or do not configure it, the connection status taskbar icon and  Status dialog box are available to all users.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prohibit viewing of status for an active connection*
+-   GP name: *NC_Statistics*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+
+**ADMX_NetworkConnections/NC_StdDomainUserSetLocation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether to require domain users to elevate when setting a network's location.
+
+If you enable this policy setting, domain users must elevate when setting a network's location.
+
+If you disable or do not configure this policy setting, domain users can set a network's location without elevating.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require domain users to elevate when setting a network's location*
+-   GP name: *NC_StdDomainUserSetLocation*
+-   GP path: *Network\Network Connections*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From 841672a23c709dd10c35597a823c84f33f44d3cb Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 13:56:16 -0700
Subject: [PATCH 070/346] Fixed broken link

---
 .../client-management/mdm/policies-in-policy-csp-admx-backed.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 33601d8c10..d20b416f31 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -186,7 +186,7 @@ ms.date: 10/08/2020
 - [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
 - [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
 - [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
-- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
+- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
 - [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
 - [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
 - [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)

From dd81439e0d370570fa99d7ccf6db9f70928898d2 Mon Sep 17 00:00:00 2001
From: adirdidi <68847945+adirdidi@users.noreply.github.com>
Date: Fri, 23 Oct 2020 00:20:32 +0300
Subject: [PATCH 071/346] Update configure-siem.md

Fixing the partners URL not to go to dogfood.
---
 .../threat-protection/microsoft-defender-atp/configure-siem.md  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
index aa9008f98a..b5d1923c6e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@@ -43,7 +43,7 @@ Microsoft Defender ATP currently supports the following specific SIEM solution t
 - IBM QRadar
 - Micro Focus ArcSight
 
-Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a different integration model based on the new Alert API. For more information, view the [Partner application](https://df.securitycenter.microsoft.com/interoperability/partners) page and select the Security Information and Analytics section for full details.
+Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a different integration model based on the new Alert API. For more information, view the [Partner application](https://securitycenter.microsoft.com/interoperability/partners) page and select the Security Information and Analytics section for full details.
 
 To use either of these supported SIEM tools you'll need to:
 

From ab9a8ce9ad2279b5a6209fb636f5431af770b32c Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 15:15:51 -0700
Subject: [PATCH 072/346] Added ADMX_Sensors policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   5 +
 .../policy-configuration-service-provider.md  |  20 +
 .../mdm/policy-csp-admx-networkconnections.md |  54 +--
 .../mdm/policy-csp-admx-sensors.md            | 401 ++++++++++++++++++
 5 files changed, 454 insertions(+), 27 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-sensors.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 3d854f3d2e..d26fe35e20 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -207,6 +207,7 @@
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
 #### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
+#### [ADMX_Sensors](policy-csp-admx-sensors.md)
 #### [ADMX_Servicing](policy-csp-admx-servicing.md)
 #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
 #### [ADMX_Sharing](policy-csp-admx-sharing.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index d20b416f31..0272022007 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -292,6 +292,11 @@ ms.date: 10/08/2020
 - [ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticsexecutionpolicy)
 - [ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticssecuritypolicy)
 - [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](/policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
+- [ADMX_Sensors/DisableLocationScripting_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-1)
+- [ADMX_Sensors/DisableLocationScripting_2](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-2)
+- [ADMX_Sensors/DisableLocation_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocation-1)
+- [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
+- [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index f87ad5c5a8..a0c7d8db35 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1126,6 +1126,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   
    
 
 
+### ADMX_Sensors policies  
+
+
    
+  
    
+    ADMX_Sensors/DisableLocationScripting_1
+  
    
+  
    
+    ADMX_Sensors/DisableLocationScripting_2
+  
    
+  
    
+    ADMX_Sensors/DisableLocation_1
+  
    
+  
    
+    ADMX_Sensors/DisableSensors_1
+  
    
+  
    
+    ADMX_Sensors/DisableSensors_2
+  
    
+
    
+
 ### ADMX_Servicing policies  
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index fc26c1d0f5..c9677897bc 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -153,7 +153,7 @@ manager: dansimp
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can add and remove network components for a LAN or remote access connection. This setting has no effect on nonadministrators.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Install and Uninstall buttons for components of connections are disabled, and administrators are not permitted to access network components in the Windows Components Wizard.
 
@@ -233,7 +233,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Advanced Settings item on the Advanced menu in Network Connections is enabled for administrators.
 
 The Advanced Settings item lets users view and change bindings and view and change the order in which the computer accesses connections, network providers, and print providers.
 
@@ -309,7 +309,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can configure advanced TCP/IP settings.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can configure advanced TCP/IP settings.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Advanced button on the Internet Protocol (TCP/IP) Properties dialog box is disabled for all users (including administrators). As a result, users cannot open the Advanced TCP/IP Settings Properties page and modify IP settings, such as DNS and WINS server information.
 
@@ -390,7 +390,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether administrators can enable and disable the components used by LAN connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the check boxes for enabling and disabling components are disabled. As a result, administrators cannot enable or disable the components that a connection uses.
 
@@ -466,7 +466,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete all user remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete all user remote access connections.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -548,7 +548,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can delete remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can delete remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), users (including administrators) cannot delete any remote access connections. This setting also disables the Delete option on the context menu for a remote access connection and on the File menu in the Network Connections folder.
 
@@ -628,7 +628,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the Remote Acccess Preferences item on the Advanced menu in Network Connections folder is enabled.
 
 The Remote Access Preferences item lets users create and change connections before logon and configure automatic dialing and callback features.
 
@@ -701,7 +701,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether or not the "local access only" network icon will be shown.
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether or not the "local access only" network icon will be shown.
 
 When enabled, the icon for Internet access will be shown in the system tray even when a user is connected to a network with local access only.
 
@@ -770,7 +770,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether settings that existed in Windows 2000 Server family will apply to Administrators.
 
 The set of Network Connections group settings that existed in Windows 2000 Professional also exists in Windows XP Professional. In Windows 2000 Professional, all of these settings had the ability to prohibit the use of certain features from Administrators.
 
@@ -846,7 +846,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a remote client computer  routes Internet traffic through the internal network or whether the client accesses the Internet directly.
 
 When a remote client computer connects to an internal network using DirectAccess, it can access the Internet in two ways: through the secure tunnel that DirectAccess establishes between the computer and the internal network, or directly through the local default gateway.
 
@@ -919,7 +919,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether notifications are shown to the user when a DHCP-configured connection is unable to retrieve an IP address from a DHCP server. This is often signified by the assignment of an automatic private IP address"(i.e. an IP address in the range 169.254.*.*). This indicates that a DHCP server could not be reached or the DHCP server was reached but unable to respond to the request with a valid IP address. By default, a notification is displayed providing the user with information on how the problem can be resolved.
 
 If you enable this policy setting, this condition will not be reported as an error to the user.
 
@@ -988,7 +988,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Administrators and Network Configuration Operators can change the properties of components used by a LAN connection.
 
 This setting determines whether the Properties button for components of a LAN connection is enabled.
 
@@ -1072,7 +1072,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can enable/disable LAN connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can enable/disable LAN connections.
 
 If you enable this setting, the Enable and Disable options for LAN connections are available to users (including nonadministrators). Users can enable/disable a LAN connection by double-clicking the icon representing the connection, by right-clicking it, or by using the File menu.
 
@@ -1148,7 +1148,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can change the properties of a LAN connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can change the properties of a LAN connection.
 
 This setting determines whether the Properties menu item is enabled, and thus, whether the Local Area Connection Properties dialog box is available to users.
 
@@ -1226,7 +1226,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can use the New Connection Wizard, which creates new network connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), the Make New Connection icon does not appear in the Start Menu on in the Network Connections folder. As a result, users (including administrators) cannot start the New Connection Wizard.
 
@@ -1302,7 +1302,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
+Available in the latest Windows 10 Insider Preview Build. This policy setting prohibits use of Internet Connection Firewall on your DNS domain network.
 
 Determines whether users can enable the Internet Connection Firewall feature on a connection, and if the Internet Connection Firewall service can run on a computer.
 
@@ -1380,7 +1380,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user can view and change the properties of remote access connections that are available to all users of the computer.
 
 To create an all-user remote access connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1462,7 +1462,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of components used by a private or all-user remote access connection.
 
 This setting determines whether the Properties button for components used by a private or all-user remote access connection is enabled.
 
@@ -1544,7 +1544,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can connect and disconnect remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can connect and disconnect remote access connections.
 
 If you enable this setting (and enable the "Enable Network Connections settings for Administrators" setting), double-clicking the icon has no effect, and the Connect and Disconnect menu items are disabled for all users (including administrators).
 
@@ -1615,7 +1615,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view and change the properties of their private remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view and change the properties of their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -1695,7 +1695,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename all-user remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename all-user remote access connections.
 
 To create an all-user connection, on the Connection Availability page in the New Connection Wizard, click the "For all users" option.
 
@@ -1775,7 +1775,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting Determines whether users can rename LAN or all user remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting Determines whether users can rename LAN or all user remote access connections.
 
 If you enable this setting, the Rename option is enabled for all users. Users can rename connections by clicking the icon representing a connection or by using the File menu.
 
@@ -1853,7 +1853,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether nonadministrators can rename a LAN connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether nonadministrators can rename a LAN connection.
 
 If you enable this setting, the Rename option is enabled for LAN connections. Nonadministrators can rename LAN connections by clicking an icon representing the connection or by using the File menu.
 
@@ -1929,7 +1929,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can rename their private remote access connections.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can rename their private remote access connections.
 
 Private connections are those that are available only to one user. To create a private connection, on the Connection Availability page in the New Connection Wizard, click the "Only for myself" option.
 
@@ -2005,7 +2005,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether administrators can enable and configure the Internet Connection Sharing (ICS) feature of an Internet connection and if the ICS service can run on the computer.
 
 ICS lets administrators configure their system as an Internet gateway for a small network and provides network services, such as name resolution and addressing through DHCP, to the local private network.
 
@@ -2087,7 +2087,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether users can view the status for an active connection.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether users can view the status for an active connection.
 
 Connection status is available from the connection status taskbar icon or from the Status dialog box. The Status dialog box displays information about the connection and its activity. It also provides buttons to disconnect and to configure the properties of the connection.
 
@@ -2160,7 +2160,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting determines whether to require domain users to elevate when setting a network's location.
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether to require domain users to elevate when setting a network's location.
 
 If you enable this policy setting, domain users must elevate when setting a network's location.
 
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
new file mode 100644
index 0000000000..00ff56dafe
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -0,0 +1,401 @@
+---
+title: Policy CSP - ADMX_Sensors
+description: Policy CSP - ADMX_Sensors
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Sensors
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_Sensors policies  
+
+
    
+  
    
+    ADMX_Sensors/DisableLocationScripting_1
+  
    
+  
    
+    ADMX_Sensors/DisableLocationScripting_2
+  
    
+  
    
+    ADMX_Sensors/DisableLocation_1
+  
    
+  
    
+    ADMX_Sensors/DisableSensors_1
+  
    
+  
    
+    ADMX_Sensors/DisableSensors_2
+  
    
+
    
+
+
+
    
+
+
+**ADMX_Sensors/DisableLocationScripting_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+
    
+
+
+**ADMX_Sensors/DisableLocationScripting_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+
    
+
+
+**ADMX_Sensors/DisableLocation_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
+
+If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
+
+If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off location*
+-   GP name: *DisableLocation_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+
    
+
+
+**ADMX_Sensors/DisableSensors_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+
    
+
+
+**ADMX_Sensors/DisableSensors_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From 42792eaf7500734ca05573627ce8a259b7abee7a Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 22 Oct 2020 16:20:49 -0700
Subject: [PATCH 073/346] Added ADMX_WCM policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   3 +
 .../policy-configuration-service-provider.md  |  14 +
 .../mdm/policy-csp-admx-wcm.md                | 272 ++++++++++++++++++
 4 files changed, 290 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-wcm.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index d26fe35e20..e4d03174c6 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -219,6 +219,7 @@
 #### [ADMX_TPM](policy-csp-admx-tpm.md)
 #### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
 #### [ADMX_W32Time](policy-csp-admx-w32time.md)
+#### [ADMX_WCM](policy-csp-admx-wcm.md)
 #### [ADMX_WinCal](policy-csp-admx-wincal.md)
 #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
 #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 0272022007..36a06c412f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -480,6 +480,9 @@ ms.date: 10/08/2020
 - [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
 - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
 - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
+- [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
+- [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
+- [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
 - [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
 - [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
 - [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index a0c7d8db35..42782da458 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1750,6 +1750,20 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
    
 
+### ADMX_WCM policies  
+
+
    
+  
    
+    ADMX_WCM/WCM_DisablePowerManagement
+  
    
+  
    
+    ADMX_WCM/WCM_EnableSoftDisconnect
+  
    
+  
    
+    ADMX_WCM/WCM_MinimizeConnections
+  
    
+
    
+
 ### ADMX_WinCal policies  
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
new file mode 100644
index 0000000000..0590f12265
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -0,0 +1,272 @@
+---
+title: Policy CSP - ADMX_WCM
+description: Policy CSP - ADMX_WCM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WCM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_WCM policies  
+
+
    
+  
    
+    ADMX_WCM/WCM_DisablePowerManagement
+  
    
+  
    
+    ADMX_WCM/WCM_EnableSoftDisconnect
+  
    
+  
    
+    ADMX_WCM/WCM_MinimizeConnections
+  
    
+
    
+
+
+
    
+
+
+**ADMX_WCM/WCM_DisablePowerManagement**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
+
+If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
+
+If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable power management in connected standby mode*
+-   GP name: *WCM_DisablePowerManagement*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+
+
+
    
+
+
+**ADMX_WCM/WCM_EnableSoftDisconnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
+
+If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
+
+If this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network.
+
+When soft disconnect is enabled:
+
+- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
+- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
+- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.
+
+This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Enable Windows to soft-disconnect a computer from a network*
+-   GP name: *WCM_EnableSoftDisconnect*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+
+
+
    
+
+
+**ADMX_WCM/WCM_MinimizeConnections**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
+
+If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
+
+If this policy setting is set to 3, the behavior is similar to 2. However, if there's an Ethernet connection, Windows won't allow users to connect to a WLAN manually. A WLAN can only be connected (automatically or manually) when there's no Ethernet connection.
+
+This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
+-   GP name: *WCM_MinimizeConnections*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 740abac7e76d8cdb245bc1034bd59ee4b2100b0b Mon Sep 17 00:00:00 2001
From: Sunny Zankharia <67922512+sazankha@users.noreply.github.com>
Date: Thu, 22 Oct 2020 23:12:17 -0700
Subject: [PATCH 074/346] Update
 windows/client-management/mdm/windowsdefenderapplicationguard-csp.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../mdm/windowsdefenderapplicationguard-csp.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 446d2447ff..6e88afcf72 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -125,7 +125,7 @@ The following list shows the supported values:
 - 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
 
 > [!NOTE]
-> This policy setting is no longer supported in the new Microsoft Edge browser. This policy will be eventually deprecated. 
+> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated eventually. 
 
 
 ADMX Info:  

From cd1a8187a990748cd8ea2986784c710d79af8d6d Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Fri, 23 Oct 2020 10:47:53 +0300
Subject: [PATCH 075/346] remove policy

Bitlocker is enabled by default on HoloLens 2. No need to enable it via CSP policy.

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8438
---
 .../mdm/policies-in-policy-csp-supported-by-hololens2.md         | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 20d7139bc6..739826c640 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -86,7 +86,6 @@ ms.date: 10/08/2020
 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
 - [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
 - [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
-- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)

From 57cee8adbb657c1e8fa7763cc5ab321676f08f50 Mon Sep 17 00:00:00 2001
From: VLG17 <41186174+VLG17@users.noreply.github.com>
Date: Fri, 23 Oct 2020 11:03:36 +0300
Subject: [PATCH 076/346] update wording

https://github.com/MicrosoftDocs/windows-itpro-docs/issues/8437
---
 .../microsoft-defender-atp/enable-network-protection.md         | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
index 76fd837692..f8805cd0d8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-network-protection.md
@@ -100,7 +100,7 @@ Use the following procedure to enable network protection on domain-joined comput
 4. Double-click the **Prevent users and apps from accessing dangerous websites** setting and set the option to **Enabled**. In the options section, you must specify one of the following options:
     * **Block** - Users can't access malicious IP addresses and domains
     * **Disable (Default)** - The Network protection feature won't work. Users won't be blocked from accessing malicious domains
-    * **Audit Mode** - If a user visits a malicious IP address or domain, an event won't be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
+    * **Audit Mode** - If a user visits a malicious IP address or domain, an event will be recorded in the Windows event log. However, the user won't be blocked from visiting the address.
 
 > [!IMPORTANT]
 > To fully enable network protection, you must set the Group Policy option to **Enabled** and also select **Block** in the options drop-down menu.

From 1c9f48782bcacf98c766bd0821c186a52e7a1e69 Mon Sep 17 00:00:00 2001
From: Asha Iyengar 
Date: Fri, 23 Oct 2020 19:17:58 +0530
Subject: [PATCH 077/346] Reviewed

---
 ...ft-defender-atp-ios-privacy-information.md | 25 ++++++++-----------
 1 file changed, 10 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 42757b9b13..d9f08b5875 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -26,11 +26,9 @@ ms.topic: conceptual
 
 > Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.
 
-Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. 
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. The information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected, and to support the service. 
 
-Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service. 
-
-## Required Data 
+## Required data 
 
 Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps. 
 
@@ -44,9 +42,7 @@ Here is a list of the types of data being collected:
 
 ### Device and account information 
 
-- Device information such as date & time, iOS version, CPU info, and Device identifier 
-
-- Device identifier is one of the below: 
+- Device information such as date & time, iOS version, CPU info, and Device identifier, where Device identifier is one of the following: 
 
     - Wi-Fi adapter MAC address 
 
@@ -56,12 +52,11 @@ Here is a list of the types of data being collected:
 
     - Azure Active Directory (AD) Device ID and Azure User ID - Uniquely identifies the device, User respectively at Azure Active directory. 
 
-    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory 
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory. 
 
     - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
 
-    - User Principal Name – Email ID of the user 
-
+    - User Principal Name – Email ID of the user. 
 
 ### Product and service usage data 
 
@@ -69,11 +64,11 @@ The following information is collected only for Microsoft Defender ATP app insta
 
 - App package info, including name, version, and app upgrade status. 
 
-- Actions performed in the app 
+- Actions performed in the app. 
 
-- Crash report logs generated by iOS 
+- Crash report logs generated by iOS. 
 
-- Memory usage data 
+- Memory usage data. 
 
 ## Optional Data 
 
@@ -85,11 +80,11 @@ Optional diagnostic data includes:
 
 - Features configured by the admin. 
 
-- Basic information about the browsers on the device 
+- Basic information about the browsers on the device. 
 
 Feedback Data is collected through in-app feedback provided by the user. 
 
-- The user’s email address, if they choose to provide it 
+- The user’s email address, if they choose to provide it.
 
 - Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
 

From 1aae76d28a3bd8cd9665fb4479a5849f64446938 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Fri, 23 Oct 2020 22:51:49 +0530
Subject: [PATCH 078/346] Rebrand-Update-4567381

Updated with new brandnames
---
 .../access-mssp-portal.md                     |  4 +-
 .../add-or-remove-machine-tags.md             |  6 +-
 .../advanced-features.md                      | 30 +++----
 ...nced-hunting-assignedipaddress-function.md |  2 +-
 .../advanced-hunting-best-practices.md        |  6 +-
 ...dvanced-hunting-devicealertevents-table.md |  4 +-
 .../advanced-hunting-deviceevents-table.md    |  4 +-
 ...hunting-devicefilecertificateinfo-table.md |  4 +-
 ...advanced-hunting-devicefileevents-table.md |  4 +-
 ...ced-hunting-deviceimageloadevents-table.md |  4 +-
 .../advanced-hunting-deviceinfo-table.md      |  6 +-
 ...dvanced-hunting-devicelogonevents-table.md |  4 +-
 ...anced-hunting-devicenetworkevents-table.md |  4 +-
 ...dvanced-hunting-devicenetworkinfo-table.md |  4 +-
 ...anced-hunting-deviceprocessevents-table.md |  4 +-
 ...nced-hunting-deviceregistryevents-table.md |  4 +-
 ...etvmsecureconfigurationassessment-table.md |  4 +-
 ...vmsecureconfigurationassessmentkb-table.md |  4 +-
 ...msoftwareinventoryvulnerabilities-table.md |  4 +-
 ...evicetvmsoftwarevulnerabilitieskb-table.md |  4 +-
 .../advanced-hunting-errors.md                |  4 +-
 .../advanced-hunting-extend-data.md           |  2 +-
 .../advanced-hunting-fileprofile-function.md  |  2 +-
 .../advanced-hunting-go-hunt.md               |  2 +-
 .../advanced-hunting-limits.md                |  4 +-
 ...ft-defender-atp-ios-privacy-information.md | 85 +++++++++++++++++++
 26 files changed, 147 insertions(+), 62 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md

diff --git a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
index b6e3f60ba0..ccf8b5f19e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/access-mssp-portal.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
index 0fb5352742..94849b6b18 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/add-or-remove-machine-tags.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## API description
 
@@ -38,7 +38,7 @@ Adds or remove tag to a specific [Machine](machine.md).
 
 ## Permissions
 
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |    Permission    |    Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
index 938309f9f2..725daf0761 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-features.md
@@ -17,18 +17,18 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure advanced features in Microsoft Defender ATP
+# Configure advanced features in Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedfeats-abovefoldlink)
 
-Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Microsoft Defender ATP with.
+Depending on the Microsoft security products that you use, some advanced features might be available for you to integrate Defender for Endpoint with.
 
 Use the following advanced features to get better protected from potentially malicious files and gain better insight during security investigations:
 
@@ -88,7 +88,7 @@ To use this feature, devices must be running Windows 10 version 1709 or later. T
 For more information, see [Manage indicators](manage-indicators.md).
 
 >[!NOTE]
->Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Microsoft Defender ATP data.
+>Network protection leverages reputation services that process requests in locations that might be outside of the location you have selected for your Defender for Endpoint data.
 
 ## Show user details
 
@@ -116,9 +116,9 @@ The integration with Azure Advanced Threat Protection allows you to pivot direct
 
 ## Microsoft Secure Score
 
-Forwards Microsoft Defender ATP signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
+Forwards Defender for Endpoint signals to Microsoft Secure Score in the Microsoft 365 security center. Turning on this feature gives Microsoft Secure Score visibility into the devices security posture. Forwarded data is stored and processed in the same location as the your Microsoft Secure Score data.
 
-### Enable the Microsoft Defender ATP integration from the Azure ATP portal
+### Enable the Defender for Endpoint integration from the Azure ATP portal
 
 To receive contextual device integration in Azure ATP, you'll also need to enable the feature in the Azure ATP portal.
 
@@ -139,18 +139,18 @@ When you turn this feature on, you'll be able to incorporate data from Office 36
 >[!NOTE]
 >You'll need to have the appropriate license to enable this feature. 
 
-To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Microsoft Defender ATP settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
+To receive contextual device integration in Office 365 Threat Intelligence, you'll need to enable the Defender for Endpoint settings in the Security & Compliance dashboard. For more information, see [Office 365 Threat Intelligence overview](https://support.office.com/en-us/article/Office-365-Threat-Intelligence-overview-32405DA5-BEE1-4A4B-82E5-8399DF94C512).
 
 ## Microsoft Threat Experts
 
-Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability. Experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Microsoft Defender ATP portal's alerts dashboard and via email if you configure it.
+Out of the two Microsoft Threat Expert components, targeted attack notification is in general availability. Experts-on-demand capability is still in preview. You can only use the experts-on-demand capability if you have applied for preview and your application has been approved. You can receive targeted attack notifications from Microsoft Threat Experts through your Defender for Endpoint portal's alerts dashboard and via email if you configure it.
 
 >[!NOTE]
->The Microsoft Threat Experts capability in Microsoft Defender ATP is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
+>The Microsoft Threat Experts capability in Defender for Endpoint is available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security).
 
 ## Microsoft Cloud App Security
 
-Enabling this setting forwards Microsoft Defender ATP signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
+Enabling this setting forwards Defender for Endpoint signals to Microsoft Cloud App Security to provide deeper visibility into cloud application usage. Forwarded data is stored and processed in the same location as your Cloud App Security data.
 
 >[!NOTE]
 >This feature will be available with an E5 license for [Enterprise Mobility + Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) on devices running Windows 10, version 1709 (OS Build 16299.1085 with [KB4493441](https://support.microsoft.com/help/4493441)), Windows 10, version 1803 (OS Build 17134.704 with [KB4493464](https://support.microsoft.com/help/4493464)), Windows 10, version 1809 (OS Build 17763.379 with [KB4489899](https://support.microsoft.com/help/4489899)) or later Windows 10 versions.
@@ -161,10 +161,10 @@ Turning on this setting allows signals to be forwarded to Azure Information Prot
 
 ## Microsoft Intune connection
 
-Microsoft Defender ATP can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Microsoft Defender ATP device information with Intune, enhancing policy enforcement.
+Defender for Endpoint can be integrated with [Microsoft Intune](https://docs.microsoft.com/intune/what-is-intune) to [enable device risk-based conditional access](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune). When you [turn on this feature](configure-conditional-access.md), you'll be able to share Defender for Endpoint device information with Intune, enhancing policy enforcement.
 
 >[!IMPORTANT]
->You'll need to enable the integration on both Intune and Microsoft Defender ATP to use this feature. For more information on specific steps, see [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md).
+>You'll need to enable the integration on both Intune and Defender for Endpoint to use this feature. For more information on specific steps, see [Configure Conditional Access in Defender for Endpoint](configure-conditional-access.md).
 
 This feature is only available if you have the following:
 
@@ -181,7 +181,7 @@ When you enable Intune integration, Intune will automatically create a classic C
 
 ## Preview features
 
-Learn about new features in the Microsoft Defender ATP preview release and be among the first to try upcoming features by turning on the preview experience.
+Learn about new features in the Defender for Endpoint preview release and be among the first to try upcoming features by turning on the preview experience.
 
 You'll have access to upcoming features, which you can provide feedback on to help improve the overall experience before features are generally available.
 
@@ -189,7 +189,7 @@ You'll have access to upcoming features, which you can provide feedback on to he
 
 Forwards endpoint security alerts and their triage status to Microsoft Compliance Center, allowing you to enhance insider risk management policies with alerts and remediate internal risks before they cause harm. Forwarded data is processed and stored in the same location as your Office 365 data.
 
-After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Microsoft Defender ATP alerts will be shared with insider risk management for applicable users.
+After configuring the [Security policy violation indicators](https://docs.microsoft.com/microsoft-365/compliance/insider-risk-management-settings.md#indicators) in the insider risk management settings, Defender for Endpoint alerts will be shared with insider risk management for applicable users.
 
 ## Enable advanced features
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
index f533aa5473..46e60648d1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-assignedipaddress-function.md
@@ -24,7 +24,7 @@ ms.date: 09/20/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Use the `AssignedIPAddresses()` function in your advanced hunting queries to quickly obtain the latest IP addresses that have been assigned to a device. If you specify a timestamp argument, this function obtains the most recent IP addresses at the specified time.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
index 89bace1c01..bd47d4a12b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-best-practices.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-abovefoldlink)
 
 ## Optimize query performance
 
@@ -91,7 +91,7 @@ DeviceProcessEvents
 | where CanonicalCommandLine contains "stop" and CanonicalCommandLine contains "MpsSvc" 
 ```
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-bestpractices-belowfoldlink)
 
 ## Related topics
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
index d8fa5a458c..51940745aa 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicealertevents-table.md
@@ -25,9 +25,9 @@ ms.date: 01/22/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceAlertEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about alerts in Microsoft Defender Security Center. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
index 191dcbcb0e..82be65bdc4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The miscellaneous device events or `DeviceEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about various event types, including events triggered by security controls, such as Microsoft Defender Antivirus and exploit protection. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
index 427c9164c2..20c0ceb254 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefilecertificateinfo-table.md
@@ -25,9 +25,9 @@ ms.date: 01/14/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceFileCertificateInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file signing certificates. This table uses data obtained from certificate verification activities regularly performed on files on endpoints.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
index ca50907f7c..2a453a4169 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicefileevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceFileEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about file creation, modification, and other file system events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
index 65b9b2927c..a00c2ef094 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceimageloadevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceImageLoadEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about DLL loading events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
index 652be88f72..8c806a1b38 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceinfo-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about devices in the organization, including their OS version, active users, and computer name. Use this reference to construct queries that return information from the table.
 
@@ -38,7 +38,7 @@ For information on other tables in the advanced hunting schema, see [the advance
 | `DeviceId` | string | Unique identifier for the device in the service |
 | `DeviceName` | string | Fully qualified domain name (FQDN) of the device |
 | `ClientVersion` | string | Version of the endpoint agent or sensor running on the device |
-| `PublicIP` | string | Public IP address used by the onboarded device to connect to the Microsoft Defender ATP service. This could be the IP address of the device itself, a NAT device, or a proxy |
+| `PublicIP` | string | Public IP address used by the onboarded device to connect to the Defender for Endpoint service. This could be the IP address of the device itself, a NAT device, or a proxy |
 | `OSArchitecture` | string | Architecture of the operating system running on the device |
 | `OSPlatform` | string | Platform of the operating system running on the device. This indicates specific operating systems, including variations within the same family, such as Windows 10 and Windows 7 |
 | `OSBuild` | string | Build version of the operating system running on the device |
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
index fcdbc783c4..c04883052f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicelogonevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceLogonEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about user logons and other authentication events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
index ba1a43141f..467888a9d3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceNetworkEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about network connections and related events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
index df10438741..48ae9ead1e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicenetworkinfo-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceNetworkInfo` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about networking configuration of devices, including network adapters, IP and MAC addresses, and connected networks or domains. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
index ea24aafcd0..921304b30c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceprocessevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceProcessEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about process creation and related events. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
index 5278fc3224..ec6f722e98 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-deviceregistryevents-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 The `DeviceRegistryEvents` table in the [advanced hunting](advanced-hunting-overview.md) schema contains information about the creation and modification of registry entries. Use this reference to construct queries that return information from the table.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
index 8b7ff40a50..52e32d5aee 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessment-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
index 17aa063a7e..317e6e26c6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsecureconfigurationassessmentkb-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
index 138d4d539a..d61956dee5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwareinventoryvulnerabilities-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 
 [!include[Prerelease information](../../includes/prerelease.md)]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
index 7cd66a3115..0779d7d929 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-devicetvmsoftwarevulnerabilitieskb-table.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/WindowsForBusiness/windows-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
index ec16f7a73d..ab53ab3585 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-errors.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 
 Advanced hunting displays errors to notify for syntax mistakes and whenever queries hit [predefined limits](advanced-hunting-limits.md). Refer to the table below for tips on how to resolve or avoid errors. 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
index a1cde2051e..60566f53f5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-extend-data.md
@@ -24,7 +24,7 @@ ms.date: 10/10/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Advanced hunting](advanced-hunting-overview.md) relies on data coming from across your organization. To get the most comprehensive data possible, ensure that you have the correct settings in the corresponding data sources.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
index 4d6f6bd635..365f8ef6ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-fileprofile-function.md
@@ -22,7 +22,7 @@ ms.date: 09/20/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 The `FileProfile()` function is an enrichment function in [advanced hunting](advanced-hunting-overview.md) that adds the following data to files found by the query.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
index a2ad985d29..9b8aed20bc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-go-hunt.md
@@ -23,7 +23,7 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 With the *go hunt* action, you can quickly investigate events and various entity types using powerful query-based [advanced hunting](advanced-hunting-overview.md) capabilities. This action automatically runs an advanced hunting query to find relevant information about the selected event or entity.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
index 84a36793d9..0516afc2f2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-limits.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 To keep the service performant and responsive, advanced hunting sets various limits for queries run manually and by [custom detection rules](custom-detection-rules.md). Refer to the following table to understand these limits.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
new file mode 100644
index 0000000000..9936fd17df
--- /dev/null
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -0,0 +1,85 @@
+---
+title: Microsoft Defender ATP for iOS privacy information
+ms.reviewer:
+description: Describes the policy information for Microsoft Defender ATP for iOS
+keywords: microsoft, defender, atp, ios, privacy, overview, installation, deploy, uninstallation, intune
+search.product: eADQiWindows 10XVcnh
+search.appverid: met150
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+ms.author: macapara
+author: mjcaparas
+ms.localizationpriority: medium
+manager: dansimp
+audience: ITPro
+ms.collection: 
+- m365-security-compliance 
+- m365initiative-defender-endpoint 
+ms.topic: conceptual
+---
+
+# Microsoft Defender ATP for iOS - Privacy information
+
+>[!NOTE]
+> Microsoft Defender ATP for iOS uses a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization does not see your browsing activity.
+
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP.
+
+Information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected and to support the service.
+
+## Required Data 
+
+Required data consists of data that is necessary to make Microsoft Defender ATP for iOS work as expected. This data is essential to the operation of the service and can include data related to the end user, organization, device, and apps.
    
+Here's a list of the types of data being collected:
+
+### Web page or Network information
+
+- Connection information only when a malicious connection or web page is detected. 
+- Protocol type (such as HTTP, HTTPS, etc.) only when a malicious connection or web page is detected.
+
+### Device and account information
+
+- Device information such as date & time, iOS version, CPU info, and Device identifier
+- Device identifier is one of the below: 
+    - Wi-Fi adapter MAC address 
+    - Randomly generated globally unique identifier (GUID) 
+- Tenant, Device and User information 
+    - Azure Active Directory (AD) Device ID and Azure User ID: Uniquely identifies the device, User respectively at Azure Active directory. 
+    - Azure tenant ID - GUID that identifies your organization within Azure Active Directory 
+    - Microsoft Defender ATP org ID - Unique identifier associated with the enterprise that the device belongs to. Allows Microsoft to identify whether issues are impacting a select set of enterprises and how many enterprises are impacted. 
+    - User Principal Name – Email ID of the user 
+
+### Product and service usage data 
+
+The following information is collected only for Microsoft Defender ATP app installed on the device. 
+
+- App package info, including name, version, and app upgrade status. 
+- Actions performed in the app 
+- Crash report logs generated by iOS 
+- Memory usage data 
+
+## Optional Data 
+
+Optional data includes diagnostic data and feedback data from the client. Optional diagnostic data is additional data that helps us make product improvements and provides enhanced information to help us detect, diagnose, and fix issues. This data is only for diagnostic purposes and is not required for the service itself. 
+
+Optional diagnostic data includes: 
+
+- App, CPU, and network usage for Microsoft Defender ATP. 
+- Features configured by the admin. 
+
+Feedback Data is collected through in-app feedback provided by the user. 
+
+- The user’s email address, if they choose to provide it
+- Feedback type (smile, frown, idea) and any feedback comments submitted by the user. 
+
+[More on Privacy](https://aka.ms/mdatpiosprivacystatement)
+
+
+
+
+
+
+
+

From f86ab6f48a97447247edb1aef2621ce4ada1d7c7 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Fri, 23 Oct 2020 12:41:06 -0700
Subject: [PATCH 079/346] update image

---
 .../images/deployment-rings.png               | Bin 37348 -> 24969 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png b/windows/security/threat-protection/microsoft-defender-atp/images/deployment-rings.png
index 2caccad26ad86d7fdd82b4335c7a96404eddede7..6a806b001a5c101cf8d576458ba47f9df17cf86a 100644
GIT binary patch
literal 24969
zcmYg&1ymL5_x4dyLApb_kw!!W1d;BN?nb(#qy&`)2?+sdkrwGj0TDrv?k?%>`u6eu
z{%d`Aox60MIWzOlp8f84o@X1PtSE(fhwKglfxwiJ7FR_eu8SfN*Njka!8i5fMOp9%
znxnL~3j#sJfc*cOj4J&$e0kedMnU5C!X09KOuC+-_#6a+8X+St`phF`ee$J;?qDkC
zd5QP$$x@2zXfz~tZ=7u?n$hCMl44#-qkK}66^Krx{E@r=T3V^+tntmjD*Z}Q|MT?s
zvM;+klXU3cJbFaI7=wOa`Bs4W*qEv@Q}SmYlcq7zYYadCUYTj~ED
zre_ot7Z>NH<3@vnnWTA7HW0x9m{H+$2qRnX>z
z5o5D>xGM1`c;e5waZ!z|JjmzquMrR}WK?reP5RLNU7-@)YGxMjdfPjA|Mi}}81f7E
z>4o8$Z4$|LMlJzi?i0&D!&_G?!W9k?!NFhS-o`Sh@?c^_7@N@gkCxr}^N>FjT|bcD
zr;*Ce@}<+^9HQF|V`jbWTFM%^{I7#z=Cm7?H*s-Qz99Ukg?u#!d`9rZ)p+=XUuDcX
zEi6BOmyi~u)N?Sqz?9%P7b~}&y7KBu9{bkYAF7l=x1NZFH!Z*u@7Ycq)+L^Cp=DO@
zV}@Txgof?Tiu4DHF>%g)F2TRN|JbUDKi%0Cj1yvtCvJ?18FlTCk*oK0D({Jq8&rDD
zDuzsvRr;!eykNF$BRp}0|EpQ<@Tl9$&l00dFBR*3XLxl)R-0G$F06wj#l_?BH-T@+%)>3|ClJ@XA&3PC_A6a|2l6#V2)~C764^}D8
zMs0nRaGwqyGe#cAfa7LnuH-FQv3p1LyGtzRLAjX3oS1q4?k#D87k9(!RO*Y7J?_-S
zmm9^yKK!n80b?}CQ-v5swF~{MFd8oCj*mpV!-uCX<0kdNE@(!0aprHO+PS%L{lUJz
z2jlqs-n*Iqoy7oWnK*iolVQRu;5c8+!S|RR&U2H7^Ry#ml;5sVk%@^m-fBNj9XS}E
z=l^ET3ho#a07q8ul1r!<3s0SWzR`5L;pCxo^qB$=OrU6t7ia8sTar7s8nN{;Mc#L;
z`!N5%Bfr!H5g!I79|k-@@E?D>>Alvp)l!*@&2=p^W#Q;dMML9OgyfB|wwP@<+DtQJ
zxp%)f4kCuKwK_Q^l`oS+QvWTp&HO+^+Lb0A{TlrqOdf@9vuypw$^$(T^#adzP{
zax!=O?>ec5ApI{V-zF+`b#>JM+|Fn^DP?W#q`A+*!2>Py(l--MCI5^*ew}ta17$U#1DGr2(U4C0W(!MBWH?&K}AajsXPvf?N~X>s_?L(pU;O(
z8d}xcvFW^ts3=_gLT|Gg6-O=?QERoFIn9C_Y#vO6%~YJ5x3wY=)Nhh23{XxDyNM1;wa)t*0sx(6H}}6{#>|H
z+_MA@g<@S|o7YL+&$Qj$-DOQ7q+l_M%J2yAy&A^;D0zY2&c#QmEJzOFB=nWcAKrug
zC}vlzcZC>@Z0#F#;(UthxGKNE
zD#}V%sJpwo$2%faKgPGx)C9>hS$fwFtZZ$c{h#5UXl|hjuaPusv|n>|#m@U@H-#Iq
z>HL^j5wqAq<2xcLTX__Bz?ux#nB>AUER9eCTTDkv&$#fZGey?^{#6!4$$UM!;bz7A
z;dP`_jou$C-tDssnTR%%(kHq73N?1o%*O-gsPhVfm<{xH>g(Cj`4Xm+J)7##{hJAJKgFgkzyz6TILvkAQW82Vg
z^V{8^u|cdL<}C0H)BuE$^Tijzt$KW-u$yjm6p~rEteVB*a&qYT`T5Tx<6>xz@f(io
zl!&6*Z$wDaUF7vz%{bQ(jAt?!n-oPJn{$zTpAswIm?gouwUQ`ZMD}gx=9VQFiBZ+K
zm`V71#H}sPt)~QQNdY}H4nC#h8-G?@X?9L7e2*`D+j@j3m7X4D_piW@3H4KVeR#<*
z$+3`&ZnZI^Wfb)r>KD;Q*i}B5PZT-59xZ-{x?6e-@T^DYdq|lA=DzTDbv4X*Sz6NS)H`027o=_vQdQlTP-+cH$#-FN~$NJl%
zOcV!YC1cgO=F7_?dkOdC@eK{On{-{EJReD9LXNmjUrU`>GZ*o{X9rZKv?WR@;#;*AUy^(K(qTUHHjI%Ad#X
zH}ouv+1VAjVl^0Gi{enD1`w2u+Da-Y{Epkq%glT_*1o*=&7@R%tIQ*6?r?Q=_4AfH
zqY>Wgj=|}dr&2qHzF(2K(Uj^*+?%DIG|qz|0)$P=@Yfbwz7{K9
zS&@Q*fW34B#3_B5z>es@8ZMr
zzG|@{eP{D7_chtu$-h7S4VBY8ib{MP%5H)cBxb#m#8I&+V|Skqt#&{#99wwv`_7g5ZN{*IMR+>hgI+?kC*?8$c
zmVtx&8uCb6o<*?kQ4^)W?p
z2#V<4>hzuDxk{HL4Ny0nYo68yw;nH4Joar8$qpXbaATFs4!PMH9Ya($icv6_|92NZ
zD#4v9^gx6$7R{pU(cA?+?bORqsY-=Fu6gT#)7$NTT(>bkT6-97CJ1DI8lUVghW5%K2o7uy4i2oWtz)`NhS!Ywk_oX5ONI+bEbRG`XI%xvBwuzs;Nz2R
zS#8_nd-#ym1b6;^l6F-Rb2`!I;%erFknyky`pwVZk^2lLeMwu%0OO0Ht23ZF^mHC?OjYUS;B)7p8987P5
zu9*KR?28r~tmsbOIBibExG(YE372VY%a0#79P5v-;X_USO9w1sW>5X0mb90G4;OW&
zX+r>2iIrHCfi`oUK{1|0=pl}RLU$DkW>n;S$FdI6dsK9I`S?B+vKB(gQj~Sztgl#w
za)22*_poVi{{2I-AY@(C+ZA61@9_%tu%g`bsDKISEy2M&%8HDlP^3etM(aE4t%NjY
zFtgaA9-eES0}55u(F~REV5S>06b*6Tob$PA-HiyKP@KKGXw!uUgs(|CEMwBY%{uL4
zN6s}}PT;?^MD`Us&a`M`6v@pa$0(OgS35+fw`<6R7!rD|UQ1?)LX|X@(P}=JuMXK#
zP3I^m_^CD<(en+?U+j;fQLZ(cDm6qLhTX6Z5`FZyFGmjH50CYpE<{PL)9i6d&$8Mh
zJX(fSMPlwp#KR|{an0>x9~Cfe1)4ait11mKiQ?m5vvnbF4yly;w?JdaAdsAcLuw?m
zUj4QZqsDnhv=PUIR$93%P${0HsKF!(8U46s@A3J{h$qw#w7*z566CBsLkAfh5jK%4p6
z+_@-edMl{IET++&pIns(ugi*;76(-tO|81Mb?qRtu~B$^=j>=J$e={?-1cB~5aEA#
zc$hfe0=X}A^M2Iw-nIL;0lhZ>J|Er9(j>X73o%CHJe?3
z&X){Z4+3&FQ8ru>(&`F{ryOY;=UPm9Zz)=MxPsAH|LuRliz$Si-PvZSFl226GBE_>
z4<9}R7fI!n+YECc&pU%~iW)#&)QE+!C?l23QW?WS!c4@@qV}E
z3)0KY%aieHFz+Nn#1`F$SOtNpch{Vkj0W}klo#tRx!dpGzx&o6*bKEk_(G#$B3o*%
zj~ADa`_0eq)6FbXe5B{Z#g^+7(MG>x!t4#!7Yv|Iuc>)dY#Q?$60sQ%OKqqL1HrBa
zdC71XWQ^Cvr1hC~=ianniOR~#>h3Dr(XWYT9t{S(4<5)INvp-G%P6}~qh6YC1$j)5
z=eaS*iRp19JWHb)veIIUXCc%NU52a`+g)Wnc+Ymcl702WZF7QDm1=Is!>Ck?V3~(3
zVx-P}D{k|?mXy?OJq}`U_&G9xR4mCX?zvnK&jxX!(%?O!o5PL45Af##zh-6KfN-lK
z2i4xwIn*jc+ATRa53ZT_84b6j!ev>})zwv8NW*|_Vr=Y=(e4rbRcgZf_unAXkJC|X
zxz**Qbj$h@~pMD`RUMk^|+)jsYUgy%_Tr3AXTIU}+Op)&z
zy{MZUsrS5(aZ79j$Q=QHs$9Ca0yZ}e87UrnwJ?t~z4{(Qj-jM0-~@Wp;oU?rn)cuhrDH_W^Zhh`xZ13#YY7Tk)X9Lvec;UbIZ
z%N_7JJCs3t3MD_rts7)_@2VIWU?Hl{HtSS$bnZP~_dDq{lpPPaSbEqLZ2%@W#IEak
zb>p_P5ODU=p*adAe&#rl0OR~`A4b#y|RK6=ou`X)bg__0wnO?h}>XJ;p&pb)X&
zFlzh5=V&tMCOXl~{!0Hy!^?*g_78P*bhevsV9%twPlb3GBDRYheB`{a+oogBx3IWQ
z>hv1CD&k0xh4sTJ4?4um%jvU^`)6^(fr#dVVMD5&+N2*=yg$|tp>Yn)R$p(#jb$wL
z(3ThOvM3ukC9rw<1q#Ky3f1oAy|(x1gHS_EH~RGL%>B8XDK4ZCbYm{2={BS{kON=e
zCD=M>8U1P=_RO&uOl)XK)wjslB;2Ni|1-ed9#9pL&m#Wu^TY#KZ+N<5b{|=JoEN{2
zvaz#k`}LkRXDe0F@~7Xz95a56_
zuTQJZ`}p{|tSI3-p2||EQQGu=)JeZB&X3zgupR}q&wm?kJbbW1<4`tAfR-Q>nVaTI
z7A3SR{qqGPy|54ib`~=`yM$%#*SmtpG=v;Pf!}cYOv;?*f4pmzYc$NBes$j1a?u#L
z#d`el)v>P<^p;#C7^(sID;Lr2DL1b$`_nvyC?Oljv*u;&k5q5CbEjdGPE!mG3Wob#
ziQUDgmc8d$74q8x{p?90U=ajCZ~J?DX&&?56b(LJfk12m4vN5WiK&7os^9r>mj(?7
z(Z?2o26o
z7S)CH>17+SVYnA1t*VkFlj!6H9luKk)xnjU{Dv}f`_G^%$+g^vWDzv@6&)S1?-Y{x
zBpQ~$yI2~8o#w<_FMPKHsl+!pVhxusj;5o$ej9N%?8oe%mbO!d)oz_0tP!Fm)GL1a
z`c-vosIL!?Z^vWty=L|>w(zmhfQ^JKW#Dv>$054?BUxUe(xH~+Jqh-h$itU+5}NT;
zmO4g0q(4D0|1_n*$$2|+4>p595u=@FhOLZ@%mjWb#bYnmU)a9{H><_GeE$B)cpdqE
z*!*=eI-{1l`g_-|r2Ccx*cV%VS7*q`gqRt%OlzBu5-H}_V7o(vE;&e$k}YxexI?Ox
zLc~|^V1%U%qDt8rPmq}{9v=
z$*)~H*{h`6=D&rEPr6UDH`rTQDbtJY7Jt!VH(Q}jyQXbGt{{G2SJEx$1)v%gRZ6qJ
zkA&3(2{J#o=3wK!=vR2i@F-@#-?~CIH5Q7s^5UOC-Aa~Pj$h@?pNE1gu<6(G-t5Iu
z`Si1z-ij8dIce|Wn5w(gnj-iUt=@$+?NG5kYlFSLJyudWd*86DwWODqSN1SEF^BwL
ztrN#955~Z_D%Xy>S#j*g`|tL>dOkizFow0Y4P^li5l$jXSF#p*Ycx}sHT$}ZcoI`qOuAe{i<;zmCDU7iGoBza2<`+uez{$6u+d6qM*^!VV}fKOmhzmzp0uI1*&
z>S{peqH6e)*kQ~(8DSny{SIqd+TY3wuv8TpWnW*)e>FLm)vb3u2Iu{0m%Qs@RuKIA
zP=cbLX=uoX1dne-)-0(>NlA6xHuw*U`Ch4Yz8xeIx2lUG8Y~beOzu=^$vq|A=@7gY
zAF{AFg>shMbaHp)0QOE!F&FfPFMce#j(sr>be+~Hcwk}kZh9+C1Kn6?L1xjl&OF4*
zn#aOb3)+T{zB~MyLAm9S364*C{37GyiCka2Fowhj)ARFXd)Wyfq|P?K
zy73ntZqT}|(dW$Z>f%VQlMYHT>>z9^Ni{WmWGl^M>iPv@0R)&QCBvp0V-+;q*J9D6
zGRt+?eRpHir0GThlCZ{PH+f+`uQ0XXEjsiKu7TAmve8-kLQ|)A!=Ul6B4pYOL6&$xfF|J$NPipuBp!P>AKc8e8yo`#0T97L;E{VT5xO0Y*YONNn1&5G+>LeshVK((x_
zEWmFw(B;nYB>#q@NF^ZyCkoBLNM$oxit<&@ato}Sa2O|w7{Am5kNU~z?_1P!ccy3O
z!YiKG)t`kN-Q8#e7!R_pQQ7Fz)jU}_xs2hp(idwQ^{1-^#=~bZN_IG`GI;Y5@%wyy
zd{A_=nhdQSpbdNB_6~e*^k2ghCFWpCGw)v5$INMuBXnoal
z9;24}o@?pzi|;;NEkFlTKLzPW>1g+Y))B%&zG8_;hWF6C~EK
zQcVC5wThnV6yCt3NWe4&e_(X)&NIVMxDc~Fiv!w+hjlo0hL4k0J8_U$Hhm7e=p30b
zTrRI319|3m)iFF?2e)gNCnAd3yLiY&s>OVbPoH|FLN4HhyDV^9?ZrP%kVQ^gPT9#=
zSoan3(xy4t44?fR38XIctpvxDL;KaRes%U6ohzFntTaF*y5?d|xQ}FH{ylveXBlDe
z)A#JmKXzG{X7k(j91mhns!w-4t5~lkNN0HWy&Cnk^~BkO(8Xeha_zF5ZW!ON?cKARJT_yv83BqtBD}QviQb
z?n|Ri@Cw?QqZ*6x(fNg>N(=Q=BJ!n+Ow1E7B70S${cAYsSwPRI#<~MAbPhm@&CswYRI0HNdsw@?zpqe#85?0?u$yW73gS
z-hJiEdZ_1i{Yxy7u>(rtCWs3u@5||b`h6l!ecaL^K#`;JVv&$*sz_|*+~j=c&!h9L
z1nptCRt+c1zs}lV{>yP;S>>v%ZN1zR@Xtdkfv7+#y=Q`8W8HJ?&ZUK~ZuR8)y5NV3JzY8vnnCpS6K6>IZgm++;1JDcLD5Q8Y7I$0i@?pb!{
z%hsPHv(^gt6s`Z$0z75ec3*4qceom?INqQVX>*uBg4W2rBrk|2Fy)4(zka8aziQg`
z5ue}uExmQJA5ne>l-)0|^8T@#l1Uo>0)+^M-&C?LbG}vfkm6cIOT&uqj4*HSX
zf9NnBz+mpOQwDd^e@yp}0F68N6o*1cyfnYSQYoG-reaL_aipG%&a}Co)BCd@-vP?bTIpNwdqs^$CYEL@K;;LOjI)3*zPZ
zk#@bf`|6v=bBo7m({(pEFJ=jZg0#IA!6^68h$Y=!v9lbEcnM3pJl>9%e2;Is!1F!W
zqMA)id$SB{&5KjUBS1y8kKT#HI~|Xoy^USe%6WNk!`u69SRWw2IXX`#jpCcU&2A#A_AeQbtYB$de5J3aM(&98$jLIR*Opn(DG
z%o*PC5CXUsS}&Fc#ah4`fyk?9k*iOW~%ild@)U>}y
zffFE$klcBIPxU441Wz_V;N@E`9)ak5EsMC_7;TS<`a7Fd-RX;3LGX4N%(kW)`dZkB
zg>luKQU7B%YbNdgx(ZaZ$OgBWpoP@b){+6Y2AJ34u#&`@Mz)I=AZ&bmj2i-@v>Eh&
zV|zyQV=?AbNrIx>Gf(uf0&}|-c06WwJigltdhLJSKOM+ZTe%a`CqET)fAV%IlukX%
zVaM*F(wI(6qAhgu{8K+TlFd9!_N-HcMf@2RUrWm@{ZkAO^%2teBA+?pM`F=Kcqjlk
zKj-DWYBP~h+mDk8(0zg;nmBY4&#rq5!S8d*i)c3DY6f^k-*R`26ysLg^thwn?Zva#
zHpX{`L+OV0e&TcQSbiJs1AG1hR{QvXHEo)vs=Udo(FLd;V0XRhBt_<3a2Ye6Yl+@l
z56Cdr-Cnk?NrXwQhlaZ;27XKb`<1{?1WBr-8Ufq5e)V9K_LAPpmArkNU&y!ia#pa)
z#0*34PM~ULLj#4re)Lu9skbnIRd7XPz}~Iw>@e%n&ei<#(G^(s03|>6ZhV)fl)I)T
z@7rpIih$}HL5+jjymoLs(fczPT0-+f%dE0cIy(_Ma3JMA?U59HEst?2qi%yW90gMQ
zYR-K{geb8=YXmJorfx}Xt-!kHTnH(mP=oc}y?fa{NX8bMG$JAbevM$fn!I)W8qhT|
z!_X}Dd45PvHs(pno{nlWQE4r6+t8`jEB?HU(LU>#UR0zY5Jinj6B47C8(Y~qU1E#t
zj`!?c+U+Y+A_=AT>7pj0Fyii6lh1KP0o2VFWh{-*3ubQs`B}Z!E!f+Os}t)6JxGvG
z(c7URjg|gIC?nM)-hBG8bp))eC_t5XXreekMsoUWLD9T-@@HTmn}2G>_4|gK99m7w
zEL7jIm3Jc~S7tv30~!Pk3+w7jK)~o21!r6D-bVnsCD8{cw^(G@k=O1~5%{TB10?{q
zSTE)E^(W)36ZgFu<^+=Y>;lF&;v3!TCILr(-{`mf?e^^6$=B6DwFwzz2ty!vP%>wG
zv~ieBWZGhA-TP;jo
z>7ud)UEfSi_2e%8-Q3jRj!6P)`|ZZ1?1JdMElE85-I?#>Gn>?Dlq6%P1
zZTAT$sfkkYxdSh;;`g6DOd_*0GihzZbcKe|H+^H6m~<;`qo=OS+$=c_8_AoOi(0;g
z41aw5k{b1U`E$fA|Xf$b!Aps$iYMJ6x
zL*KGmGGEjw&n;{f9WyW{nP_UexZEell9H8js-3iF!38dy#?OIAe?sQZiCkb_I9=|=
zOh)ofcQ3lfme|lU6^nO%nOm!?bHNmM{RNQr|tz(;7yXBJbvOC`EJc&I5UdW8I{xUG(vLyE(;x?i4C%SpAyF
zv^&MpZ;tNBpb8d|>gX@B#n0lcCQ+T&Phnr)T1xbbO@A77$+m+zH4B&M6*}
zV1#1dEVb5~3-PSQBIn0(ZUFv-<*-zXt4_ZJ(KMDgFS1*(FGU5DPsZ)Z*-E+Ii~dVIreCAI>f#=Pa=3W~&YvwK*t
zZu#fu-}Bx}o<>2GS5#yG;j^RcERY&%UkiJD|L|~bq|_7%kokA?@&YQCUfy$lvZtc0
zO}fEOlSzPcg^j96v+gDcD8PH%3el*`IcndXzxkif2wGieBP0XMDAuv$TBk)^@9PNv
z1@MS;1#q_a2Ab;XEO_Z=kOrYi1rR&I(D#wqh!d>X_qc^h_6&&32>`EE*=A#q4*2>l
zC%%exaD@zIl+=zxpLGQ^$_0cP-{)4bSnvI8v6K&(tK8vWmt7*9A6&W*v=f2Ja(8Oz
zX$aNDUn!ZUABP*`Im11VkMu@b|A%w*O-KN;>oNO=IEE4(mmv)(RbVv%H_z1NAf5DI
zA<&e=!Fl3N739`F|Fv)QnA5Q7n$qQIA`;hFKJX&!Uk9O9Rz`+s?@e>Qr=4^*ArttahYwe@6_dz!8C=YNteojEi^6}fCBpqkpV
zj84i;R|SxO(B<*GOw(r4{j@6oTTw=6%cpB42?k68#F)6fuC4D;4i4|5g|;U&c|3wb
zb*{aqz62O$V<6clyw-|5j%S0^__o5l&9sH~3V+)81xUSvqD2*M>P}@D7THdBH0`e`
zlxw;r9e1l&G6?F;lsCQl4TZNu7q^BC!@~4iJdRML0(-kOR8?sk>}_nqYMQ(m&aCkH
z@o*V*yXcv55CXM9eYkQ%wYy(yjt>oeu0=RF^OE#NJe*=~5cb$M>bi)c65(j*{`7`8
zg!!yZJ^*x#PM~^tw&XD3KYh8w+x=qKhc>^sI9?;q;ra8B8jd7y{tI}`#4n~>g0PiD
zp3r8Bge9RwL@A{Qwan90^+4LY++EVXi2LH
zhkR7bZK-{+mTl+NApE@JEpXwISt0!Gar|MW9(IUOdYYj_Jn(BwpQzL
zGN<`g`kc8z&69XwvZDpOT$jat5HS7Zb9&?I`Lq%QP1Te3#}}80<7Fx!n#%nl{e+xd
zwE6F`xPVE=J)45!)}PFd1MV`Qn4o|E{(T?Q*h<%}2Hy*>6`|etlk<}tmb_%M&NY8V
zM_DNPM@P{TItlkiW^4c}lU?5SYG6s)`M{{F*_tDdXr6VHMia}N@>*jDNfOBkQ!#`4
z>Hhw*`kq$xMw@FCP#5(=s|*4EiJq02WI
zbt7!~?m|7Z|Lr=$+QtUnWQ&{K(uWZloMw7vX=wAAIl9`TV^jZ;@UA8{!4n@I*wAin
zLGU_w(mb$g9iYo^La3WN4iL6+*=V)~dyxiugF)2emxt14ke%}0+^=r40sanv>AoFM
z32?`#4oplSNsf2$jLq{q&0q_iMqr!((#&GaQ_NMXU7~QGxQ5`aJ2PQusG+s^2R@O+
zQs0Eud0oWY04d;6h0Oka#Z`8?lWKhjXU!UqVQUlPD90`A_3)Z{xyN(f4~a)Ck+uX;
zQI?Mztd{%kAlz&gk11psk
zrX8GUH3j_=Ahw}F|DAt)_CR@6&}$ZFq=K#z8-=UE+Epj6{cCLw6h
zR?3RPie7?J%Chd^t7@G95JXwl$_0r~p2{N^&lAu-k4E~~0xE2K%F>%F9ZYF)m0O@?
zf$h22nf*_ZNHA$NUgeNr5?1keWURu*xI!nFTxom9Btn_1)Iy3fxz|ek#ft|hqRREt
zCd8wG*uwma)vY?|j<7su0kqJXP$Bdz5zU%R^3LMKpsNdKH>^~8TG>jd83u-i?$s*T
z@+D`k{aW5b78I{Qkrm4quAAG>q9fbN4?P3m{?G!bsHxF0P=S`ix+bLJaiWLPH+^x?
zY8dNAey3=1m=<2~aI*5-e%b=>%n9@4!n0xOoqfJX2^9-tX_yiY3dk+qxHg5nFsPBn
z51!u~vh{sLQEFCiSMe~b%I~@ZxtW~uCuUBTA0i(#^C@oO_LhUh6g7aWDEqDO(O*ui
zIpV0|&{`$EP74B})(5#JimYruTQnWCLtEM((S}3EPTbmMfBhPxDB{cEP!9j4)58QD
z8qjRva@zzjGWvh_W)xksuM6F~4oT{lRmE6JaZ`slcUdx8C5o}ritPk_T*e!HIOqqoFpUr*<%Jows;4LO=jR9t42Z<8YVk-ehB_Y$Z~W8D)5>O4$D}`@_Gh@yjHXlR
z!O?9%qKwpp|99YffDoHD@BNtcuQ%Hg6H(J09Dy>1D>A>ClMS#STokKw70oy8K!8d-8WkaFG%QWf5TCU9Ju-S
z<=2=bZkzqVgr1g@ZewH!rp+V>6GS5;O>G9`S&dXq5(#qiPj|#459txRmJ9imIFd`HPW!vctc_A4dUB4sE#%8L~x=X9!#OEvC1M3
z7T0=nbiZ&kBLPLAJdQga3PRJ6n^WD%>~&7qQfAppab&OvX2t}p<`+@dQx)TefQ+=D&>!pNYP`Z7xP78X~wofZazbWbLYI`
zvH&_WXV9Y}e#wP$1E_p@%ekb@?6C0q5K7Ls&_#5|Glek6y%*+IOyzH
z(RFbw35j+nSEi#*Yt@k>J)5qbb8cW%_#d8qhdXB_El8?;=gneGRpM&loHqtcU&Ozt
zV*e&$o8NjYj^Ny~F$Ks_oYY2^U6jmfdy$jlM~7O?gXeR9w)rgxxp6;)0#3MHbTFK5
z>x*k}GSA}r0=wWJru|IK8tsE%9b)jkTnt6n>a8Ft6}?tZOT2?Op*KfPH5-ihZANJ%K$3p0gW3n-+Cdi_ph|2BEwoboyn8tZl(
zAcixdSUAz9fm;JIM$UpQ|1LSDrJVBh#*+k1)4_;Ek45Y>Bodlgcz==JO2g^eX8nVz
z+E$pos>TpYx$JMy(Q{c8I=?LH2iH3}M(RD3-axprxoV?9YIp`Vc!+9fYE^na=^x=M~_K
zAdlq%7kZUpIK{W?JF80$=k_5%uQd~P<+7ld)vc-1wamjm_8sUAcbJG
zB$UWXvgO+}jYNHop{;27$&CD|V(LcV)w8I7A)Y~9_0(5GPd(r(`Cq)VeLWEl&a@&o
z5>nIo+B*ab&;NMUi~WnGF&seLOgA$(ddVFsrFg9BQN?q7fXR_8H|G2TgBp@y&A6Ej
zy0m}8H!8C949MHRe%V+rM4GEQ*eZ^I2|%9ugYrsQlX@#^Vg|x-;3BP_JKq<-fn^R+rJgGJwTOLlnmFoclIF
zro+Qbi+XWFG715^d%PoGG?Kg2K27HJoI18;KC%wV2(5F_4T$w+d?L;(g9N(m8FTy5
z(t2)3wZ~@v4gSOl%wdZ5&CkX4v;~&>o9m>K29#V5Zm-5NvIk!fGH7vC;ZUV5We1DD
zen*5Oiu373qj@LeaFP(f+Ws9MNW-j%
zWxQlN)&b4{a3~PnjuElE+B>@lbs5<>eCOjTkUA&aO7=-w<`dL!wh3jRb++3*3m@>PRn<~E{#-j9Ld^6FhE*~
z0*r^ac%t{0lYhYVvM3XyhzU%(z@3}TG^2;tZgQP$A9*!|7V`$R;O-&-b?rL@^cL`M
z269kQiz+B!rYPpRa=?rPjB0@5xNNlW?@&Q;G1f~;Q5++_1O
zL-RCfjVUt)qS5R%7^i|ZWyPJ*3s4*clFo>97uutL4DM8dI(@wQphMVBhvMY(joN~x
z0t(47y&4a!cmuw>Q%bc+nY1%VbU;`h0LpQCyZ~xu&^U1rdka&6R)(NmFjW!y*1U?=
zSw{fEWyV3nk)mk%-3cjM2Mm7);b3bUp1A&+j`1xt!73>*0M+h;1%omG39fj<8{27w
z<$;T}05%TSSaE$?a8bW6J~6!LoB=pt0JRY)u4uS{)qyt-w`x17&|!z(8E~|mVAf*+
zB-A$NjranR?Zn?p)msnxv&}m8J3B4rYYT`!%?&(v`rCRFwbMcouYC2b#CGbYI+PE;
zaCD0JY>zZ)(+(FWrT=00GT2@!j#a<&)N-@eIzx)2Ha0d?(c7U*!*yqi_JFeAhQS(o
zRZtFR?18`yo+IniC&ugo*1ner`6-cfTZPyyR?52P{frW{HGWsVEGoFV3(&i`2HmXM
zeq9%tXtXiaaJPAx{jG^}T!d;2ih?}K_V#eGTw7lM+|MA2>f%h4n~Do&%XdhKY<@lI=$HJs1b
zn*aVq5#WG%+&j4DBqukVYuOohv>LsgzfaE48kZiJtn}p|XSe1oX-f&kpQ)(e-goL>
zaaECOP=EHUHT+TEi#ZwQ){BKnpXjL@2;43G2~8o5f3Wm?QPmW5f-3a)b~P&UaAHS^
z4Lq*Zxov!hDV|TRALXNCps)e-YiHxE@m+p@?!;^?1&+lN{XeUBImPZmSi{hP$~gf@qJ1VQ3x{w;L^3MHa0e;;6m%8Wm3_fgY|X3
zZAm!F_aeJ{e%<;j+xK6gIY@b0SmTMt!I_+zFPA-#flvI!!sC1jq}8*m~CAaYQj)vM#a{y!~%le>1Pz72HX?Ch`eve8hkv*?F
zv3_14!lHRo1QYGR=)urtZhum**u3AxIQGsTL&Li-(&C_edIBgsiG9-@hP_Z#&!jkL
zab_Mn*bm<<(rQFlaze_N?AEQYR{tp=8{G)@8^B5kX3l3y^TvB}*o{e_&_|D&m?E^Z
zwHfg-#5~_!q#kwhtEY8PG|#Yl+>8kmdZt=YP7cGSPhD-TDhV2H@BSn5$ik0zr8yRD
z#NxVGzZ?22S_@rlwR7`)(4UkI0tw4lKIXty
zL=8TO#BU+UA337{(soZuJnp5cmPD-Eb8TuHM-L3_$*h+9oN4myi!n<+hD=0VEX^?z
zW$^C=q>s(gt9R5t1rz>x$d&KLeE-g}tW447W{>6Lt&PRcQnaBQi<8EPFOI(4l+`X?
zVOx3T(-~#ei?tI4{aSi_cN4tc4kCLy=?BkcVE)zBmi*I;(FD{74SOv1HH~^3Tru`e
zqii4%$wT(b(bj$ODC{YQ;SugDCR>Tdir&s>7lB#F-v?_R$l7*fj{c=0R}sVrZQeSP
zqx*qmlw7VFULMJwZB5kNU(kbD>(@|VES=*n69Ewf^lYj|;oKwB2m+W$$aUS29$p9V
z7MUi6OsWT*7AM05tg=
z4S?<8pj-p%zXjeZTo|88Rky}D$K=O^c*t@+uxL9btF+l
zn?cIhJ24Rs8x$!{4BbnX|MXezMs`b8;{iK}RFRXwFfUZnc$!bJg%oUFkYfeWJ})RN
zj600Q9``w2$<0XvoRZao{1)SM8qEH(gv1&`Km{J}Mxy*vDvz0Km8iIj>E+>Av8+j&
zC>I-=-!5{M`h8Yd1g9San>H#!o$oK5{gu1!EjQhu`wiYjXzWZyz*_`z|ZWoQ(?cHKugS801#X}ry&QXpWjMO0>Pxi9M5fshJ*P1vbzrT+^efY*h1U>
z`vMbPRWPAV6egk5hZKk}{%s_El7cz9yl1``gJW{uY-U20avrOyqYHlR=5+0H?V-a{
zW6?3r$LtEXg@5O9l+Mjv508W)`iBLBWIJnlxgS;63kI!K)YWeqeO;4n{G2rbqyrst
z`PqZky`!U~4@yrq-J4h&e1RDFr1x6UUY;rNL45_X-Y3+}D9l*-
zX0#vxiF$m@@POm7d6UEQ_JiR#vqe1WS!kWP(SBWzdVC06JF-L>zwmA1r8{^=bU&^t
zt~Gz91I2`R(A9Ft_n%IG&g5M*GTFd{_%Dvq1@Q7$PoA8{a9%#I8VBGr$8PR=?usle
z&o|c?Mwsye{V@Hb%!&7hn_Na;<<>U`JGZy|j!8hS6zTKi770u`!mPa0+QH(8`*z{j
zth}yD#w}C%fIg1iB#o`cGy9c_&c!nk)Jy{GcMIi?_c?1)tmWF3tu~k{R4pJ(j|c)NQ5Vx+9^WQN_49@tY>|*^KcgQRd#&>
zN?4{Duj;PJyK#mXMt{;p6>h43sU*~tXa(c}@L3WGX&%BmLe0x+Lcv=vw+XPmEwq1-
zXM~1gr&hb
zM4$m|1)U%AD82sDtW?zBm6{^7;3aDr>I1e6wC3p<88q|6mM{KIY26c7%*m@KhWRF_
zrk>x)>=61Ef&f+CR?01q%j!ke)svQpr=L`iB96+n
z11||YI@Ew?V)&>iUtmP)oeh);&z?P#K7$fyh0LTt)5WE%TtBz}&A_7$=nH_YX6Xj%
zi?B#??j&524yt#Uch5xUPCVDj?GJ%I1eo{90uMb
zcS*Q{q<}2#BHc(WEeHZicXu~P*Rq5ljUXc3AuR&ZNOwv|$aneuzjHX8J$v@v_r}cJ
znLE!jFN_w^=*oF7pe_38Kb=#ydQg~UkYFxNOZvy~qQ?=%SAz;y%JJu-!U)I?AakTX600%&JdSCMy44}caZ&)5MG0qK~?iiW$A0)P$E1O=S%
z`6z&r0X~uXfxygPCIB!4z>LWEfK~{+`KO69OIMllnts@^ajHw|8fT>P4A)Ed8ZJYt
zw|jPt6yCVIN6V{`Cye+pPonp4JWM1gr?|P^kVrLZy*?fQ#ZeTuO18(hN)n;Y0NVfv
z0&L~ChCxDne;n2L9Qgyie9|=Q|yEz!36+R8fiEp8@MA;&e
z)L8OI5wtx7jLU=H0TTXVOVyA1h&BwLF3|{cDyWZ@_yE*eV6trlxTeCX<8L9GPT*?c
zU3r8SDQDe2h&WY*sP2jTAuw-MKsb0uafrW3CwsGTX35kqTQ2fo(U@
z2c(%RGO`sE#K0__$QZ3fZ->MI_6KiyMzvX&hCQhGq)$JX!(^qpV?jwp*E^&uYNxii
z1Otf0Qo4uTcRY*?v~qwXs22a#NgzRcmWJq$0PT-E6;xX4rrlajvg4)90jBQ`gq1(}
z`!3o4W5>S#j)}@at~faP_%HMig|Rp9vM-YxBa_#qnlZ>s4BdWs=gbY7HE-DVz
z>1$sejnHSV;|I*QZfg7gad~+$Q!D{z8pPrnIkIxs_KbGAM7P=f5dtDi0NbRj#O~VK
ze~S-d-Zu&w+IGIlfQo#o-UdE=(znY1;u}N>5DoQJx}d?
z^ITyL4$b>vTefryV$*=BtKkSB;yCLYJz28TEIDs?!x(&F)(I!)t+zf_J!aMGC;&rQ
z_N!gIUKcDZ_zf77U8=svBy%7?j^;mQ9
zMB=uI^yMAJm1RB0Yd_&_?*hQ90FG&h*Zw!mHnUfMYLGV^6{c1moKdrTq3y5RKvr&S
zauO7E;GQT0z?gi%d)vOlA_V{k0VGKa!W30i31aERB7qrd-*W|#&Csug2q|eA@|L?m
zIFO}oHGF$#r;tc1Pp(Gr{TDr8u(1LOUulpZ#Q*yr_ggL^)m>Z&Zu((D)q^^xvb=Iyn?{T@xu^Y
zQ&8%w{burGS$dbT*Ev2V$D~`TeR}hbU%a|IOR#fsG`H#m;1T
z{YH*gfm2AMtV2Yk9Kiko&QQbc>_T&xv?25zn%@TgpgmOuJ4FCoimI@^Bvqq(EyXL*v7}s=Nqm3;8fZjm9%@tw>#qTn}sBt8-@FIZlTi*?SCmP=d
zL58jxEhV#GE7iit$sw$rz?&86er3dIzV-HYOYf^~_FDSF|O<&-GHp;qXqh7n+cM`UHu
z4mj%^#2IsQa^h`mZTYkuXna)KI_K$MT{X*sIot!^3GRvlfTo<1QWp@vg!J_Ods3_Z
zQUb&nf3gO%j`dRJvsju}*1q*!f5f%G>GF9va0=#7W-Nrx;A6X36gAT+M@Tfy9g8u|
z-ADtuhnB7ss5P)_!N0ku%57@W)H=#*J^AYgWOUXv-H
zwQ|PxV>dpMUDm;aWW6_*R5)@d^1B{SN3ZneT|O$1&=7Q5UW$!l8pQLy0}GXptI)HL
zgLo!F=$oS=DO)XXbWiPa2T$$B52|ZcstLd!8Uj(6r
z@j133yVWWfEfJo69w(d_GHTBMI~iJpe_e%jeRHCCcx>OpA|m{vI`1Rht4|oV)HxJV
zQp;rI|SH%gQeo3S156w^ZPZ0dGE#&gX*C--%=AV+ij7%aa
z85zQ6tgLKo{p*d@;kL=eiiD#z;+qot*gZ)O;*zpdqhn6VFnzT+X@@h7;MnX^nX20u
zi#kH02x&OHJy+HL@#m0DMMAW`yErcO1ImH?)^&dfnbq4wmA`cGp5eXCaa3k*yyEY*
z_6I+t%o?kzc+AYq7@3(@LI*THBqmFsG6aR$mb@`s08
z>!_*uCnb><6cm8lRo&sAys3{)%J+frqzq`()YK#-B#doLo{x^Ir71mTdHk43Ow6Zk
zc4uW}g%g>Xm>3uwj4{wlOiavS-08hxpsh`Ar&2`oOB!q}K@7IApP*=qdl`7(pRsl(
z{yOK^3E8xH?$_R&&TtO66hHsq`PeBJFDPpxZDL}AoSpP)t<%!hPFXtz{xPR{5#alc
zl%JqbC{R;MusJz9RIrf^j4h{}zo{{l?eW<9YUbZk>0~AQS97}jyTrYqtbGCA;+b!D?->CH!s(mkX
ztrp+B2x0g3F2*7lX5a*JyhbLNSN)CTQ9u?sGt=y;k+XG9py$o$6z1tS04RsU;VFJx
zTwE<{wA0hmU?F@WbsQa!IsL>OtzC5j{d26UMLL=emkf@$9la#@7&vVna?}RdoP;^D
z^E^+>hfA4dZXo^WLBW!P8j-TxTr^|fzvjq!-Sv>M%H}gYyk$Jn-z!zQ)V-$-i0=5!EQa2A>bnu8a}w&0t`z(hV}IjZuBwvIor^IpD#q~bkE%q
z9zLpGcDcGkym`;?_s$x}f9-)6d=P4AC3WKvPF$cV_vnMd(S{Zu$~6UtuD2w0K@2^_
zAkgc8{2=1T-lgrXm_ek~SWA3A%Y8q9EJ>hq3&-^
zO?Tx``E#0Q>Ffp^wq1j1M3S-qEpn*~Qv#~w_J!DJpZ(f=LJ3UBe3KtET1lh)9dRMw
zBH8=xQ(Oy&Oi_O@WTjplAOL9NUM4f5jW(1JE+0hVJ%!@Xb(hS@h)voI!i1wCju8-U#Y7}x_x+9!SG%SIfG?@7UI6w?qb}>cQ|mIajOLt60>^7`&Xny1kQA|
z*-Exg!(&W{021VC;}F>M0%C}frz!S+1jV_{zOlC(S?gj(5Okj=h%I4xF5z@xL6Wi|
zIy{qUVebYUMnSwB3WR7+R$qyJ;m3YTj%Za>F(__d
zZVV)(U1E2>tHPLx+X%ME8j0jxps4()L;@OqiSZP@DYC9_?62~MSB*McemRg6s@rV|
zPQ$Y6l8QVZl?6}S!5aYWXp1Sy^13riEx5
z&JIhmC%;}$^0S=Rk_2s;s7I^7R^_^AnEb)QThR4_W@#;pV;m;i6xly(#lF3pqYh;=XS(7)
z7DPg>Hllkv>eVHCx26K#ko`Jz~xx8(1aaiV1
z&Vl<-%(DW!Rq2Xa&yDq;lNC%<8g{C=Xx1izH0qHcFoOT2R2_^tmGwvJZ6d&~`cz@u
z^eLAI*C@nB3mk=GPhbNj4Sjpx=o+K_4SIh)_i_pYB`@oVt7Loc9SE#%xv_
zrAhFi!I_1gfj*WQXRAy)AEI7{he&dTyyBAn5zUySS(jU%r@JYqo&8NSD6mxdVj|Jr
zGHb2gfN8i%=c)eD&?g0F$_8G}8O#I|y<*a5wcCxO(^l8=#`=XxkDe*b6()y=+qTYK
z>&@}DU1~=3n?0NVDC%0MwHV^JmSnOLYXA&rpJ9GihOB9>i%UmNWo2Gji86Rz48*ZB
z+R{!b`cO(*OGJS^L*28Sj4sqRvo+;EdyA5Isldea*<$wGpd*rX(k|jPn8_}ClD$-F$Jab%2E+kDvI7a}hL4@I(B)a$k{pcE#1}9d7OrRdn-NGqG%sC6yagJby^8Or%y?MHRFXOpMvn!}QH
zpw0zw92{rq3rjaCjK)V@#zE^TD*XI3qjT?GXedHgpF!B)&yG!-?|SU;cgVB80p#R7
znko!DB2ag)8AWraseaQg+MBQ-Vw$}$=s}c}vJYm67sg8#CYg?)p2o`ss{o{r>G-c75ytZpliPe8@aM&L`!76{X(sK4
z;Wqg`Ns+zeAuC7SM8CW)uv4k@S
zI%M~}e_q&k(ss#QLFg>h7Dk$a!+hPafDlfKl80FC7XV$k*G6o{=N3cEUP#Jao)!J`
zDj%%Q6Z463L@O(%{<%Td@`bvb418xYT@+};_mwia!N6)Aw>Yz(gajN3LM$>?~^W8G{%oI
zF?(Ke)ga3iZiUq&jc<==nrhCO9><(?Ma9L)?qb-X-T<`QJb4yA4HMXJr=kmHVCMf_
z#?`>w4X(q;GR!xOUb^lJD8>9~|NPA)O~Qxt^N8lkYPViv+B#spH;{3_U-o(DU-1p(
zIjDN`JoinDDoy6RS47>Eg)`CjO)W;G$KB+pjPd&46p8&&m`qlGWoJZ`%aRp92CT}#
z=+5};b)FJE`%Wfe1kCn96sd6RkR$gL)85TEqW%)cjGj$KGfm`qMMktaq@7Y^MtRd6
zDC^5WX1D|iI4{wv7@re5eT?ov{yX=g6)|SDXPT+mU7j=q}ud}zuU7m67G8_{1wh=apqAjy)Et>Pj$VJb-`15gUJ
zDKkF}vnf7mWmvLtkj7sDw7UbB_qS0R<$g?oE;G?mY3P_`#}_@ZlAT#~!^ME_;M4Y>
z;<9n4b1EPz+8pqE4%(;QJ8$xD?iT+l)~LJD>qJd=1BMfG8fpvNvXK0Zf6a_d8%Z{J
z_k08>#a;!aVG&?ll>9!(myuScx$Dhp^Mz~?5in?*c=MY)lz!J=Xf9(J`~?1Z1G4_6
zw!G5yqMf>>HE)}8d6y1!pxR|bI!Ws*Hr-ZTq5><{@i^nCYK;2AyLwpv@3O?s30-^(
z=!2gs&tRWc)kN5qmRZ6+yn09h6*8K4)!y6$3oCg#M0YWZGhQyjGN}$7@5faPtj=9<3P<=)e^@flrp^rn~&AtsuAj+X`W?)DP9J@5wB+WrZBgxjS
z0G$cCXm0#nuv(1~k<_D$UT6>rF)`{xki-e*L`Zj868xuBLbxf62^u2(s8@Z2WZMyf
z$jlHyoe`rr*(qX@2
z?Y2h(8;Hs6IN+WBS8-pbWJ4{9M1PQRixUR{D{!%`DdfndDfH9luBV`GV*bH;*y;6C
zB=uI%A){NF9(hcLj2H-`yL5`aJFLGdZ-W5SXG@ThYceP*$^U)!K}2=HodSXpZbWU{
zFS)Y;3z1j*&fRbooB*AeiiGHB2Aa43N_nix1et=wUI$_r&dX%oqVR<_N*yYS@hPHc
zFqGthb#z7q78|RiykhB$ej*V~u=TCvWnmJkxC{b4d2e4)g)eQc{G`%~gzE`#OE^s-
zd3@`FJmAFw7$%$7~av
zio^2q7r5?dQPldw~sU
zh>>VXkz-6yV0>`*?}H;P2q$du6v4F$5uV~J)cv~;kN{TjZFnf_9k!W?I^`e3NbbMh
V)X!-<;579NbiF8R0EiDKrEz;86B?1!C9nvM;
z?>(O9{ocReqt5Ww^iJ^Jw~6AKkCd<>!lsF3~(P
zpNeEePq$pOVq#4H9&X99?fl+9K6R?@yYT)Y0)_cve;~JxK*N`bu>pfD<~QH<{(t`Y
zk9y(j+UXK^4u8VIxM7Vl2cDwFIm&+UnN~2Ib&+i;9y^yJV
z0B2Y6z2I>^f@R@!I#vI+&W_b#d6D6s@woqFwEEPf8w!
ztcM$!CS%G?1h1p_^}SGLy>4#1e`UH_$$7IRkHpfo-#>bL{9v<}7cTOHkQ&?#B`ZrZ
z54+Y1T|@Evn`8X;4{TUu-XXnbjLna1>
zc
ziiT%q*qgdkO(lb)PiBSv-rp?Iff0{V&uTt7+{QxC(9mo;2yY&`@H=eM$1Ac%C?{W>
z>ObLOvfZ67>~a%6{NdMj&@OW_x-kOR6zui;wU2C?Cw%{YO|yTOhgW2)iR5cuo|LPr
zNL*ap=6dCZc-HTRjeWzFfgBq@DV{rU^OD}VZd$ABttEqEEitrWA-XhXF+xlX$)=Ap
z)n@!z6A_4_;^KDdD?K}PnTMuR;?Kl#KPC9WQLReXT$$|oQP$Ri32dC4A;(pFc4x^F
zD4yTeC|iQc0Wt5~iAN_hi>+mct(+`LD3pxd-s*Ei-AJ)nqmF8(8XE`4MeZsi#{2j0
zXA5c*U4(&}`}0RuPVnCS`}+4{r|c>jC;C=)8;tJVWM!2SWMyT2)t^Q`BVcfOM&#n7
zk8Pu@viu=v#YbmZ*kxNs0uEURCIulLh3=V~2lek%ldAdaJ>BipT80Z!SS#(^5|HtZ^uRa7q2PF^e446dpY{`pyq
zjy4q6u9616)w6h4M{cWUBM^(Wf*iUv)bMPq%C+(}I2Kn|QBR*f?LRgt)`V|cTidCr
zdM|ixBxf9GVt@Zd(tD%`m|>e;t=dD24s@?X*TRIDlD&WY_#y7@o2kHgBP^
zAHxckWUP*kiSdKeeOS2o$U`Sj>dl)wa3~w|X#M_;*nR>}kKSGtmK2^$tJiJ;L={Jy
zF@(?b4?@+mo&JQ%i~FM`he|DVhu(6=n2ingy)OQ>WZUbGc=F;!V0?W1*S>wj*si^}+`2p1*?^g8wN)**6d01#9AS!m8C-dsSU7CX{i&0U
zo!x&#Zl~sWozQuGbGi}X;k;4Jw|uIetA!uf>=_*$oj*8c!KauY=<{}=D=94v=gpfp
zus-x#s}KKtN|}(#R1?qWQ($|V9eS_Bh5ZiY5>JOT$$ez>^yS0)0
zi*nTM@{xc4+QbXIy#$Z)wmiPX-cjPP3+L6j;^jtM1ldgVbI@xi{T^!UXGZ_GgBO#_mtLtxzrpScAl0P
zVMAQb%gN5nlsRx!&(Xv|z;wCndI+zg9o=uMjlkrK`
zZ)Db{)T~`)8gd{^P*8BDf?W9?tj6%Nq4CfGC8zwk%u-D8QZSGTp~mv~C^du*^e~F>?d8Hu#x7EuH_G#>*odLWRMd0sI5lE
z#^UQabedR2)zIS&RlLh8qUC`fD*&VdajyC?&hh3A24*BW-7;GKENu}V7o%*yK_61>
zjuR?4(dy{_d2E^psr&&BAgDdt%}dK`_PpsM{(ijDzV$boZl;>S{`xq~pZBmXx)Oxa
z!n#62t~v-O=C9m}l2ubv`%+Ru&dki*8|nJ??fw4OyhWOCh8EK$Q{Ml69Tm;CI#y1y
zz0e&q!*~7iM=^KNtUso`dJMO`&gv1y-Lj3{x@NN_@u){yoX_O@5}fx|^`CMxkGC-?
z<)|AT{+)N&>5*zYa%y1^5~AX&J-G)n%;&M+RhjlL>RA%-C2i=W{PZbVZ(m=5{f17N
z7AG4iLH6^)OHol#Lq(>lO~<5UWYaBFmQDA&g&C`HbJTD1mQj@6WRAQ15uHBNyzZv8
zM%Umaq%=E+JKc8+g<{IvA{Q<$Ee&-Hl1zE@^y%-9mG_&8yG?{7=NA?j#l*yB%*LvN
zSV&ls*=;jlAuyoC*-T`S?s6N=)t*$66`k#+r6qQ>FB%;l>~BJ_bLHxE#q&ZvfxmYX
zEoRh&m3hX@5&R(bh}{27!1XdyAiYf*DGm6_t5VDAFrZD3X8YKWPrli<>kemW?#1uWXJNaklF>
zY!<2VM@#F-qe#Bk>p3i+EV5C6rBT8qn4
zE3D&XyIUj<8NsSsD4Sjrp08iOeyAxKU2AJ^fAsDhZ?^jFZ&_Jk5fRvd%@=ai3BBs+
z4U2f9;8b7LZoz&wYyb#h>{~=S4*Biih+n_`29$CQnro|X+q0o|CZR^7qoc`9Pcym~
z9zz{#yQ`T){_fp7hqJ?ldAu+*+LIee<434{%6}H4IQDA0jfMb;qkJn0c67hS>ALAg
zziFHD)Z#Djs%yfV2-w|40b0Z|GBXI^dD7<~OEoy4V(2kYmUf6>^Z#-|p65I7eA8kG
z2!=hv+1Xh<@41?qcXD#Fa_C*kU~bA_b^%{Bi{HQiW*~fbXjmMrgH5OfopHCaSEwVN
z02T!Ffi?+p!u5UfdlSpenx}w~4*(wOKA9A%l?XwEcQM~>&>6F(7~?%6(ks@)j7*d)
zPL!kD2QxDU2#=2W@b&t2?7uJ{0eug&fH4)%
z8}wu9gEv4VTVA+{cY%_MDoH&n?DJ>3zaztiuK;{7R6hgk(b6I*yz}evrc*WBojc82
zv#kZjosIvA-)$D!aYuJ9|E3xynYRV*?17b2UA}9`-Pf0u;r`h
ze}Ubg$dp8jlY-W1@g|f;KxYq^RiV7?lLaK+)zjKonF^}FvqWT
z_R-_V*nhXT!x9pLkB*$!eY3MU`UeL?j~rEATcLP7@~Q)77D>ZxPN;b
zL4x2rf`@a+hsqWf7DI1gTgE|T>r@NQ2oREU03I(YLb-@&R^Humw2tuY;d$^N#3^U$
zz>}otc)ju(!fNqX(g(w89WG(oYk&X#ZIEQZ(%YJ8*6&Ws$bf11`d!o8d-v`k5D5wH
z4563h|qJ=$HFRU8``8A+~T
zDG?7S;^Yl4NZ)K`KMdT&73CpV;EKI%9vF(c{#*0fY@pcLi`Q!*_jS(Bd~U+UrG_kP-af=@Ge
zY3`~Y8g0Z9a=Ah)H~%cblU@%9nQ}LPZ$NR#VpiWbr6|B?egNhi+_$Y+lU
zutDp#xQ>#N2T-hl4P|!rNmB-20;1K6-T>y;TJzI(`TX
zLl!)xNNWkAK`O{$uR9JjiozTr#UQFm`;BP3J?nBU6Em~Nj*bG$%gd?c5@B6$1rxZh
zUq<+nux)8UO$G`gQN0jCBcyjP_7@bam=2uJ-F{H1tN#ADZJqOpdrm)m|`uj->#>1quKPbHnBjzsX=G1}vjb{7$C(3`jCqaVK1ECyncchIH~wBv6Y~XkI_~l+?Gh*+_TB{n`)^
zkAJ>q4!`5yRJEs;+}95_uB7!BDWSM*cT;vFX#a;iJQkfF1&ZN$`bVX}(;WK#vg7OT
zTvUY5;7W5(iqzJhPnHHyWdKFk_@R_xE0T+vWr^^2SC6#m6GT>z-S^lF(aD|~NZ|1g
zdP+0;>z4v-|Grb--Aog-DaV@hviDwhw>(`o;Z6Krw@aB?4bSKmZ^fd}9#d
z^XE6>6&F4(P>_?$F5u8@Sn)qmSNHw-Q+{c8Y)lLAAf6|84Ie)N&>Wb<9~=PKfYza`
zu71g{5xHCAN$(vG+|97Ya`Tw5rUrOPVyR|M?>0~)rk414Y79&*5J>3qcJcM3uQM+6
zaeV+9)Lre4C0pNkl9Q9Rjf8?3!jPK|lNN9@#4k8B1m
z=%u8j+#E6tm9f4=Qh5i|8}reUJInjBOrXOsg;C#_oTzp#a6R7pC@RH}Tp*u?vR#jV
z?yy;!fy8U0!B?J{2PLUpQBF>-$&i6r0w%1={NJU%jI>nwlXEB$EmiifUS-&7`-o#f
zwcLtxtEH1nLBj6(@d;Oh^ac!&0nj>WB_&+UmZ%~d;3`UY>((uRw2k3Y#~Zb}0UN)P
z9^YO2e8=J~9wJLUC%{Q-b0PWn>o7ox^e6Y(frs`jU6#rAI@bc_Ep`7Ed0Oy*_M@?D
zTB+(;)`QyiH$_Bf5)u;lZ5N4PxKG@~;Pjh6Zs#>c@?T<2>VawI@-;gfrK+mhR&F+!
z+YIXs;e9p?C~(Ps|iDzM9%{fHL?5=IaB^g(%;=m-rL9tV`nv
zYNG#xaa4B;cAcs*G(B=Bw$pgbx|QbUhJctD-Roja$|T#$@f4Pqp7hd#s#(8NLRd!D
z><&)P(D?a%OHIC4sNh*o?;ocrFH3KTB!KsT*bq`d8`XU6Ubdp0gV*d4rr(QdU-$Rvv*G$T+dxDt1<|
z!>>Yoi-6Mxo}i)K3lOJL+$MqF``B9H(ekn|Q0B3JM(C!!-EMu1
zUF7Vr+g)_oB(>}hsRxfNKP3L5nyu25sicZv3%5@t1Tx@LDcQs&l@S}BNTV7%89$d0b3CYjZsn&FI`8(I1
zKM0g7b-dJ8aQtI%8=d1Ea><&*e>Or%RA70(vwDBxwn#{k`bRXIj;biK+G3AGI6no)
z>#^2#+50hrD^cm+f4_bwzjD8MH>l2PtIq_6EB9miu-Bk!2*-rK#O5(*KX)laOnKry
z{5jvK+EyG|F_>A~KTffu!K-oC(a~uNtJf1uu;}lWNa=Z)^h8=W55RZ-3JzB-n#rNa
zF53(XPsXWLmYR&9`J;qF{p7PS$$5X`N2~J4u_({{J?X>2vL59xfi^C8mc+Y^sNcl_+S{x>fJ+
z^CuCK3)9dF3*P7uNooJ_Bb=5?BVX_5tQ1N7Sg1ORtX;$3&?-LC;i?~YY;3F{Eo;dh
zU%hHwx{Dy9+Mlb^Glp2<&tu7D7>XXF`}4#-a^t55^BW`9f3Z0uGh$~C7e2=f
z97rs`xl#2ddCZl{Dq3aVKk;+$)=-l3Eye{+c;fDoC|8ct7VB|9{Uh+X0307mACAqefS<|tSQXW6Y%i>;
zt%a*6J4Be<25I848ycrnniz+o9`*Y8zVbr%=g_6HsipO)F2=eM_w5VUZV^+6ub%#Zrr%hYnai;Zpd`;@-us>+eX6$hPY5NTUM(OC%fG?
zMHfV@wH?gNR?52ledzJHW90#Ugav$tdcih5yxBr2Y8^wCES`|bc
zt|-6^ysYD>7O43ljGPs
z&0?HK58)BCy}GCA(%0NCi}JhR(7#nPrcaa>R7MysozW-pCXrLUw-We_XdFo~kfx6z
zgt?N}EUuAd0hi8XcjHhPlF-R}rs>S9PL(`mYJV3TS^^)2_18OU1i5qWOKCAiK}LVS
zYv!mVgZm??Am7q4ZAA~RkG{{t87`+3vPJ(6g(haUS%Fs^aPdHqC{1&|e)Ukycnr{E
z9V~;dZ@Rlai-kI`mrIQtfDKR&oXwyBqtL86SQAc8tr=bU|0JEiaxaVcv9}TJ-k=x(wPv_|Th7T+^z$|2!W-q~<<{-|&bo%y>;NOP>krxsCctEQ4^&N3^3vYwaKs1kXpQJ3G=5;&#h1bhL6QLN#>$jO
zzL#WX;)AaRYGdo|ys8U`gW+yB@+~cEzr3lp@H%Y0vcT51i~&6e}W=Aa;(PHxozvgrz=48K>%nCp?M50
z80mt^LhyV+D{UiCwA2+C0vWT?&yIg?Eb(vY%;4>kC<)&ri}vsE0BIekc9N?)4+Ias
z^p7FwD29H@0m(Y+AJe=9C3imb%=IaH&L
zOP(>8%Em2V=0UxcqE;@^;4tJ|d0ykXT=rLN>?6fk55ob4?2nV6b}4WL@WU7r5upuj2+vR`k~
zwjcM|*|D{?vzq}N+*{n_z^W+?Sk(&_A1(|Oe8X-3dR?qh<5JG^<1K)W58d)fPcS;i
z-Cz@PGO~K}2aOy1ayjn|#=~SS0DOa91`MMY?*~-%0+&M@b}S$cC^@;nox`R|fjSfp
zmn94w8ynjP$qJ=JVSgCU$d>y$Q08h6J1zCVd{WQSFV@U>gHyqOO7&)&V9R-Bb+}O9
zU%7~r22?|@j`@a6)r{2I7c-m|_4nx*fg*&&wMiWF$pH$1YB6t9zh=h>dIJ
zt!Z;U?|@dXEZ!t2o&qepjWM)ocht(wO%#@m*A=P<(kU*0hnGbFMh#g`g=K4%695T|uhZ(I_Zry;j6{ZDWr<5Fvb+uJm4N%0}Hxb70TV(DiU0R)!FbsF;}9pRxBr=t*ziLteLjFD1Z?2!^w|1fQy-&2
znQwgUTLPu${nIS<=BPQC1=Ary>vfiH+f>w`K*_oQfy87aFrIJHIXCR|rosJkT-Bt}
zXdoRX#Us{}rA0+NOvvhunqy*O`&(dlXmF5^!SP5jD!|J@L6<=%r36WidjFokKY05M
z!F&^F04R#GSH0}dWd=k>M@RJwhk>7jfoFc_MM=<#ru~>T?mz8P2*i5u=(c`6zQ)YV
zP89LIXTUXJoV)49`>lAAz=AUu&lqiasmxVZVU^8E)5>wqwU5Ql`|C2JDx64`cMJp<
zH?LK;=ol&R3^$LGyiJD12?7R52_u><+6`^!zhC%kWmo2NI{Y$FpdOSG>pLRoSCpE0
zgRQ%V@;in8`)&_i+}%LiVAq`_-}tP=GqZn`5-J)ndGd!3P`$ksuogz|7ma~m@=g-OVilcxNY08xR~Vj
zu9VqnG{MZ|66o`$W<%lO;bodu3cL{|8cUGuzC$0)u7(;6dKSGJPgIu*5OtjBp$HIt=P#LBpVh_#SjlqNn|Jxl4C@
z0tdpSiM;a-Qo@p(fxCha0K7C!m!o;WE(NZ~K3A2EG{X2zIz$BkQ5I?5IdMCWT>NlX
zC*lFJ`mEylfvz*jC}9{H5ARf;!ZhPna#)jh|B@}ZIx_gC$$K{Et?nmMh&s?o$yCbM
zcAe5nWI{!c7QMUujmInAVNB>@bL8#W1jScPiC?yUba(rK!r3uTu<{46sr2m<6L6L^
z4F1?v761cAxSwjFW`6!kSNPNru3V6jIk};9aJg4{#+THfUOnH}*Ec`F^$}6(%cqP|
z4jB6+slcd*tp}Z+bb7om7b=xC!AvQWsn%e^Gn3>;OEBzYpA0%n8gC|`
zmSq9<+^rJL9R0qYSpincU`g!4;mavKY`m{NgYS&^l9GZ=8_KG`;#_Ju84?~&3>){q
z#qkUCsG-DhUr#1SU1;p!YVxGLD``#h9lV?4X7DDHtE(ZXqP@(-KrD9KtNz2zo43y(
za8NmZHL#iC4%xx080dWI&F19TUS>LY`^dqFEF$~4*vT4b!1G89R8UJtN`oLH>K0DuM+W1l^9+JHH$d!$;TC|lDq`D!PGILJ#t5x
zh(Y%9)?}(0g*$QnVumI2+QMWiC33Ay&_m2+teGhiO`M*ceHp9?Kk+0y(;B)JP6+-*
z3P;>RD%84NeIPgyBXpS|PV&UfeQ4r0+%Qz)KBsXqWRDuRDRB=NwhmiL6jpy!*T0}p
z{*2_}h(@x%AR*}WQbv#t|g6lhf;&oP03)n7lhrAJ@QN|XcKyb#k>rho9A(RG@Rx1;5kXg
zoIjkx_|`CS57_r7%h&e^UZbId}HS12>Uu&W#Yx%D(GU{w-Bo=%xSS6M7G^V*C12
z>u29AWbO~eSjGkV=vH8rx?9tdyKY_LsMwVp%Z>NrnmiG3u`0M$6X>;A_Q2cB^`Vk3
zLc|qIYZG^Bh44$IC7y^Y_TthCom-AQ{1c1gqZlEV`I8@~128NquYYrOv967<%c1i2
zaP>snF6~8Xyj}R&FzGtW!g2fp=bq)MFuB{-C6mavJ$)2)eiXPSl(M>o-hGPPlw2<$?NLKZ=*dtd-juM__u4V@2k7b8oO+)@Xf4+=1zyw
zUHek(isu)X*I=JXm@w!&cQpd8q~$|6Y6pTDkZ)unD@`_KTgW2Ft~xc&K5DshFfnL}
zT48myIzGzZxQ6X;(%k(^s7_rE#!FRMmbmAW#mB}qVRmEPG(wX;`?pRV?wzI#Z
z-A)|nUNB*1&_x*~R31cmGk0yiTRv88Q+X#iaHpC~Vp4rZs}-SRxz-$~>*{-3gc_3$
zjgtwF13pDt=l)&VAMw>9F7TaPt@n(OMKjEy`mBt+hO$y@ck-4=Ma(QtFG*!d-d^aG
z?4(){@+dOC-;
z)%n)Xiam05_Wq?=tz_g-mJo$K-{s8u{EDF3STrcB{~%Y8#(84BWxTe=dvW21v^?j99-zJQzGQ(u!m8
zU*(!aXAsu-=1u%{tlI2)DqMaZ{$CcBG$InEcGvQ%&dIC~9BTC7_MIy)2x~$VZd*L=
z?74d4F8>fl$t0dQ5hGJh7vF!zeSNCv#8!3Z4RZ;p$<*HN%zJkVtE9lEn<$hG1UV5N
zdwX`Vj5h-&vr)Rg+}{uhDOzc|3AR`5UaC?%Q#fJTH#;aDtjOPe!UrjmxDwEr)NVZ;
zatH4OlnW3qZT$F|fmJ_DQ%TCsmS2BjLM-RN;50in93TBz^4p-xmCjIiTskf3#`DuL
zGU{`}Pdy|(KLJO8g_U{^>N&u+_3{N;I7J)HL@MkUkkz=234SuWygr*ZR##BM-FMq2
z9Mat6J$Zh;3HzM$%ju6Vn9)e<2V#i@Ub*WXybFo$XN~|Th4+RG%eK3OlGJX!40_^b
zTqv+?2AE8X^P!>aA{vA7Lwpsj16E!cc29D(lpNQ*PpI9H*zM59)JOzCQb^~`&Cl0w
z?9YO%1#TG6JTninddXM7VfW`eN+(>!3Uw61-ZS?ZE`9BYPn|wdogCp$CB4d&U2;Kt>EAs971w$kp){pj1XC@
z2?8GIW@>Y!KmTuLmNgacTSWz>Cy^^3s3HE}zkmPmHe21Sf4154c1EAT@=8xGC{>L!
zKOvAa&=TTeSudd-CK}N*p^CwaBIXZ9KW@mJP&dDAJrXwgD?3El6Ox7PFxB{$XOPBoLNVy4$Udp-aNoQ+&}!}{uer$3O-wX~WX6gg
zWQ)|iH9H}Q6+F?^{haTN=jl=Hyng`!@t6i3G1ns=I4N*C5|za{yGnf?N`T^
zi%R|TZ0)q&rvy3&e#{5
z{DYxtXM2t0=K$gK`28slDG{&=0IWlJ^25NB`h{R>b`UFCO5TjJoJ@G0uD%k(_CU9P
zmrRjqGfCn15xs|x<4f4^pAG@3Au8)~afp;i6B8gXB3%?H;0abik%IU#C_mo|2dBCp
zy%ljv$GCC1qF?DN{Gr&|KX=5J>dNP0Ln6HRz2d06!1m
zG2aoxdaBbCF4OZLl}5t?@L_I-c#VRwNu&XcLSNqJU}&I_ZAxR4A*el-SaoC~`LwUw
z&{If_!<@X70nY_Qew6|h2%(jj58qo~2{t#O3v3Rg2t9UV@DaZ|Z6=R$a;nJQzxE*3
zAZboon&C)BicWOJXf(Zjxo0DDvtLBFIb9@XGbB`o4XL0Dc{KCWDWkgsPEW06-Hh&y
zj*U_8#`kE7`VR(0$_J)=4!aoI#?qm&&ks}Dqc()NZ-;l9H`xnoYR)gaEHOLr=jn@+
zjg73WMv)jye7Kznl%_hXm+m}%*XS-GK)+CNQvBCgAhm{jbh6zo<)T9^BmDM{eAD1H
z8bQ)MEn{OA(9>bHROwju^Rq$_F4XbbBO(m4f5H}Cq8`N(iVq5J!WCw
z2DZHFYi8c?vXH+J!q;Djm1j9{smXu)9~Z|$VC-z6?v>qSP=)6NiZ$;v6K7312gyq|
z?I#OWm*OjRx0d(ZpC8V^i9tJB1(npQoF3`8rK
zt~Y(2zzkO@t{BRdfk2>l>4Xy@NShFWE>$b*@9Dt`ZDrJcn+hU0Yzj#Q1$XDFAn%}6
zZi7QcM)ox)=ZaAGKkg>7>V`-~2@GMRwUH4`^PzmK=g*%nE-vCNc~Q!2il}F6AZ08QoJ3ac!=mApgttbMJFQNuw|IE+JG^_Oxmq1ja4m{Td_W$z9K&9Eh
z!YATY{2v2^NNvP=#uGM-d#tHRX|viAOa(?SM86@53Olml5l53VwWy26>o;jn*uL~F
zS)HHmvliVUQ?P&_jh=YpOR339&!@FVhRHKY_+|6H0zVj#~tUm6DM+F
z=9Zh?|BeX34@NuTgw(XZaUbUEaeIkog!mC`-9bV~8Ulp->kUOC4$_QsjTryo!ra+7
zOd2*WyhVg}()tY|x7Nz_s}{$;JGSn#2|QJij9CnTdQEB1Ajm`da9bb*{bRa)thV{Q
z>XiH>!mAb!@+Cd}yz7~VR0~~_+m0;BnR|=-Y6pJtI0x-=31fHtjkA}RUqgnNl$;z=
zu;^CI&omWCzcv@2(gSSiDkH&gDaa@*8FBFVHdwkNmBzQ93KvXX(VIbo9;}
zg+-h4O<0c|)G$iHgJl_iCXXX=?q%+r`tTWcGsX@TEf7zfn?D3RVesc)+*0@tbn{&O
zuhL;bc2kw;21NhfXfY;>xOzE^4#qBOum!xZ_~I1Oa=P
z_4{8{*C8Yd9!kg13cT9SZ(iY1gp}I>yZ5d
z85^Qz%YUKBrs@=d>!;uP;=dNFR_L=z20v-0c-(?do`nQLNRM;b_sSrg4Q63)oEiv5
zG_Q&^(^gOc5<#P{i^c!z&YGJ8h<@|_eF#38_Rp|DXlct8Js7+*;ZOWh%M2wpQ{x4cOQ?|_XhsQ52B1h(5laHI9OF=`o14ooG5
zU6VcC%)|t5X(!*Pofty0fD!eFzrO_0748c53WyJSbuV~n=179`<*~W(xd&26m~J?T
z`e=ZE2ip@c2}sR?x6%;8_b&|%3Zja6Ybc$RgappzOO0isQppZY3Fxa=aW*GjJ&QmR
zVrjfPR&Y4Mz2Pt?#??+k&=Ul?<*iw|bAG17%YU{UU=9H$g3bUBFlW)fPk4%7zIv5X
zQ=@Z~#-M3E4!C&wUl>RH+cJ2p5QcnhW>)aebf!eqK|2UG!eKt@nYdfnmQyvq{W>+`
z3*0D(ZV=c5N!Vet9(VTaW%K{bM(=0Pyra(b{R6M7|FA#nzfQq@mmRAB#~iczcBFThjY^0+sbhhb8~OS3_`QDRJB`M
zDRifJuuoRnt%XZUh|pd`Om*m<*|cqe?kTHI!px6PW_XK>%dgp>9uVDQV&zYrmk#Ey;*
zjE9Vgz`;ZEX8oL;ot=%IteoKztzXH3H3HSdR#3a&0ou^oQIX-C>jr7VrltoU{7o9h
zk2|^aOj}$|j!a_4l8D+{09$2~-qRdbpoTZVO6|+J?
zlIherxcN$-sMa|YUsS=;Kq$W8f1xQ;)sG0Pxi;j|7KE=2Me~Y^)MQbibYh8{WhSpR
zYTZNv0s>|Pr8uPjI#oNIY_$SH$amZ}2Ah~sMp-f@G4U$Bt;n9VygEDCOk&)I5pmp;
z*wP6P*7YBCA$&vr9(dOi8NjTTp)(~Vl=e6X@bjDvP=Be^H`w4qh=l+oLbcBe78$sg
z2znzC+gsyyqi+zt?gBvrhC9F%ms8}&jTJ~mvH_@t-$ESa{XO5o5w6n8QUq%xcC-@T3`6Zp=7&f>f
z0jR9)Eo3rR%RR^cGI70;5jR!*exWNtZkhOktO%F`&{Y)L
z>gDNq0b;)NjEs*prK;Yos7FRd))^G&ZA?_F%sL`^B?;?;B*AMh?57qxC}T}@V3->c
zS}((fs0vg^h%I1R+Q736hJFC=+HUZEGNp2L@?vIS+iHxu{VcW2Kb(CX+0$K7HgCl6
zQ&z4q`oa}+4iIZ>1O?A3R-PLhr$ZR&yZLwp8NdTbL%?YXe8ipZ{Ig3{M;zP0Jp~8=
zaQ2cH7I^xEb?!8_ZaWS7PD+onI!7?
z5;p%}eUoYO_gWXm2RUU|gxtC>Ff){2EFE-QNU%2$KkidI{)%&O0BnDb(
zlBewCY{+&6=!Jx#?j3}9E(mPO5t6X!f|ImlRyZuYeDnlZkH|!=yZZ$O7TN5sE=AC*
zpm_?S3QvwKn*+$8YJw7>QmdM5aK8)@1dJYXAw9-MKN{(!ACQ=ju?qpLnR9ENFP6Fi!?EX~ClrpNwVRPTUr65Q5ttr~z`o0~Q
za;G=^(PuBfa6&tx`#|2bKU<-*+Pj}?9TaoA5i>OwwUWPZhb37x>L_~HK_A;$k{H?Z
z^ZPQzg7w^I3a0rH>tJ-3EVdJ_0AxS2M@2*Fj3$C8CdygBuY#`#Nf)@f#%dJ1Xv@>r
ztBzSzr(RmRa_|?XfZND~glJzK^4rZ4De-;{t6Wn!xmPg83;}Yo|Aga9sOq-$-JBx=
zyV`M|TpbqBV^OI38CvAaF
z5Kx{Q0wdMC1w2;xjk<|4C{_Mn6jKP&`t-?my_TvYEvm3OzAw&O%*s^{D)BfUd_wnRe$j))&wW{|i(ClEN48n*%lU|B(f)bt@L8ToexxLbR1P+3<(%
zUq1f9yB=bM*zkD|DAX)8==eYe6M&5^cN>KSBOMg@5>(?(|5D2T2gDvY;1Mchjuexc0
z*T4rRxc3`^UOUfCgZ=}QnYp8?=|R)z{nT>^?gbxcuLWVjr>bI0s}z!#xTP}!|)dnKEQlXq3%IT
zXu}6e=sznmU@CBOpEGf`q7EZymL#w6A4CqWXmXG*9ZV(Pdqng^Tbt%@Y!Lb9_?fO-
zP)91>O_q~Mb?)9w{Nh{jYfWm?
zJIQJ*wvk_kx=e9G?b0(8oQ!P+-!|P>PdJRT4SAJc>p3gm`r?=12;mbmsf^ebO|wsZ
z#1iJ3W<-`-Et2KBZtmR9pFUi~V_Lm9aJ)Oi>}#}9%*S@Sdpmmh&KS};iZ8>p;7I`s}cQfnY@n7^370w{k%1-&M#`W
zXa+_A(!oVFf*SwzYuofY=*#ed?Ls!q=G*c@#dTXF_$&n&;dkgTIg3u?`yiPAd1BN=
zmIi7XXnz7H9JV_ZT~$ZRSwoffd5vF7Atwr-^fHk1;?S(Ct?ePO((__qT90$og{aNI
z4$*r~4i)h#*)F6dS(Or3ZRD$)Q?gZus!DUUuw
z$&{YiS*sMqJvxYw`0C`f!qkA~>cwEI<7`ML)&rMM>EVAm%*xCRY7+c!1r6C7-A(2&
z=>zX?RaNosV@CIqQd2M9i~af1j6Fwv)Kq^E5?~1ikk_?KEq8wM*#sAaVSBF)#b?CT6QejIs2uPQb5(3g8B3+6C
z3W$ITh=fRYqaxBEUD8sLl6Nf6@80{@{qLUVd!F;0kGam
z$Eg>i^SCp-yc%5;@{x&yj^%pW;l=LwLtm4)%r>OkG}gzs?meiU;BtSU;;bYCK}oGy
zh%htJb4k?flly#!%O?9m6nLprvPEay{%gWVRVn=7mOVZ`K5@dhAc@yz}_}cm)ek=>av^v;TU-b*l?~~weI_+_@?XDxh1|X4JXJS3>jf1L
zG@%l|+SXTS9Rpnv8|8DlH^M+}1E4vuJy9s|eHoe`srn4P93euamP>iD4POF6<-ts}
zX&TgKwpTBMlgGeS+_dh+-FmloZ{9Rr5x(|P9T9bg_#ZrJy}j9ZI2R)jtO(dZQ|U*A
zadwLt#aXksA3&nKUe8iG>I}gmWCyRfSNiptyM8k9Omgv{cEYTx6!V1gp`Pj-Jg6YS1KjRu
zdiwXx=r%K;wR^mZ-}vD)@w96JBHa_?!o{@D9tWQQk-hhM)ajNje6h9vom$3*zk|aS
zcq))MLMAZTU|whdMo$AQibV@45HB6QK?bLD=g!y4Kc$Vt8|L}?Jeh(dFR$JukdsV%
z^(y-3Pa}vrxDZu*j@K*ya_+C&0NGG>-DaGD(e8z?m9<41S?|4RaTF&l5l2{}EYcdr
zn)&%yA4;De>DPTg8D)0Hy5y(40lqHa?XyIo{X%u26u+U^q1;$KO^itD;qRGZHhzAh
z9@*oM<5%W4>N+xjJsQg-#|RrKa5GQr(;;(F%xV6!(B<#ub->QSVb$|m24bKBh@t^G
zfQJKo9APShcg*M35kP8eKsOGQT;AYr)pz7QG6(77uhS+1B|(<0s;Y`Y5w_ld+XJa?
zeSd+TK#C2Jl99F*R5Uc4hnhDvt8r#O8_%YA>5F4Mr
zEcAz^_??Xf)RL5Q3Z*{6Q+HM@Hrer6!hBpH|Al)t8@nBiy5efu(PtR`_t#IxVzNR9
z`;O&9H;Xp%#Fo&JtYZ^n(S2A~$QDkP8zchUvxxUJ7>W2O
z4JJ`P!w8mFX3RldTq;vT$q8Au$wW~^3vl9-dd4~}{M!sTJ
z2KZB!0`vLYb|i$OyY^{XC>k>A@K@mm|MSIuqDfWs#hF&E_UtTXWVKnjfJwA-PCo_2IjZ@5?H2+2dqhLI0IpgRa`~H0B
zJN(CN4#=j5$MP1pCLPka%3HwffknOg0EF*VE)y?Ke0t%L^
zB6v@&Si^8*NXcl!D&;=5y>7Iik~Bqr+mN4TzV=6XSScU8dW9(VdLVfZsngY#Ay`T+dCeA{*-@7_^CBt
zU_feb$_==^-4FMf^pAf3lu<>G)^L8OX`T7J^RaRcpGMtCsOaxn+g6U-7_lT&t}Z7B4;Kz4LF9$S08NkfD8?O`RLn(Kan@CH=HI
zjhCp&!nnAe*t}+?Z=G*DJkupAGA-;d%q`AocpCj3`Cf2u4%+jEt(bwRo#Z(D^w5&B{kpqCe3dKeuM@{GQAS`E=%<1Q`)|`TAAQ4dZiKuV{RVocCEe
z%R)!>Pe{<#qh-nf{moC1@HI3}096#;YvPUJd34#Q>Py!;+V*SFB9hWHqGgKuLJ8km
zxB7qEmx+kBI#*v<8g+lwl&Y@pOmBrQ~#JDHfUf
zU3L9gwKYYTwKQW7INm2}$#2Fn!EikL%3Ir7;e8CTWfrsx07*MBG{cl%}`3S3p44n+12}$jTE%
z+?qa_|onqd8b6gsJ5_i5Rmot3{-^N0Mt-md{1g{&ak
zs`t~JGcji(iz6UviN35*A86F5XEqWWshyRBr+$8&3ui8wDqT{I{}mp~BL&u{(CkC@
zYQC;HKttps(8^6aeyp@)tQ`~-^DI<*>wPUIq8gELZ$9{Hb*tcY{@%7aJlWNNF$ha^
z0o0Kg^#)opGs<}Q0kU7;{v6}v^DA+s=Fj*%bVKY0pC=6lvH+ZRXz0bKvl)``STLMm
zU)D^xOo-F)Z5&!_Iek?h?}3|Euf0gBuuZrE*&uX0Kt(d~dcac15+GCJ;+4GYbl$3~
zG=vO6las>A$)lHR{IV+Omyt8FaxxY{U99LB~Olk-;_17mcb~<$JYimA|!c`(nGe^-`|fyK{^XB^WjTr;2p36UIJ!MFjJs;
z-wce#tRcrqPGcERkVQg=HbUZsDhH%6Q$fe~p?I&7*uQ0F24e%>n-`#Wfl^jed#w7d
z1$3^TJXdtVZLuRK6@+4lPeSrthK+*SO$ED=&OUpQlX@+6b+o1?u|-vKT3XEDp#GVi
zx&-u6qq3~Y7@6ddf6=}&33MlD9uhBq^XDO!?RIm?lry;`
zedEDIEO%J6vHOv~!Ll|UOQ61$6-(w%)O{5M>qd&zau4vL_&wdogetLY#>_3w1p7$n
zZvu_Ri`(<+OLb_}ThidT*6$^^j)YW%DHV^{biWdn2skY18d)FxjH{xeLTq7D-ef6&dr|hx{;{`aCaM4+yKg1*M}#0VILR4^BPahsIV`
zSpy!m4+3wD;}w9uNpHxPC4w@Kh|V8&U9C+}Qhmt)~gVM_@of0HnH?{EjR(z#n+SWYolb*7`m5FlWFLMrl4c8QCgdZ@*b&O0;
zQAtul7=Ad@gpu1hmO$l|(tS?>nx9a*{O1Wbztxqg2gntap%NUg5U6YH!}sxEA{6x5
z^BCQ^&qe8lD?+B#$zq6jSy}FJ6vH-18Fa!me=U*RS
zNT5QXc99J1mi>e!T`TJ{Di0U1=QaI5Acd?P&#Pz8FvG3D&}~kHwud7mhFWluNecWo
zAek4Tjnn%G?*?E(q^eZ9rIjfg2c`tq+c{IZ{)X1<7lS`3wAG==69^`LGV>X&PtFi(
zmrJxgG<(`I>Li-jer&5t^2gO;o3Q&qDV0RsVKq0l(vY&72lcPM0L%SA5fesHZYTc+qMfL;R!4YDcPRudE4xr)t3vbk=4E*q@k;S!O1dFR8fpLvI|*
zo({uR4%4wGY3&;LXy2hyeb>K0NBoBW@Njqc5argx|P&<1Xhb
zEm$c(51(0cbx?gxI%m=&y%RfNV`lbwS@k%4A8=D(nUI*q&$*k%ee)7c#;4#!p)}Ja
zn&mn;6zZXSRam?OwVVHfG@v$n-?rf;0uKyIbP)Ghd>IPD{kUN|4RD6k$fNFQ|asYe>KM#QoA@jH}
z6$dID7tN3-y|$!z-`Tkwm6}R(vuBzCAeU6AKf#Lz&{+})U4;f~WgFyM-Fu@<*REf`
zeD!5)=Iaz?b|0`TKuJ(t8D0C`9bVvqJwZq9z4#*|=Hw&*iI!|^IRmyv+_DU043rF^
znVOrmLpuwGPC|an9N8Ou0nFq?MBRrQT7rq8VNn+(h49oSsk14JkIrGVo+TCQbX{0Pz39{eZ*oCTym;Um+e&|q@du$a&xt<_>A1(<`+gX^02`$
zj0V{_W`U_9CEGka;n~5TQ!nlgu)6Mu*_#zJ_K?&bl1=BJp!^~uV
z#Pw##_zy3P$enB{Mzw`6v|hgRy2t_c*w?
zypK$Q;qec>N>}_*y*UeBJcs4^MZ;~Huca?H)wB1dRXx<5_~LB$wM080Gcp|KX2x7l
zxB8pUKUeb~Og$M?nFYp1_#V$5A(Z`gnSoR{O!jIE-s(c@9nhJ4eMw3wcQz*wfO^u7
z!a51y&EK!uO98N3vlsvbSlgP#PXWn9dJJ^{sAv{{HsS-WLVc?Zyx)X(1yy@70HNlS
zeCWQ{3Yb!D0N=($(X)1>opL~Kp;g>-R=u9kQ|@YgCpq}FOwof$XR#fX_XQ6vkg;tQ
z0(r9AxO(HM%mH?#iywd?E=g8de*?^~OH1H+a1uAYStd1Y960#kdb5!6e{%uecNGs=
z>IdLyTCDny3{&*Tl1F*SX+I)o2}9jyL-cSkOAs3eZpz5GxC_0>LheHornQ`!0H4C3
z;REIk+i(!S73e2n;|Tt~4=XM)Ik`jp){?oQj?N?4H~?hFg*{!f7|eQLws}f2p=5O`
zItvwmhRQ)sK>?KbgwfK$U%iQt)!}qUWiOSMH
zWnm2nuKu?bx49xdXONfqKxYl{g-pKh|G5YlMnG?@rN4tUcH{_JZP=MJE$m*w(^KnJ
ztA$m#P7`Nnb~eUa(R_#K2zD#0ZahZ7IU6f;0K6O(EbD>`TpzxOr3c+V_xxmH6>UTgx>Xc-Gmxr7cc-rFpyh?{&f?ADkz=!`kN&duiTvs>xAcnPH=n8vamJ8u
z%_%}+WR$$u#mb>s%z?l}6M}K_{gKO4l6Q-*@2~Sq3x)D5VOTb>(qA&P7eT5+vS+ZQ
zn9jCvg$M`cz1}wr77z)U7(Y5+eVmis*--z4{c>Dnd=j<|H(SS(0{ypWD7^5jAh$-C
zdC!uPK-v#EY$LT_|mwtN1n_9jF@5zea#ka*A2UI#eCY3!cq9yq%zx}oPY`iJ3BURh9
zT2<-_0t?8GHU!r8viQ6miP)OUk>46n3TKtbbG`kNX?31*&
zXZ}~o$&5`tf#2Q2eyLXE;QVNDyP61q#pbO?)N4^ESFEogI#=lT%DH6LKn?;_f(LDPKp~l_d5VVc+k?Zwzf`rO$W8ryggp;@FvoN
z26I4m=tpA~{R{#8Osxcd6P;~vG8gsq@U-)ieE6(rL_>A_^xOE3O}SNz7xP#-p(rwK
zlj-whcI<3u;`|=3)LIsb%z%9hb}Uo~)G-pYP?^YtiZwh(N6b-c?Pg@Z+bkYw*7v1O
z&?2Okd~VJWL(<_@0pJQ!gOgigZ#GT!6P(<0nI66Ga6oM+0aoAa3!J?PL3yp9%MW@|
zRHZh5L)#0e_7@2Oe+A*aBI`QZ9ExV=vpxuLR%14VvM)*7NbPk7F
z@|%*9615Svy5iFwg<}$L@GU^Dz2$*cG3_aY55l#ee3y@ydkS$4x;0+j)@R=adp|-51Z3U!^yIC_YjzUkNDZWb3J*4e
z_5oA_VBB*0XZmI^h__3eMg-K;CCH#BAbVX2$_d!)o~z!?6cE~rf!Vm4X1v`Pv+!lq
zUvpX8@8j|=5v8qWlZ1*;!{@!zr!8NEglW@^pAbJjOjUg+50pOC49w~b&TQ~VGH@Dy
ze+e3%S;9eg?z~hW|Deq+glJdV+Q2)AmMQ3v<=nX5d~@LZckLQ@^%JY)>E^dV28)3L
zM{3ARak@%TC~%(uqh=}g$B^|dC`Iw|^8P($N%~sivuz#WK?Hrel@r>yjul35H$@m2XHatBS!SHQfE*MP5&199{=~@kaxP2mM_5&Pj
z>B;#sG?%=ixO<0_M1koCX4BrPe~|ti%q_$o8H&%>3c=7cI@>}E2WhnXG<63U~30^g=&f2XF#cz|N&^kuVj5MB=w>IKNp+hask46x5
z0cHd@*?I)0dMdLgp6mj(6Z*RM>Z=m|dD*Pit>{S$(~hJh0LA(uwaMZlaYzlFNX-Jv
zEK-u6KgWhN1$D9;pdDf+hX3*HIld!Nb@BxAO?4>Gy-MDagHekv~a8-kXQ~e(w
z-JrlMUPKjoc?%2M!Gc$=Y=86Rr;1UKuLd?t%6JL<1rg~HwxaCm?mVnCe{mSjH2_>z
zM#9#rbcdPb4j2Id16;$EBWF%{$nLU+3g5LA>E~>}$e@~#QED)6ph3aNIC)TcLP&za
zk$oC=`ehMZ0w-mQ^YS7yjkVO&JX8lESF0)O@C1&+$J13)by*iNnd1-K4aGXeb|
z5PGY1h`gh>hfiKwWk
zlX8fTP^7WKkj`%+>~GLnK;IS8VGzB6_b|}k=G}?`@Pper$4M%~Lc@gn0$526a?yfbP-m=7AG6h@`gk!m_<^b_1)-8;+KWF2G0So
zNWaydbjsUrwxt4b0k70K^$iW@ftQt6RMY|J9k^UJCw#!c1OgIBlfcI#r?iwDh5>G3
z;bL-K^S#g82k0#ADzo94cyXI;B?#rjT~yFk=HcO~+1q&yoHRfRW)gx=5Sv)U7d8`=
zqyi~7%R1wX-McJ9{9RF*;MtjLqi5xDZvRrDJe@^uE3M`S{yR8Xa`eSh6Zs{!{|bj%0CA@kh}vba56$AX#TtG
zJz#vm$VqNY+278P_AMPSs;a8?r~}+vQ|{XSK_I|<#M2Z4)gx@B%2#zrqZ)WwqWoDhxZO
zxA$PJ6mN`2qIxgB=))3_91g>B1NSOrfKwno9WanpBi&0wh;y=69K1Jn)brz~R@bZU
zMS;ER>sm0jGrLAwiUC!jrLZ=~
zbV(eLUf=~mVNx5w_A)hf`MD8P?SR38l?@b1v08qxN&N>UnwlpV6fBIVR$oI_1x@wd
z(C2&Iq2|Tj%G}i}oBJx<2Q>hoZRb2)Pg;z(wX>7r@OLbK)rg~&E*nT2;!$}q3f=!s
zd@*C?cLR`-W(zB)<2%$|O*i+PnPUeVKtX;kvt
zld%qiFzkcLHMV$NUEM=W8pDAdK!<$$k=
z?gRD{gQ=&qI^?O~{Jk}5mkGw{S#V?n_;)e57$iP_9tJ=Ocz_h!(cl2ZJh$C@Vz>CT
zl+b^Ij>d4UsG7=lgHa9)lh0`me3e`!s*|lZejZR)aHVvCQ2;FK#$h)C+&pR2Y1mPA7$iR{?oPQQKouSlSTYNw@%+!ctyT%znn5VITW-BTCD3z
zx1Gi4GE=LM??OIFuV@Ou@%RcGY}?dMsbfylvcRmfg2*YL^c66=*(45}qNBKn?~4=O
z$RaE!Il-xbYf0e9_53*{I4l#vB7)){HqFgH+=c)!OsAd|2cJ5ny#G7yks?(63?k>i
zyvN#Y8D9;5vufP+k@gz3
zc;WgD8>63dM;`K*o-g#h2+BDnN?E={NeS=h?YnnKj%qH|0MP{yt-qOpfN{7dC~YkD
z1#yP>f6U43q2SU)RaF|4@k*+-93Rn9Xl=Zx1o8;n04cbS3BaQ@+8DT=1vk5UF`eX#
z=UZ@Pld)L0DdE`6>)C7-9Q0gd(5!r6UK5k>&DCoAx!dpSqX!kIbtco%C8U5;YC%m4
z`QhPx2>|EW$?+Q%6Rc<|<0{vcK1!;|*FTjQE67`}gX1%()L>%|AcsjNb^5OVg~!7e
zr+A;`;wg`@%8l3euro}0zTbY+lP2D?ph!5`Uf&GJP1X1kY+L{iCOk`xqZ8j(Wl{C@
ztsW<9|MB4jGMsUm>R_pV>?{wJYAMrq4ZUBfDm#22fSqt30eMHp_-gOdABq7$6T)cP
ztUTB|{%z%^&OI!BMWLlvIZI)MY+Z*}pF|0tAzbUk?ek?}ouJd#;fGBV)gFI)5M5+U
zdkdG+em(ExigOvf2(O>49}0deVO5={O3kShcmH^g2P%<~+=YSu{==TYNrSvbpgJMV
zHBl!jXg6f_*@M1Vaw0P8+C+_N5d%fPMP*vD(s1{Qbt-mx69l
zuWOUhVrhi~AAG%qADlk~?y+1(ccDK(`Yt0&z}N(NgAn2T(8~VnL}hlPN*4w=kHt`I
zX=eCrW4dvA-J@!+Z2#Qikhf6_jqwJW-N9d9aeLCp{AqvUn0}H)E9c8?x~yHdA!R~g
z&8h%p<}L{1lD9LNfRW1bXiYU3>;r#V6*p!`dHcP4B?||b2^Lx3sc8MxZT-n-ups
z394?lUkw#9Vi7z!>+cACBE+Js2`u<(D39SD0CI(W%yj>vC=H>2f2g11e?U1DUYatz
zFsVS!HnAcMA4%VM@zu8F+Y4TdiCRH=7pjGJY70+Q#p-3ou}#clCV|Weum&I%2Pt3`
z2@13dA>3SA9dHJboi?}v9mHvssI^-K11mMs1iUF-NJ|pPp5k^12+X>#*y$|hUl{2G
zAZ|d3Y?Cj{sV{Kz2Z1;m6w!-=K%IU?luF3?BoIam-mWXdBWSbCpp_p6@HV49=
zR_?&x?mRaoOjfcBV;`2q-zPje8x%FYM;At%YeJaJlm2;VCjYo~`%FBL>vH*&a|?60
zA{y%!c-N*>dZbDFK8VoB$^<(bc>WT;u7e++r*Q^fq*w&KJm+XW{qsu7TL3T~@PCg&
zo=fk+HM<|bw^EG2F0MR!)9@QKO9lp>0*Jb4>#_L#a>JNK?ts^!8gyfK@UeRLW89(m
z3`lzg-`Y~ihH@I=Rj*xNPx3<<)p%ZkCUUSA73iY2F5U%`5}(!lTxh>QlkGev0I73y
z;p9Wr2*!AZ^-}rtJ$8po8Go^J56ec3n~;Y?{o4!zZ@RU8;$&sQ8V4y)e(n074_2X>k$Spm5L+A&_e^H8!+1`~t}6My~CF
z$Ego!GY&o6zXlr^Bu^I;Ekwd8hgk1pYqP2^wdcB8>NGn*V65QcB5oSaRB!sjP#H$t
zUJze@mFD=&{c`zUpttwCs%6W6oGB~Mi)#bkEQlFbT{9w%Y|n$M4bLfVy<$g+*_e=Y@mKmhlTwZQ>Py+EGI*4J)Oj
zq)=lceQ`SKm~s!y%A31NcCNE0akP1i#J}eX_8S_f@Kl`hdaV-8IiD)i6C@!-+jkCJ
zg$6O;gu}|uA7{~sU&aAanrfuUJ(9+6XKOoidN93|%X8h7sTV#}Q@HD@#rkvx0wKbr
z)k}w23K_^{V{tqvU#rT!~a0o`Vb8?hNY!Go)|w(j6+V?xK;%hL1Rt$
zrpuu9=x)Q)*r10E7z%S&5PY&9IotwxyO_*Pz}d=ka_l&x=2W1kOkKM*QfJrP6GVB@
zA>9a&uHTu-ez6S0l{FX$^Qg@mV4XNTGPbMicoC&s-eaTh*vhj{TbLA9i*%A?@m_rqU?R#NV8ko
zFlx;`-!;%DOj3t-QegT=pUsSTRRJ#$-YO3iKw)9n-&2LL#L_f?pS2w=`yvvv=}n%c
zw3q;Ku`Hv{>8;V4dmn##P&K~lvTO@!D$G9rWy-Mn3QZ#w8=VY{qE6UZPLK8=^>
z%O{RWL(&;@TyImu5zWZT-4&Q)P7gDML@*;tFTuk5l+fimdl1|hX_!ekL9koc`QfPu
zivfc4ztw|{9LPr6++#r&z}A1Kiw|A3uSuI;HlWP`S{iZ_U8O+OK$t~Cj<;ab0NUH8
z+XO)I$O(AGBWzG#Am{S%yntLt0!p@!3T&{cljn3APrb#Nw7rz9`p&EYIV=t#^1v>J
z1}hsB=*-x7dAk;N;GhsdC}6*WiW#sP6bi0|G#zUL%;jr%x2Uuq!m6kI_KEPU%oEf6
zr=EbP1mmdBA+9uE%uUS)?0<+vn;yrT1Glu1dcojUT1J{Jgak
zm*c&?g^h#tlJp;^j#2ofI&#t~fKSTu7&jocFQfqO1}CYc1y4AOVWAXbX=b+qs!iho
z87}Uy1GSJaxL#nPzI8F+T31o&0A{Uu`w+oambqCP23^T@-V_!N#C+AQyIQ+8Kz}xK
zPlLi77I50@_*Tk0GnWL-?xt-oa(Qo&YV=XaV@?19ib6qZ;{JEfsx=$~rI{()E!Uy(
z6wVQ$0<6>S69*?}jq{p_*Q!3M2~L+e>;%{X`VPAJzm#0Y(`5WBTroM?G#gdX7|fjN
zu^JaUtXBqEkfsUDOO~DWtInpBF~>N#Q_<08nbWuKdysM_yqn4nOKeI>OY5RO_!;c>
zL~|cb2F8X%RzO(|Dc?n4_PLo14pIPCxcSGUTK3)Rx^Pkpyt>$qi_o1bSsTT#Y8jqi
zt{#_<7`S`fP!s;>DT~jk!)5b%<6$}!icC)heN(^RaF$@4&r_N4&H+XY@N3bxy|4tv
zR>KfpX^lpfHnZ69DPKaMdlH(p8P5MiICxmN#BTs_1mH$sm
zcB!hLLSx#iCG03PX%zZ!x&2sJQnn;IM2!9nBUsLxqS1`Tr+Y5p`OxgoYCq|#*Ub@r
zU7HPH@hIdR#W&-fi6ALK6lRdh`EUqmLC=K#hDou$w~XR69GEdh7`3Z+DhB%xbg9Fl
zZyg@@Y$`eXSP~IC5eLO=7ERyW(0f$Lb$TwP8@Kp|Sv^C!T`i3Cyp_WNoP#t~#tumd{b67
zm@7<*xjUclOH4r)``%!N>3kdYEa>1}@2t4zz^+WV*4JyBsB%9eXHfqOSDA*|#u
zVSa8YEjT=v^qd7yqJNn0CuqFH(qAWs{PWki=>4g>%bB0|wDW8=C{ba=l
zC?AkfL5T45n{q0yU)-9wqW3<;iU!6X1Z1pYVpK5uXHA5B2fz>>pk(N>AsU^||KWS=
zxKqrjo%*4lQ!rg7bTFkkBMUKkBrtYH^w$06mmofQSm3(1$1(TL#;byz2|MEOCNgq>
z?Kl9*9pDVmY6q=Zv(SNL5cKAnErp=DhheYA11F6GmVv7B#GSaq-SOb)}9Y|r@XUCg6U8H#196I1UF{595
zXk?~$F+QU<&es)Z*b^OKD-?gKME=3Ct@n2$2gKEv($d(j0t_KJ7LzR`h9~~|;sTO1
zYD`R=h{&R!7wDad0HT*Yrd$dB-zjagCR_HymdB5UZc||myt;x>es33|Nsy_fqN%M1
zNa9{M3`Sa<6cX$(UXB!Q#pHbmUFa@=t}dWbCET-{o+dWLlJ`Ai?_;64OpSwF;I_v3
z1g)W_`iz%&+ZR;PW+2T7
zg-j{^q=%h74ln(~Zknh@YWbcTI$X@gEadh;=3xV4!Tvy(+7@>{j!!{F0H;7Ll{J;~TRU
z=BxVbp2}tqk964{Je+Pba-iI3OsK$wMAG6zQ4#D7it_T9$$WQOf{{=Kb_WDcLN~ot
zBa0(F^2HyUuvn9!Q9(yvwA1U2V+K+-2^e%!>P`F@qOEj{WSme9hgoFat5`XlafMFp
zN_MN;gOB?XNiKFStnJymY$yC|Rd}2zk*w&1&l30;&3e<`p4%w79jeVJz?i`j4^&Tc
zPpHkC=v?a_<#8Je+zJu=aeIDtyWui(_J_X$A6y-q1*fGF&aXezfr0_b|Pqh(Kgjwr{_hR!8pm)?ViIo^E;SL3HT;hm<`oS7sH_f;5DX_qou}
zQxGf|;dGi4eB{3=C(!uh?R4OyN5b7cHY$8?-L10}{(Q-lD`-wQZ(Pf}B@}ekpQeK-
z_tq|wQ#0qF%hJNz!dR`8u^WySD1p&GETA4kpsEwF$aD5*01iU5)Y~&0z4!5YoAu7D
zqdE=4ZT5^!Y8P_j~GeagR(8?;So{#r(U*-iS7
z`(J+c`)8O~*=bvHAB^6-4<5K;nw(4iU8M8J)Aq_!JF}Njl=DI-8u_DBG+?I=0$Zv3dy%F*8|=Ycbx}N
z1Rr*qg()h{{q<$rTE@Z>cEpQ&hEykK(X?a!qvcX@d7ycFCYRAnJ?sc8Rr%YYgtLVt
zS!Q}cXGQQJ9)o5=+b!(buPU>txpvC#VQuv$@#s=!>b
zy*Pe*XUAI#dgGZO%!(u=$^Q2XjS5lrsM?@Pd{Lrqqm$eL3160y_p2B)jY|pb#joif
z)oFeBw1&3S8mYY|#DiCQX!&KXokm7G*8OoP*(FYSTV+z#*2kobgy=AwS=Vr0`3OX1
zv|Hme)a~=vVVcrbk9F*#BV8I9BVR}Hlw3l$(nloS4a<6ZIEi_^gE$u5oGU7EW>(+J
zf-g@c*dfKsAs=xQxx|O(;sW!_ybUkO-hTLNPD;iau8duGbcjb;tV&olEPvO~v4r`Y
zuI{Ywz~}Ea_eYJGjyLv4eXw5Tm3y?s`eHzQV>y;b6Oeg~_ddZYjJVUrzp*adeNC(B
zK@P#@NBS@hy?jw%O+u!WK;CCACd7mN*hbzefCIk~q&={iI62&J7bL#3wM@s!u4+=U
z_Sc6mAcS1^-=dBu*TI0S0*@TSX)(4f>-SfhjxYj-XPxTQo0c1C(=$t(>FupHA%WMi
zwv(N&k!a<7Xs2>ymL%t;SnZF^@|;
zjnPeokCEl0yqSa6w{$0K#v{RR8RNPu@pn~0nTGa?r}CtA38)Ru#ElZqiNcBOTW|%5
z+qCS^%#yMH-C~tuR9+^stH4l8oQ}2rEVGR5o%I~2rv8w1^!f7ViZiC{mbLBX9`-LP
z@$vzbr+NS6ZDe+F|
z9fW;+JZB0cko$~ug%}wDyI`sWJGqjDAIc<{Rmn5eXgRT_+q$4V=D6XB^CW(Hl^fA$
z!Y#}5Z;!qNiIBq@kdIJ;cTI}X_d_*k<0wNhECPGBlF7VjQ?7^<*xIQ)G0mm<3QxBa
zu~R<0+Bzup3kaydsB|(8BQ8`Z`wVX{@$5^A6t4~|EpyTI{kHX2oOQeL7dY%(2pHl=
zzGq64-qDMg<02sfvs`cYk9B0hawc4!MglslFiYRc!3sd3jEx_y9&rZTcE>Ha*w{W=
z0Oi;(QJpO7y!Xl_&Z|P~agi;ZcfEvei_GylVYy7~B|OztMHI2SN^tN4?(K4oNPLox
zOxfDl%+1O-4PWKRMO`mTanr|aq%hw-K}n0n-)t}B47hv0X@oj$`$aj%kXMVT;6M56
z5t}MHO3e$_rK3ap`-G1_J=>xijxy4P!<&C^VLw7eN;XdY6uNlfsfS-kSg)ukKfK|3jUSyO6f79f%w@uxy>ZcsQ-a^MqK5lx?m>
z$V!>LgCxGGt@&xHgb3|C2N{hpGv$)2NRwaA<=bBTc}^&(Cm3Wm#L6UO4W{=G9`)UX
z@r2~c8!kQBGA#P2(5WN2(U7^v4PS$Qw~+WEam!&dS*nl(IjCUCK+_7GPT^UWNFowN
zbtBT$ElYGn6d46$Y^soOc1tKJ17}C$=>pC&F>+1UB7M=B0So282hOVKV+<27Hu%Wa
z5`|&Ob`F8*hY!?}Z$m_^+^~O~-Fww*g}@~Bj&rVBN52o4?r)EhC|k>uUglBkc;1|M
zxbAs!zugvQ1(hTp5(;)b%0|8Au5$BWqY|&m5^I5;bnTne;pVf85~jo64;}x3TQhIa
zWlYg=_Qw@H^sR5UrpettzsDax^TiMTdqPk&?La9Z`R`iPBBIkh?TXko-<#Y{{zN^k
zs&L?xH4T*0rNF^sph9BR5eD!PQ6V?`?houI#Kp9?=2&Zw{0x=Ltcn$vtB?IQu0MfL
zVM#Z0$aLnILEF3iw3&vHj=<}i@=3`V83fNT$8VMpy8c^viLzme=qM91miwD}uTzCk
zdUu6?RtK=g2l>-o=;)F--18FATN3@gZM>oDimDXhiq<~P+y*>g
zS?k!IJN@~m|0*qnP>PWc4rK^!nB_j)fNZm9H*Sb;(%e&N0V*q&n^mSmsK*OpvI329
zJwFU*L4t&l!;ai-B7C@>6~Y}VkqA#=agaqhjWVHkhPkW^)8bCSw$-S{$xba#z{A(?
z{~-C;St#7{S{tk7Oyhn%Zpi5Tybu_1)V!yHspr07%&%!?xqY{t0ST7hOQ(~g5|dM+Z(tLpXu
zyW20gMZ6UO2oe_LF=!gg${!+p5_kihLaAb}n*Y>P{JO@e+~yf~jGW$6C`xHHIV


From f3bbac7981b42409dc298b5271f750e09307ad38 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Fri, 23 Oct 2020 13:31:44 -0700
Subject: [PATCH 080/346] udpates

---
 windows/security/threat-protection/TOC.md     |   6 +--
 .../deployment-rings.md                       |  50 ++++++++++++++----
 .../images/deployment-rings.png               | Bin 24969 -> 25023 bytes
 .../images/insider-rings.png                  | Bin 0 -> 38213 bytes
 4 files changed, 43 insertions(+), 13 deletions(-)
 create mode 100644 windows/security/threat-protection/microsoft-defender-atp/images/insider-rings.png

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 8f92bf2e40..4f732d6ced 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -16,14 +16,14 @@
 ## [Plan deployment](microsoft-defender-atp/deployment-strategy.md)
 
 ## [Deployment guide]()
-### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
 ### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
 ### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
 ### [Phase 3: Onboard]()
+#### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
 #### [Onboarding overview](microsoft-defender-atp/onboarding.md)
-##### [Onboarding using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/onboarding-endpoint-configuration-manager.md)
-##### [Onboarding using Microsoft Endpoint Manager](microsoft-defender-atp/onboarding-endpoint-manager.md)
+#### [Onboarding using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/onboarding-endpoint-configuration-manager.md)
+#### [Onboarding using Microsoft Endpoint Manager](microsoft-defender-atp/onboarding-endpoint-manager.md)
 
 
 ## [Migration guides](microsoft-defender-atp/migration-guides.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index 266fd081ad..4825c6f7ed 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -29,6 +29,12 @@ ms.topic: article
 
 Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
 
+The deployment rings can be applied in the following scenarios:
+- New deployments
+- Existing deployments
+
+## New deployments
+
 ![Image of deployment rings](images/deployment-rings.png)
 
 
@@ -49,14 +55,11 @@ Full deployment | Ring 3: Roll out service to the rest of environment in larger
 
 
 ## Evaluate
-You can use the [evaluation lab](evaluation-lab.md) to gain full access to the capabilities of the suite without the complexities of environment configuration. 
+Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be less than 50 endpoints. 
 
-You'll be able to add Windows 10 or Windows Server 2019 devices to the lab environment, install threat simulators, and run scenarios to instantly see how the platform performs.
-
-### Exit criteria?
-- Able to run simulation
-- Able to install threat simulator
-- Results from simulation is displayed in dashboard
+### Exit criteria
+- Devices show up in the device inventory list
+- Alerts appear in dashboard
 
 
 ## Pilot
@@ -66,14 +69,15 @@ The following table shows the supported endpoints and the corresponding tool you
 
 | Endpoint     | Deployment tool                       |
 |--------------|------------------------------------------|
-| **Windows**  |  [Local script (up to 10 devices)](configure-endpoints-script.md) 
      [Group Policy](configure-endpoints-gp.md) 
      [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) 
       [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) 
     [VDI scripts](configure-endpoints-vdi.md)   |
+| **Windows**  |  [Local script (up to 10 devices)](configure-endpoints-script.md) 
     NOTE: If you want to deploy more than 10 devices in a production environment, use the Group Policy method instead.
      [Group Policy](configure-endpoints-gp.md) 
      [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) 
       [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) 
     [VDI scripts](configure-endpoints-vdi.md)   |
 | **macOS**    | [Local script](mac-install-manually.md) 
     [Microsoft Endpoint Manager](mac-install-with-intune.md) 
     [JAMF Pro](mac-install-with-jamf.md) 
     [Mobile Device Management](mac-install-with-other-mdm.md) |
 | **Linux Server** | [Local script](linux-install-manually.md) 
     [Puppet](linux-install-with-puppet.md) 
     [Ansible](linux-install-with-ansible.md)|
 | **iOS**      | [App-based](ios-install.md)                                |
 | **Android**  | [Microsoft Endpoint Manager](android-intune.md)               | 
 
 
-### Exit criteria?
+### Exit criteria
+- Devices show up in the device inventory list
 - [Run a detection test](run-detection-test.md)
 - [Run a simulated attack on a device](attack-simulations.md)
 
@@ -89,4 +93,30 @@ Use the following material to select the appropriate Microsoft Defender ATP arch
 |[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
     [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
    
 
-###  ADMX_ShellCommandPromptRegEditTools policies
+##  ADMX_ShellCommandPromptRegEditTools policies
 
 
    
   
    
@@ -1243,7 +1243,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   
    
 
    
 
-## ADMX_Snmp policies  
+### ADMX_Snmp policies  
 
 
    
   
    
@@ -1257,7 +1257,213 @@ The following diagram shows the Policy configuration service provider in tree fo
   
    
 
    
 
-## ADMX_tcpip policies  
+### ADMX_StartMenu policies  
+
+
    
+  
    
+    ADMX_StartMenu/AddSearchInternetLinkInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/ClearRecentDocsOnExit
+  
    
+  
    
+    ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/ClearTilesOnExit
+  
    
+  
    
+    ADMX_StartMenu/DesktopAppsFirstInAppsView
+  
    
+  
    
+    ADMX_StartMenu/DisableGlobalSearchOnAppsView
+  
    
+  
    
+    ADMX_StartMenu/ForceStartMenuLogOff
+  
    
+  
    
+    ADMX_StartMenu/GoToDesktopOnSignIn
+  
    
+  
    
+    ADMX_StartMenu/GreyMSIAds
+  
    
+  
    
+    ADMX_StartMenu/HidePowerOptions
+  
    
+  
    
+    ADMX_StartMenu/Intellimenus
+  
    
+  
    
+    ADMX_StartMenu/LockTaskbar
+  
    
+  
    
+    ADMX_StartMenu/MemCheckBoxInRunDlg
+  
    
+  
    
+    ADMX_StartMenu/NoAutoTrayNotify
+  
    
+  
    
+    ADMX_StartMenu/NoBalloonTip
+  
    
+  
    
+    ADMX_StartMenu/NoChangeStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoClose
+  
    
+  
    
+    ADMX_StartMenu/NoCommonGroups
+  
    
+  
    
+    ADMX_StartMenu/NoFavoritesMenu
+  
    
+  
    
+    ADMX_StartMenu/NoFind
+  
    
+  
    
+    ADMX_StartMenu/NoGamesFolderOnStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoHelp
+  
    
+  
    
+    ADMX_StartMenu/NoInstrumentation
+  
    
+  
    
+    ADMX_StartMenu/NoMoreProgramsList
+  
    
+  
    
+    ADMX_StartMenu/NoNetAndDialupConnect
+  
    
+  
    
+    ADMX_StartMenu/NoPinnedPrograms
+  
    
+  
    
+    ADMX_StartMenu/NoRecentDocsMenu
+  
    
+  
    
+    ADMX_StartMenu/NoResolveSearch
+  
    
+  
    
+    ADMX_StartMenu/NoResolveTrack
+  
    
+  
    
+    ADMX_StartMenu/NoRun
+  
    
+  
    
+    ADMX_StartMenu/NoSMConfigurePrograms
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyDocuments
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyMusic
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyNetworkPlaces
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyPictures
+  
    
+  
    
+    ADMX_StartMenu/NoSearchCommInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchComputerLinkInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchFilesInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchInternetInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchProgramsInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSetFolders
+  
    
+  
    
+    ADMX_StartMenu/NoSetTaskbar
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuDownload
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuHomegroup
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuRecordedTV
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuSubFolders
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuVideos
+  
    
+  
    
+    ADMX_StartMenu/NoStartPage
+  
    
+  
    
+    ADMX_StartMenu/NoTaskBarClock
+  
    
+  
    
+    ADMX_StartMenu/NoTaskGrouping
+  
    
+  
    
+    ADMX_StartMenu/NoToolbarsOnTaskbar
+  
    
+  
    
+    ADMX_StartMenu/NoTrayContextMenu
+  
    
+  
    
+    ADMX_StartMenu/NoTrayItemsDisplay
+  
    
+  
    
+    ADMX_StartMenu/NoUninstallFromStart
+  
    
+  
    
+    ADMX_StartMenu/NoUserFolderOnStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoUserNameOnStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoWindowsUpdate
+  
    
+  
    
+    ADMX_StartMenu/PowerButtonAction
+  
    
+  
    
+    ADMX_StartMenu/QuickLaunchEnabled
+  
    
+  
    
+    ADMX_StartMenu/RemoveUnDockPCButton
+  
    
+  
    
+    ADMX_StartMenu/ShowAppsViewOnStart
+  
    
+  
    
+    ADMX_StartMenu/ShowRunAsDifferentUserInStart
+  
    
+  
    
+    ADMX_StartMenu/ShowRunInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey
+  
    
+  
    
+    ADMX_StartMenu/StartMenuLogOff
+  
    
+  
    
+    ADMX_StartMenu/StartPinAppsWhenInstalled
+  
    
+
    
+
+### ADMX_tcpip policies  
 
 
    
   
    
@@ -1301,7 +1507,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   
    
 
    
 
-## ADMX_Thumbnails policies  
+### ADMX_Thumbnails policies  
 
 
    
   
    
@@ -1783,7 +1989,7 @@ The following diagram shows the Policy configuration service provider in tree fo
   
    
 
    
 
-## ADMX_WindowsConnectNow policies  
+### ADMX_WindowsConnectNow policies  
 
 
    
   
    
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
new file mode 100644
index 0000000000..d2005ff616
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -0,0 +1,5011 @@
+---
+title: Policy CSP - ADMX_StartMenu
+description: Policy CSP - ADMX_StartMenu
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/20/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_StartMenu
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_StartMenu policies  
+
+
    
+  
    
+    ADMX_StartMenu/AddSearchInternetLinkInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/ClearRecentDocsOnExit
+  
    
+  
    
+    ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/ClearTilesOnExit
+  
    
+  
    
+    ADMX_StartMenu/DesktopAppsFirstInAppsView
+  
    
+  
    
+    ADMX_StartMenu/DisableGlobalSearchOnAppsView
+  
    
+  
    
+    ADMX_StartMenu/ForceStartMenuLogOff
+  
    
+  
    
+    ADMX_StartMenu/GoToDesktopOnSignIn
+  
    
+  
    
+    ADMX_StartMenu/GreyMSIAds
+  
    
+  
    
+    ADMX_StartMenu/HidePowerOptions
+  
    
+  
    
+    ADMX_StartMenu/Intellimenus
+  
    
+  
    
+    ADMX_StartMenu/LockTaskbar
+  
    
+  
    
+    ADMX_StartMenu/MemCheckBoxInRunDlg
+  
    
+  
    
+    ADMX_StartMenu/NoAutoTrayNotify
+  
    
+  
    
+    ADMX_StartMenu/NoBalloonTip
+  
    
+  
    
+    ADMX_StartMenu/NoChangeStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoClose
+  
    
+  
    
+    ADMX_StartMenu/NoCommonGroups
+  
    
+  
    
+    ADMX_StartMenu/NoFavoritesMenu
+  
    
+  
    
+    ADMX_StartMenu/NoFind
+  
    
+  
    
+    ADMX_StartMenu/NoGamesFolderOnStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoHelp
+  
    
+  
    
+    ADMX_StartMenu/NoInstrumentation
+  
    
+  
    
+    ADMX_StartMenu/NoMoreProgramsList
+  
    
+  
    
+    ADMX_StartMenu/NoNetAndDialupConnect
+  
    
+  
    
+    ADMX_StartMenu/NoPinnedPrograms
+  
    
+  
    
+    ADMX_StartMenu/NoRecentDocsMenu
+  
    
+  
    
+    ADMX_StartMenu/NoResolveSearch
+  
    
+  
    
+    ADMX_StartMenu/NoResolveTrack
+  
    
+  
    
+    ADMX_StartMenu/NoRun
+  
    
+  
    
+    ADMX_StartMenu/NoSMConfigurePrograms
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyDocuments
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyMusic
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyNetworkPlaces
+  
    
+  
    
+    ADMX_StartMenu/NoSMMyPictures
+  
    
+  
    
+    ADMX_StartMenu/NoSearchCommInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchComputerLinkInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchFilesInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchInternetInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSearchProgramsInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoSetFolders
+  
    
+  
    
+    ADMX_StartMenu/NoSetTaskbar
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuDownload
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuHomegroup
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuRecordedTV
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuSubFolders
+  
    
+  
    
+    ADMX_StartMenu/NoStartMenuVideos
+  
    
+  
    
+    ADMX_StartMenu/NoStartPage
+  
    
+  
    
+    ADMX_StartMenu/NoTaskBarClock
+  
    
+  
    
+    ADMX_StartMenu/NoTaskGrouping
+  
    
+  
    
+    ADMX_StartMenu/NoToolbarsOnTaskbar
+  
    
+  
    
+    ADMX_StartMenu/NoTrayContextMenu
+  
    
+  
    
+    ADMX_StartMenu/NoTrayItemsDisplay
+  
    
+  
    
+    ADMX_StartMenu/NoUninstallFromStart
+  
    
+  
    
+    ADMX_StartMenu/NoUserFolderOnStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoUserNameOnStartMenu
+  
    
+  
    
+    ADMX_StartMenu/NoWindowsUpdate
+  
    
+  
    
+    ADMX_StartMenu/PowerButtonAction
+  
    
+  
    
+    ADMX_StartMenu/QuickLaunchEnabled
+  
    
+  
    
+    ADMX_StartMenu/RemoveUnDockPCButton
+  
    
+  
    
+    ADMX_StartMenu/ShowAppsViewOnStart
+  
    
+  
    
+    ADMX_StartMenu/ShowRunAsDifferentUserInStart
+  
    
+  
    
+    ADMX_StartMenu/ShowRunInStartMenu
+  
    
+  
    
+    ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey
+  
    
+  
    
+    ADMX_StartMenu/StartMenuLogOff
+  
    
+  
    
+    ADMX_StartMenu/StartPinAppsWhenInstalled
+  
    
+
    
+
+
+
    
+
+
+**ADMX_StartMenu/AddSearchInternetLinkInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "Search the Internet" link is shown when the user performs a search in the start menu search box. This button launches the default browser with the search terms.
+
+If you disable this policy, there will not be a "Search the Internet" link when the user performs a search in the start menu search box.
+
+If you do not configure this policy (default), there will not be a "Search the Internet" link on the start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add Search Internet link to Start Menu*
+-   GP name: *AddSearchInternetLinkInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ClearRecentDocsOnExit**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Clear history of recently opened documents on exit.
+
+If you enable this setting, the system deletes shortcuts to recently used document files when the user logs off. As a result, the Recent Items menu on the Start menu is always empty when the user logs on. In addition, recently and frequently used items in the Jump Lists off of programs in the Start Menu and Taskbar will be cleared when the user logs off.
+
+If you disable or do not configure this setting, the system retains document shortcuts, and when a user logs on, the Recent Items menu and the Jump Lists appear just as it did when the user logged off.
+
+> [!NOTE]
+> The system saves document shortcuts in the user profile in the System-drive\Users\User-name\Recent folder.
+
+Also, see the "Remove Recent Items menu from Start Menu" and "Do not keep history of recently opened documents" policies in this folder. The system only uses this setting when neither of these related settings are selected.
+
+This setting does not clear the list of recent files that Windows programs display at the bottom of the File menu. See the "Do not keep history of recently opened documents" setting.
+
+This policy setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
+
+This policy also does not clear items that the user may have pinned to the Jump Lists, or Tasks that the application has provided for their menu. See the "Do not allow pinning items in Jump Lists" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Clear history of recently opened documents on exit*
+-   GP name: *ClearRecentDocsOnExit*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, the recent programs list in the start menu will be blank for each new user.
+
+If you disable or do not configure this policy, the start menu recent programs list will be pre-populated with programs for each new user.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Clear the recent programs list for new users*
+-   GP name: *ClearRecentProgForNewUserInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ClearTilesOnExit**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the system deletes tile notifications when the user logs on. As a result, the Tiles in the start view will always show their default content when the user logs on. In addition, any cached versions of these notifications will be cleared when the user logs on.
+
+If you disable or do not configure this setting, the system retains notifications, and when a user logs on, the tiles appear just as they did when the user logged off, including the history of previous notifications for each tile.
+
+This setting does not prevent new notifications from appearing. See the "Turn off Application Notifications" setting to prevent new notifications.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Clear tile notifications during log on*
+-   GP name: *ClearTilesOnExit*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/DesktopAppsFirstInAppsView**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows desktop apps to be listed first in the Apps view in Start.
+
+If you enable this policy setting, desktop apps would be listed first when the apps are sorted by category in the Apps view. The other sorting options would continue to be available and the user could choose to change their default sorting options.
+
+If you disable or don't configure this policy setting, the desktop apps won't be listed first when the apps are sorted by category, and the user can configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *List desktop apps first in the Apps view*
+-   GP name: *DesktopAppsFirstInAppsView*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/DisableGlobalSearchOnAppsView**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the user from searching apps, files, settings (and the web if enabled) when the user searches from the Apps view.
+
+This policy setting is only applied when the Apps view is set as the default view for Start.
+
+If you enable this policy setting, searching from the Apps view will only search the list of installed apps.
+
+If you disable or don’t configure this policy setting, the user can configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Search just apps from the Apps view*
+-   GP name: *DisableGlobalSearchOnAppsView*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ForceStartMenuLogOff**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy only applies to the classic version of the start menu and does not affect the new style start menu.
+
+Adds the "Log Off " item to the Start menu and prevents users from removing it.
+
+If you enable this setting, the Log Off  item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off  item from the Start Menu.
+
+If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.
+
+This setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del.
+
+Note: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab, and then, in the Start Menu Settings box, click Display Logoff.
+
+Also, see "Remove Logoff" in User Configuration\Administrative Templates\System\Logon/Logoff.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add Logoff to the Start Menu*
+-   GP name: *ForceStartMenuLogOff*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/GoToDesktopOnSignIn**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to go to the desktop instead of the Start screen when they sign in.
+
+If you enable this policy setting, users will always go to the desktop when they sign in.
+
+If you disable this policy setting, users will always go to the Start screen when they sign in.
+
+If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Go to the desktop instead of Start when signing in*
+-   GP name: *GoToDesktopOnSignIn*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/GreyMSIAds**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Displays Start menu shortcuts to partially installed programs in gray text.
+
+This setting makes it easier for users to distinguish between programs that are fully installed and those that are only partially installed.
+
+Partially installed programs include those that a system administrator assigns using Windows Installer and those that users have configured for full installation upon first use.
+
+If you disable this setting or do not configure it, all Start menu shortcuts appear as black text.
+
+> [!NOTE]
+> Enabling this setting can make the Start menu slow to open.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Gray unavailable Windows Installer programs Start Menu shortcuts*
+-   GP name: *GreyMSIAds*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/HidePowerOptions**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Windows security screen, the logon screen, and the Start menu: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+
+If you enable this policy setting, the shutdown, restart, sleep, and hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE, and from the logon screen.
+
+If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security and logon screens is also available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
+-   GP name: *HidePowerOptions*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/Intellimenus**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Disables personalized menus.
+
+Windows personalizes long menus by moving recently used items to the top of the menu and hiding items that have not been used recently. Users can display the hidden items by clicking an arrow to extend the menu.
+
+If you enable this setting, the system does not personalize menus. All menu items appear and remain in standard order. Also, this setting removes the "Use Personalized Menus" option so users do not try to change the setting while a setting is in effect.
+
+> [!NOTE]
+> Personalized menus require user tracking. If you enable the "Turn off user tracking" setting, the system disables user tracking and personalized menus and ignores this setting.
+
+To Turn off personalized menus without specifying a setting, click Start, click Settings, click Taskbar and Start Menu, and then, on the General tab, clear the "Use Personalized Menus" option.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off personalized menus*
+-   GP name: *Intellimenus*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/LockTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar, which is used to switch between running applications.
+
+The taskbar includes the Start button, list of currently running tasks, and the notification area. By default, the taskbar is located at the bottom of the screen, but it can be dragged to any side of the screen. When it is locked, it cannot be moved or resized.
+
+If you enable this setting, it prevents the user from moving or resizing the taskbar. While the taskbar is locked, auto-hide and other taskbar options are still available in Taskbar properties.
+
+If you disable this setting or do not configure it, the user can configure the taskbar position.
+
+> [!NOTE]
+> Enabling this setting also locks the QuickLaunch bar and any other toolbars that the user has on their taskbar. The toolbar's position is locked, and the user cannot show and hide various toolbars using the taskbar context menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Lock the Taskbar*
+-   GP name: *LockTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/MemCheckBoxInRunDlg**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets users run a 16-bit program in a dedicated (not shared) Virtual DOS Machine (VDM) process.
+
+All DOS and 16-bit programs run on Windows 2000 Professional and Windows XP Professional in the Windows Virtual DOS Machine program. VDM simulates a 16-bit environment, complete with the DLLs required by 16-bit programs. By default, all 16-bit programs run as threads in a single, shared VDM process. As such, they share the memory space allocated to the VDM process and cannot run simultaneously.
+
+Enabling this setting adds a check box to the Run dialog box, giving users the option of running a 16-bit program in its own dedicated NTVDM process. The additional check box is enabled only when a user enters a 16-bit program in the Run dialog box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add "Run in Separate Memory Space" check box to Run dialog box*
+-   GP name: *MemCheckBoxInRunDlg*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoAutoTrayNotify**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area, also called the "system tray."
+
+The notification area is located in the task bar, generally at the bottom of the screen, and it includes the clock and current notifications. This setting determines whether the items are always expanded or always collapsed. By default, notifications are collapsed. The notification cleanup << icon can be referred to as the "notification chevron."
+
+If you enable this setting, the system notification area expands to show all of the notifications that use this area.
+
+If you disable this setting, the system notification area will always collapse notifications.
+
+If you do not configure it, the user can choose if they want notifications collapsed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off notification area cleanup*
+-   GP name: *NoAutoTrayNotify*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoBalloonTip**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Hides pop-up text on the Start menu and in the notification area.
+
+When you hold the cursor over an item on the Start menu or in the notification area, the system displays pop-up text providing additional information about the object.
+
+If you enable this setting, some of this pop-up text is not displayed. The pop-up text affected by this setting includes "Click here to begin" on the Start button, "Where have all my programs gone" on the Start menu, and "Where have my icons gone" in the notification area.
+
+If you disable this setting or do not configure it, all pop-up text is displayed on the Start menu and in the notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Balloon Tips on Start Menu items*
+-   GP name: *NoBalloonTip*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoChangeStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from changing their Start screen layout.
+
+If you enable this setting, you will prevent a user from selecting an app, resizing a tile, pinning/unpinning a tile or a secondary tile, entering the customize mode and rearranging tiles within Start and Apps.
+
+If you disable or do not configure this setting, you will allow a user to select an app, resize a tile, pin/unpin a tile or a secondary tile, enter the customize mode and rearrange tiles within Start and Apps.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from customizing their Start Screen*
+-   GP name: *NoChangeStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoClose**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents users from performing the following commands from the Start menu or Windows Security screen: Shut Down, Restart, Sleep, and Hibernate. This policy setting does not prevent users from running Windows-based programs that perform these functions.
+
+If you enable this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are removed from the Start menu. The Power button is also removed from the Windows Security screen, which appears when you press CTRL+ALT+DELETE.
+
+If you disable or do not configure this policy setting, the Power button and the Shut Down, Restart, Sleep, and Hibernate commands are available on the Start menu. The Power button on the Windows Security screen is also available.
+
+> [!NOTE]
+> Third-party programs certified as compatible with Microsoft Windows Vista, Windows XP SP2, Windows XP SP1, Windows XP, or Windows 2000 Professional are required to support this policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands*
+-   GP name: *NoClose*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoCommonGroups**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes items in the All Users profile from the Programs menu on the Start menu.
+
+By default, the Programs menu contains items from the All Users profile and items from the user's profile. If you enable this setting, only items in the user's profile appear in the Programs menu.
+
+To see the Program menu items in the All Users profile, on the system drive, go to ProgramData\Microsoft\Windows\Start Menu\Programs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove common program groups from Start Menu*
+-   GP name: *NoCommonGroups*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoFavoritesMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from adding the Favorites menu to the Start menu or classic Start menu.
+
+If you enable this setting, the Display Favorites item does not appear in the Advanced Start menu options box.
+
+If you disable or do not configure this setting, the Display Favorite item is available.
+
+> [!NOTE]
+> The Favorities menu does not appear on the Start menu by default. To display the Favorites menu, right-click Start, click Properties, and then click Customize.  If you are using Start menu, click the Advanced tab, and then, under Start menu items, click the Favorites menu. If you are using the classic Start menu, click Display Favorites under Advanced Start menu options.
+> 
+> The items that appear in the Favorites menu when you install Windows are preconfigured by the system to appeal to most users. However, users can add and remove items from this menu, and system administrators can create a customized Favorites menu for a user group.
+>
+> This setting only affects the Start menu. The Favorites item still appears in File Explorer and in Internet Explorer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Favorites menu from Start Menu*
+-   GP name: *NoFavoritesMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoFind**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search link from the Start menu, and disables some File Explorer search elements. Note that this does not remove the search box from the new style Start menu.
+
+If you enable this policy setting, the Search item is removed from the Start menu and from the context menu that appears when you right-click the Start menu. Also, the system does not respond when users press the Application key (the key with the Windows logo)+ F.
+
+Note: Enabling this policy setting also prevents the user from using the F3 key.
+
+In File Explorer, the Search item still appears on the Standard buttons toolbar, but the system does not respond when the user presses Ctrl+F. Also, Search does not appear in the context menu when you right-click an icon representing a drive or a folder.
+
+This policy setting affects the specified user interface elements only. It does not affect Internet Explorer and does not prevent the user from using other methods to search.
+
+If you disable or do not configure this policy setting, the Search link is available from the Start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Search link from Start Menu*
+-   GP name: *NoFind*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoGamesFolderOnStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the Games folder.
+
+If you disable or do not configure this policy, the start menu will show a link to the Games folder, unless the user chooses to remove it in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Games link from Start Menu*
+-   GP name: *NoGamesFolderOnStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoHelp**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Help command from the Start menu.
+
+If you enable this policy setting, the Help command is removed from the Start menu.
+
+If you disable or do not configure this policy setting, the Help command is available from the Start menu.
+
+This policy setting only affects the Start menu. It does not remove the Help menu from File Explorer and does not prevent users from running Help.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Help menu from Start Menu*
+-   GP name: *NoHelp*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoInstrumentation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off user tracking.
+
+If you enable this policy setting, the system does not track the programs that the user runs, and does not display frequently used programs in the Start Menu.
+
+If you disable or do not configure this policy setting, the system tracks the programs that the user runs. The system uses this information to customize Windows features, such as showing frequently used programs in the Start Menu.
+
+Also, see these related policy settings: "Remove frequent programs liist from the Start Menu" and "Turn off personalized menus".
+
+This policy  setting does not prevent users from pinning programs to the Start Menu or Taskbar. See the "Remove pinned programs list from the Start Menu" and "Do not allow pinning programs to the Taskbar" policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off user tracking*
+-   GP name: *NoInstrumentation*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoMoreProgramsList**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Start Menu will either collapse or remove the all apps list from the Start menu.
+
+Selecting "Collapse" will not display the app list next to the pinned tiles in Start. An "All apps" button will be displayed on Start to open the all apps list. This is equivalent to setting the "Show app list in Start" in Settings to Off.
+
+Selecting "Collapse and disable setting" will do the same as the collapse option and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On.
+
+Selecting "Remove and disable setting" will remove the all apps list from Start and disable the "Show app list in Start menu" in Settings, so users cannot turn it to On. Select this option for compatibility with earlier versions of Windows.
+
+If you disable or do not configure this setting, the all apps list will be visible by default, and the user can change "Show app list in Start" in Settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove All Programs list from the Start menu*
+-   GP name: *NoMoreProgramsList*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoNetAndDialupConnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Network Connections from the Start Menu.
+
+If you enable this policy setting, users are prevented from running Network Connections.
+
+Enabling this policy setting prevents the Network Connections folder from opening. This policy setting also removes Network Connections from Settings on the Start menu.
+
+Network Connections still appears in Control Panel and in File Explorer, but if users try to start it, a message appears explaining that a setting prevents the action.
+
+If you disable or do not configure this policy setting, Network Connections is available from the Start Menu.
+
+Also, see the "Disable programs on Settings menu" and "Disable Control Panel" policy settings and the policy settings in the Network Connections folder (Computer Configuration and User Configuration\Administrative Templates\Network\Network Connections).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Network Connections from Start Menu*
+-   GP name: *NoNetAndDialupConnect*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoPinnedPrograms**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
+
+In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog. 
+
+If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove pinned programs list from the Start Menu*
+-   GP name: *NoPinnedPrograms*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoRecentDocsMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Recent Items menu from the Start menu.  Removes the Documents menu from the classic Start menu.
+
+The Recent Items menu contains links to the non-program files that users have most recently opened. It appears so that users can easily reopen their documents.
+
+If you enable this setting, the system saves document shortcuts but does not display the Recent Items menu in the Start Menu, and users cannot turn the menu on.
+
+If you later disable the setting, so that the Recent Items menu appears in the Start Menu, the document shortcuts saved before the setting was enabled and while it was in effect appear in the Recent Items menu.
+
+When the setting is disabled, the Recent Items menu appears in the Start Menu, and users cannot remove it.
+
+If the setting is not configured, users can turn the Recent Items menu on and off.
+
+> [!NOTE]
+> This setting does not prevent Windows programs from displaying shortcuts to recently opened documents. See the "Do not keep history of recently opened documents" setting.
+
+This setting also does not hide document shortcuts displayed in the Open dialog box. See the "Hide the dropdown list of recent files" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Recent Items menu from Start Menu*
+-   GP name: *NoRecentDocsMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoResolveSearch**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from conducting a comprehensive search of the target drive to resolve a shortcut.
+
+If you enable this policy setting, the system does not conduct the final drive search. It just displays a message explaining that the file is not found.
+
+If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
+
+> [!NOTE]
+> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.
+
+Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the tracking-based method when resolving shell shortcuts" policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not use the search-based method when resolving shell shortcuts*
+-   GP name: *NoResolveSearch*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoResolveTrack**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prevents the system from using NTFS tracking features to resolve a shortcut.
+
+If you enable this policy setting, the system does not try to locate the file by using its file ID. It skips this step and begins a comprehensive search of the drive specified in the target path.
+
+If you disable or do not configure this policy setting, by default, when the system cannot find the target file for a shortcut (.lnk), it searches all paths associated with the shortcut. If the target file is located on an NTFS partition, the system then uses the target's file ID to find a path. If the resulting path is not correct, it conducts a comprehensive search of the target drive in an attempt to find the file.
+
+> [!NOTE]
+> This policy setting only applies to target files on NTFS partitions. FAT partitions do not have this ID tracking and search capability.
+
+Also, see the "Do not track Shell shortcuts during roaming" and the "Do not use the search-based method when resolving shell shortcuts" policy settings.
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not use the tracking-based method when resolving shell shortcuts*
+-   GP name: *NoResolveTrack*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoRun**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Allows you to remove the Run command from the Start menu, Internet Explorer, and Task Manager.
+
+If you enable this setting, the following changes occur:
+
+1. The Run command is removed from the Start menu.
+
+2. The New Task (Run) command is removed from Task Manager.
+
+3. The user will be blocked from entering the following into the Internet Explorer Address Bar:
+
+- A UNC path: `\\\`
+
+- Accessing local drives:  e.g., C:
+
+- Accessing local folders: e.g., `\`
+
+Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.
+
+If you disable or do not configure this setting, users will be able to access the Run command in the Start menu and in Task Manager and use the Internet Explorer Address Bar.
+
+> [!NOTE]
+> This setting affects the specified interface only. It does not prevent users from using other methods to run programs.
+>
+> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Run menu from Start Menu*
+-   GP name: *NoRun*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSMConfigurePrograms**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Default Programs link from the Start menu.
+
+If you enable this policy setting, the Default Programs link is removed from the Start menu.
+
+Clicking the Default Programs link from the Start menu opens the Default Programs control panel and provides administrators the ability to specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
+
+If you disable or do not configure this policy setting, the Default Programs link is available from the Start menu.
+
+> [!NOTE]
+> This policy setting does not prevent the Set Default Programs for This Computer option from appearing in the Default Programs control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Default Programs link from the Start menu.*
+-   GP name: *NoSMConfigurePrograms*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSMMyDocuments**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Documents icon from the Start menu and its submenus.
+
+If you enable this policy setting, the Documents icon is removed from the Start menu and its submenus. Enabling this policy setting only removes the icon. It does not prevent the user from using other methods to gain access to the contents of the Documents folder.
+
+> [!NOTE]
+> To make changes to this policy setting effective, you must log off and then log on.
+
+If you disable or do not configure this policy setting, he Documents icon is available from the Start menu.
+
+Also, see the "Remove Documents icon on the desktop" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Documents icon from Start Menu*
+-   GP name: *NoSMMyDocuments*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSMMyMusic**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Music icon from Start Menu.
+
+If you enable this policy setting, the Music icon is no longer available from Start Menu.
+
+If you disable or do not configure this policy setting, the Music icon is available from Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Music icon from Start Menu*
+-   GP name: *NoSMMyMusic*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSMMyNetworkPlaces**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build.This policy setting allows you to remove the Network icon from Start Menu.
+
+If you enable this policy setting, the Network icon is no longer available from Start Menu.
+
+If you disable or do not configure this policy setting, the Network icon is available from Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Network icon from Start Menu*
+-   GP name: *NoSMMyNetworkPlaces*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSMMyPictures**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Pictures icon from Start Menu.
+
+If you enable this policy setting, the Pictures icon is no longer available from Start Menu.
+
+If you disable or do not configure this policy setting, the Pictures icon is available from Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Pictures icon from Start Menu*
+-   GP name: *NoSMMyPictures*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSearchCommInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for communications.
+
+If you disable or do not configure this policy, the start menu will search for communications, unless the user chooses not to in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search communications*
+-   GP name: *NoSearchCommInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSearchComputerLinkInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "See all results" link will not be shown when the user performs a search in the start menu search box.
+
+If you disable or do not configure this policy, the "See all results" link will be shown when the user performs a search in the start menu search box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Search Computer link*
+-   GP name: *NoSearchComputerLinkInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+
+If you disable or do not configure this policy, a "See more results" link will be shown when the user performs a search in the start menu search box.  If a 3rd party protocol handler is installed, a "Search Everywhere" link will be shown instead of the "See more results" link.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove See More Results / Search Everywhere link*
+-   GP name: *NoSearchEverywhereLinkInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSearchFilesInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for files.
+
+If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel.  If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search for files*
+-   GP name: *NoSearchFilesInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSearchInternetInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu search box will not search for internet history or favorites.
+
+If you disable or do not configure this policy, the start menu will search for for internet history or favorites, unless the user chooses not to in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search Internet*
+-   GP name: *NoSearchInternetInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSearchProgramsInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for programs or Control Panel items.
+
+If you disable or do not configure this policy setting, the Start menu search box will search for programs and Control Panel items, unless the user chooses not to do so directly in Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not search programs and Control Panel items*
+-   GP name: *NoSearchProgramsInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSetFolders**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove programs on Settings menu.
+
+If you enable this policy setting, the Control Panel, Printers, and Network and Connection folders are removed from Settings on the Start menu, and from Computer and File Explorer. It also prevents the programs represented by these folders (such as Control.exe) from running.
+
+However, users can still start Control Panel items by using other methods, such as right-clicking the desktop to start Display or right-clicking Computer to start System.
+
+If you disable or do not configure this policy setting, the Control Panel, Printers, and Network and Connection folders from Settings are available on the Start menu, and from Computer and File Explorer.
+
+Also, see the "Disable Control Panel," "Disable Display in Control Panel," and "Remove Network Connections from Start Menu" policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove programs on Settings menu*
+-   GP name: *NoSetFolders*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoSetTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent changes to Taskbar and Start Menu Settings.
+
+If you enable this policy setting, The user will be prevented from opening the Taskbar Properties dialog box.
+
+If the user right-clicks the taskbar and then clicks Properties, a message appears explaining that a setting prevents the action.
+
+If you disable or do not configure this policy setting, the Taskbar and Start Menu items are available from Settings on the Start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent changes to Taskbar and Start Menu Settings*
+-   GP name: *NoSetTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoStartMenuDownload**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Downloads link from the Start Menu.
+
+If you enable this policy setting, the Start Menu does not show a link to the Downloads folder.
+
+If you disable or do not configure this policy setting, the Downloads link is available from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Downloads link from Start Menu*
+-   GP name: *NoStartMenuDownload*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoStartMenuHomegroup**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the Start menu will not show a link to Homegroup. It also removes the homegroup item from the Start Menu options. As a result, users cannot add the homegroup link to the Start Menu.
+
+If you disable or do not configure this policy, users can use the Start Menu options to add or remove the homegroup link from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Homegroup link from Start Menu*
+-   GP name: *NoStartMenuHomegroup*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoStartMenuRecordedTV**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Recorded TV link from the Start Menu.
+
+If you enable this policy setting, the Start Menu does not show a link to the Recorded TV library.
+
+If you disable or do not configure this policy setting, the Recorded TV link is available from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Recorded TV link from Start Menu*
+-   GP name: *NoStartMenuRecordedTV*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoStartMenuSubFolders**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Hides all folders on the user-specific (top) section of the Start menu. Other items appear, but folders are hidden.
+
+This setting is designed for use with redirected folders. Redirected folders appear on the main (bottom) section of the Start menu. However, the original, user-specific version of the folder still appears on the top section of the Start menu. Because the appearance of two folders with the same name might confuse users, you can use this setting to hide user-specific folders.
+
+Note that this setting hides all user-specific folders, not just those associated with redirected folders.
+
+If you enable this setting, no folders appear on the top section of the Start menu. If users add folders to the Start Menu directory in their user profiles, the folders appear in the directory but not on the Start menu.
+
+If you disable this setting or do not configured it, Windows 2000 Professional and Windows XP Professional display folders on both sections of the Start menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove user's folders from the Start Menu*
+-   GP name: *NoStartMenuSubFolders*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoStartMenuVideos**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Videos link from the Start Menu.
+
+If you enable this policy setting, the Start Menu does not show a link to the Videos library.
+
+If you disable or do not configure this policy setting, the Videos link is available from the Start Menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Videos link from Start Menu*
+-   GP name: *NoStartMenuVideos*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoStartPage**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the presentation of the Start menu.
+
+The classic Start menu in Windows 2000 Professional allows users to begin common tasks, while the new Start menu consolidates common items onto one menu. When the classic Start menu is used, the following icons are placed on the desktop: Documents, Pictures, Music, Computer, and Network. The new Start menu starts them directly.
+
+If you enable this setting, the Start menu displays the classic Start menu in the Windows 2000 style and displays the standard desktop icons.
+
+If you disable this setting, the Start menu only displays in the new style, meaning the desktop icons are now on the Start page.
+
+If you do not configure this setting, the default is the new style, and the user can change the view.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Force classic Start Menu*
+-   GP name: *NoStartPage*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoTaskBarClock**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents the clock in the system notification area from being displayed.
+
+If you enable this setting, the clock will not be displayed in the system notification area.
+
+If you disable or do not configure this setting, the default behavior of the clock appearing in the notification area will occur.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Clock from the system notification area*
+-   GP name: *NoTaskBarClock*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoTaskGrouping**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar buttons used to switch between running programs.
+
+Taskbar grouping consolidates similar applications when there is no room on the taskbar. It kicks in when the user's taskbar is full.
+
+If you enable this setting, it prevents the taskbar from grouping items that share the same program name. By default, this setting is always enabled.
+
+If you disable or do not configure it, items on the taskbar that share the same program are grouped together. The users have the option to disable grouping if they choose.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent grouping of taskbar items*
+-   GP name: *NoTaskGrouping*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoToolbarsOnTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the taskbar.
+
+The taskbar includes the Start button, buttons for currently running tasks, custom toolbars, the notification area, and the system clock. Toolbars include Quick Launch, Address, Links, Desktop, and other custom toolbars created by the user or by an application.
+
+If this setting is enabled, the taskbar does not display any custom toolbars, and the user cannot add any custom toolbars to the taskbar. Moreover, the "Toolbars" menu command and submenu are removed from the context menu. The taskbar displays only the Start button, taskbar buttons, the notification area, and the system clock.
+
+If this setting is disabled or is not configured, the taskbar displays all toolbars. Users can add or remove custom toolbars, and the "Toolbars" command appears in the context menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not display any custom toolbars in the taskbar*
+-   GP name: *NoToolbarsOnTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoTrayContextMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove access to the context menus for the taskbar.
+
+If you enable this policy setting, the menus that appear when you right-click the taskbar and items on the taskbar are hidden, such as the Start button, the clock, and the taskbar buttons.
+
+If you disable or do not configure this policy setting, the context menus for the taskbar are available.
+
+This policy setting does not prevent users from using other methods to issue the commands that appear on these menus.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove access to the context menus for the taskbar*
+-   GP name: *NoTrayContextMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoTrayItemsDisplay**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting affects the notification area (previously called the "system tray") on the taskbar.
+
+The notification area is located at the far right end of the task bar and includes the icons for current notifications and the system clock.
+
+If this setting is enabled, the user’s entire notification area, including the notification icons, is hidden. The taskbar displays only the Start button, taskbar buttons, custom toolbars (if any), and the system clock.
+
+If this setting is disabled or is not configured, the notification area is shown in the user's taskbar.
+
+> [!NOTE]
+> Enabling this setting overrides the "Turn off notification area cleanup" setting, because if the notification area is hidden, there is no need to clean up the icons.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the notification area*
+-   GP name: *NoTrayItemsDisplay*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoUninstallFromStart**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, users cannot uninstall apps from Start.
+
+If you disable this setting or do not configure it, users can access the uninstall command from Start.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from uninstalling applications from Start*
+-   GP name: *NoUninstallFromStart*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoUserFolderOnStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy the start menu will not show a link to the user's storage folder.
+
+If you disable or do not configure this policy, the start menu will display a link, unless the user chooses to remove it in the start menu control panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove user folder link from Start Menu*
+-   GP name: *NoUserFolderOnStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoUserNameOnStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the user name label from the Start Menu in Windows XP and Windows Server 2003.
+
+If you enable this policy setting, the user name label is removed from the Start Menu in Windows XP and Windows Server 2003.
+
+To remove the user name folder on Windows Vista, set the "Remove user folder link from Start Menu" policy setting.
+
+If you disable or do not configure this policy setting, the user name label appears on the Start Menu in Windows XP and Windows Server 2003.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove user name from Start Menu*
+-   GP name: *NoUserNameOnStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/NoWindowsUpdate**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove links and access to Windows Update.
+
+If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
+
+Enabling this policy setting blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
+
+Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.
+
+If you disable or do not configure this policy setting, the Windows Update hyperlink is available from the Start menu and from the Tools menu in Internet Explorer.
+
+Also, see the "Hide the "Add programs from Microsoft" option" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove links and access to Windows Update*
+-   GP name: *NoWindowsUpdate*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/PowerButtonAction**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Set the default action of the power button on the Start menu.
+
+If you enable this setting, the Start Menu will set the power button to the chosen action, and not let the user change this action.
+
+If you set the button to either Sleep or Hibernate, and that state is not supported on a computer, then the button will fall back to Shut Down.
+
+If you disable or do not configure this setting, the Start Menu power button will be set to Shut Down by default, and the user can change this setting to another action.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Change Start Menu power button*
+-   GP name: *PowerButtonAction*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/QuickLaunchEnabled**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting controls whether the QuickLaunch bar is displayed in the Taskbar.
+
+If you enable this policy setting, the QuickLaunch bar will be visible and cannot be turned off.
+
+If you disable this policy setting, the QuickLaunch bar will be hidden and cannot be turned on.
+
+If you do not configure this policy setting, then users will be able to turn the QuickLaunch bar on and off.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show QuickLaunch on Taskbar*
+-   GP name: *QuickLaunchEnabled*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/RemoveUnDockPCButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Undock PC" button is removed from the simple Start Menu, and your PC cannot be undocked.
+
+If you disable this setting or do not configure it, the "Undock PC" button remains on the simple Start menu, and your PC can be undocked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the "Undock PC" button from the Start Menu*
+-   GP name: *RemoveUnDockPCButton*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ShowAppsViewOnStart**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Apps view to be opened by default when the user goes to Start.
+
+If you enable this policy setting, the Apps view will appear whenever the user goes to Start. Users will still be able to switch between the Apps view and the Start screen.
+
+If you disable or don’t configure this policy setting, the Start screen will appear by default whenever the user goes to Start, and the user will be able to switch between the Apps view and the Start screen. Also, the user will be able to configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show the Apps view automatically when the user goes to Start*
+-   GP name: *ShowAppsViewOnStart*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ShowRunAsDifferentUserInStart**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting shows or hides the "Run as different user" command on the Start application bar.
+
+If you enable this setting, users can access the "Run as different user" command from Start for applications which support this functionality.
+
+If you disable this setting or do not configure it, users cannot access the "Run as different user" command from Start for any applications.
+
+> [!NOTE]
+> This setting does not prevent users from using other methods, such as the shift right-click menu on application's jumplists in the taskbar to issue the "Run as different user" command.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show "Run as different user" command on Start*
+-   GP name: *ShowRunAsDifferentUserInStart*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ShowRunInStartMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the Run command is added to the Start menu.
+
+If you disable or do not configure this setting, the Run command is not visible on the Start menu by default, but it can be added from the Taskbar and Start menu properties.
+
+If the Remove Run link from Start Menu policy is set, the Add the Run command to the Start menu policy has no effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Add the Run command to the Start Menu*
+-   GP name: *ShowRunInStartMenu*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the Start screen to appear on the display the user is using when they press the Windows logo key. This setting only applies to users who are using multiple displays.
+
+If you enable this policy setting, the Start screen will appear on the display the user is using when they press the Windows logo key.
+
+If you disable or don't configure this policy setting, the Start screen will always appear on the main display when the user presses the Windows logo key. Users will still be able to open Start on other displays by pressing the Start button on that display. Also, the user will be able to configure this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show Start on the display the user is using when they press the Windows logo key*
+-   GP name: *ShowStartOnDisplayWithForegroundOnWinKey*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/StartMenuLogOff**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off " item from the Start menu and prevents users from restoring it.
+
+If you enable this policy setting, the Log Off  item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off  item to the Start Menu.
+
+If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.
+
+This policy setting affects the Start menu only. It does not affect the Log Off item on the Windows Security dialog box that appears when you press Ctrl+Alt+Del, and it does not prevent users from using other methods to log off.
+
+Tip: To add or remove the Log Off item on a computer, click Start, click Settings, click Taskbar and Start Menu, click the Start Menu Options tab and, in the Start Menu Settings box, click Display Logoff.
+
+See also: "Remove Logoff" policy setting in User Configuration\Administrative Templates\System\Logon/Logoff.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Logoff on the Start Menu*
+-   GP name: *StartMenuLogOff*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+
+**ADMX_StartMenu/StartPinAppsWhenInstalled**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows pinning apps to Start by default, when they are included by AppID on the list.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Pin Apps to Start when installed*
+-   GP name: *StartPinAppsWhenInstalled*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *StartMenu.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 8cf15aeb58207dd7d8bd1159b86b3a585f279942 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Fri, 23 Oct 2020 16:09:02 -0700
Subject: [PATCH 082/346] Formatting

---
 .../mdm/policy-csp-admx-startmenu.md          | 23 +++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index d2005ff616..09955c429e 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -699,9 +699,9 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. This policy only applies to the classic version of the start menu and does not affect the new style start menu.
 
-Adds the "Log Off " item to the Start menu and prevents users from removing it.
+Adds the "Log Off ``" item to the Start menu and prevents users from removing it.
 
-If you enable this setting, the Log Off  item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off  item from the Start Menu.
+If you enable this setting, the Log Off `` item appears in the Start menu. This setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot remove the Log Off `` item from the Start Menu.
 
 If you disable this setting or do not configure it, users can use the Display Logoff item to add and remove the Log Off item.
 
@@ -2072,7 +2072,7 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. If you enable this setting, the "Pinned Programs" list is removed from the Start menu. Users cannot pin programs to the Start menu.
 
-In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog. 
+In Windows XP and Windows Vista, the Internet and email checkboxes are removed from the 'Customize Start Menu' dialog.
 
 If you disable this setting or do not configure it, the "Pinned Programs" list remains on the Start menu. Users can pin and unpin programs in the Start Menu.
 
@@ -2376,11 +2376,11 @@ If you enable this setting, the following changes occur:
 
 3. The user will be blocked from entering the following into the Internet Explorer Address Bar:
 
-- A UNC path: `\\\`
+    - A UNC path: `\\\`
 
-- Accessing local drives:  e.g., C:
+    - Accessing local drives:  e.g., C:
 
-- Accessing local folders: e.g., `\`
+    - Accessing local folders: e.g., `\`
 
 Also, users with extended keyboards will no longer be able to display the Run dialog box by pressing the Application key (the key with the Windows logo) + R.
 
@@ -3012,7 +3012,7 @@ ADMX Info:
 
 Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting the Start menu search box will not search for files.
 
-If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel.  If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
+If you disable or do not configure this policy setting, the Start menu will search for files, unless the user chooses not to do so directly in Control Panel. If you enable this policy, a "See more results" / "Search Everywhere" link will not be shown when the user performs a search in the start menu search box.
 
 
 > [!TIP]
@@ -4340,7 +4340,7 @@ Available in the latest Windows 10 Insider Preview Build. This policy setting al
 
 If you enable this policy setting, users are prevented from connecting to the Windows Update Web site.
 
-Enabling this policy setting blocks user access to the Windows Update Web site at http://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
+Enabling this policy setting blocks user access to the Windows Update Web site at https://windowsupdate.microsoft.com. Also, the policy setting removes the Windows Update hyperlink from the Start menu and from the Tools menu in Internet Explorer.
 
 Windows Update, the online extension of Windows, offers software updates to keep a user’s system up-to-date. The Windows Update Product Catalog determines any system files, security fixes, and Microsoft updates that users need and shows the newest versions available for download.
 
@@ -4899,9 +4899,9 @@ ADMX Info:
 
 
 
-Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off " item from the Start menu and prevents users from restoring it.
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to removes the "Log Off ``" item from the Start menu and prevents users from restoring it.
 
-If you enable this policy setting, the Log Off  item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off  item to the Start Menu.
+If you enable this policy setting, the Log Off `` item does not appear in the Start menu. This policy setting also removes the Display Logoff item from Start Menu Options. As a result, users cannot restore the Log Off `` item to the Start Menu.
 
 If you disable or do not configure this policy setting, users can use the Display Logoff item to add and remove the Log Off item.
 
@@ -5007,5 +5007,4 @@ Footnotes:
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
 
-
-
+
\ No newline at end of file

From 3ea0d2cdb21afe1cc379b9fc4796add089ac9ee6 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:16 +0500
Subject: [PATCH 083/346] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index ea1b4c4883..0efdd31269 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -24,7 +24,7 @@ ms.topic: conceptual
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-To get preview features available for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
+To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 >[!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.

From 1c9db02d6135776326f9752bd11e86aae8bf186e Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:29 +0500
Subject: [PATCH 084/346] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0efdd31269..0643c6eff8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -26,7 +26,7 @@ ms.topic: conceptual
 
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
->[!IMPORTANT]
+> [!IMPORTANT]
 >Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf

From 454fbba3d74acb35c7dd64c88415fd638ffa0b0d Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Sat, 24 Oct 2020 21:22:49 +0500
Subject: [PATCH 085/346] Update
 windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../endpoint-detection-response-mac-preview.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
index 0643c6eff8..5e45dab3cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@@ -27,7 +27,7 @@ ms.topic: conceptual
 To get preview features for Mac, you must set up your device to be an "Insider" device as described in this article. For scale deployment, we recommend using [Jamf](#enable-the-insider-program-with-jamf) or [Intune](#enable-the-insider-program-with-intune).
 
 > [!IMPORTANT]
->Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md) and [manual deployment](mac-install-manually.md) instructions.
+> Make sure you have enabled [Microsoft Defender ATP for Mac](microsoft-defender-atp-mac.md#how-to-install-microsoft-defender-atp-for-mac), and pay attention to the “earlyPreview” flag. See documentation for [Jamf](mac-install-with-jamf.md), [Intune](mac-install-with-intune.md), and [manual deployment](mac-install-manually.md) instructions.
 
 ## Enable the Insider program with Jamf
 

From a9435b4e9571b0d487a33e0e7109644ee39b6699 Mon Sep 17 00:00:00 2001
From: Ben 
Date: Mon, 26 Oct 2020 15:04:56 +0200
Subject: [PATCH 086/346] Update find-machines-by-ip.md

---
 .../microsoft-defender-atp/find-machines-by-ip.md              | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
index 86fc568017..a930d0de5a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/find-machines-by-ip.md
@@ -66,8 +66,7 @@ Authorization | String | Bearer {token}. **Required**.
 Empty
 
 ## Response
-If successful and machines were found - 200 OK with list of the machines in the response body.
-If no machine found - 404 Not Found.
+If successful - 200 OK with list of the machines in the response body.
 If the timestamp is not in the past 30 days - 400 Bad Request.
 
 ## Example

From 93af47474f4fb29f49af395fe2e9aaae89aacac6 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 26 Oct 2020 09:29:30 -0700
Subject: [PATCH 087/346] report updates

---
 windows/security/threat-protection/TOC.md             |  1 +
 .../tvm-vulnerable-devices-report.md                  | 11 ++++++++---
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 632fbafb38..e0a905a088 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -68,6 +68,7 @@
 ##### [Software inventory](microsoft-defender-atp/tvm-software-inventory.md)
 ##### [Vulnerabilities in my organization](microsoft-defender-atp/tvm-weaknesses.md)
 ##### [Event timeline](microsoft-defender-atp/threat-and-vuln-mgt-event-timeline.md)
+##### [Vulnerable devices report](microsoft-defender-atp/tvm-vulnerable-devices-report.md)
 ##### [Hunt for exposed devices](microsoft-defender-atp/tvm-hunt-exposed-devices.md)
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
index bda9f0c30c..695f33de59 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -1,7 +1,7 @@
 ---
-title: 	Hunt for exposed devices 
-description: Learn how threat and vulnerability management can be used to help security admins, IT admins, and SecOps collaborate.
-keywords: mdatp-tvm scenarios, mdatp, tvm, tvm scenarios, reduce threat & vulnerability exposure, reduce threat and vulnerability, improve security configuration, increase Microsoft Secure Score for Devices, increase threat & vulnerability Microsoft Secure Score for Devices, Microsoft Secure Score for Devices, exposure score, security controls 
+title: Vulnerable devices report- threat and vulnerability management
+description: A report showing vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
+keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
 ms.prod: w10
@@ -23,6 +23,11 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
+> [!IMPORTANT]
+> **Vulnerable devices report is currently in public preview**
    
+> This preview version is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
+> For more information, see [Microsoft Defender ATP preview features](preview.md).
+
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)

From 0c829d0c4d24ee4d9cdc85f1dcdcc1cac541a752 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Mon, 26 Oct 2020 09:42:32 -0700
Subject: [PATCH 088/346] link updates

---
 .../tvm-vulnerable-devices-report.md                     | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
index 695f33de59..84beee6e09 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -36,9 +36,10 @@ ms.topic: article
 
 The report shows graphs and bar charts with vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure. 
 
-Access the report by going to **Reports > Vulnerable devices**
+Access the report in the Microsoft Defender Security Center by going to **Reports > Vulnerable devices**
 
 There are two columns:
+
 - Trends (over time). Can show the past 30 days, 3 months, 6 months, or a custom date range.
 - Today (current information)
 
@@ -80,7 +81,5 @@ The number of devices on each Windows 10 version that are exposed due to vulnera
 
 - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
 - [Security recommendations](tvm-security-recommendation.md)
-- [APIs](next-gen-threat-and-vuln-mgt.md#apis)
-- [Configure data access for threat and vulnerability management roles](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group)
-- [Advanced hunting overview](overview-hunting.md)
-- [All advanced hunting tables](advanced-hunting-reference.md)
+
+

From c5ec2ab97f5a5da3a994aee44cc61fb8bd958989 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 26 Oct 2020 12:35:57 -0700
Subject: [PATCH 089/346] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...age-updates-baselines-microsoft-defender-antivirus.md | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 2b26a44de5..db120e40bf 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/21/2020
+ms.date: 10/26/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
@@ -23,7 +23,7 @@ ms.date: 10/21/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 There are two types of updates related to keeping Microsoft Defender Antivirus up to date:
 
@@ -69,10 +69,7 @@ For more information, see [Manage the sources for Microsoft Defender Antivirus p
 
 For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform).
 
-All our updates contain:
-- performance improvements
-- serviceability improvements
-- integration improvements (Cloud, Microsoft 365 Defender)  
+All our updates contain performance improvements, serviceability improvements, and integration improvements (Cloud, Microsoft 365 Defender).
 
    
 
 

From a55333fbda5dd615d8495bfcd7dafb2225d169f1 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 26 Oct 2020 12:40:07 -0700
Subject: [PATCH 090/346] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...es-baselines-microsoft-defender-antivirus.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index db120e40bf..a758ef64e1 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -74,6 +74,23 @@ All our updates contain performance improvements, serviceability improvements, a
 
 
 
    
+ October-2020 (Platform: - | Engine: 1.1.17500.x)
+
+ Security intelligence update version: **1.325.x.x**  
+ Released: **date**  
+ Platform: **4.xx.xxxx.x**  
+ Engine: **1.1.17500.x**  
+ Support phase: **Security and Critical Updates**
+    
+### What's new
+- item
+- item
+- item
+
+### Known Issues
+No known issues  
+
    
+
    
  September-2020 (Platform: 4.18.2009.7 | Engine: 1.1.17500.4)
 
  Security intelligence update version: **1.325.10.0**  

From aab00aa3a85b6b611d028629f4d85f2d48a583cf Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Mon, 26 Oct 2020 12:58:55 -0700
Subject: [PATCH 091/346] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md  | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index a758ef64e1..452386c7e5 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -74,11 +74,11 @@ All our updates contain performance improvements, serviceability improvements, a
 
 
 
    
- October-2020 (Platform: - | Engine: 1.1.17500.x)
+ October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17500.x)
 
  Security intelligence update version: **1.325.x.x**  
  Released: **date**  
- Platform: **4.xx.xxxx.x**  
+ Platform: **4.18.2010.x**  
  Engine: **1.1.17500.x**  
  Support phase: **Security and Critical Updates**
     

From 7d7589a9f2337384defd10c26ebe5d11be4650e6 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 26 Oct 2020 13:27:11 -0700
Subject: [PATCH 092/346] fix chars

---
 .../microsoft-defender-atp/deployment-rings.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index 4825c6f7ed..93de514d52 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -54,15 +54,15 @@ Pilot | Ring 2: 50-100  systems 
    
 Full deployment | Ring 3: Roll out service to the rest of environment in larger increments.
 
 
-## Evaluate
+### Evaluate
 Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be less than 50 endpoints. 
 
-### Exit criteria
+#### Exit criteria
 - Devices show up in the device inventory list
 - Alerts appear in dashboard
 
 
-## Pilot
+### Pilot
 Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. In this ring, identify several devices to onboard and based on the exit criteria you define, decide to proceed to the next deployment ring.
 
 The following table shows the supported endpoints and the corresponding tool you can use to onboard devices to the service. 
@@ -76,13 +76,13 @@ The following table shows the supported endpoints and the corresponding tool you
 | **Android**  | [Microsoft Endpoint Manager](android-intune.md)               | 
 
 
-### Exit criteria
+#### Exit criteria
 - Devices show up in the device inventory list
 - [Run a detection test](run-detection-test.md)
 - [Run a simulated attack on a device](attack-simulations.md)
 
 
-## Full deployment
+### Full deployment
 At this stage, you can use the [Plan deployment](deployment-strategy.md) material to help you plan your deployment. 
 
 
@@ -92,7 +92,7 @@ Use the following material to select the appropriate Microsoft Defender ATP arch
 |:-----|:-----|
 |[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
     [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
    •  Cloud-native 
    •  Co-management 
    •  On-premise
    • Evaluation and local onboarding
      • 
 
-### Exit criteria?
+#### Exit criteria?
 - Devices show up in the device inventory list
 
 
@@ -103,14 +103,14 @@ For Windows and/or Windows Servers you select several machines to test ahead of
 
 For more information see:
 - [What is the Security Update Validation Program](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-is-the-security-update-validation-program/ba-p/275767)
-- [Software Update Validation Program and Microsoft Malware Protection Center Establishment  TwC Interactive Timeline Part 4](https://www.microsoft.com/security/blog/2012/03/28/software-update-validation-program-and-microsoft-malware-protection-center-establishment-twc-interactive-timeline-part-4/)
+- [Software Update Validation Program and Microsoft Malware Protection Center Establishment - TwC Interactive Timeline Part 4](https://www.microsoft.com/security/blog/2012/03/28/software-update-validation-program-and-microsoft-malware-protection-center-establishment-twc-interactive-timeline-part-4/)
 
 
 ### Non-Windows endpoints
-With macOS and Linux, you could take a couple of systems and run in the InsidersFast channel.
+With macOS and Linux, you could take a couple of systems and run in the "InsidersFast" channel.
 
 >[!NOTE]
->Ideally at least one security admin and one developer so that you are able to find compatibility, performance and reliability issues before the build makes it into the Production channel.
+>Ideally at least one security admin and one developer so that you are able to find compatibility, performance and reliability issues before the build makes it into the "Production" channel.
 
 The choice of the channel determines the type and frequency of updates that are offered to your device. Devices in insiders-fast are the first ones to receive updates and new features, followed later by insiders-slow and lastly by prod.
 

From dbcbd9f0da293bb11e367e0c5a5ba854b748774a Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 26 Oct 2020 13:31:45 -0700
Subject: [PATCH 093/346] udpate note

---
 .../microsoft-defender-atp/deployment-rings.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index 93de514d52..5c91f850f6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -69,7 +69,7 @@ The following table shows the supported endpoints and the corresponding tool you
 
 | Endpoint     | Deployment tool                       |
 |--------------|------------------------------------------|
-| **Windows**  |  [Local script (up to 10 devices)](configure-endpoints-script.md) 
       NOTE: If you want to deploy more than 10 devices in a production environment, use the Group Policy method instead.
        [Group Policy](configure-endpoints-gp.md) 
        [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) 
         [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) 
       [VDI scripts](configure-endpoints-vdi.md)   |
+| **Windows**  |  [Local script (up to 10 devices)](configure-endpoints-script.md) 
       NOTE: If you want to deploy more than 10 devices in a production environment, use the Group Policy method instead or the other supported tools listed below.
        [Group Policy](configure-endpoints-gp.md) 
        [Microsoft Endpoint Manager/ Mobile Device Manager](configure-endpoints-mdm.md) 
         [Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md) 
       [VDI scripts](configure-endpoints-vdi.md)   |
 | **macOS**    | [Local script](mac-install-manually.md) 
       [Microsoft Endpoint Manager](mac-install-with-intune.md) 
       [JAMF Pro](mac-install-with-jamf.md) 
       [Mobile Device Management](mac-install-with-other-mdm.md) |
 | **Linux Server** | [Local script](linux-install-manually.md) 
       [Puppet](linux-install-with-puppet.md) 
       [Ansible](linux-install-with-ansible.md)|
 | **iOS**      | [App-based](ios-install.md)                                |

From 120045609b25dbdb9c10c57c3e2ff507179f532a Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 26 Oct 2020 13:54:19 -0700
Subject: [PATCH 094/346] add topic anchor

---
 .../microsoft-defender-atp/deployment-rings.md                | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index 5c91f850f6..11d30fcdb4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -30,8 +30,8 @@ ms.topic: article
 Deploying Microsoft Defender ATP can be done using a ring-based deployment approach. 
 
 The deployment rings can be applied in the following scenarios:
-- New deployments
-- Existing deployments
+- [New deployments](#new-deployments)
+- [Existing deployments](#existing-deployments)
 
 ## New deployments
 

From 13818943279cb8a0be6c7763aefe3b780a4ef115 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Mon, 26 Oct 2020 13:55:09 -0700
Subject: [PATCH 095/346] add keywords

---
 .../microsoft-defender-atp/deployment-rings.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index 11d30fcdb4..b9a48bb7c4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -1,7 +1,7 @@
 ---
 title: Deploy Microsoft Defender ATP in rings
 description: Learn how deploy Microsoft Defender ATP in rings
-keywords: deploy, rings, setup, onboard, phase, deployment, deploying, adoption, configuring
+keywords: deploy, rings, evaluate, pilot, insider fast, insider slow, setup, onboard, phase, deployment, deploying, adoption, configuring
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy

From e575eb18bf8d24f8c11b4f3d9189732caa5a0edd Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 26 Oct 2020 14:27:10 -0700
Subject: [PATCH 096/346] Added ADMX_Taskbar policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   22 +
 .../policy-configuration-service-provider.md  |   71 +
 .../mdm/policy-csp-admx-taskbar.md            | 1663 +++++++++++++++++
 4 files changed, 1757 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-taskbar.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 26ce78b220..0923cdc140 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -215,6 +215,7 @@
 #### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
 #### [ADMX_Snmp](policy-csp-admx-snmp.md)
 #### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
+#### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
 #### [ADMX_tcpip](policy-csp-admx-tcpip.md)
 #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
 #### [ADMX_TPM](policy-csp-admx-tpm.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 96d7eb2a35..551346f46f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -391,6 +391,28 @@ ms.date: 10/08/2020
 - [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
 - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
 - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
+- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md.#admx-taskbar-disablenotificationcenter)
+- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md.#admx-taskbar-enablelegacyballoonnotifications)
+- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescahealth)
+- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescanetwork)
+- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescapower)
+- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescavolume)
+- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md.#admx-taskbar-noballoonfeatureadvertisements)
+- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningstoretotaskbar)
+- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtodestinations)
+- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtotaskbar)
+- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-noremotedestinations)
+- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md.#admx-taskbar-nosystraysystempromotion)
+- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-showwindowsstoreappsontaskbar)
+- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarlockall)
+- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoaddremovetoolbar)
+- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnodragtoolbar)
+- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnomultimon)
+- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnonotification)
+- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnopinnedlist)
+- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoredock)
+- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoresize)
+- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnothumbnail)
 - [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
 - [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
 - [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index da0fe4b5c3..521e66ecce 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1463,6 +1463,77 @@ The following diagram shows the Policy configuration service provider in tree fo
   
    
 
    
 
+### ADMX_Taskbar policies  
+
+
    
+  
    
+    ADMX_Taskbar/DisableNotificationCenter
+  
    
+  
    
+    ADMX_Taskbar/EnableLegacyBalloonNotifications
+  
    
+  
    
+    ADMX_Taskbar/HideSCAHealth
+  
    
+  
    
+    ADMX_Taskbar/HideSCANetwork
+  
    
+  
    
+    ADMX_Taskbar/HideSCAPower
+  
    
+  
    
+    ADMX_Taskbar/HideSCAVolume
+  
    
+  
    
+    ADMX_Taskbar/NoBalloonFeatureAdvertisements
+  
    
+  
    
+    ADMX_Taskbar/NoPinningStoreToTaskbar
+  
    
+  
    
+    ADMX_Taskbar/NoPinningToDestinations
+  
    
+  
    
+    ADMX_Taskbar/NoPinningToTaskbar
+  
    
+  
    
+    ADMX_Taskbar/NoRemoteDestinations
+  
    
+  
    
+    ADMX_Taskbar/NoSystraySystemPromotion
+  
    
+  
    
+    ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar
+  
    
+  
    
+    ADMX_Taskbar/TaskbarLockAll
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoAddRemoveToolbar
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoDragToolbar
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoMultimon
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoNotification
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoPinnedList
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoRedock
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoResize
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoThumbnail
+  
    
+
    
+
 ### ADMX_tcpip policies  
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
new file mode 100644
index 0000000000..d7177153a7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -0,0 +1,1663 @@
+---
+title: Policy CSP - ADMX_Taskbar
+description: Policy CSP - ADMX_Taskbar
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Taskbar
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_Taskbar policies  
+
+
    
+  
    
+    ADMX_Taskbar/DisableNotificationCenter
+  
    
+  
    
+    ADMX_Taskbar/EnableLegacyBalloonNotifications
+  
    
+  
    
+    ADMX_Taskbar/HideSCAHealth
+  
    
+  
    
+    ADMX_Taskbar/HideSCANetwork
+  
    
+  
    
+    ADMX_Taskbar/HideSCAPower
+  
    
+  
    
+    ADMX_Taskbar/HideSCAVolume
+  
    
+  
    
+    ADMX_Taskbar/NoBalloonFeatureAdvertisements
+  
    
+  
    
+    ADMX_Taskbar/NoPinningStoreToTaskbar
+  
    
+  
    
+    ADMX_Taskbar/NoPinningToDestinations
+  
    
+  
    
+    ADMX_Taskbar/NoPinningToTaskbar
+  
    
+  
    
+    ADMX_Taskbar/NoRemoteDestinations
+  
    
+  
    
+    ADMX_Taskbar/NoSystraySystemPromotion
+  
    
+  
    
+    ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar
+  
    
+  
    
+    ADMX_Taskbar/TaskbarLockAll
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoAddRemoveToolbar
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoDragToolbar
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoMultimon
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoNotification
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoPinnedList
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoRedock
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoResize
+  
    
+  
    
+    ADMX_Taskbar/TaskbarNoThumbnail
+  
    
+
    
+
+
+
    
+
+
+**ADMX_Taskbar/DisableNotificationCenter**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting removes Notifications and Action Center from the notification area on the taskbar.
+
+The notification area is located at the far right end of the taskbar and includes icons for current notifications and the system clock.
+
+If this setting is enabled, Notifications and Action Center is not displayed in the notification area. The user will be able to read notifications when they appear, but they won’t be able to review any notifications they miss.
+
+If you disable or do not configure this policy setting, Notification and Security and Maintenance will be displayed on the taskbar.
+
+A reboot is required for this policy setting to take effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Notifications and Action Center*
+-   GP name: *DisableNotificationCenter*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/EnableLegacyBalloonNotifications**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy disables the functionality that converts balloons to toast notifications.
+
+If you enable this policy setting, system and application notifications will render as balloons instead of toast notifications.
+
+Enable this policy setting if a specific app or system component that uses balloon notifications has compatibility issues with toast notifications. 
+
+If you disable or don’t configure this policy setting, all notifications will appear as toast notifications.
+
+A reboot is required for this policy setting to take effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable showing balloon notifications as toasts.*
+-   GP name: *EnableLegacyBalloonNotifications*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/HideSCAHealth**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove Security and Maintenance from the system control area.
+
+If you enable this policy setting, the Security and Maintenance icon is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the Security and Maintenance icon is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the Security and Maintenance icon*
+-   GP name: *HideSCAHealth*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/HideSCANetwork**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the networking icon from the system control area.
+
+If you enable this policy setting, the networking icon is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the networking icon is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the networking icon*
+-   GP name: *HideSCANetwork*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/HideSCAPower**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the battery meter from the system control area.
+
+If you enable this policy setting, the battery meter is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the battery meter is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the battery meter*
+-   GP name: *HideSCAPower*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/HideSCAVolume**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the volume control icon from the system control area.
+
+If you enable this policy setting, the volume control icon is not displayed in the system notification area.
+
+If you disable or do not configure this policy setting, the volume control icon is displayed in the system notification area.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the volume control icon*
+-   GP name: *HideSCAVolume*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/NoBalloonFeatureAdvertisements**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off feature advertisement balloon notifications.
+
+If you enable this policy setting, certain notification balloons that are marked as feature advertisements are not shown.
+
+If you disable do not configure this policy setting, feature advertisement balloons are shown.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off feature advertisement balloon notifications*
+-   GP name: *NoBalloonFeatureAdvertisements*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/NoPinningStoreToTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning the Store app to the Taskbar.
+
+If you enable this policy setting, users cannot pin the Store app to the Taskbar. If the Store app is already pinned to the Taskbar, it will be removed from the Taskbar on next login.
+
+If you disable or do not configure this policy setting, users can pin the Store app to the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow pinning Store app to the Taskbar*
+-   GP name: *NoPinningStoreToTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/NoPinningToDestinations**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning items in Jump Lists.
+
+If you enable this policy setting, users cannot pin files, folders, websites, or other items to their Jump Lists in the Start Menu and Taskbar. Users also cannot unpin existing items pinned to their Jump Lists. Existing items already pinned to their Jump Lists will continue to show.
+
+If you disable or do not configure this policy setting, users can pin files, folders, websites, and other items to a program's Jump List so that the items is always present in this menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow pinning items in Jump Lists*
+-   GP name: *NoPinningToDestinations*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
+**ADMX_Taskbar/NoPinningToTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control pinning programs to the Taskbar.
+
+If you enable this policy setting, users cannot change the programs currently pinned to the Taskbar. If any programs are already pinned to the Taskbar, these programs continue to show in the Taskbar. However, users cannot unpin these programs already pinned to the Taskbar, and they cannot pin new programs to the Taskbar.
+
+If you disable or do not configure this policy setting, users can change the programs currently pinned to the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow pinning programs to the Taskbar*
+-   GP name: *NoPinningToTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/NoRemoteDestinations**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control displaying or tracking items in Jump Lists from remote locations.
+
+The Start Menu and Taskbar display Jump Lists off of programs. These menus include files, folders, websites and other relevant items for that program. This helps users more easily reopen their most important documents and other tasks.
+
+If you enable this policy setting, the Start Menu and Taskbar only track the files that the user opens locally on this computer. Files that the user opens over the network from remote computers are not tracked or shown in the Jump Lists. Use this setting to reduce network traffic, particularly over slow network connections.
+
+If you disable or do not configure this policy setting, all files that the user opens appear in the menus, including files located remotely on another computer.  Note: This setting does not prevent Windows from displaying remote files that the user has explicitly pinned to the Jump Lists. See the "Do not allow pinning items in Jump Lists" policy setting.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not display or track items in Jump Lists from remote locations*
+-   GP name: *NoRemoteDestinations*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/NoSystraySystemPromotion**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off automatic promotion of notification icons to the taskbar.
+
+If you enable this policy setting, newly added notification icons are not temporarily promoted to the Taskbar. Users can still configure icons to be shown or hidden in the Notification Control Panel.
+
+If you disable or do not configure this policy setting, newly added notification icons are temporarily promoted to the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off automatic promotion of notification icons to the taskbar*
+-   GP name: *NoSystraySystemPromotion*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows users to see Windows Store apps on the taskbar.
+
+If you enable this policy setting, users will see Windows Store apps on the taskbar.
+
+If you disable this policy setting, users won’t see Windows Store apps on the taskbar.
+
+If you don’t configure this policy setting, the default setting for the user’s device will be used, and the user can choose to change it.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show Windows Store apps on the taskbar*
+-   GP name: *ShowWindowsStoreAppsOnTaskbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarLockAll**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to lock all taskbar settings.
+
+If you enable this policy setting, the user cannot access the taskbar control panel. The user is also unable to resize, move or rearrange toolbars on their taskbar.
+
+If you disable or do not configure this policy setting, the user will be able to set any taskbar setting that is not prevented by another policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Lock all taskbar settings*
+-   GP name: *TaskbarLockAll*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoAddRemoveToolbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from adding or removing toolbars.
+
+If you enable this policy setting, the user is not allowed to add or remove any toolbars to the taskbar. Applications are not able to add toolbars either.
+
+If you disable or do not configure this policy setting, the users and applications are able to add toolbars to the taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from adding or removing toolbars*
+-   GP name: *TaskbarNoAddRemoveToolbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoDragToolbar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from rearranging toolbars.
+
+If you enable this policy setting, users are not able to drag or drop toolbars to the taskbar.
+
+If you disable or do not configure this policy setting, users are able to rearrange the toolbars on the taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from rearranging toolbars*
+-   GP name: *TaskbarNoDragToolbar*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoMultimon**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent taskbars from being displayed on more than one monitor.
+
+If you enable this policy setting, users are not able to show taskbars on more than one display. The multiple display section is not enabled in the taskbar properties dialog.
+
+If you disable or do not configure this policy setting, users can show taskbars on more than one display.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow taskbars on more than one display*
+-   GP name: *TaskbarNoMultimon*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoNotification**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off all notification balloons.
+
+If you enable this policy setting, no notification balloons are shown to the user.
+
+If you disable or do not configure this policy setting, notification balloons are shown to the user.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off all balloon notifications*
+-   GP name: *TaskbarNoNotification*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoPinnedList**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove pinned programs from the taskbar.
+
+If you enable this policy setting, pinned programs are prevented from being shown on the Taskbar. Users cannot pin programs to the Taskbar.
+
+If you disable or do not configure this policy setting, users can pin programs so that the program shortcuts stay on the Taskbar.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove pinned programs from the Taskbar*
+-   GP name: *TaskbarNoPinnedList*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoRedock**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from moving taskbar to another screen dock location.
+
+If you enable this policy setting, users are not able to drag their taskbar to another area of the monitor(s).
+
+If you disable or do not configure this policy setting, users are able to drag their taskbar to another area of the monitor unless prevented by another policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from moving taskbar to another screen dock location*
+-   GP name: *TaskbarNoRedock*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoResize**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from resizing the taskbar.
+
+If you enable this policy setting, users are not be able to resize their taskbar.
+
+If you disable or do not configure this policy setting, users are able to resize their taskbar unless prevented by another setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent users from resizing the taskbar*
+-   GP name: *TaskbarNoResize*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_Taskbar/TaskbarNoThumbnail**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off taskbar thumbnails.
+
+If you enable this policy setting, the taskbar thumbnails are not displayed and the system uses standard text for the tooltips.
+
+If you disable or do not configure this policy setting, the taskbar thumbnails are displayed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off taskbar thumbnails*
+-   GP name: *TaskbarNoThumbnail*
+-   GP path: *Start Menu and Taskbar*
+-   GP ADMX file name: *Taskbar.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 0d1043e685158ced472fdc82e785e6de9a772e72 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 26 Oct 2020 15:47:31 -0700
Subject: [PATCH 097/346] Added ADMX_WindowsStore policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   5 +
 .../policy-configuration-service-provider.md  |  20 +
 .../mdm/policy-csp-admx-windowsstore.md       | 409 ++++++++++++++++++
 4 files changed, 435 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsstore.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 0923cdc140..c89e77b57a 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -227,6 +227,7 @@
 #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
 #### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
 #### [ADMX_WinInit](policy-csp-admx-wininit.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 551346f46f..f3656135e6 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -600,6 +600,11 @@ ms.date: 10/08/2020
 - [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
 - [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
 - [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
+- [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
+- [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
+- [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)
+- [ADMX_WindowsStore/RemoveWindowsStore_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-1)
+- [ADMX_WindowsStore/RemoveWindowsStore_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-2)
 - [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
 - [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
 - [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 521e66ecce..c53e85e5e4 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2150,6 +2150,26 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
    
 
+### ADMX_WindowsStore policies  
+
+
    
+  
    
+    ADMX_WindowsStore/DisableAutoDownloadWin8
+  
    
+  
    
+    ADMX_WindowsStore/DisableOSUpgrade_1
+  
    
+  
    
+    ADMX_WindowsStore/DisableOSUpgrade_2
+  
    
+  
    
+    ADMX_WindowsStore/RemoveWindowsStore_1
+  
    
+  
    
+    ADMX_WindowsStore/RemoveWindowsStore_2
+  
    
+
    
+
 ### ADMX_WinInit policies  
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
new file mode 100644
index 0000000000..0a790d7c01
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -0,0 +1,409 @@
+---
+title: Policy CSP - ADMX_WindowsStore
+description: Policy CSP - ADMX_WindowsStore
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsStore
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_WindowsStore policies  
+
+
    
+  
    
+    ADMX_WindowsStore/DisableAutoDownloadWin8
+  
    
+  
    
+    ADMX_WindowsStore/DisableOSUpgrade_1
+  
    
+  
    
+    ADMX_WindowsStore/DisableOSUpgrade_2
+  
    
+  
    
+    ADMX_WindowsStore/RemoveWindowsStore_1
+  
    
+  
    
+    ADMX_WindowsStore/RemoveWindowsStore_2
+  
    
+
    
+
+
+
    
+
+
+**ADMX_WindowsStore/DisableAutoDownloadWin8**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+
+If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
+
+If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download of updates on Win8 machines*
+-   GP name: *DisableAutoDownloadWin8*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_WindowsStore/DisableOSUpgrade_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_WindowsStore/DisableOSUpgrade_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_WindowsStore/RemoveWindowsStore_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+
    
+
+
    
+
+
+**ADMX_WindowsStore/RemoveWindowsStore_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From fccd7ef17ae8917c689f40ea2b965e9b829240a0 Mon Sep 17 00:00:00 2001
From: Peter Smith 
Date: Mon, 26 Oct 2020 16:26:12 -0700
Subject: [PATCH 098/346] Update to include the 2004 'Direction' value

We added a Direction value (inbound and outbound) to help a bunch of customers
---
 windows/client-management/mdm/vpnv2-csp.md | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index df6b648e6e..7196ffe3dd 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -240,6 +240,16 @@ This is only applicable for App ID based Traffic Filter rules.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
+**VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction**  
+Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
+
+-   Outbound - The rule applies to all outbound traffic
+-   Inbound - The rule applies to all inbound traffic
+
+If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
+
+Value type is chr. Supported operations include Get, Add, Replace, and Delete.
+
 **VPNv2/**ProfileName**/EdpModeId**  
 Enterprise ID, which is required for connecting this VPN profile with an WIP policy. When this is set, the networking stack looks for this Enterprise ID in the app token to determine if the traffic is allowed to go over the VPN. If the profile is active, it also automatically triggers the VPN to connect. We recommend having only one such profile per device.
 

From 938ef3c9c1f456d9d228167626d3980173065dd7 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Mon, 26 Oct 2020 16:26:39 -0700
Subject: [PATCH 099/346] Added ADMX_PowerShellExecutionPolicy policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   4 +
 .../policy-configuration-service-provider.md  |  17 +
 ...licy-csp-admx-powershellexecutionpolicy.md | 351 ++++++++++++++++++
 .../mdm/policy-csp-admx-windowsstore.md       |  10 +-
 5 files changed, 378 insertions(+), 5 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index c89e77b57a..d650e72fad 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -203,6 +203,7 @@
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
+#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
 #### [ADMX_Reliability](policy-csp-admx-reliability.md)
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index f3656135e6..86895847dc 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -272,6 +272,10 @@ ms.date: 10/08/2020
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
+- [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
+- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
+- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
+- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
 - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
 - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index c53e85e5e4..bd728ec2e7 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -1046,6 +1046,23 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
    
 
+### ADMX_PowerShellExecutionPolicy policies  
+
+
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableModuleLogging
+  
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableScripts
+  
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableTranscripting
+  
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath
+  
    
+
    
+
 ### ADMX_Reliability policies
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
new file mode 100644
index 0000000000..fc764bfaf5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -0,0 +1,351 @@
+---
+title: Policy CSP - ADMX_PowerShellExecutionPolicy
+description: Policy CSP - ADMX_PowerShellExecutionPolicy
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PowerShellExecutionPolicy
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_PowerShellExecutionPolicy policies  
+
+
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableModuleLogging
+  
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableScripts
+  
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableTranscripting
+  
    
+  
    
+    ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath
+  
    
+
    
+
+
+
    
+
+
+**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
+
+If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+
+If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.  If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+
+To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on Module Logging*
+-   GP name: *EnableModuleLogging*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+
    
+
+
+**ADMX_PowerShellExecutionPolicy/EnableScripts**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
+
+If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
+
+The "Allow local scripts and remote signed scripts" policy setting allows any local scrips to run; scripts that originate from the Internet must be signed by a trusted publisher.  The "Allow all scripts" policy setting allows all scripts to run.
+
+If you disable this policy setting, no scripts are allowed to run.
+
+> [!NOTE]
+> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on Script Execution*
+-   GP name: *EnableScripts*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+
    
+
+
+**ADMX_PowerShellExecutionPolicy/EnableTranscripting**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+
+If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
+
+If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled  through the Start-Transcript cmdlet.
+
+If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users  from viewing the transcripts of other users or computers.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on PowerShell Transcription*
+-   GP name: *EnableTranscripting*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+
    
+
+
+**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
+
+If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
+
+If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set the default source path for Update-Help*
+-   GP name: *EnableUpdateHelpDefaultSourcePath*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 0a790d7c01..7be8a731e7 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -86,7 +86,7 @@ manager: dansimp
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
 
 If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
 
@@ -157,7 +157,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
 
 If you enable this setting, the Store application will not offer updates to the latest version of Windows.
 
@@ -228,7 +228,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
 
 If you enable this setting, the Store application will not offer updates to the latest version of Windows.
 
@@ -299,7 +299,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
 
 If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
 
@@ -370,7 +370,7 @@ ADMX Info:
 
 
 
-Available in Windows 10 Insider Preview Build 20185. This policy setting denies or allows access to the Store application.
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
 
 If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
 

From 3fdcf11424ac7f251727eda0f916c28b62f11043 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Mon, 26 Oct 2020 16:38:19 -0700
Subject: [PATCH 100/346] Update Onboard-Windows-10-multi-session-device.md

Update branding (no MSDE) and replaced ATP with Defender for Endpoint.
---
 .../Onboard-Windows-10-multi-session-device.md         | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
index 94d68926bf..11c95b7ebf 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/Onboard-Windows-10-multi-session-device.md
@@ -27,7 +27,7 @@ Applies to:
 > Welcome to Microsoft Defender for Endpoint, the new name for Microsoft Defender Advanced Threat Protection. Read more about this and other updates here. We'll be updating names in products and in the docs in the near future.
 
 > [!WARNING]
-> Microsoft Defender for Endpoint (MSDE) support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-session scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However, single session scenarios on Windows Virtual Desktop are fully supported.
 
 Microsoft Defender for Endpoint supports monitoring both VDI as well as Windows Virtual Desktop sessions. Depending on your organization's needs, you might need to implement VDI or Windows Virtual Desktop sessions to help your employees access corporate data and apps from an unmanaged device, remote location, or similar scenario. With Microsoft Defender for Endpoint, you can monitor these virtual machines for anomalous activity.
 
@@ -36,10 +36,10 @@ Familiarize yourself with the [considerations for non-persistent VDI](https://do
 
 > [!NOTE]
 > Depending on your choice of onboarding method, devices can appear in Microsoft Defender for Endpoint portal as either: 
-> - Single entry for each virtual device 
-> - Multiple entries for each virtual device 
+> - Single entry for each virtual desktop 
+> - Multiple entries for each virtual desktop 
 
-Microsoft recommends onboarding Windows Virtual Devices as a single entry per virtual device. This ensures that the investigation experience in the Microsoft Defender Endpoint portal (MSDE) is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the MSDE portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
+Microsoft recommends onboarding Windows Virtual Desktop as a single entry per virtual desktop. This ensures that the investigation experience in the Microsoft Defender Endpoint portal is in the context of one device based on the machine name. Organizations that frequently delete and re-deploy WVD hosts should strongly consider using this method as it prevents multiple objects for the same machine from being created in the Microsoft Defender for Endpoint portal. This can lead to confusion when investigating incidents. For test or non-volatile environments, you may opt to choose differently. 
 
 Microsoft recommends adding the Microsoft Defender for Endpoint onboarding script to the WVD golden image. This way, you can be sure that this onboarding script runs immediately at first boot. It is executed as a startup script at first boot on all the WVD machines that are provisioned from the WVD golden image. However, if you are using one of the gallery images without modification, place the script in a shared location and call it from either local or domain group policy. 
 
@@ -128,4 +128,4 @@ In addition, if you are using FSlogix user profiles, we recommend you exclude th
 
 #### Licensing requirements 
 
-Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender Advanced Threat Protection can be found at: [Licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).
+Windows 10 Multi-session is a client OS. Licensing requirements for Microsoft Defender for endpoint can be found at: [Licensing requirements](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/minimum-requirements#licensing-requirements).

From edd51193c80009ebccf4b168c56763eda51fbd0d Mon Sep 17 00:00:00 2001
From: Peter Smith 
Date: Mon, 26 Oct 2020 16:41:11 -0700
Subject: [PATCH 101/346] Includes the body of the updated Windows, version
 2004 DDF file

We've added several new features; adding them here. This is cut-n-pasted from the downloadable DDF file.
---
 .../client-management/mdm/vpnv2-ddf-file.md   | 225 +++++++++++++++++-
 1 file changed, 223 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index aa531d9602..d29d533690 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -19,7 +19,7 @@ This topic shows the OMA DM device description framework (DDF) for the **VPNv2**
 
 Looking for the DDF XML files? See [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is for Windows 10, version 1709.
+The XML below is for Windows 10, version 2004.
 
 ```xml
 
@@ -32,7 +32,7 @@ The XML below is for Windows 10, version 1709.
     1.2
     
         VPNv2
-        ./Device/Vendor/MSFT
+        ./Vendor/MSFT
         
             
                 
@@ -830,6 +830,33 @@ The XML below is for Windows 10, version 1709.
                             
                         
                     
+                    
+                        Direction
+                        
+                            
+                                
+                                
+                                
+                                
+                            
+                            
+                                Outbound - The traffic filter allows traffic to reach destinations matching this rule. This is the default.
+                                Inbound - The traffic filter allows traffic coming from external locations matching this rule.
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
                 
             
             
@@ -1625,6 +1652,76 @@ The XML below is for Windows 10, version 1709.
                         
                     
                 
+                
+                    WebAuth
+                    
+                        
+                            
+                            
+                        
+                        Nodes under WebAuth can be used to enable WebToken based authentication for 3rd Party Plugin VPN Profiles.
+                        
+                            
+                        
+                        
+                            
+                        
+                        
+                            
+                        
+                        
+                            
+                        
+                    
+                    
+                        Enabled
+                        
+                            
+                                
+                                
+                                
+                                
+                            
+                            Enables the WebToken based authentication flow.
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                    
+                        ClientId
+                        
+                            
+                                
+                                
+                                
+                                
+                            
+                            The client ID to specify when communicating with the Web Account provider in retrieving the token.
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                
             
             
                 NativeProfile
@@ -2225,6 +2322,33 @@ The XML below is for Windows 10, version 1709.
                   
                 
               
+              
+                PlumbIKEv2TSAsRoutes
+                
+                    
+                        
+                        
+                        
+                        
+                    
+                    
+                        True: Plumb traffic selectors as routes onto VPN interface
+                        False: Do not plumb traffic selectors as routes
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        text/plain
+                    
+                
+            
             
         
     
@@ -3718,6 +3842,76 @@ The XML below is for Windows 10, version 1709.
                         
                     
                 
+                
+                    WebAuth
+                    
+                        
+                            
+                            
+                        
+                        Nodes under WebAuth can be used to enable WebToken based authentication for 3rd Party Plugin VPN Profiles.
+                        
+                            
+                        
+                        
+                            
+                        
+                        
+                            
+                        
+                        
+                            
+                        
+                    
+                    
+                        Enabled
+                        
+                            
+                                
+                                
+                                
+                                
+                            
+                            Enables the WebToken based authentication flow.
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                    
+                        ClientId
+                        
+                            
+                                
+                                
+                                
+                                
+                            
+                            The client ID to specify when communicating with the Web Account provider in retrieving the token.
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                
+                            
+                            
+                                text/plain
+                            
+                        
+                    
+                
             
             
                 NativeProfile
@@ -4318,6 +4512,33 @@ The XML below is for Windows 10, version 1709.
                   
                 
               
+              
+                PlumbIKEv2TSAsRoutes
+                
+                    
+                        
+                        
+                        
+                        
+                    
+                    
+                        True: Plumb traffic selectors as routes onto VPN interface
+                        False: Do not plumb traffic selectors as routes
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        
+                    
+                    
+                        text/plain
+                    
+                
+            
             
         
     

From 1409ea60e13dd1fb0e1886d1799bf8577bf27b7b Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 27 Oct 2020 10:58:10 -0700
Subject: [PATCH 102/346] Added ADMX_wlansvc policies

---
 windows/client-management/mdm/TOC.md          |   1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   3 +
 .../policy-configuration-service-provider.md  |  14 +
 .../mdm/policy-csp-admx-wlansvc.md            | 260 ++++++++++++++++++
 4 files changed, 278 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-wlansvc.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index d650e72fad..2f06abcfc0 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -230,6 +230,7 @@
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
 #### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
 #### [ADMX_WinInit](policy-csp-admx-wininit.md)
+#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 86895847dc..da688c9114 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -612,6 +612,9 @@ ms.date: 10/08/2020
 - [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
 - [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
 - [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
+- [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
+- [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
+- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) 
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index bd728ec2e7..4f04904352 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2201,6 +2201,20 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
    
 
+### ADMX_wlansvc policies  
+
+
    
+  
    
+    ADMX_wlansvc/SetCost
+  
    
+  
    
+    ADMX_wlansvc/SetPINEnforced
+  
    
+  
    
+    ADMX_wlansvc/SetPINPreferred
+  
    
+
    
+
 ### ApplicationDefaults policies
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
new file mode 100644
index 0000000000..0ca862b038
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -0,0 +1,260 @@
+---
+title: Policy CSP - ADMX_wlansvc
+description: Policy CSP - ADMX_wlansvc
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_wlansvc
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_wlansvc policies  
+
+
    
+  
    
+    ADMX_wlansvc/SetCost
+  
    
+  
    
+    ADMX_wlansvc/SetPINEnforced
+  
    
+  
    
+    ADMX_wlansvc/SetPINPreferred
+  
    
+
    
+
+
+
    
+
+
+**ADMX_wlansvc/SetCost**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
+
+If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
+
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.  
+- Variable: This connection is costed on a per byte basis.  If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set Cost*
+-   GP name: *IncludeCmdLine*
+-   GP path: *Network\WLAN Service\WLAN Media Cost*
+-   GP ADMX file name: *wlansvc.admx*
+
+
+
+
    
+
+
+**ADMX_wlansvc/SetPINEnforced**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
+
+Conversely it means that Push Button is NOT allowed.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require PIN pairing*
+-   GP name: *SetPINEnforced*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+
+
+
    
+
+
+**ADMX_wlansvc/SetPINPreferred**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
+
+When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prefer PIN pairing*
+-   GP name: *SetPINPreferred*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 9033fb04207f5cede43eb0dbb504ae95e393face Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Tue, 27 Oct 2020 23:31:07 +0530
Subject: [PATCH 103/346] Rebranding-4567381-Batch2

Rebranding
---
 .../advanced-hunting-overview.md              |  8 +--
 .../advanced-hunting-query-language.md        |  4 +-
 .../advanced-hunting-query-results.md         |  4 +-
 .../advanced-hunting-schema-reference.md      |  4 +-
 .../advanced-hunting-shared-queries.md        |  4 +-
 .../advanced-hunting-take-action.md           |  8 +--
 .../microsoft-defender-atp/alerts-queue.md    | 28 ++++----
 .../microsoft-defender-atp/alerts.md          |  4 +-
 .../android-configure.md                      | 24 +++----
 .../microsoft-defender-atp/android-intune.md  | 69 +++++++++----------
 .../microsoft-defender-atp/android-privacy.md | 13 ++--
 .../android-support-signin.md                 |  9 ++-
 .../microsoft-defender-atp/android-terms.md   | 10 +--
 .../microsoft-defender-atp/api-explorer.md    | 10 +--
 .../microsoft-defender-atp/api-hello-world.md | 14 ++--
 .../api-microsoft-flow.md                     |  6 +-
 .../api-portal-mapping.md                     | 24 +++----
 .../microsoft-defender-atp/api-power-bi.md    |  8 +--
 .../api-terms-of-use.md                       |  4 +-
 .../microsoft-defender-atp/apis-intro.md      | 24 +++----
 .../assign-portal-access.md                   |  8 +--
 .../attack-simulations.md                     | 14 ++--
 .../attack-surface-reduction-faq.md           | 16 ++---
 .../attack-surface-reduction.md               | 10 +--
 .../audit-windows-defender.md                 |  6 +-
 25 files changed, 164 insertions(+), 169 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
index 244c97c13f..e42dbf4cf3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 Advanced hunting is a query-based threat-hunting tool that lets you explore up to 30 days of raw data. You can proactively inspect events in your network to locate threat indicators and entities. The flexible access to data enables unconstrained hunting for both known and potential threats.
 
@@ -37,7 +37,7 @@ Watch this video for a quick overview of advanced hunting and a short tutorial t
 You can use the same threat-hunting queries to build custom detection rules. These rules run automatically to check for and then respond to suspected breach activity, misconfigured machines, and other findings.
 
 >[!TIP]
->Use [advanced hunting in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview) to hunt for threats using data from Microsoft Defender ATP, Office 365 ATP, Microsoft Cloud App Security, and Azure ATP. [Turn on Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable)
+>Use [advanced hunting in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/advanced-hunting-overview) to hunt for threats using data from Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Cloud App Security, and Microsoft Defender for Identity. [Turn on Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/mtp-enable)
 
 ## Get started with advanced hunting
 
@@ -61,7 +61,7 @@ We recommend going through several steps to quickly get up and running with adva
 
 Advanced hunting data can be categorized into two distinct types, each consolidated differently.
 
-- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Microsoft Defender ATP.
+- **Event or activity data**—populates tables about alerts, security events, system events, and routine assessments. Advanced hunting receives this data almost immediately after the sensors that collect them successfully transmit them to Defender for Endpoint.
 - **Entity data**—populates tables with consolidated information about users and devices. This data comes from both relatively static data sources and dynamic sources, such as Active Directory entries and event logs. To provide fresh data, tables are updated with any new information every 15 minutes, adding rows that might not be fully populated. Every 24 hours, data is consolidated to insert a record that contains the latest, most comprehensive data set about each entity.
 
 ## Time zone
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
index bc86c4a7b6..76fd2bee7e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-language.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 Advanced hunting is based on the [Kusto query language](https://docs.microsoft.com/azure/kusto/query/). You can use Kusto operators and statements to construct queries that locate information in a specialized [schema](advanced-hunting-schema-reference.md). To understand these concepts better, run your first query.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
index 18ff2942b6..34db3e0745 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-query-results.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 While you can construct your [advanced hunting](advanced-hunting-overview.md) queries to return very precise information, you can also work with the query results to gain further insight and investigate specific activities and indicators. You can take the following actions on your query results:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
index 7f93ba99d5..a0988a90d0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-schema-reference.md
@@ -24,9 +24,9 @@ ms.date: 01/14/2020
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 [!include[Prerelease information](../../includes/prerelease.md)]
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
index 96880e0c7e..0daf0cbfda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-shared-queries.md
@@ -23,9 +23,9 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhunting-abovefoldlink)
 
 [Advanced hunting](advanced-hunting-overview.md) queries can be shared among users in the same organization. You can also find queries shared publicly on GitHub. These queries let you quickly pursue specific threat hunting scenarios without having to write queries from scratch.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
index 915cbfa44b..d535b139e2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-take-action.md
@@ -21,9 +21,9 @@ ms.date: 09/20/2020
 # Take action on advanced hunting query results
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-advancedhuntingref-abovefoldlink)
 
 You can quickly contain threats or address compromised assets that you find in [advanced hunting](advanced-hunting-overview.md) using powerful and comprehensive action options. With these options, you can:
 
@@ -32,7 +32,7 @@ You can quickly contain threats or address compromised assets that you find in [
 
 ## Required permissions
 
-To be able to take action through advanced hunting, you need a role in Microsoft Defender ATP with [permissions to submit remediation actions on devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#permission-options). If you can't take action, contact a global administrator about getting the following permission:
+To be able to take action through advanced hunting, you need a role in Defender for Endpoint with [permissions to submit remediation actions on devices](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/user-roles#permission-options). If you can't take action, contact a global administrator about getting the following permission:
 
 *Active remediation actions > Threat and vulnerability management - Remediation handling*
 
@@ -46,7 +46,7 @@ You can take the following actions on devices identified by the `DeviceId` colum
 - Initiate an automated investigation to check and remediate threats on the device and possibly other affected devices
 - Restrict app execution to only Microsoft-signed executable files, preventing subsequent threat activity through malware or other untrusted executables
 
-To learn more about how these response actions are performed through Microsoft Defender ATP, [read about response actions on devices](respond-machine-alerts.md).
+To learn more about how these response actions are performed through Defender for Endpoint, [read about response actions on devices](respond-machine-alerts.md).
 
 ## Quarantine files
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
index d5bccbc7fc..e403e8465c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts-queue.md
@@ -18,16 +18,16 @@ ms.topic: article
 ms.date: 03/27/2020
 ---
 
-# View and organize the Microsoft Defender Advanced Threat Protection Alerts queue
+# View and organize the Microsoft Defender for Endpoint Alerts queue
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-alertsq-abovefoldlink) 
 
 The **Alerts queue** shows a list of alerts that were flagged from devices in your network. By default, the queue displays alerts seen in the last 30 days in a grouped view. The most recent alerts are showed at the top of the list helping you see the most recent alerts first.
 
@@ -61,15 +61,15 @@ Informational 
    (Grey) | Alerts that might not be considered harmful to the n
 
 #### Understanding alert severity
 
-Microsoft Defender Antivirus (Microsoft Defender AV) and Microsoft Defender ATP alert severities are different because they represent different scopes.
+Microsoft Defender Antivirus (Microsoft Defender AV) and Defender for Endpoint alert severities are different because they represent different scopes.
 
 The Microsoft Defender AV threat severity represents the absolute severity of the detected threat (malware), and is assigned based on the potential risk to the individual device, if infected.
 
-The Microsoft Defender ATP alert severity represents the severity of the detected behavior, the actual risk to the device but more importantly the potential risk to the organization.
+The Defender for Endpoint alert severity represents the severity of the detected behavior, the actual risk to the device but more importantly the potential risk to the organization.
 
 So, for example:
 
-- The severity of a Microsoft Defender ATP alert about a Microsoft Defender AV detected threat that was completely prevented and did not infect the device is categorized as "Informational" because there was no actual damage.
+- The severity of a Defender for Endpoint alert about a Microsoft Defender AV detected threat that was completely prevented and did not infect the device is categorized as "Informational" because there was no actual damage.
 - An alert about a commercial malware was detected while executing, but blocked and remediated by Microsoft Defender AV, is categorized as  "Low" because it may have caused some damage to the individual device but poses no organizational threat.
 - An alert about malware detected while executing which can pose a threat not only to the individual device but to the organization, regardless if it was eventually blocked, may be ranked as "Medium" or "High".
 - Suspicious behavioral alerts, which weren't blocked or remediated will be ranked "Low", "Medium" or "High" following the same organizational threat considerations.
@@ -118,7 +118,7 @@ You can choose between showing alerts that are assigned to you or automation.
 
 ### Detection source
 
-Select the source that triggered the alert detection.  Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts-managed hunting service.
+Select the source that triggered the alert detection. Microsoft Threat Experts preview participants can now filter and see detections from the new threat experts-managed hunting service.
 
 >[!NOTE]
 >The Antivirus filter will only appear if devices are using Microsoft Defender Antivirus as the default real-time protection antimalware product.
@@ -138,11 +138,11 @@ Use this filter to focus on alerts that are related to high profile threats. You
 
 ## Related topics
 
-- [Manage Microsoft Defender Advanced Threat Protection alerts](manage-alerts.md)
-- [Investigate Microsoft Defender Advanced Threat Protection alerts](investigate-alerts.md)
-- [Investigate a file associated with a Microsoft Defender ATP alert](investigate-files.md)
-- [Investigate devices in the Microsoft Defender ATP Devices list](investigate-machines.md)
-- [Investigate an IP address associated with a Microsoft Defender ATP alert](investigate-ip.md)
-- [Investigate a domain associated with a Microsoft Defender ATP alert](investigate-domain.md)
-- [Investigate a user account in Microsoft Defender ATP](investigate-user.md)
+- [Manage Microsoft Defender for Endpoint alerts](manage-alerts.md)
+- [Investigate Microsoft Defender for Endpoint alerts](investigate-alerts.md)
+- [Investigate a file associated with a Microsoft Defender for Endpoint alert](investigate-files.md)
+- [Investigate devices in the Microsoft Defender for Endpoint Devices list](investigate-machines.md)
+- [Investigate an IP address associated with a Microsoft Defender for Endpoint alert](investigate-ip.md)
+- [Investigate a domain associated with a Microsoft Defender for Endpoint alert](investigate-domain.md)
+- [Investigate a user account in Microsoft Defender for Endpoint](investigate-user.md)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/alerts.md b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
index 7a51bd90c7..eaa7c56c2f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/alerts.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 ## Methods
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
index 6edfd475aa..f9f5d899e6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-configure.md
@@ -20,39 +20,39 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Configure Microsoft Defender ATP for Android features
+# Configure Defender for Endpoint for Android features
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
 
-## Conditional Access with Microsoft Defender ATP for Android  
-Microsoft Defender ATP for Android along with Microsoft Intune and Azure Active
+## Conditional Access with Defender for Endpoint for Android  
+Microsoft Defender for Endpoint for Android along with Microsoft Intune and Azure Active
 Directory enables enforcing Device compliance and Conditional Access policies
-based on device risk levels. Microsoft Defender ATP is a Mobile Threat Defense
+based on device risk levels. Defender for Endpoint is a Mobile Threat Defense
 (MTD) solution that you can deploy to leverage this capability via Intune.
 
-For more information about how to set up Microsoft Defender ATP for Android and Conditional Access, see [Microsoft Defender ATP and
+For more information about how to set up Defender for Endpoint for Android and Conditional Access, see [Defender for Endpoint and
 Intune](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection).
 
 
 ## Configure custom indicators  
 
 >[!NOTE]
-> Microsoft Defender ATP for Android only supports creating custom indicators for IP addresses and URLs/domains.
+> Defender for Endpoint for Android only supports creating custom indicators for IP addresses and URLs/domains.
 
-Microsoft Defender ATP for Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md).
+Defender for Endpoint for Android enables admins to configure custom indicators to support Android devices as well. For more information on how to configure custom indicators, see [Manage indicators](manage-indicators.md).
 
 ## Configure web protection
-Microsoft Defender ATP for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
+Defender for Endpoint for Android allows IT Administrators the ability to configure the web protection feature. This capability is available within the Microsoft Endpoint Manager Admin center.
 
 >[!NOTE]
-> Microsoft Defender ATP for Android would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. 
+> Defender for Endpoint for Android would use a VPN in order to provide the Web Protection feature. This is not a regular VPN and is a local/self-looping VPN that does not take traffic outside the device. 
 For more information, see [Configure web protection on devices that run Android](https://docs.microsoft.com/mem/intune/protect/advanced-threat-protection-manage-android).
 
 
 ## Related topics
-- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
-- [Deploy Microsoft Defender ATP for Android with Microsoft Intune](android-intune.md)
+- [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
+- [Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune](android-intune.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
index b70734bf7c..ddba7d596d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-intune.md
@@ -20,31 +20,31 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Deploy Microsoft Defender ATP for Android with Microsoft Intune 
+# Deploy Microsoft Defender for Endpoint for Android with Microsoft Intune 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Defender for Endpoint](microsoft-defender-atp-android.md)
 
-This topic describes deploying Microsoft Defender ATP for Android on Intune
+This topic describes deploying Defender for Endpoint for Android on Intune
 Company Portal enrolled devices. For more information about Intune device enrollment, see  [Enroll your
 device](https://docs.microsoft.com/mem/intune/user-help/enroll-device-android-company-portal).
 
 
 > [!NOTE]
-> **Microsoft Defender ATP for Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx)** 
    
-> You can connect to Google Play from Intune to deploy Microsoft Defender ATP app across Device Administrator and Android Enterprise entrollment modes.
+> **Defender for Endpoint for Android is now available on [Google Play](https://play.google.com/store/apps/details?id=com.microsoft.scmx)** 
    
+> You can connect to Google Play from Intune to deploy Defender for Endpoint app across Device Administrator and Android Enterprise entrollment modes.
   Updates to the app are automatic via Google Play.
 
 ## Deploy on Device Administrator enrolled devices
 
-**Deploy Microsoft Defender ATP for Android on Intune Company Portal - Device
+**Deploy Defender for Endpoint for Android on Intune Company Portal - Device
 Administrator enrolled devices**
 
-This topic describes how to deploy Microsoft Defender ATP for Android on Intune Company Portal - Device Administrator enrolled devices. 
+This topic describes how to deploy Defender for Endpoint for Android on Intune Company Portal - Device Administrator enrolled devices. 
 
 ### Add as Android store app
 
@@ -60,13 +60,13 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
    - **Name** 
    - **Description**
    - **Publisher** as Microsoft.
-   - **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Microsoft Defender ATP app Google Play Store URL) 
+   - **Appstore URL** as https://play.google.com/store/apps/details?id=com.microsoft.scmx (Defender for Endpoint app Google Play Store URL) 
 
    Other fields are optional. Select **Next**.
 
    ![Image of Microsoft Endpoint Manager Admin Center](images/mda-addappinfo.png)
 
-3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Microsoft Defender ATP for Android app. Click **Select** and then **Next**.
+3. In the *Assignments* section, go to the **Required** section and select **Add group.** You can then choose the user group(s) that you would like to target Defender for Endpoint for Android app. Click **Select** and then **Next**.
 
     >[!NOTE]
     >The selected user group should consist of Intune enrolled users.
@@ -77,7 +77,7 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
 
 4. In the **Review+Create** section, verify that all the information entered is correct and then select **Create**.
 
-    In a few moments, the Microsoft Defender ATP app would be created successfully, and a notification would show up at the top-right corner of the page.
+    In a few moments, the Defender for Endpoint app would be created successfully, and a notification would show up at the top-right corner of the page.
 
     ![Image of Microsoft Endpoint Manager Admin Center](images/86cbe56f88bb6e93e9c63303397fc24f.png)
 
@@ -92,21 +92,21 @@ completed successfully.
 
 ### Complete onboarding and check status
 
-1. Once Microsoft Defender ATP for Android has been installed on the device, you'll see the app icon.
+1. Once Defender for Endpoint for Android has been installed on the device, you'll see the app icon.
 
     ![Icon on mobile device](images/7cf9311ad676ec5142002a4d0c2323ca.jpg)
 
 2. Tap the Microsoft Defender ATP app icon and follow the on-screen instructions
-to complete onboarding the app. The details include end-user acceptance of Android permissions required by Microsoft Defender ATP for Android.
+to complete onboarding the app. The details include end-user acceptance of Android permissions required by Defender for Endpoint for Android.
 
 3. Upon successful onboarding, the device will start showing up on the Devices
 list in Microsoft Defender Security Center.
 
-    ![Image of device in Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+    ![Image of device in Defender for Endpoint portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
 
 ## Deploy on Android Enterprise enrolled devices
 
-Microsoft Defender ATP for Android supports Android Enterprise enrolled devices.
+Defender for Endpoint for Android supports Android Enterprise enrolled devices.
 
 For more information on the enrollment options supported by Intune, see 
 [Enrollment
@@ -116,10 +116,9 @@ Currently only Personal devices with Work Profile enrolled  are supported for de
 
 
 
-## Add Microsoft Defender ATP for Android as a Managed Google Play app
+## Add Microsoft Defender for Endpoint for Android as a Managed Google Play app
 
-Follow the steps below to add Microsoft
-Defender ATP app into your managed Google Play.
+Follow the steps below to add Microsoft Defender for Endpoint app into your managed Google Play.
 
 1. In [Microsoft Endpoint Manager admin
 center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
@@ -131,27 +130,26 @@ center](https://go.microsoft.com/fwlink/?linkid=2109431) , go to **Apps** \>
 
 2. On your managed Google Play page that loads subsequently, go to the search
 box and lookup **Microsoft Defender.** Your search should display the Microsoft
-Defender ATP app in your Managed Google Play. Click on the Microsoft Defender
-ATP app from the Apps search result.
+Defender for Endpoint app in your Managed Google Play. Click on the Microsoft Defender for Endpoint app from the Apps search result.
 
     ![Image of Microsoft Endpoint Manager admin center](images/0f79cb37900b57c3e2bb0effad1c19cb.png)
 
 3. In the App description page that comes up next, you should be able to see app
-details on Microsoft Defender ATP. Review the information on the page and then
+details on Defender for Endpoint. Review the information on the page and then
 select **Approve**.
 
     > [!div class="mx-imgBorder"]
     > ![A screenshot of a Managed Google Play](images/07e6d4119f265037e3b80a20a73b856f.png)
 
 
-4. You should now be presented with the permissions that Microsoft Defender ATP
+4. You should now be presented with the permissions that Defender for Endpoint
 obtains for it to work. Review them and then select **Approve**.
 
-    ![A screenshot of Microsoft Defender ATP preview app approval](images/206b3d954f06cc58b3466fb7a0bd9f74.png)
+    ![A screenshot of Defender for Endpoint preview app approval](images/206b3d954f06cc58b3466fb7a0bd9f74.png)
 
 
 5. You'll be presented with the Approval settings page. The page confirms
-your preference to handle new app permissions that Microsoft Defender ATP for
+your preference to handle new app permissions that Defender for Endpoint for
 Android might ask. Review the choices and select your preferred option. Select
 **Done**.
 
@@ -162,8 +160,8 @@ permissions*
     > ![Image of notifications tab](images/ffecfdda1c4df14148f1526c22cc0236.png)
 
 
-6. After the permissions handling selection is made, select **Sync** to sync
-Microsoft Defender ATP to your apps list.
+6. After the permissions handling selection is made, select **Sync** to sync Microsoft 
+Defender for Endpoint to your apps list.
 
     > [!div class="mx-imgBorder"]
     > ![Image of sync page](images/34e6b9a0dae125d085c84593140180ed.png)
@@ -180,7 +178,7 @@ Defender ATP should be visible in the apps list.
     > ![Image of list of Android apps](images/fa4ac18a6333335db3775630b8e6b353.png)
 
 
-9. Microsoft Defender ATP supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
+9. Defender for Endpoint supports App configuration policies for managed devices via Intune. This capability can be leveraged to autogrant applicable Android permission(s), so the end user does not need to accept these permission(s).
 
     1. In the **Apps** page, go to **Policy > App configuration policies > Add > Managed devices**.
 
@@ -213,7 +211,7 @@ Defender ATP should be visible in the apps list.
        > ![Image of create app configuration policy](images/android-auto-grant.png)
 
 
-    1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**.  The group selected here is usually the same group to which you would assign Microsoft Defender ATP Android app. 
+    1. In the **Assignments** page, select the user group to which this app config policy would be assigned to. Click **Select groups to include** and selecting the applicable group and then selecting **Next**.  The group selected here is usually the same group to which you would assign Microsoft Defender for Endpoint Android app. 
 
        > [!div class="mx-imgBorder"]
        > ![Image of create app configuration policy](images/android-select-group.png)
@@ -221,7 +219,7 @@ Defender ATP should be visible in the apps list.
 
      1. In the **Review + Create** page that comes up next, review all the information and then select **Create**. 
    
     
-        The app configuration policy for Microsoft Defender ATP auto-granting the storage permission is now assigned to the selected user group.
+        The app configuration policy for Defender for Endpoint auto-granting the storage permission is now assigned to the selected user group.
 
         > [!div class="mx-imgBorder"]
         > ![Image of create app configuration policy](images/android-review-create.png)
@@ -248,7 +246,7 @@ assignment.
 
 ## Complete onboarding and check status
 
-1. Confirm the installation status of Microsoft Defender ATP for Android by
+1. Confirm the installation status of Microsoft Defender for Endpoint for Android by
 clicking on the **Device Install Status**. Verify that the device is
 displayed here.
 
@@ -257,23 +255,22 @@ displayed here.
 
 
 2. On the device, you can confirm the same by going to the **work profile** and
-confirm that Microsoft Defender ATP is available.
+confirm that Defender for Endpoint is available.
 
     ![Image of app in mobile device](images/c2e647fc8fa31c4f2349c76f2497bc0e.png)
 
 3. When the app is installed, open the app and accept the permissions
 and then your onboarding should be successful.
 
-    ![Image of mobile device with Microsoft Defender ATP app](images/mda-devicesafe.png)
+    ![Image of mobile device with Microsoft Defender for Endpoint app](images/mda-devicesafe.png)
 
-4. At this stage the device is successfully onboarded onto Microsoft Defender
-ATP for Android. You can verify this on the [Microsoft Defender Security
+4. At this stage the device is successfully onboarded onto Defender for Endpoint for Android. You can verify this on the [Microsoft Defender Security
 Center](https://securitycenter.microsoft.com)
 by navigating to the **Devices** page.
 
-    ![Image of Microsoft Defender ATP portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
+    ![Image of Microsoft Defender for Endpoint portal](images/9fe378a1dce0f143005c3aa53d8c4f51.png)
 
 
 ## Related topics
-- [Overview of Microsoft Defender ATP for Android](microsoft-defender-atp-android.md)
-- [Configure Microsoft Defender ATP for Android features](android-configure.md)
+- [Overview of Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
+- [Configure Microsoft Defender for Endpoint for Android features](android-configure.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
index 800e262876..66ec2fa838 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-privacy.md
@@ -17,23 +17,22 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-#  Microsoft Defender ATP for Android - Privacy information
+#  Microsoft Defender for Endpoint for Android - Privacy information
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Microsoft Defender for Endpoint for Android](microsoft-defender-atp-android.md)
 
 
-Microsoft Defender ATP for Android collects information from your configured
-Android devices and stores it in the same tenant where you have Microsoft
-Defender ATP.
+Defender for Endpoint for Android collects information from your configured
+Android devices and stores it in the same tenant where you have Defender for Endpoint.
 
-Information is collected to help keep Microsoft Defender ATP for Android secure,
+Information is collected to help keep Defender for Endpoint for Android secure,
 up-to-date, performing as expected and to support the service.
 
 ## Required Data 
 
-Required data consists of data that is necessary to make Microsoft Defender ATP
+Required data consists of data that is necessary to make Defender for Endpoint
 for Android work as expected. This data is essential to the operation of the
 service and can include data related to the end user, organization, device, and
 apps. Here's a list of the types of data being collected:
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
index d2d946c3fb..34959bf022 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-support-signin.md
@@ -20,15 +20,14 @@ ms.collection:
 ms.topic: conceptual
 ---
 
-# Troubleshooting issues on Microsoft Defender ATP for Android
+# Troubleshooting issues on Microsoft Defender for Endpoint for Android
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
--   [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for
-    Android](microsoft-defender-atp-android.md)
+-   [Defender for Endpoint](microsoft-defender-atp-android.md)
 
 During onboarding, you might encounter sign in issues after the app is installed on your device. 
 
@@ -77,7 +76,7 @@ Contact your administrator for help.
 
 -   **Xiaomi**
 
-Phishing and harmful web connection threats detected by Microsoft Defender ATP
+Phishing and harmful web connection threats detected by Defender for Endpoint
 for Android are not blocked on some Xiaomi devices. The following functionality does not work on these devices.
 
 ![Image of site reported unsafe](images/0c04975c74746a5cdb085e1d9386e713.png)
@@ -85,7 +84,7 @@ for Android are not blocked on some Xiaomi devices. The following functionality
 
 **Cause:**
 
-Xiaomi devices introduced a new permission that prevents Microsoft Defender ATP
+Xiaomi devices introduced a new permission that prevents Defender for Endpoint
 for Android app from displaying pop-up windows while running in the background.
 
 Xiaomi devices permission: "Display pop-up windows while running in the
diff --git a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
index 0d6e8dcd1c..caf571c273 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/android-terms.md
@@ -19,15 +19,15 @@ ms.topic: conceptual
 hideEdit: true
 ---
 
-# Microsoft Defender ATP for Android application license terms
+# Microsoft Defender for Endpoint for Android application license terms
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for Android](microsoft-defender-atp-android.md)
+- [Microsoft Defender for Endpoint](microsoft-defender-atp-android.md)
 
-## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER ATP
+## MICROSOFT APPLICATION LICENSE TERMS: MICROSOFT DEFENDER FOR ENDPOINT
 
 These license terms ("Terms") are an agreement between Microsoft Corporation (or
 based on where you live, one of its affiliates) and you. Please read them. They
@@ -54,7 +54,7 @@ DO NOT USE THE APPLICATION.**
     1.  **Installation and Use.** You may install and use any number of copies
         of this application on Android enabled device or devices which you own
         or control. You may use this application with your company's valid
-        subscription of Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) or
+        subscription of Microsoft Defender for Endpoint or
         an online service that includes MDATP functionalities.
 
     2.  **Updates.** Updates or upgrades to MDATP may be required for full
@@ -139,7 +139,7 @@ DO NOT USE THE APPLICATION.**
     export laws and regulations that apply to the application. These laws
     include restrictions on destinations, end users and end use. For additional
     information,
-    see[www.microsoft.com/exporting](https://www.microsoft.com/exporting).
+    see�[www.microsoft.com/exporting](https://www.microsoft.com/exporting).
 
 7.  **SUPPORT SERVICES.** Because this application is "as is," we may not
     provide support services for it. If you have any issues or questions about
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
index 4985f37fda..c75879bafc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-explorer.md
@@ -25,11 +25,11 @@ ms.topic: conceptual
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-The Microsoft Defender ATP API Explorer is a tool that helps you explore various Microsoft Defender ATP APIs interactively. 
+The Microsoft Defender for Endpoint API Explorer is a tool that helps you explore various Defender for Endpoint APIs interactively. 
 
-The API Explorer makes it easy to construct and do API queries, test, and send requests for any available Microsoft Defender ATP API endpoint. Use the API Explorer to take actions or find data that might not yet be available through the user interface.
+The API Explorer makes it easy to construct and do API queries, test, and send requests for any available Defender for Endpoint API endpoint. Use the API Explorer to take actions or find data that might not yet be available through the user interface.
 
 The tool is useful during app development. It allows you to perform API queries that respect your user access settings, reducing the need to generate access tokens.
 
@@ -47,7 +47,7 @@ From the left navigation menu, select **Partners & APIs** > **API Explorer**.
 
 ## Supported APIs
 
-API Explorer supports all the APIs offered by Microsoft Defender ATP.
+API Explorer supports all the APIs offered by Defender for Endpoint.
   
 The list of supported APIs is available in the [APIs documentation](apis-intro.md). 
 
@@ -61,7 +61,7 @@ Some of the samples may require specifying a parameter in the URL, for example,
 ## FAQ
 
 **Do I need to have an API token to use the API Explorer?** 
    
-Credentials to access an API aren't needed. The API Explorer uses the Microsoft Defender ATP management portal token whenever it makes a request.
+Credentials to access an API aren't needed. The API Explorer uses the Defender for Endpoint management portal token whenever it makes a request.
 
 The logged-in user authentication credential is used to verify that the API Explorer is authorized to access data on your behalf.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
index a0330cfe3b..0dfd7bfce2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-hello-world.md
@@ -17,14 +17,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP API - Hello World 
+# Microsoft Defender for Endpoint API - Hello World 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## Get Alerts using a simple PowerShell script
@@ -47,7 +47,7 @@ For the Application registration stage, you must have a **Global administrator**
 
 3. In the registration form, choose a name for your application and then click **Register**.
 
-4. Allow your Application to access Microsoft Defender ATP and assign it **'Read all alerts'** permission:
+4. Allow your Application to access Defender for Endpoint and assign it **'Read all alerts'** permission:
 
    - On your application page, click **API Permissions** > **Add permission** > **APIs my organization uses** > type **WindowsDefenderATP** and click on **WindowsDefenderATP**.
 
@@ -177,6 +177,6 @@ You’re all done! You have just successfully:
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
-- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
+- [Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender for Endpoint with user context](exposed-apis-create-app-nativeapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
index 572437217f..95525bbf97 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-microsoft-flow.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink)
 
 Automating security procedures is a standard requirement for every modern Security Operations Center. The lack of professional cyber defenders forces SOC to work in the most efficient way and automation is a must. Microsoft Power Automate supports different connectors that were built exactly for that. You can build an end-to-end procedure automation within a few minutes.
 
@@ -81,4 +81,4 @@ The Alert trigger provides only the Alert ID and the Machine ID. You can use the
 You can also create a **scheduled** flow that runs Advanced Hunting queries and much more!
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Microsoft Defender for Endpoint APIs](apis-intro.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
index d93239e1e8..2170d310c0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-portal-mapping.md
@@ -17,28 +17,28 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP detections API fields
+# Microsoft Defender for Endpoint detections API fields
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-apiportalmapping-abovefoldlink)
 
 Understand what data fields are exposed as part of the detections API and how they map to Microsoft Defender Security Center.
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
+>- [Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
 >- **Microsoft Defender ATP Detection** is composed from the suspicious event occurred on the Device and its related **Alert** details.
->- The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
 ## Detections API fields and portal mapping
 The following table lists the available fields exposed in the detections API payload. It shows examples for the populated values and a reference on how data is reflected on the portal.
 
-The ArcSight field column contains the default mapping between the Microsoft Defender ATP fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
+The ArcSight field column contains the default mapping between the Defender for Endpoint fields and the built-in fields in ArcSight. You can download the mapping file from the portal when you enable the SIEM integration feature and you can modify it to match the  needs of your organization. For more information, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md).
 
 Field numbers match the numbers in the images below.
 
@@ -49,12 +49,12 @@ Field numbers match the numbers in the images below.
 > | 1                | AlertTitle                | name                | Microsoft Defender AV detected 'Mikatz' high-severity malware | Value available for every Detection.                                                                                                                                               |
 > | 2                | Severity                  | deviceSeverity      | High                                                                             | Value available for every Detection.                                                                                                                                               |
 > | 3                | Category                  | deviceEventCategory | Malware                                                               | Value available for every Detection.                                                                                                                                               |
-> | 4                | Detection source                    | sourceServiceName   | Antivirus                                                                 | Microsoft Defender Antivirus or   Microsoft Defender ATP. Value available for every Detection.                                                                                         |
+> | 4                | Detection source                    | sourceServiceName   | Antivirus                                                                 | Microsoft Defender Antivirus or  Defender for Endpoint. Value available for every Detection.                                                                                         |
 > | 5                | MachineName               | sourceHostName      | desktop-4a5ngd6                                                                           | Value available for every Detection.                                                                                                                                               |
 > | 6                | FileName                  | fileName            | Robocopy.exe                                                                       | Available for detections associated   with a file or process.                                                                                                                      |
 > | 7                | FilePath                  | filePath            | C:\Windows\System32\Robocopy.exe                                                   | Available for detections associated   with a file or process.                                                                                                                     |
-> | 8                | UserDomain                | sourceNtDomain      | CONTOSO                                                                            | The domain of the user context   running the activity, available for Microsoft Defender ATP behavioral based detections.                                                           |
-> | 9                | UserName                  | sourceUserName      | liz.bean                                                                           | The user context running the   activity, available for Microsoft Defender ATP behavioral based detections.                                                                           |
+> | 8                | UserDomain                | sourceNtDomain      | CONTOSO                                                                            | The domain of the user context   running the activity, available for Defender for Endpoint behavioral based detections.                                                           |
+> | 9                | UserName                  | sourceUserName      | liz.bean                                                                           | The user context running the   activity, available for Defender for Endpoint behavioral based detections.                                                                           |
 > | 10               | Sha1                      | fileHash            | 3da065e07b990034e9db7842167f70b63aa5329                                           | Available for detections associated   with a file or process.                                                                                                                      |
 > | 11               | Sha256                    | deviceCustomString6 | ebf54f745dc81e1958f75e4ca91dd0ab989fc9787bb6b0bf993e2f5                   | Available for Microsoft Defender AV detections.                                                                                                                                    |
 > | 12               | Md5                       | deviceCustomString5 | db979c04a99b96d370988325bb5a8b21                                                   | Available for Microsoft Defender AV detections.                                                                                                                                    |
@@ -97,7 +97,7 @@ Field numbers match the numbers in the images below.
 
 
 ## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
+- [Enable SIEM integration in Microsoft Defender for Endpoint](enable-siem-integration.md)
+- [Configure ArcSight to pull Microsoft Defender for Endpoint detections](configure-arcsight.md)
+- [Pull Microsoft Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
index ae1fe49ed4..605b0f511a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-power-bi.md
@@ -22,11 +22,11 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-In this section you will learn create a Power BI report on top of Microsoft Defender ATP APIs.
+In this section you will learn create a Power BI report on top of Defender for Endpoint APIs.
 
 The first example demonstrates how to connect Power BI to Advanced Hunting API and the second example demonstrates a connection to our OData APIs, such as Machine Actions or Alerts.
 
@@ -133,6 +133,6 @@ View the Microsoft Defender ATP Power BI report samples. For more information, s
 
 
 ## Related topic
-- [Microsoft Defender ATP APIs](apis-intro.md)
+- [Defender for Endpoint APIs](apis-intro.md)
 - [Advanced Hunting API](run-advanced-query-api.md)
 - [Using OData Queries](exposed-apis-odata-samples.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
index b5e6b4ffb6..9c8c96f2ea 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/api-terms-of-use.md
@@ -16,14 +16,14 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP API license and terms of use
+# Microsoft Defender for Endpoint API license and terms of use
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 ## APIs
 
-Microsoft Defender ATP APIs are governed by [Microsoft API License and Terms of use](https://docs.microsoft.com/legal/microsoft-apis/terms-of-use).
+Defender for Endpoint APIs are governed by [Microsoft API License and Terms of use](https://docs.microsoft.com/legal/microsoft-apis/terms-of-use).
 
 ### Throttling limits
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
index 34f925b4d8..5550264035 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/apis-intro.md
@@ -17,33 +17,33 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Access the Microsoft Defender Advanced Threat Protection APIs 
+# Access the Microsoft Defender for Endpoint APIs 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:** 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
-Microsoft Defender ATP exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Microsoft Defender ATP capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
+Defender for Endpoint exposes much of its data and actions through a set of programmatic APIs. Those APIs will enable you to automate workflows and innovate based on Defender for Endpoint capabilities. The API access requires OAuth2.0 authentication. For more information, see [OAuth 2.0 Authorization Code Flow](https://docs.microsoft.com/azure/active-directory/develop/active-directory-v2-protocols-oauth-code).
 
-Watch this video for a quick overview of Microsoft Defender ATP's APIs. 
+Watch this video for a quick overview of Defender for Endpoint's APIs. 
 >[!VIDEO https://www.microsoft.com/en-us/videoplayer/embed/RE4d73M]
 
 In general, you’ll need to take the following steps to use the APIs:
 - Create an AAD application
 - Get an access token using this application
-- Use the token to access Microsoft Defender ATP API
+- Use the token to access Defender for Endpoint API
 
 
-You can access Microsoft Defender ATP API with **Application Context** or **User Context**.
+You can access Defender for Endpoint API with **Application Context** or **User Context**.
 
 - **Application Context: (Recommended)** 
    
     Used by apps that run without a signed-in user present. for example, apps that run as background services or daemons.
 
-	Steps that need to be taken to access Microsoft Defender ATP API with application context:
+	Steps that need to be taken to access Defender for Endpoint API with application context:
 
   1. Create an AAD Web-Application.
   2. Assign the desired permission to the application, for example, 'Read Alerts', 'Isolate Machines'. 
@@ -57,7 +57,7 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 - **User Context:** 
    
     Used to perform actions in the API on behalf of a user.
 
-	Steps that needs to be taken to access Microsoft Defender ATP API with application context:
+	Steps that needs to be taken to access Defender for Endpoint API with application context:
   1. Create AAD Native-Application.
   2. Assign the desired permission to the application, e.g 'Read Alerts', 'Isolate Machines' etc. 
   3. Get token using the application with user credentials.
@@ -67,6 +67,6 @@ You can access Microsoft Defender ATP API with **Application Context** or **User
 
 
 ## Related topics
-- [Microsoft Defender ATP APIs](exposed-apis-list.md)
-- [Access Microsoft Defender ATP with application context](exposed-apis-create-app-webapp.md)
-- [Access Microsoft Defender ATP with user context](exposed-apis-create-app-nativeapp.md)
+- [Microsoft Defender for Endpoint APIs](exposed-apis-list.md)
+- [Access Microsoft Defender for Endpoint with application context](exposed-apis-create-app-webapp.md)
+- [Access Microsoft Defender for Endpoint with user context](exposed-apis-create-app-nativeapp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
index 6c4428c439..a8bf456da1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/assign-portal-access.md
@@ -26,11 +26,11 @@ ms.date: 11/28/2018
 **Applies to:**
 - Azure Active Directory
 - Office 365
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-assignaccess-abovefoldlink)
 
-Microsoft Defender ATP supports two ways to manage permissions:
+Defender for Endpoint supports two ways to manage permissions:
 
 - **Basic permissions management**: Set permissions to either full access or read-only.
 - **Role-based access control (RBAC)**: Set granular permissions by defining roles, assigning Azure AD user groups to the roles, and granting the user groups access to device groups. For more information on RBAC, see [Manage portal access using role-based access control](rbac.md).
@@ -38,7 +38,7 @@ Microsoft Defender ATP supports two ways to manage permissions:
 > [!NOTE]
 > If you have already assigned basic permissions, you may switch to RBAC anytime. Consider the following before making the switch:
 > 
-> - Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Microsoft Defender ATP administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Microsoft Defender ATP administrator role after switching to RBAC.  Only users assigned to the Microsoft Defender ATP administrator role can manage permissions using RBAC. 
+> - Users with full access (users that are assigned the Global Administrator or Security Administrator directory role in Azure AD), are automatically assigned the default Defender for Endpoint administrator role, which also has full access. Additional Azure AD user groups can be assigned to the Defender for Endpoint administrator role after switching to RBAC.  Only users assigned to the Defender for Endpoint administrator role can manage permissions using RBAC. 
 > - Users that have read-only access (Security Readers) will lose access to the portal until they are assigned a role. Note that only Azure AD user groups can be assigned a role under RBAC.
 > - After switching to RBAC, you will not be able to switch back to using basic permissions management.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
index 47af31878c..74cc0538fb 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-simulations.md
@@ -18,22 +18,22 @@ ms.topic: article
 ms.date: 11/20/2018
 ---
 
-# Experience Microsoft Defender ATP through simulated attacks 
+# Experience Microsoft Defender for Endpoint through simulated attacks 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-abovefoldlink)
 
 >[!TIP]
->- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Microsoft Defender ATP](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
->- Microsoft Defender ATP demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
+>- Learn about the latest enhancements in Microsoft Defender ATP: [What's new in Defender for Endpoint?](https://cloudblogs.microsoft.com/microsoftsecure/2018/11/15/whats-new-in-windows-defender-atp/).
+>- Defender for Endpoint demonstrated industry-leading optics and detection capabilities in the recent MITRE evaluation. Read: [Insights from the MITRE ATT&CK-based evaluation](https://cloudblogs.microsoft.com/microsoftsecure/2018/12/03/insights-from-the-mitre-attack-based-evaluation-of-windows-defender-atp/).
 
-You might want to experience Microsoft Defender ATP before you onboard more than a few devices to the service. To do this, you can run controlled attack simulations on a few test devices. After running the simulated attacks, you can review how Microsoft Defender ATP surfaces malicious activity and explore how it enables an efficient response.
+You might want to experience Defender for Endpoint before you onboard more than a few devices to the service. To do this, you can run controlled attack simulations on a few test devices. After running the simulated attacks, you can review how Defender for Endpoint surfaces malicious activity and explore how it enables an efficient response.
 
 ## Before you begin
 
@@ -61,7 +61,7 @@ Read the walkthrough document provided with each attack scenario. Each document
 > Simulation files or scripts mimic attack activity but are actually benign and will not harm or compromise the test device.
 > 
 > 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-attacksimulations-belowfoldlink)
 
 
 ## Related topics
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
index 6005a0a536..b3a31baf6d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-faq.md
@@ -23,7 +23,7 @@ ms.custom: asr
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Is attack surface reduction (ASR) part of Windows?
 
@@ -43,7 +43,7 @@ Yes. ASR is supported for Windows Enterprise E3 and above.
 
 All of the rules supported with E3 are also supported with E5.
 
-E5 also added greater integration with Microsoft Defender ATP. With E5, you can [use Microsoft Defender ATP to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports.
+E5 also added greater integration with Defender for Endpoint. With E5, you can [use Defender for Endpoint to monitor and review analytics](https://docs.microsoft.com/microsoft-365/security/mtp/monitor-devices?view=o365-worldwide#monitor-and-manage-asr-rule-deployment-and-detections) on alerts in real-time, fine-tune rule exclusions, configure ASR rules, and view lists of event reports.
 
 ## What are the currently supported ASR rules?
 
@@ -75,13 +75,13 @@ Larger organizations should consider rolling out ASR rules in "rings," by auditi
 
 Keep the rule in audit mode for about 30 days to get a good baseline for how the rule will operate once it goes live throughout your organization. During the audit period, you can identify any line-of-business applications that might get blocked by the rule, and configure the rule to exclude them.
 
-## I'm making the switch from a third-party security solution to Microsoft Defender ATP. Is there an "easy" way to export rules from another security solution to ASR?
+## I'm making the switch from a third-party security solution to Defender for Endpoint. Is there an "easy" way to export rules from another security solution to ASR?
 
-In most cases, it's easier and better to start with the baseline recommendations suggested by [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP) than to attempt to import rules from another security solution. Then, use tools such as audit mode, monitoring, and analytics to configure your new solution to suit your unique needs. 
+In most cases, it's easier and better to start with the baseline recommendations suggested by [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Defender for Endpoint) than to attempt to import rules from another security solution. Then, use tools such as audit mode, monitoring, and analytics to configure your new solution to suit your unique needs. 
 
-The default configuration for most ASR rules, combined with Microsoft Defender ATP's real-time protection, will protect against a large number of exploits and vulnerabilities.
+The default configuration for most ASR rules, combined with Defender for Endpoint's real-time protection, will protect against a large number of exploits and vulnerabilities.
 
-From within Microsoft Defender ATP, you can update your defenses with custom indicators, to allow and block certain software behaviors. ASR also allows for some customization of rules, in the form of file and folder exclusions. As a general rule, it is best to audit a rule for a period of time, and configure exclusions for any line-of-business applications that might get blocked.
+From within Defender for Endpoint, you can update your defenses with custom indicators, to allow and block certain software behaviors. ASR also allows for some customization of rules, in the form of file and folder exclusions. As a general rule, it is best to audit a rule for a period of time, and configure exclusions for any line-of-business applications that might get blocked.
 
 ## Does ASR support file or folder exclusions that include system variables and wildcards in the path?
 
@@ -95,9 +95,9 @@ It depends on the rule. Most ASR rules cover the behavior of Microsoft Office pr
 
 ASR uses Microsoft Defender Antivirus to block applications. It is not possible to configure ASR to use another security solution for blocking at this time.
 
-## I have an E5 license and enabled some ASR rules in conjunction with Microsoft Defender ATP. Is it possible for an ASR event to not show up at all in Microsoft Defender ATP's event timeline?
+## I have an E5 license and enabled some ASR rules in conjunction with Defender for Endpoint. Is it possible for an ASR event to not show up at all in Defender for Endpoint's event timeline?
 
-Whenever a notification is triggered locally by an ASR rule, a report on the event is also sent to the Microsoft Defender ATP portal. If you're having trouble finding the event, you can filter the events timeline using the search box. You can also view ASR events by visiting **Go to attack surface management**, from the **Configuration management** icon in the Security Center taskbar. The attack surface management page includes a tab for report detections, which includes a full list of ASR rule events reported to Microsoft Defender ATP.
+Whenever a notification is triggered locally by an ASR rule, a report on the event is also sent to the Defender for Endpoint portal. If you're having trouble finding the event, you can filter the events timeline using the search box. You can also view ASR events by visiting **Go to attack surface management**, from the **Configuration management** icon in the Security Center taskbar. The attack surface management page includes a tab for report detections, which includes a full list of ASR rule events reported to Defender for Endpoint.
 
 ## I applied a rule using GPO. Now when I try to check the indexing options for the rule in Microsoft Outlook, I get a message stating, 'Access denied'.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
index 87e15b62f3..d2c6d68716 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction.md
@@ -24,7 +24,7 @@ ms.date: 10/08/2020
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Your attack surface is the total number of places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means offering attackers fewer ways to perform attacks.
 
@@ -50,13 +50,13 @@ You can set attack surface reduction rules for devices running any of the follow
 - Windows Server, [version 1803 (Semi-Annual Channel)](https://docs.microsoft.com/windows-server/get-started/whats-new-in-windows-server-1803) or later
 - [Windows Server 2019](https://docs.microsoft.com/windows-server/get-started-19/whats-new-19)
 
-To use the entire feature-set of attack surface reduction rules, you need a [Windows 10 Enterprise license](https://www.microsoft.com/licensing/product-licensing/windows10). With a [Windows E5 license](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses), you get advanced management capabilities including monitoring, analytics, and workflows available in [Microsoft Defender Advanced Threat Protection](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the [Microsoft 365 security center](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events.
+To use the entire feature-set of attack surface reduction rules, you need a [Windows 10 Enterprise license](https://www.microsoft.com/licensing/product-licensing/windows10). With a [Windows E5 license](https://docs.microsoft.com/windows/deployment/deploy-enterprise-licenses), you get advanced management capabilities including monitoring, analytics, and workflows available in [Defender for Endpoint](microsoft-defender-advanced-threat-protection.md), as well as reporting and configuration capabilities in the [Microsoft 365 security center](https://docs.microsoft.com/microsoft-365/security/mtp/overview-security-center). These advanced capabilities aren't available with an E3 license, but you can still use Event Viewer to review attack surface reduction rule events.
 
 ## Review attack surface reduction events in the Microsoft Defender Security Center
 
-Microsoft Defender ATP provides detailed reporting for events and blocks, as part of its alert investigation scenarios.
+Defender for Endpoint provides detailed reporting for events and blocks, as part of its alert investigation scenarios.
 
-You can query Microsoft Defender ATP data by using [advanced hunting](advanced-hunting-query-language.md). If you're running [audit mode](audit-windows-defender.md), you can use advanced hunting to understand how attack surface reduction rules could affect your environment.
+You can query Defender for Endpoint data by using [advanced hunting](advanced-hunting-query-language.md). If you're running [audit mode](audit-windows-defender.md), you can use advanced hunting to understand how attack surface reduction rules could affect your environment.
 
 Here is an example query:
 
@@ -87,7 +87,7 @@ This will create a custom view that filters events to only show the following, a
 |1121 | Event when rule fires in Block-mode |
 |1122 | Event when rule fires in Audit-mode |
 
-The "engine version" listed for attack surface reduction events in the event log, is generated by Microsoft Defender ATP, not by the operating system. Microsoft Defender ATP is integrated with Windows 10, so this feature works on all devices with Windows 10 installed.
+The "engine version" listed for attack surface reduction events in the event log, is generated by Defender for Endpoint, not by the operating system. Defender for Endpoint is integrated with Windows 10, so this feature works on all devices with Windows 10 installed.
 
 ## Attack surface reduction rules
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
index ee65565701..b442dcb82a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/audit-windows-defender.md
@@ -15,14 +15,14 @@ ms.reviewer:
 manager: dansimp
 ---
 
-# Test how Microsoft Defender ATP features work in audit mode
+# Test how Microsoft Defender for Endpoint features work in audit mode
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 You can enable attack surface reduction rules, exploit protection, network protection, and controlled folder access in audit mode. Audit mode lets you see a record of what *would* have happened if you had enabled the feature.
 
@@ -32,7 +32,7 @@ The features won't block or prevent apps, scripts, or files from being modified.
 
 To find the audited entries, go to **Applications and Services** > **Microsoft** > **Windows** > **Windows Defender** > **Operational**.
 
-You can use Microsoft Defender Advanced Threat Protection to get greater details for each event, especially for investigating attack surface reduction rules. Using the Microsoft Defender ATP console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+You can use Defender for Endpoint to get greater details for each event, especially for investigating attack surface reduction rules. Using the Defender for Endpoint console lets you [investigate issues as part of the alert timeline and investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 This article provides links that describe how to enable the audit functionality for each feature and how to view events in the Windows Event Viewer.
 

From 7b04785a2d24606f6e63669e20cb07e800b7fcc4 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Tue, 27 Oct 2020 17:03:45 -0700
Subject: [PATCH 104/346] Added ADMX_TerminalServer policies

---
 .../mdm/policy-csp-admx-terminalserver.md     | 1036 +++++++++++++++++
 1 file changed, 1036 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-terminalserver.md

diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
new file mode 100644
index 0000000000..74a8c02c29
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -0,0 +1,1036 @@
+---
+title: Policy CSP - ADMX_TerminalServer
+description: Policy CSP - ADMX_TerminalServer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TerminalServer
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+## ADMX_TerminalServer policies  
+
+
    
+  
    
+    ADMX_TerminalServer/TS_AUTO_RECONNECT
+  
    
+  
    
+    ADMX_TerminalServer/TS_CAMERA_REDIRECTION
+  
    
+  
    
+    ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_AUDIO
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_CLIPBOARD
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_COM
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_DEFAULT_M
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_LPT
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_PNP
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_PRINTER
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP
+  
    
+  
    
+    ADMX_TerminalServer/TS_COLORDEPTH
+  
    
+  
    
+    ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES
+  
    
+  
    
+    ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER
+  
    
+  
    
+    ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU
+  
    
+  
    
+    ADMX_TerminalServer/TS_EASY_PRINT
+  
    
+  
    
+    ADMX_TerminalServer/TS_EASY_PRINT_User
+  
    
+  
    
+    ADMX_TerminalServer/TS_EnableVirtualGraphics
+  
    
+  
    
+    ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE
+  
    
+  
    
+    ADMX_TerminalServer/TS_FORCIBLE_LOGOFF
+  
    
+  
    
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD
+  
    
+  
    
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE
+  
    
+  
    
+    ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER
+  
    
+  
    
+    ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY
+  
    
+  
    
+    ADMX_TerminalServer/TS_KEEP_ALIVE
+  
    
+  
    
+    ADMX_TerminalServer/TS_LICENSE_SECGROUP
+  
    
+  
    
+    ADMX_TerminalServer/TS_LICENSE_SERVERS
+  
    
+  
    
+    ADMX_TerminalServer/TS_LICENSE_TOOLTIP
+  
    
+  
    
+    ADMX_TerminalServer/TS_LICENSING_MODE
+  
    
+  
    
+    ADMX_TerminalServer/TS_MAXDISPLAYRES
+  
    
+  
    
+    ADMX_TerminalServer/TS_MAXMONITOR
+  
    
+  
    
+    ADMX_TerminalServer/TS_MAX_CON_POLICY
+  
    
+  
    
+    ADMX_TerminalServer/TS_NoDisconnectMenu
+  
    
+  
    
+    ADMX_TerminalServer/TS_NoSecurityMenu
+  
    
+  
    
+    ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP
+  
    
+  
    
+    ADMX_TerminalServer/TS_PreventLicenseUpgrade
+  
    
+  
    
+    ADMX_TerminalServer/TS_RADC_DefaultConnection
+  
    
+  
    
+    ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration
+  
    
+  
    
+    ADMX_TerminalServer/TS_RemoteControl_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_RemoteControl_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics
+  
    
+  
    
+    ADMX_TerminalServer/TS_SD_ClustName
+  
    
+  
    
+    ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS
+  
    
+  
    
+    ADMX_TerminalServer/TS_SD_Loc
+  
    
+  
    
+    ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY
+  
    
+  
    
+    ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT
+  
    
+  
    
+    ADMX_TerminalServer/TS_SELECT_TRANSPORT
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_AUTH
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_COMPRESSOR
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_LEGACY_RFX
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_PROFILE
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_VISEXP
+  
    
+  
    
+    ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER
+  
    
+  
    
+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_SESSIONS_Limits_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_SESSIONS_Limits_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_SINGLE_SESSION
+  
    
+  
    
+    ADMX_TerminalServer/TS_SMART_CARD
+  
    
+  
    
+    ADMX_TerminalServer/TS_START_PROGRAM_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_START_PROGRAM_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_Session_End_On_Limit_1
+  
    
+  
    
+    ADMX_TerminalServer/TS_Session_End_On_Limit_2
+  
    
+  
    
+    ADMX_TerminalServer/TS_TEMP_DELETE
+  
    
+  
    
+    ADMX_TerminalServer/TS_TEMP_PER_SESSION
+  
    
+  
    
+    ADMX_TerminalServer/TS_TIME_ZONE
+  
    
+  
    
+    ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY
+  
    
+  
    
+    ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP
+  
    
+  
    
+    ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE
+  
    
+  
    
+    ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY
+  
    
+  
    
+    ADMX_TerminalServer/TS_USER_HOME
+  
    
+  
    
+    ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES
+  
    
+  
    
+    ADMX_TerminalServer/TS_USER_PROFILES
+  
    
+
    
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_AUTO_RECONNECT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
+
+By default, a maximum  of twenty reconnection attempts are made at five second intervals.
+
+If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
+
+If the status is set to Disabled, automatic reconnection of clients is prohibited.
+
+If the status is set to Not Configured, automatic reconnection is not specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Automatic reconnection*
+-   GP name: *TS_AUTO_RECONNECT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CAMERA_REDIRECTION**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost.
+
+By default, a maximum  of twenty reconnection attempts are made at five second intervals.
+
+If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.
+
+If the status is set to Disabled, automatic reconnection of clients is prohibited.
+
+If the status is set to Not Configured, automatic reconnection is not specified at the  Group Policy level. However, users can configure automatic reconnection using the "Reconnect if connection is dropped" checkbox on the Experience tab in Remote Desktop Connection.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Automatic reconnection*
+-   GP name: *TS_CAMERA_REDIRECTION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CERTIFICATE_TEMPLATE_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of the certificate template that determines which certificate is automatically selected to authenticate an RD Session Host server.
+
+A certificate is needed to authenticate an RD Session Host server when TLS 1.0, 1.1 or 1.2 is used to secure communication between a client and an RD Session Host server during RDP connections.
+
+If you enable this policy setting, you need to specify a certificate template name. Only certificates created by using the specified certificate template will be considered when a certificate to authenticate the RD Session Host server is automatically selected. Automatic certificate selection only occurs when a specific certificate has not been selected.
+
+If no certificate can be found that was created with the specified certificate template, the RD Session Host server will issue a certificate enrollment request and will use the current certificate until the request is completed. If more than one certificate is found that was created with the specified certificate template, the certificate that will expire latest and that matches the current name of the RD Session Host server will be selected.
+
+If you disable or do not configure this policy, the certificate template name is not specified at the Group Policy level. By default, a self-signed certificate is used to authenticate the RD Session Host server.  
+
+> [!NOTE]
+> If you select a specific certificate to be used to authenticate the RD Session Host server, that certificate will take precedence over this policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Server authentication certificate template*
+-   GP name: *TS_CERTIFICATE_TEMPLATE_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
+
+If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from valid publishers and user's default .rdp settings*
+-   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_SIGNED_FILES_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file).
+
+If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from valid publishers and user's default .rdp settings*
+-   GP name: *TS_CLIENT_ALLOW_SIGNED_FILES_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+
+If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from unknown publishers*
+-   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_ALLOW_UNSIGNED_FILES_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (.rdp) files and .rdp files from unknown publishers on the client computer.
+
+If you enable or do not configure this policy setting, users can run unsigned .rdp files and .rdp files from unknown publishers on the client computer. Before a user starts an RDP session, the user receives a warning message and is asked to confirm whether they want to connect.
+
+If you disable this policy setting, users cannot run unsigned .rdp files and .rdp files from unknown publishers on the client computer. If the user tries to start an RDP session, the user receives a message that the publisher has been blocked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow .rdp files from unknown publishers*
+-   GP name: *TS_CLIENT_ALLOW_UNSIGNED_FILES_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.
+
+Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.
+
+By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8, Windows Server 2012, Windows 7, Windows Vista, or Windows XP Professional.
+
+If you enable this policy setting, audio and video playback redirection is allowed.
+
+If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC, or video playback is specified in the .rdp file.  If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow audio and video playback redirection*
+-   GP name: *TS_CLIENT_AUDIO*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_CAPTURE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.
+
+Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone.
+
+By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running at least Windows 7, or Windows Server 2008 R2.
+
+If you enable this policy setting, audio recording redirection is allowed.
+
+If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC.
+
+If you do not configure this policy setting, Audio recording redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow audio recording redirection*
+-   GP name: *TS_CLIENT_AUDIO_CAPTURE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_AUDIO_QUALITY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.
+
+If you enable this policy setting, you must select one of the following:  High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.
+
+The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer.
+
+For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.
+
+Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.
+
+If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit audio playback quality*
+-   GP name: *TS_CLIENT_AUDIO_QUALITY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
+

From 5ef29ee8447ba6a22ef357b13a3c8ef57326e729 Mon Sep 17 00:00:00 2001
From: Brandon Smith 
Date: Tue, 27 Oct 2020 17:29:27 -0700
Subject: [PATCH 105/346] Update new-in-windows-mdm-enrollment-management.md

WindowsSandbox policy docs were mistakenly included for 20h2, when they are available for insiders only at the moment.
---
 .../mdm/new-in-windows-mdm-enrollment-management.md             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 9f14f29625..75057cb9c7 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -26,7 +26,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 
 |New or updated article|Description|
 |-----|-----|
-| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
    - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
    - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
    - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
    - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
    - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
    - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
    - [WindowsSandbox/AllowAudioInput](policy-csp-windowssandbox.md#windowssandbox-allowaudioinput)
    - [WindowsSandbox/AllowClipboardRedirection](policy-csp-windowssandbox.md#windowssandbox-allowclipboardredirection)
    - [WindowsSandbox/AllowNetworking](policy-csp-windowssandbox.md#windowssandbox-allownetworking)
    - [WindowsSandbox/AllowPrinterRedirection](policy-csp-windowssandbox.md#windowssandbox-allowprinterredirection)
    - [WindowsSandbox/AllowVGPU](policy-csp-windowssandbox.md#windowssandbox-allowvgpu)
    - [WindowsSandbox/AllowVideoInput](policy-csp-windowssandbox.md#windowssandbox-allowvideoinput) |
+| [Policy CSP](policy-configuration-service-provider.md) | Added the following new policies in Windows 10, version 20H2:
    - [LocalUsersAndGroups/Configure](policy-csp-localusersandgroups.md#localusersandgroups-configure)
    - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
    - [MixedReality/BrightnessButtonDisabled](policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
    - [MixedReality/FallbackDiagnostics](policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
    - [MixedReality/MicrophoneDisabled](policy-csp-mixedreality.md#mixedreality-microphonedisabled)
    - [MixedReality/VolumeButtonDisabled](policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) |
 | [WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md) | Updated the description of the following node:
    - Settings/AllowWindowsDefenderApplicationGuard |
 
 ## What’s new in MDM for Windows 10, version 2004

From 6ad1d5e2d2b9f67201e8d1514afb640ae3ca29c6 Mon Sep 17 00:00:00 2001
From: Brandon Smith 
Date: Tue, 27 Oct 2020 17:35:27 -0700
Subject: [PATCH 106/346] Update policy-csp-windowssandbox.md

Associated with PR #8545
---
 .../mdm/policy-csp-windowssandbox.md          | 60 +++++++++----------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 898af9ddd1..77c69597e9 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -48,6 +48,8 @@ ms.date: 10/14/2020
 
 **WindowsSandbox/AllowAudioInput**
 
+Available in the latest Windows 10 insider preview build.
+
 
 
@@ -60,7 +62,7 @@ ms.date: 10/14/2020
 
-    
+    
@@ -68,11 +70,11 @@ ms.date: 10/14/2020
 
-    
+    
-    
+    
    
 
    
 
    
     Procheck mark9check mark
 
    
 
    
     Business
    
 
    
     Enterprisecheck mark9check mark
 
    
 
    
     Educationcheck mark9check mark
 
    
 
    
 
@@ -134,6 +136,8 @@ The following are the supported values:
 
 **WindowsSandbox/AllowClipboardRedirection**  
 
+Available in the latest Windows 10 insider preview build.
+
 
 
@@ -146,7 +150,7 @@ The following are the supported values:
 
-    
+    
@@ -154,11 +158,11 @@ The following are the supported values:
 
-    
+    
-    
+    
    
 
    
 
    
     Procheck mark9check mark
 
    
 
    
     Business
    
 
    
     Enterprisecheck mark9check mark
 
    
 
    
     Educationcheck mark9check mark
 
    
 
    
 
@@ -217,6 +221,8 @@ The following are the supported values:
 
 **WindowsSandbox/AllowNetworking**  
 
+Available in the latest Windows 10 insider preview build.
+
 
 
@@ -229,7 +235,7 @@ The following are the supported values:
 
-    
+    
@@ -237,11 +243,11 @@ The following are the supported values:
 
-    
+    
-    
+    
    
 
    
 
    
     Procheck mark9check mark
 
    
 
    
     Business
    
 
    
     Enterprisecheck mark9check mark
 
    
 
    
     Educationcheck mark9check mark
 
    
 
    
 
@@ -298,6 +304,8 @@ The following are the supported values:
 
 **WindowsSandbox/AllowPrinterRedirection**  
 
+Available in the latest Windows 10 insider preview build.
+
 
 
@@ -310,7 +318,7 @@ The following are the supported values:
 
-    
+    
@@ -318,11 +326,11 @@ The following are the supported values:
 
-    
+    
-    
+    
    
 
    
 
    
     Procheck mark9check mark
 
    
 
    
     Business
    
 
    
     Enterprisecheck mark9check mark
 
    
 
    
     Educationcheck mark9check mark
 
    
 
    
 
@@ -380,6 +388,8 @@ The following are the supported values:
 
 **WindowsSandbox/AllowVGPU**  
 
+Available in the latest Windows 10 insider preview build.
+
 
 
@@ -392,7 +402,7 @@ The following are the supported values:
 
-    
+    
@@ -400,11 +410,11 @@ The following are the supported values:
 
-    
+    
-    
+    
    
 
    
 
    
     Procheck mark9check mark
 
    
 
    
     Business
    
 
    
     Enterprisecheck mark9check mark
 
    
 
    
     Educationcheck mark9check mark
 
    
 
    
 
@@ -465,6 +475,8 @@ The following are the supported values:
 
 **WindowsSandbox/AllowVideoInput**  
 
+Available in the latest Windows 10 insider preview build.
+
 
 
@@ -477,7 +489,7 @@ The following are the supported values:
 
-    
+    
@@ -485,11 +497,11 @@ The following are the supported values:
 
-    
+    
-    
+    
    
 
    
 
    
     Procheck mark9check mark
 
    
 
    
     Business
    
 
    
     Enterprisecheck mark9check mark
 
    
 
    
     Educationcheck mark9check mark
 
    
 
    
 
@@ -546,16 +558,4 @@ The following are the supported values:
 
 
    
 
-Footnotes:
-
-- 1 - Available in Windows 10, version 1607.
-- 2 - Available in Windows 10, version 1703.
-- 3 - Available in Windows 10, version 1709.
-- 4 - Available in Windows 10, version 1803.
-- 5 - Available in Windows 10, version 1809.
-- 6 - Available in Windows 10, version 1903.
-- 7 - Available in Windows 10, version 1909.
-- 8 - Available in Windows 10, version 2004.
-- 9 - Available in Windows 10, version 20H2.
-
 

From 174d13f07e90f0b9dd3f5f558ebd1416520b5988 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Wed, 28 Oct 2020 06:16:13 -0700
Subject: [PATCH 107/346] Update microsoft-cloud-app-security-config.md

removed preview note. This is now GA
---
 .../microsoft-cloud-app-security-config.md                      | 2 --
 1 file changed, 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
index 06d2ab83cf..16dd867662 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-cloud-app-security-config.md
@@ -27,8 +27,6 @@ ms.topic: article
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-[!include[Prerelease information](../../includes/prerelease.md)]
-
 To benefit from Microsoft Defender Advanced Threat Protection (ATP) cloud app discovery signals, turn on Microsoft Cloud App Security integration.
 
 >[!NOTE]

From d9ded8c49f0659b7791dbf72f144dec8682dd678 Mon Sep 17 00:00:00 2001
From: MaratMussabekov <48041687+MaratMussabekov@users.noreply.github.com>
Date: Wed, 28 Oct 2020 20:11:03 +0500
Subject: [PATCH 108/346] Update
 windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md

Co-authored-by: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
---
 .../hello-for-business/hello-hybrid-key-whfb-provision.md       | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index f9fef4f777..5a790c046a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -54,7 +54,7 @@ The remainder of the provisioning includes Windows Hello for Business requesting
 
 > [!IMPORTANT]
 > The minimum time needed to synchronize the user's public key from Azure Active Directory to the on-premises Active Directory is 30 minutes. The Azure AD Connect scheduler controls the synchronization interval. 
-> **This synchronization latency delays the user's ability to authenticate and uses on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
+> **This synchronization latency delays the user's ability to authenticate and use on-premises resources until the user's public key has synchronized to Active Directory.** Once synchronized, the user can authenticate and use on-premises resources.
 > Read [Azure AD Connect sync: Scheduler](https://docs.microsoft.com/azure/active-directory/connect/active-directory-aadconnectsync-feature-scheduler) to view and adjust the **synchronization cycle** for your organization.
 
 

    

From ad5676e24008a7a85ba6fdb86dcbe674bf8d8ba5 Mon Sep 17 00:00:00 2001
From: Tina Burden 
Date: Wed, 28 Oct 2020 09:41:10 -0700
Subject: [PATCH 109/346] pencil edit

---
 .../microsoft-defender-atp-ios-privacy-information.md            | 1 -
 1 file changed, 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index d9f08b5875..db4144d60a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -23,7 +23,6 @@ ms.topic: conceptual
 # Privacy information - Microsoft Defender ATP for iOS
 
 >[!NOTE] 
-
 > Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.
 
 Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. The information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected, and to support the service. 

From de70a4890484fed0eceb72d76f5d69a4a50dd1be Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 28 Oct 2020 10:48:02 -0700
Subject: [PATCH 110/346] Added 20H2 Policy CSP DDF

---
 .../client-management/mdm/policy-ddf-file.md  | 746 +++++++++++++++++-
 1 file changed, 743 insertions(+), 3 deletions(-)

diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index 27c1aceaf0..88231009d5 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -10,7 +10,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 06/03/2020
+ms.date: 10/28/2020
 ---
 
 # Policy DDF file
@@ -20,6 +20,7 @@ This topic shows the OMA DM device description framework (DDF) for the **Policy*
 
 You can view various Policy DDF files by clicking the following links:
 
+- [View the Policy DDF file for Windows 10, version 20H2](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_20H2.xml)
 - [View the Policy DDF file for Windows 10, version 2004](https://download.microsoft.com/download/4/0/f/40f9ec45-3bea-442c-8afd-21edc1e057d8/PolicyDDF_all_2004.xml)
 - [View the Policy DDF file for Windows 10, version 1903](https://download.microsoft.com/download/0/C/D/0CD61812-8B9C-4846-AC4A-1545BFD201EE/PolicyDDF_all_1903.xml)
 - [View the Policy DDF file for Windows 10, version 1809](https://download.microsoft.com/download/7/3/5/735B8537-82F4-4CD1-B059-93984F9FAAC5/Policy_DDF_all_1809.xml)
@@ -32,7 +33,7 @@ You can view various Policy DDF files by clicking the following links:
 
 You can download DDF files for various CSPs from [CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download).
 
-The XML below is the DDF for Windows 10, version 2004.
+The XML below is the DDF for Windows 10, version 20H2.
 
 ```xml
 
@@ -8713,6 +8714,52 @@ Related policy:
           
         
       
+      
+        Multitasking
+        
+          
+            
+            
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          BrowserAltTabBlowout
+          
+            
+              
+              
+              
+              
+            
+            Configures the inclusion of Edge tabs into Alt-Tab.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
       
         Notifications
         
@@ -18919,6 +18966,55 @@ Related policy:
           
         
       
+      
+        Multitasking
+        
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          BrowserAltTabBlowout
+          
+            
+              
+            
+            1
+            Configures the inclusion of Edge tabs into Alt-Tab.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            phone
+            multitasking.admx
+            AltTabFilterDropdown
+            multitasking~AT~WindowsComponents~MULTITASKING
+            MultiTaskingAltTabFilter
+            LastWrite
+          
+        
+      
       
         Notifications
         
@@ -29757,6 +29853,30 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             
           
         
+        
+          DisableCloudOptimizedContent
+          
+            
+              
+              
+              
+              
+            
+            This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
         
           DoNotShowFeedbackNotifications
           
@@ -38353,6 +38473,60 @@ The options are:
           
         
       
+      
+        LocalUsersAndGroups
+        
+          
+            
+            
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          Configure
+          
+            
+              
+              
+              
+              
+            
+            This Setting allows an administrator to manage local groups on a Device.
+                            Possible settings:
+                            1. Update Group Membership: Update a group and add and/or remove members though the 'U' action.
+                            When using Update, existing group members that are not specified in the policy remain untouched.
+                            2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action.
+                            When using Replace, existing group membership is replaced by the list of members specified in
+                            the add member section. This option works in the same way as a Restricted Group and any group
+                            members that are not specified in the policy are removed.
+                            Caution: If the same group is configured with both Replace and Update, then Replace will win.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
       
         LockDown
         
@@ -38563,6 +38737,172 @@ The options are:
           
         
       
+      
+        MixedReality
+        
+          
+            
+            
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          AADGroupMembershipCacheValidityInDays
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          BrightnessButtonDisabled
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          FallbackDiagnostics
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          HeadTrackingMode
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          MicrophoneDisabled
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+        
+          VolumeButtonDisabled
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
+      
       
         MSSecurityGuide
         
@@ -47384,6 +47724,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             
           
         
+        
+          DisableWUfBSafeguards
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
         
           EngagedRestartDeadline
           
@@ -48152,6 +48516,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             
           
         
+        
+          SetProxyBehaviorForUpdateDetection
+          
+            
+              
+              
+              
+              
+            
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+          
+        
         
           TargetReleaseVersion
           
@@ -61298,6 +61686,33 @@ Configure the minimum password age to be more than 0 if you want Enforce passwor
             LowestValueMostSecure
           
         
+        
+          DisableCloudOptimizedContent
+          
+            
+              
+            
+            0
+            This policy controls Windows experiences that use the cloud optimized content client component. If you enable this policy, they will present only default content. If you disable or do not configure this policy, they will be able to use cloud provided content.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            CloudContent.admx
+            CloudContent~AT~WindowsComponents~CloudContent
+            DisableCloudOptimizedContent
+            HighestValueMostSecure
+          
+        
         
           DoNotShowFeedbackNotifications
           
@@ -70811,6 +71226,116 @@ The options are:
           
         
       
+      
+        LocalUsersAndGroups
+        
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          Configure
+          
+            
+              
+            
+            
+            This Setting allows an administrator to manage local groups on a Device.
+                            Possible settings:
+                            1. Update Group Membership: Update a group and add and/or remove members though the 'U' action.
+                            When using Update, existing group members that are not specified in the policy remain untouched.
+                            2. Replace Group Membership: Restrict a group by replacing group membership through the 'R' action.
+                            When using Replace, existing group membership is replaced by the list of members specified in
+                            the add member section. This option works in the same way as a Restricted Group and any group
+                            members that are not specified in the policy are removed.
+                            Caution: If the same group is configured with both Replace and Update, then Replace will win.
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            phone
+            LastWrite
+            
+                          
+                            
+                              
+                            
+                          
+                          
+                            
+                                
+                                    
+                                      
+                                        Group Configuration Action
+                                      
+                                      
+                                        
+                                      
+                                    
+                                    
+                                      
+                                        Group Member to Add
+                                      
+                                      
+                                        
+                                      
+                                    
+                                    
+                                      
+                                        Group Member to Remove
+                                      
+                                      
+                                        
+                                      
+                                    
+                                    
+                                      
+                                        Group property to configure
+                                      
+                                      
+                                        
+                                        
+                                      
+                                    
+                                  
+                              
+                            
+                          
+                          
+                            
+                              
+                                
+                                  
+                              Local Group Configuration
+                            
+                                
+                              
+                            
+                          
+                      
+          
+        
+      
       
         LockDown
         
@@ -71027,6 +71552,170 @@ The options are:
           
         
       
+      
+        MixedReality
+        
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+          
+            
+          
+        
+        
+          AADGroupMembershipCacheValidityInDays
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
+        
+          BrightnessButtonDisabled
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            HighestValueMostSecure
+          
+        
+        
+          FallbackDiagnostics
+          
+            
+              
+            
+            2
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
+        
+          HeadTrackingMode
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
+        
+          MicrophoneDisabled
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            HighestValueMostSecure
+          
+        
+        
+          VolumeButtonDisabled
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            HighestValueMostSecure
+          
+        
+      
       
         MSSecurityGuide
         
@@ -80733,6 +81422,30 @@ If you disable or do not configure this policy setting, the wake setting as spec
             LastWrite
           
         
+        
+          DisableWUfBSafeguards
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            LastWrite
+          
+        
         
           EngagedRestartDeadline
           
@@ -81607,6 +82320,34 @@ If you disable or do not configure this policy setting, the wake setting as spec
             LastWrite
           
         
+        
+          SetProxyBehaviorForUpdateDetection
+          
+            
+              
+            
+            0
+            
+            
+              
+            
+            
+              
+            
+            
+              
+            
+            
+              text/plain
+            
+            
+            WindowsUpdate.admx
+            SetProxyBehaviorForUpdateDetection
+            WindowsUpdate~AT~WindowsComponents~WindowsUpdateCat
+            CorpWuURL
+            LastWrite
+          
+        
         
           TargetReleaseVersion
           
@@ -83951,5 +84692,4 @@ Note: The first sign-in animation will not be shown on Server, so this policy wi
     
   
 
-
 ```

From e68165eaf4a0242b8cf9b266e1a16a5a7bbe564e Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 29 Oct 2020 00:33:28 +0530
Subject: [PATCH 111/346] updated-4567381-Batch3

rebranding
---
 .../basic-permissions.md                      |  4 +--
 .../behavioral-blocking-containment.md        | 18 +++++-----
 .../check-sensor-status.md                    | 20 +++++------
 .../client-behavioral-blocking.md             | 12 +++----
 .../collect-investigation-package.md          |  6 ++--
 .../microsoft-defender-atp/commercial-gov.md  | 14 ++++----
 .../microsoft-defender-atp/common-errors.md   |  2 +-
 .../microsoft-defender-atp/community.md       | 10 +++---
 .../conditional-access.md                     | 12 +++----
 .../configure-arcsight.md                     | 25 +++++++-------
 ...re-automated-investigations-remediation.md |  2 +-
 .../configure-conditional-access.md           | 10 +++---
 .../configure-email-notifications.md          | 14 ++++----
 .../configure-endpoints-gp.md                 | 14 ++++----
 .../configure-endpoints-mdm.md                | 20 +++++------
 .../configure-endpoints-non-windows.md        | 18 +++++-----
 .../configure-endpoints-sccm.md               | 18 +++++-----
 .../configure-endpoints-script.md             | 16 ++++-----
 .../configure-endpoints-vdi.md                | 16 ++++-----
 .../configure-endpoints.md                    |  6 ++--
 .../configure-machines-asr.md                 |  8 ++---
 .../configure-machines-onboarding.md          | 20 +++++------
 .../configure-machines-security-baseline.md   | 34 +++++++++----------
 .../configure-machines.md                     | 16 ++++-----
 .../configure-microsoft-threat-experts.md     | 14 ++++----
 25 files changed, 174 insertions(+), 175 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
index 82b023af7d..cd2daed39c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/basic-permissions.md
@@ -24,9 +24,9 @@ ms.topic: article
 **Applies to:**
 
 - Azure Active Directory
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-basicaccess-abovefoldlink)
 
 Refer to the instructions below to use basic permissions management. 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
index b69250703a..98d7592f72 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
@@ -27,23 +27,23 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Overview
 
-Today’s threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Microsoft Defender ATP](https://docs.microsoft.com/windows/security). 
+Today’s threat landscape is overrun by [fileless malware](https://docs.microsoft.com/windows/security/threat-protection/intelligence/fileless-threats) and that lives off the land, highly polymorphic threats that mutate faster than traditional solutions can keep up with, and human-operated attacks that adapt to what adversaries find on compromised devices. Traditional security solutions are not sufficient to stop such attacks; you need artificial intelligence (AI) and device learning (ML) backed capabilities, such as behavioral blocking and containment, included in [Defender for Endpoint](https://docs.microsoft.com/windows/security). 
 
-Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Microsoft Defender ATP components and features work together in behavioral blocking and containment capabilities. 
+Behavioral blocking and containment capabilities can help identify and stop threats, based on their behaviors and process trees even when the threat has started execution. Next-generation protection, EDR, and Defender for Endpoint components and features work together in behavioral blocking and containment capabilities. 
 
 :::image type="content" source="images/mdatp-next-gen-EDR-behavblockcontain.png" alt-text="Behavioral blocking and containment":::
 
-Behavioral blocking and containment capabilities work with multiple components and features of Microsoft Defender ATP to stop attacks immediately and prevent attacks from progressing.
+Behavioral blocking and containment capabilities work with multiple components and features of Defender for Endpoint to stop attacks immediately and prevent attacks from progressing.
 
 - [Next-generation protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/microsoft-defender-antivirus-in-windows-10) (which includes Microsoft Defender Antivirus) can detect threats by analyzing behaviors, and stop threats that have started running.
 
 - [Endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) receives security signals across your network, devices, and kernel behavior. As threats are detected, alerts are created. Multiple alerts of the same type are aggregated into incidents, which makes it easier for your security operations team to investigate and respond.
 
-- [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Microsoft Defender ATP processes and correlates these signals, raises detection alerts, and connects related alerts in incidents. 
+- [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) has a wide range of optics across identities, email, data, and apps, in addition to the network, endpoint, and kernel behavior signals received through EDR. A component of [Microsoft 365 Defender](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection), Defender for Endpoint processes and correlates these signals, raises detection alerts, and connects related alerts in incidents. 
 
 With these capabilities, more threats can be prevented or blocked, even if they start running. Whenever suspicious behavior is detected, the threat is contained, alerts are created, and threats are stopped in their tracks. 
 
@@ -85,7 +85,7 @@ Below are two real-life examples of behavioral blocking and containment in actio
 
 As described in [In hot pursuit of elusive threats: AI-driven behavior-based blocking stops attacks in their tracks](https://www.microsoft.com/security/blog/2019/10/08/in-hot-pursuit-of-elusive-threats-ai-driven-behavior-based-blocking-stops-attacks-in-their-tracks), a credential theft attack against 100 organizations around the world was stopped by behavioral blocking and containment capabilities. Spear-phishing email messages that contained a lure document were sent to the targeted organizations. If a recipient opened the attachment, a related remote document was able to execute code on the user’s device and load Lokibot malware, which stole credentials, exfiltrated stolen data, and waited for further instructions from a command-and-control server. 
 
-Behavior-based device learning models in Microsoft Defender ATP caught and stopped the attacker’s techniques at two points in the attack chain:
+Behavior-based device learning models in Defender for Endpoint caught and stopped the attacker’s techniques at two points in the attack chain:
 - The first protection layer detected the exploit behavior. Device learning classifiers in the cloud correctly identified the threat as and immediately instructed the client device to block the attack.
 - The second protection layer, which helped stop cases where the attack got past the first layer, detected process hollowing, stopped that process, and removed the corresponding files (such as Lokibot). 
 
@@ -97,7 +97,7 @@ This example shows how behavior-based device learning models in the cloud add ne
 
 ### Example 2: NTLM relay - Juicy Potato malware variant
 
-As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Microsoft Defender ATP detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
+As described in the recent blog post, [Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection), in January 2020, Defender for Endpoint detected a privilege escalation activity on a device in an organization. An alert called “Possible privilege escalation using NTLM relay” was triggered.
 
 :::image type="content" source="images/NTLMalertjuicypotato.png" alt-text="NTLM alert for Juicy Potato malware":::
 
@@ -113,7 +113,7 @@ This example shows that with behavioral blocking and containment capabilities, t
 
 ## Next steps
 
-- [Learn more about Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
+- [Learn more about Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response)
 
 - [Configure your attack surface reduction rules](attack-surface-reduction.md)
 
@@ -121,4 +121,4 @@ This example shows that with behavioral blocking and containment capabilities, t
 
 - [See recent global threat activity](https://www.microsoft.com/wdsi/threats)
 
-- [Get an overview of Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
+- [Get an overview of Microsoft 365 Defender ](https://docs.microsoft.com/microsoft-365/security/mtp/microsoft-threat-protection)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
index 3e1124927b..bbff2e68b9 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/check-sensor-status.md
@@ -18,32 +18,32 @@ ms.topic: article
 ms.date: 04/24/2018
 ---
 
-# Check sensor health state in Microsoft Defender ATP
+# Check sensor health state in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-checksensor-abovefoldlink)
 
-The **Devices with sensor issues** tile is found on the Security Operations dashboard. This tile provides information on the individual device’s ability to provide sensor data and communicate with the Microsoft Defender ATP service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.
+The **Devices with sensor issues** tile is found on the Security Operations dashboard. This tile provides information on the individual device’s ability to provide sensor data and communicate with the Defender for Endpoint service. It reports how many devices require attention and helps you identify problematic devices and take action to correct known issues.
 
 There are two status indicators on the tile that provide information on the number of devices that are not reporting properly to the service:
-- **Misconfigured** - These devices might partially be reporting sensor data to the Microsoft Defender ATP service and might have configuration errors that need to be corrected.
-- **Inactive** - Devices that have stopped reporting to the Microsoft Defender ATP service for more than seven days in the past month.
+- **Misconfigured** - These devices might partially be reporting sensor data to the Defender for Endpoint service and might have configuration errors that need to be corrected.
+- **Inactive** - Devices that have stopped reporting to the Defender for Endpoint service for more than seven days in the past month.
 
 Clicking any of the groups directs you to **Devices list**, filtered according to your choice.
 
 ![Screenshot of Devices with sensor issues tile](images/atp-devices-with-sensor-issues-tile.png)
 
 On **Devices list**, you can filter the health state list by the following status:
-- **Active** - Devices that are actively reporting to the Microsoft Defender ATP service.
-- **Misconfigured** - These devices might partially be reporting sensor data to the Microsoft Defender ATP service but have configuration errors that need to be corrected. Misconfigured devices can have either one or a combination of the following issues:
+- **Active** - Devices that are actively reporting to the Defender for Endpoint service.
+- **Misconfigured** - These devices might partially be reporting sensor data to the Defender for Endpoint service but have configuration errors that need to be corrected. Misconfigured devices can have either one or a combination of the following issues:
   - **No sensor data** - Devices has stopped sending sensor data. Limited alerts can be triggered from the device.
   - **Impaired communications** - Ability to communicate with device is impaired. Sending files for deep analysis, blocking files, isolating device from network and other actions that require communication with the device may not work.
-- **Inactive** - Devices that have stopped reporting to the Microsoft Defender ATP service.
+- **Inactive** - Devices that have stopped reporting to the Defender for Endpoint service.
 
 You can also download the entire list in CSV format using the **Export** feature. For more information on filters, see [View and organize the Devices list](machines-view-overview.md).
 
@@ -55,4 +55,4 @@ You can also download the entire list in CSV format using the **Export** feature
 You can view the device details when you click on a misconfigured or inactive device.
 
 ## Related topic
-- [Fix unhealthy sensors in Microsoft Defender ATP](fix-unhealthy-sensors.md)
+- [Fix unhealthy sensors in Defender for Endpoint](fix-unhealthy-sensors.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
index 0af5e1bb5c..ef5d153836 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/client-behavioral-blocking.md
@@ -27,11 +27,11 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Overview
 
-Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Microsoft Defender ATP. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically. 
+Client behavioral blocking is a component of [behavioral blocking and containment capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment) in Defender for Endpoint. As suspicious behaviors are detected on devices (also referred to as clients or endpoints), artifacts (such as files or applications) are blocked, checked, and remediated automatically. 
 
 :::image type="content" source="images/pre-execution-and-post-execution-detection-engines.png" alt-text="Cloud and client protection":::
 
@@ -72,11 +72,11 @@ Behavior-based detections are named according to the [MITRE ATT&CK Matrix for En
 
 ## Configuring client behavioral blocking
 
-If your organization is using Microsoft Defender ATP, client behavioral blocking is enabled by default. However, to benefit from all Microsoft Defender ATP capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Microsoft Defender ATP are enabled and configured:
+If your organization is using Defender for Endpoint, client behavioral blocking is enabled by default. However, to benefit from all Defender for Endpoint capabilities, including [behavioral blocking and containment](behavioral-blocking-containment.md), make sure the following features and capabilities of Defender for Endpoint are enabled and configured:
 
-- [Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
+- [Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)
 
-- [Devices onboarded to Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
+- [Devices onboarded to Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/onboard-configure)
 
 - [EDR in block mode](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode)
 
@@ -92,4 +92,4 @@ If your organization is using Microsoft Defender ATP, client behavioral blocking
 
 - [(Blog) Behavioral blocking and containment: Transforming optics into protection](https://www.microsoft.com/security/blog/2020/03/09/behavioral-blocking-and-containment-transforming-optics-into-protection/)
 
-- [Helpful Microsoft Defender ATP resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
+- [Helpful Defender for Endpoint resources](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/helpful-resources)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
index 86fb26842c..0d6949ea0b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/collect-investigation-package.md
@@ -22,9 +22,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 ## API description
 Collect investigation package from a device.
@@ -35,7 +35,7 @@ Collect investigation package from a device.
 
 
 ## Permissions
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
index d4c8c750c8..2b9b14ac6d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP for US Government GCC High customers
+# Microsoft Defender for Endpoint for US Government GCC High customers
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP) for US Government Community Cloud High (GCC High) customers, built in the US Azure Government environment, uses the same underlying technologies as Microsoft Defender ATP in Azure Commercial.
+Microsoft Defender for Endpoint for US Government Community Cloud High (GCC High) customers, built in the US Azure Government environment, uses the same underlying technologies as Defender for Endpoint in Azure Commercial.
 
 This offering is currently available to US Office 365 GCC High customers and is based on the same prevention, detection, investigation, and remediation as the commercial version. However, there are some key differences in the availability of capabilities for this offering.
 
@@ -40,7 +40,7 @@ The following OS versions are supported:
 - Windows Server, 2019 (with [KB4490481](https://support.microsoft.com/en-us/help/4490481))
 
 >[!NOTE]
->A patch must be deployed before device onboarding in order to configure Microsoft Defender ATP to the correct environment.
+>A patch must be deployed before device onboarding in order to configure Defender for Endpoint to the correct environment.
 
 The following OS versions are supported via Azure Security Center:
 - Windows Server 2008 R2 SP1
@@ -59,7 +59,7 @@ The following OS versions are not supported:
 - macOS
 - Linux
 
-The initial release of Microsoft Defender ATP will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
+The initial release of Defender for Endpoint will not have immediate parity with the commercial offering. While our goal is to deliver all commercial features and functionality to our US Government (GCC High) customers, there are some capabilities not yet available that we'd like to highlight. These are the known gaps as of August 2020:
 
 ## Threat Analytics
 Not currently available.
@@ -91,7 +91,7 @@ Not currently available.
 Integrations with the following Microsoft products are not currently available:
 - Azure Advanced Threat Protection
 - Azure Information Protection
-- Office 365 Advanced Threat Protection
+- Defender for Office 365
 - Microsoft Cloud App Security
 - Skype for Business
 - Microsoft Intune (sharing of device information and enhanced policy enforcement)
@@ -105,7 +105,7 @@ You'll need to ensure that traffic from the following are allowed:
 Service location | DNS record
 :---|:---
 Common URLs for all locations (Global location) | ```crl.microsoft.com```
    ```ctldl.windowsupdate.com```
    ```notify.windows.com```
    ```settings-win.data.microsoft.com``` 

     NOTE: ```settings-win.data.microsoft.com``` is only needed on Windows 10 devices running version 1803 or earlier.
-Microsoft Defender ATP GCC High specific | ```us4-v20.events.data.microsoft.com``` 
    ```winatp-gw-usgt.microsoft.com```
    ```winatp-gw-usgv.microsoft.com```
    ```*.blob.core.usgovcloudapi.net``` 
+Defender for Endpoint GCC High specific | ```us4-v20.events.data.microsoft.com``` 
    ```winatp-gw-usgt.microsoft.com```
    ```winatp-gw-usgv.microsoft.com```
    ```*.blob.core.usgovcloudapi.net``` 
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
index d34460c4bf..500eccf845 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/common-errors.md
@@ -21,7 +21,7 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender ATP APIs.
+* The error codes listed in the following table may be returned by an operation on any of Microsoft Defender for Endpoint APIs.
 * Note that in addition to the error code, every error response contains an error message which can help resolving the problem.
 * Note that the message is a free text that can be changed.
 * At the bottom of the page you can find response examples.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/community.md b/windows/security/threat-protection/microsoft-defender-atp/community.md
index 72fcf84f1e..f68dcdeab3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/community.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/community.md
@@ -19,17 +19,17 @@ ms.date: 04/24/2018
 ---
 
 
-# Access the Microsoft Defender ATP Community Center
+# Access the Microsoft Defender for Endpoint Community Center
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
-The Microsoft Defender ATP Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
+The Defender for Endpoint Community Center is a place where community members can learn, collaborate, and share experiences about the product. 
 
 There are several spaces you can explore to learn about specific information:
 - Announcements 
@@ -38,8 +38,8 @@ There are several spaces you can explore to learn about specific information:
 
 
 There are several ways you can access the Community Center:
-- In the Microsoft Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Microsoft Defender ATP Tech Community page. 
-- Access the community through the [Microsoft Defender Advanced Threat Protection Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
+- In the Microsoft Defender Security Center navigation pane, select **Community center**.  A new browser tab opens and takes you to the Defender for Endpoint Tech Community page. 
+- Access the community through the [Microsoft Defender for Endpoint Tech Community](https://techcommunity.microsoft.com/t5/Windows-Defender-Advanced-Threat/ct-p/WindowsDefenderAdvanced) page
 
 
 You can instantly view and read conversations that have been posted in the community. 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
index 37f919486e..a0ace30f14 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/conditional-access.md
@@ -23,11 +23,11 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-abovefoldlink)
 
 Conditional Access is a capability that helps you better protect your users and enterprise information by making sure that only secure devices have access to applications.
 
@@ -37,7 +37,7 @@ With Conditional Access, you can control access to enterprise information based
 
 You can define security conditions under which devices and applications can run and access information from your network by enforcing policies to stop applications from running until a device returns to a compliant state. 
 
-The implementation of Conditional Access in Microsoft Defender ATP is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. 
+The implementation of Conditional Access in Defender for Endpoint is based on Microsoft Intune (Intune) device compliance policies and Azure Active Directory (Azure AD) conditional access policies. 
 
 The compliance policy is used with Conditional Access to allow only devices that fulfill one or more device compliance policy rules to access applications. 
 
@@ -67,15 +67,15 @@ When the risk is removed either through manual or automated remediation, the dev
 
 The following example sequence of events explains Conditional Access in action:
 
-1. A user opens a malicious file and Microsoft Defender ATP flags the device as high risk.
+1. A user opens a malicious file and Defender for Endpoint flags the device as high risk.
 2. The high risk assessment is passed along to Intune. In parallel, an automated investigation is initiated to remediate the identified threat. A manual remediation can also be done to remediate the identified threat.
 3. Based on the policy created in Intune, the device is marked as not compliant. The assessment is then communicated to Azure AD by the Intune Conditional Access policy. In Azure AD, the corresponding policy is applied to block access to applications.
-4. The manual or automated investigation and remediation is completed and the threat is removed. Microsoft Defender ATP sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
+4. The manual or automated investigation and remediation is completed and the threat is removed. Defender for Endpoint sees that there is no risk on the device and Intune assesses the device to be in a compliant state. Azure AD applies the policy which allows access to applications.
 5. Users can now access applications.
 
  
 ## Related topic
-- [Configure Conditional Access in Microsoft Defender ATP](configure-conditional-access.md)
+- [Configure Conditional Access in Microsoft Defender for Endpoint](configure-conditional-access.md)
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
index af6feb07a8..aca0be0b19 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-arcsight.md
@@ -17,25 +17,24 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Micro Focus ArcSight to pull Microsoft Defender ATP detections
+# Configure Micro Focus ArcSight to pull Defender for Endpoint detections
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
 
-
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configurearcsight-abovefoldlink) 
 
-You'll need to install and configure some files and tools to use Micro Focus ArcSight so that it can pull Microsoft Defender ATP detections.
+You'll need to install and configure some files and tools to use Micro Focus ArcSight so that it can pull Defender for Endpoint detections.
 
 >[!Note]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>- [Defender for Endpoint Alert](alerts.md) is composed from one or more detections
+>- [Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
 
 ## Before you begin
 
@@ -43,7 +42,7 @@ Configuring the Micro Focus ArcSight Connector tool requires several configurati
 
 This section guides you in getting the necessary information to set and use the required configuration files correctly.
 
-- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md).
+- Make sure you have enabled the SIEM integration feature from the **Settings** menu. For more information, see [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md).
 
 - Have the file you saved from enabling the SIEM integration feature ready. You'll need to get the following values:
   - OAuth 2.0 Token refresh URL
@@ -116,7 +115,7 @@ The following steps assume that you have completed all the required steps in [Be
     Browse to the location of the wdatp-connector.properties file. The name must match the file provided in the .zip that you downloaded.
     
     Refresh Token
-    You can obtain a refresh token in two ways: by generating a refresh token from the SIEM settings page or using the restutil tool. 

     For more information on generating a refresh token from the Preferences setup , see Enable SIEM integration in Microsoft Defender ATP. 
     
    Get your refresh token using the restutil tool: 
     a. Open a command prompt. Navigate to C:\folder_location\current\bin where folder_location represents the location where you installed the tool. 

     b. Type: arcsight restutil token -config from the bin directory.For example: arcsight restutil boxtoken -proxy proxy.location.hp.com:8080 A Web browser window will open. 
     
    c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. 
     
    d. A refresh token is shown in the command prompt. 

     e. Copy and paste it into the Refresh Token field.
+    You can obtain a refresh token in two ways: by generating a refresh token from the SIEM settings page or using the restutil tool. 

     For more information on generating a refresh token from the Preferences setup , see Enable SIEM integration in Defender for Endpoint. 
     
    Get your refresh token using the restutil tool: 
     a. Open a command prompt. Navigate to C:\folder_location\current\bin where folder_location represents the location where you installed the tool. 

     b. Type: arcsight restutil token -config from the bin directory.For example: arcsight restutil boxtoken -proxy proxy.location.hp.com:8080 A Web browser window will open. 
     
    c. Type in your credentials then click on the password field to let the page redirect. In the login prompt, enter your credentials. 
     
    d. A refresh token is shown in the command prompt. 

     e. Copy and paste it into the Refresh Token field.
     
     
     
@@ -178,7 +177,7 @@ The following steps assume that you have completed all the required steps in [Be
 
 You can now run queries in the Micro Focus ArcSight console.
 
-Microsoft Defender ATP detections will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
+Defender for Endpoint detections will appear as discrete events, with "Microsoft” as the vendor and “Windows Defender ATP” as the device name.
 
 
 ## Troubleshooting Micro Focus ArcSight connection
@@ -204,7 +203,7 @@ Microsoft Defender ATP detections will appear as discrete events, with "Microsof
 > Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear.
 
 ## Related topics
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
-- [Configure Splunk to pull Microsoft Defender ATP detections](configure-splunk.md)
-- [Pull Microsoft Defender ATP detections using REST API](pull-alerts-using-rest-api.md)
+- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)
+- [Configure Splunk to pull Defender for Endpoint detections](configure-splunk.md)
+- [Pull Defender for Endpoint detections using REST API](pull-alerts-using-rest-api.md)
 - [Troubleshoot SIEM tool integration issues](troubleshoot-siem.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
index 67bd1bd7dc..f8d91cd3e1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-automated-investigations-remediation.md
@@ -29,7 +29,7 @@ ms.reviewer: ramarom, evaldm, isco, mabraitm, chriggs
 
 - [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Microsoft Defender ATP), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 
+If your organization is using [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/) (Defender for Endpoint), [automated investigation and remediation capabilities](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations) can save your security operations team time and effort. As outlined in [this blog post](https://techcommunity.microsoft.com/t5/microsoft-defender-atp/enhance-your-soc-with-microsoft-defender-atp-automatic/ba-p/848946), these capabilities mimic the ideal steps that a security analyst takes to investigate and remediate threats. [Learn more about automated investigation and remediation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/automated-investigations). 
 
 To configure automated investigation and remediation, [turn on the features](#turn-on-automated-investigation-and-remediation), and then [set up device groups](#set-up-device-groups).
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
index afca257675..206e5721b3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-conditional-access.md
@@ -17,12 +17,12 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Configure Conditional Access in Microsoft Defender ATP
+# Configure Conditional Access in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 This section guides you through all the steps you need to take to properly implement Conditional Access.
 
@@ -54,7 +54,7 @@ It's important to note the required roles to access these portals and implement
 
 Take the following steps to enable Conditional Access:
 - Step 1: Turn on the Microsoft Intune connection from Microsoft Defender Security Center
-- Step 2: Turn on the Microsoft Defender ATP integration in Intune
+- Step 2: Turn on the Defender for Endpoint integration in Intune
 - Step 3: Create the compliance policy in Intune
 - Step 4: Assign the policy 
 - Step 5: Create an Azure AD Conditional Access policy
@@ -66,7 +66,7 @@ Take the following steps to enable Conditional Access:
 3. Click **Save preferences**.
 
 
-### Step 2: Turn on the Microsoft Defender ATP integration in Intune
+### Step 2: Turn on the Defender for Endpoint integration in Intune
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. Select **Device compliance** > **Microsoft Defender ATP**.
 3. Set **Connect Windows 10.0.15063+ devices to Microsoft Defender Advanced Threat Protection** to **On**.
@@ -107,4 +107,4 @@ Take the following steps to enable Conditional Access:
 
 For more information, see [Enable Microsoft Defender ATP with Conditional Access in Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-conditionalaccess-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
index ed52fc4d30..f7ccfe871b 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-email-notifications.md
@@ -23,12 +23,12 @@ ms.topic: article
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-emailconfig-abovefoldlink)
 
-You can configure Microsoft Defender ATP to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
+You can configure Defender for Endpoint to send email notifications to specified recipients for new alerts. This feature enables you to identify a group of individuals who will immediately be informed and can act on alerts based on their severity.
 
 > [!NOTE]
 > Only users with 'Manage security settings' permissions can configure email notifications. If you've chosen to use basic permissions management, users with Security Administrator or Global Administrator roles can configure email notifications.
@@ -57,7 +57,7 @@ You can create rules that determine the devices and alert severities to send ema
     - **Include device information** - Includes the device name in the email alert body.
     
         >[!NOTE]
-        > This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Microsoft Defender ATP data.
+        > This information might be processed by recipient mail servers that ar not in the geographic location you have selected for your Defender for Endpoint data.
 
     - **Devices** - Choose whether to notify recipients for alerts on all devices (Global administrator role only) or on selected device groups. For more information, see [Create and manage device groups](machine-groups.md).
     - **Alert severity** - Choose the alert severity level.
@@ -92,9 +92,9 @@ This section lists various issues that you may encounter when using email notifi
 
 **Solution:** Make sure that the notifications are not blocked by email filters:
 
-1. Check that the Microsoft Defender ATP email notifications are not sent to the Junk Email folder. Mark them as Not junk.
-2. Check that your email security product is not blocking the email notifications from Microsoft Defender ATP.
-3. Check your email application rules that might be catching and moving your Microsoft Defender ATP email notifications.
+1. Check that the Defender for Endpoint email notifications are not sent to the Junk Email folder. Mark them as Not junk.
+2. Check that your email security product is not blocking the email notifications from Defender for Endpoint.
+3. Check your email application rules that might be catching and moving your Defender for Endpoint email notifications.
 
 ## Related topics
 - [Update data retention settings](data-retention-settings.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
index 700626f9c0..5360517315 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-gp.md
@@ -27,12 +27,12 @@ ms.date: 04/24/2018
 
 - Group Policy
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsgp-abovefoldlink)
 
 
 > [!NOTE]
@@ -45,7 +45,7 @@ ms.date: 04/24/2018
 [![Image of the PDF showing the various deployment paths](images/onboard-gp.png)](images/onboard-gp.png#lightbox)
 
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint. 
 
 
 
@@ -76,9 +76,9 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
 9. Click **OK** and close any open GPMC windows.
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that the device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md).
 
-## Additional Microsoft Defender ATP configuration settings
+## Additional Defender for Endpoint configuration settings
 For each device, you can state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
@@ -234,5 +234,5 @@ With Group Policy there isn’t an option to monitor deployment of policies on t
 - [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP devices](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint devices](run-detection-test.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
index 7afe88950a..0a97fbf1e3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-mdm.md
@@ -25,13 +25,13 @@ ms.topic: article
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsmdm-abovefoldlink)
 
-You can use mobile device management (MDM) solutions to configure devices. Microsoft Defender ATP supports MDMs by providing OMA-URIs to create policies to manage devices.
+You can use mobile device management (MDM) solutions to configure devices. Defender for Endpoint supports MDMs by providing OMA-URIs to create policies to manage devices.
 
-For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 ## Before you begin
 If you're using Microsoft Intune, you must have the device MDM Enrolled. Otherwise, settings will not be applied successfully. 
@@ -40,13 +40,13 @@ For more information on enabling MDM with Microsoft Intune, see [Device enrollme
 
 ## Onboard devices using Microsoft Intune
 
-[![Image of the PDF showing onboarding devices to Microsoft Defender ATP using Microsoft Intune](images/onboard-intune.png) ](images/onboard-intune-big.png#lightbox)
+[![Image of the PDF showing onboarding devices to Defender for Endpoint using Microsoft Intune](images/onboard-intune.png) ](images/onboard-intune-big.png#lightbox)
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint. 
 
 Follow the instructions from [Intune](https://docs.microsoft.com/intune/advanced-threat-protection).
 
-For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Defender for Endpoint CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 
 > [!NOTE]
@@ -55,7 +55,7 @@ For more information on using Microsoft Defender ATP CSP see, [WindowsAdvancedTh
 
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that a device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md).
 
 
 Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
@@ -98,5 +98,5 @@ For more information on Microsoft Intune policy settings see, [Windows 10 policy
 - [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
index 23aaa30171..ba65815551 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-non-windows.md
@@ -26,21 +26,21 @@ ms.topic: article
 
 - macOS
 - Linux
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-nonwindows-abovefoldlink) 
 
-Microsoft Defender ATP provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
+Defender for Endpoint provides a centralized security operations experience for Windows as well as non-Windows platforms. You'll be able to see alerts from various supported operating systems (OS) in Microsoft Defender Security Center and better protect your organization's network. 
 
-You'll need to know the exact Linux distros and macOS versions that are compatible with Microsoft Defender ATP for the integration to work. For more information, see:
-- [Microsoft Defender ATP for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)  
-- [Microsoft Defender ATP for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
+You'll need to know the exact Linux distros and macOS versions that are compatible with Defender for Endpoint for the integration to work. For more information, see:
+- [Microsoft Defender for Endpoint for Linux system requirements](microsoft-defender-atp-linux.md#system-requirements)  
+- [Microsoft Defender for Endpoint for Mac system requirements](microsoft-defender-atp-mac.md#system-requirements).
 
 ## Onboarding non-Windows devices
 You'll need to take the following steps to onboard non-Windows devices:
 1. Select your preferred method of onboarding:
 
-   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender ATP for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
+   - For macOS devices, you can choose to onboard through Microsoft Defender ATP or through a third-party solution. For more information, see [Microsoft Defender for Endpoint for Mac](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac).
    - For other non-Windows devices choose **Onboard non-Windows devices through third-party integration**.   
        
      1. In the navigation pane, select **Interoperability** > **Partners**. Make sure the third-party solution is listed.
@@ -56,7 +56,7 @@ You'll need to take the following steps to onboard non-Windows devices:
 
 ## Offboard non-Windows devices
 
-1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender ATP.
+1. Follow the third-party's documentation to disconnect the third-party solution from Microsoft Defender for Endpoint.
 
 2. Remove permissions for the third-party solution in your Azure AD tenant.
    1. Sign in to the [Azure portal](https://portal.azure.com).
@@ -69,4 +69,4 @@ You'll need to take the following steps to onboard non-Windows devices:
 - [Onboard Windows 10 devices](configure-endpoints.md)
 - [Onboard servers](configure-server-endpoints.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
index 9bec35b806..38ec7959c3 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-sccm.md
@@ -25,11 +25,11 @@ ms.date: 02/07/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - Microsoft Endpoint Configuration Manager current branch
 - System Center 2012 R2 Configuration Manager
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointssccm-abovefoldlink)
 
 ## Supported client operating systems
 
@@ -56,7 +56,7 @@ Starting in Configuration Manager version 2002, you can onboard the following op
 [![Image of the PDF showing the various deployment paths](images/onboard-config-mgr.png)](images/onboard-config-mgr.png#lightbox)
 
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender for Endpoint. 
 
 
 
@@ -77,10 +77,10 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
     a. Choose a predefined device collection to deploy the package to.
 
 > [!NOTE]
-> Microsoft Defender ATP doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
+> Defender for Endpoint doesn't support onboarding during the [Out-Of-Box Experience (OOBE)](https://answers.microsoft.com/en-us/windows/wiki/windows_10/how-to-complete-the-windows-10-out-of-box/47e3f943-f000-45e3-8c5c-9d85a1a0cf87) phase. Make sure users complete OOBE after running Windows installation or upgrading.
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md).
 >
 > Note that it is possible to create a detection rule on a Configuration Manager application to continuously check if a device has been onboarded. An application is a different type of object than a package and program.
 > If a device is not yet onboarded (due to pending OOBE completion or any other reason), Configuration Manager will retry to onboard the device until the rule detects the status change.
@@ -190,13 +190,13 @@ If you use Microsoft Endpoint Configuration Manager current branch, see [Create
 
 ## Monitor device configuration
 
-If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Microsoft Defender ATP dashboard in the Configuration Manager console. For more information, see [Microsoft Defender Advanced Threat Protection - Monitor](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
+If you're using Microsoft Endpoint Configuration Manager current branch, use the built-in Defender for Endpoint dashboard in the Configuration Manager console. For more information, see [Defender for Endpoint - Monitor](https://docs.microsoft.com/configmgr/protect/deploy-use/windows-defender-advanced-threat-protection#monitor).
 
 If you're using System Center 2012 R2 Configuration Manager, monitoring consists of two parts:
 
 1. Confirming the configuration package has been correctly deployed and is running (or has successfully run) on the devices in your network.
 
-2. Checking that the devices are compliant with the Microsoft Defender ATP service (this ensures the device can complete the onboarding process and can continue to report data to the service).
+2. Checking that the devices are compliant with the Defender for Endpoint service (this ensures the device can complete the onboarding process and can continue to report data to the service).
 
 ### Confirm the configuration package has been correctly deployed
 
@@ -208,7 +208,7 @@ If you're using System Center 2012 R2 Configuration Manager, monitoring consists
 
 4. Review the status indicators under **Completion Statistics** and **Content Status**.
 
-    If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
+    If there are failed deployments (devices with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the devices. For more information, see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
 
     ![Configuration Manager showing successful deployment with no errors](images/sccm-deployment.png)
 
@@ -232,4 +232,4 @@ For more information, see [Introduction to compliance settings in System Center
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
 - [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
index 368587d25f..acfdb668c7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-script.md
@@ -25,14 +25,14 @@ ms.topic: article
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-You can also manually onboard individual devices to Microsoft Defender ATP. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
+You can also manually onboard individual devices to Defender for Endpoint. You might want to do this first when testing the service before you commit to onboarding all devices in your network.
 
 > [!IMPORTANT]
 > This script has been optimized for use on up to 10 devices.
@@ -44,7 +44,7 @@ You can also manually onboard individual devices to Microsoft Defender ATP. You
 [![Image of the PDF showing the various deployment paths](images/onboard-script.png)](images/onboard-script.png#lightbox)
 
 
-Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Microsoft Defender ATP. 
+Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  or  [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) to see the various paths in deploying Defender for Endpoint. 
 
 
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
@@ -72,11 +72,11 @@ Check out the [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/publ
 
 5.  Press the **Enter** key or click **OK**.
 
-For information on how you can manually validate that the device is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md).
+For information on how you can manually validate that the device is compliant and correctly reports sensor data see, [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md).
 
 
 >[!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that an device is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender for Endpoint endpoint](run-detection-test.md).
 
 ## Configure sample collection settings
 For each device, you can set a configuration value to state whether samples can be collected from the device when a request is made through Microsoft Defender Security Center to submit a file for deep analysis.
@@ -151,5 +151,5 @@ Monitoring can also be done directly on the portal, or by using the different de
 - [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
 - [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
 - [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Microsoft Defender for Endpoint device](run-detection-test.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
index 03c9870858..bf5c5cb238 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@@ -27,16 +27,16 @@ ms.date: 04/16/2020
 - Virtual desktop infrastructure (VDI) devices
 
 >[!WARNING]
-> Microsoft Defender ATP support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
+> Microsoft Defender for Endpoint support for Windows Virtual Desktop multi-user scenarios is currently in Preview and limited up to 25 concurrent sessions per host/VM. However single session scenarios on Windows Virtual Desktop are fully supported.
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configvdi-abovefoldlink)
 
 ## Onboard non-persistent virtual desktop infrastructure (VDI) devices
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-Microsoft Defender ATP supports non-persistent VDI session onboarding. 
+Defender for Endpoint supports non-persistent VDI session onboarding. 
 
 >[!Note]
 >To onboard non-persistent VDI sessions, VDI devices must be on Windows 10.
@@ -45,10 +45,10 @@ Microsoft Defender ATP supports non-persistent VDI session onboarding.
 
 There might be associated challenges when onboarding VDIs. The following are typical challenges for this scenario:
 
-- Instant early onboarding of a short-lived sessions, which must be onboarded to Microsoft Defender ATP prior to the actual provisioning.
+- Instant early onboarding of a short-lived sessions, which must be onboarded to Defender for Endpoint prior to the actual provisioning.
 - The device name is typically reused for new sessions.
 
-VDI devices can appear in Microsoft Defender ATP portal as either:
+VDI devices can appear in Defender for Endpoint portal as either:
 
 - Single entry for each device.  
 Note that in this case, the *same* device name must be configured when the session is created, for example using an unattended answer file.
@@ -57,7 +57,7 @@ Note that in this case, the *same* device name must be configured when the sessi
 The following steps will guide you through onboarding VDI devices and will highlight steps for single and multiple entries.
 
 >[!WARNING]
-> For environments where there are low resource configurations, the VDI boot procedure might slow the Microsoft Defender ATP sensor onboarding. 
+> For environments where there are low resource configurations, the VDI boot procedure might slow the Defender for Endpoint sensor onboarding. 
 
 1.  Open the VDI configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from [Microsoft Defender Security Center](https://securitycenter.windows.com/):
 
@@ -126,7 +126,7 @@ For more information on DISM commands and offline servicing, please refer to the
 
 If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
 
-1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script).
+1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Defender for Endpoint sensor. For more information, see [Offboard devices using a local script](configure-endpoints-script.md#offboard-devices-using-a-local-script).
 
 2. Ensure the sensor is stopped by running the command below in a CMD window:
 
@@ -153,4 +153,4 @@ If offline servicing is not a viable option for your non-persistent VDI environm
 - [Onboard Windows 10 devices using Microsoft Endpoint Configuration Manager](configure-endpoints-sccm.md)
 - [Onboard Windows 10 devices using Mobile Device Management tools](configure-endpoints-mdm.md)
 - [Onboard Windows 10 devices using a local script](configure-endpoints-script.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
index e4fff50bcb..00ee7a17a2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints.md
@@ -25,10 +25,10 @@ ms.topic: conceptual
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 - [Microsoft 365 Endpoint data loss prevention (DLP)](/microsoft-365/compliance/endpoint-dlp-learn-about)
 
-Devices in your organization must be configured so that the Microsoft Defender ATP service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
+Devices in your organization must be configured so that the Defender for Endpoint service can get sensor data from them. There are various methods and deployment tools that you can use to configure the devices in your organization.
 
 The following deployment tools and methods are supported:
 
@@ -47,4 +47,4 @@ Topic | Description
 [Onboard non-persistent virtual desktop infrastructure (VDI) devices](configure-endpoints-vdi.md) | Learn how to use the configuration package to configure VDI devices.
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configureendpoints-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
index 34cad32cfc..17e8cb3039 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-asr.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).
+> Want to experience Defender for Endpoint? [Sign up for a free trial](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink).
 
 [Attack surface reduction (ASR) rules](./attack-surface-reduction.md) identify and prevent typical malware exploits. They control when and how potentially malicious code can run. For example, they can prevent JavaScript or VBScript from launching a downloaded executable, block Win32 API calls from Office macros, and block processes that run from USB drives.
 
@@ -52,5 +52,5 @@ For more information about ASR rule deployment in Microsoft 365 security center,
 **Related topics**
 
 * [Ensure your devices are configured properly](configure-machines.md)
-* [Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
-* [Monitor compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
+* [Get devices onboarded to Microsoft Defender for Endpoint](configure-machines-onboarding.md)
+* [Monitor compliance to the Microsoft Defender for Endpoint security baseline](configure-machines-security-baseline.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
index 62caae5332..b207e1fb84 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-onboarding.md
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Get devices onboarded to Microsoft Defender ATP
+# Get devices onboarded to Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 Each onboarded device adds an additional endpoint detection and response (EDR) sensor and increases visibility over breach activity in your network. Onboarding also ensures that a device can be checked for vulnerable components as well security configuration issues and can receive critical remediation actions during attacks.
 
@@ -35,17 +35,17 @@ Before you can track and manage onboarding of devices:
 
 ## Discover and track unprotected devices
 
-The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 devices that have actually onboarded to Microsoft Defender ATP against the total number of Intune-managed Windows 10 devices.
+The **Onboarding** card provides a high-level overview of your onboarding rate by comparing the number of Windows 10 devices that have actually onboarded to Defender for Endpoint against the total number of Intune-managed Windows 10 devices.
 
 ![Device configuration management Onboarding card](images/secconmgmt_onboarding_card.png)
    
 *Card showing onboarded devices compared to the total number of Intune-managed Windows 10 device*
 
 >[!NOTE]
->If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Microsoft Defender ATP onboarding and assign that profile to your devices.
+>If you used Security Center Configuration Manager, the onboarding script, or other onboarding methods that don’t use Intune profiles, you might encounter data discrepancies. To resolve these discrepancies, create a corresponding Intune configuration profile for Defender for Endpoint onboarding and assign that profile to your devices.
 
 ## Onboard more devices with Intune profiles
 
-Microsoft Defender ATP provides several convenient options for [onboarding Windows 10 devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Microsoft Defender ATP sensor to select devices, effectively onboarding these devices to the service.
+Defender for Endpoint provides several convenient options for [onboarding Windows 10 devices](onboard-configure.md). For Intune-managed devices, however, you can leverage Intune profiles to conveniently deploy the Defender for Endpoint sensor to select devices, effectively onboarding these devices to the service.
 
 From the **Onboarding** card, select **Onboard more devices** to create and assign a profile on Intune. The link takes you to the device compliance page on Intune, which provides a similar overview of your onboarding state.
 
@@ -53,21 +53,21 @@ From the **Onboarding** card, select **Onboard more devices** to create and assi
    *Microsoft Defender ATP device compliance page on Intune device management*
 
 >[!TIP]
->Alternatively, you can navigate to the Microsoft Defender ATP onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
+>Alternatively, you can navigate to the Defender for Endpoint onboarding compliance page in the [Microsoft Azure portal](https://portal.azure.com/) from **All services > Intune > Device compliance > Microsoft Defender ATP**.
 
 >[!NOTE]
 > If you want to view the most up-to-date device data, click on **List of devices without ATP sensor**.
 
-From the device compliance page, create a configuration profile specifically for the deployment of the Microsoft Defender ATP sensor and assign that profile to the devices you want to onboard. To do this, you can either:
+From the device compliance page, create a configuration profile specifically for the deployment of the Defender for Endpoint sensor and assign that profile to the devices you want to onboard. To do this, you can either:
 
 - Select **Create a device configuration profile to configure ATP sensor** to start with a predefined device configuration profile.
 - Create the device configuration profile from scratch.
 
-For more information, [read about using Intune device configuration profiles to onboard devices to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
+For more information, [read about using Intune device configuration profiles to onboard devices to Defender for Endpoint](https://docs.microsoft.com/intune/advanced-threat-protection#onboard-devices-by-using-a-configuration-profile).
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
 
 ## Related topics
 - [Ensure your devices are configured properly](configure-machines.md)
-- [Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md)
+- [Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md)
 - [Optimize ASR rule deployment and detections](configure-machines-asr.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
index 5540903d10..e110a3d518 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline.md
@@ -17,17 +17,17 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Increase compliance to the Microsoft Defender ATP security baseline
+# Increase compliance to the Microsoft Defender for Endpoint security baseline
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
-Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Microsoft Defender ATP security baseline sets Microsoft Defender ATP security controls to provide optimal protection.
+Security baselines ensure that security features are configured according to guidance from both security experts and expert Windows system administrators. When deployed, the Defender for Endpoint security baseline sets Defender for Endpoint security controls to provide optimal protection.
 
 To understand security baselines and how they are assigned on Intune using configuration profiles, [read this FAQ](https://docs.microsoft.com/intune/security-baselines#q--a).
 
@@ -36,22 +36,22 @@ Before you can deploy and track compliance to security baselines:
 - [Ensure you have the necessary permissions](configure-machines.md#obtain-required-permissions)
 
 ## Compare the Microsoft Defender ATP and the Windows Intune security baselines
-The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Microsoft Defender ATP baseline provides settings that optimize all the security controls in the Microsoft Defender ATP stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
+The Windows Intune security baseline provides a comprehensive set of recommended settings needed to securely configure devices running Windows, including browser settings, PowerShell settings, as well as settings for some security features like Microsoft Defender Antivirus. In contrast, the Defender for Endpoint baseline provides settings that optimize all the security controls in the Defender for Endpoint stack, including settings for endpoint detection and response (EDR) as well as settings also found in the Windows Intune security baseline. For more information about each baseline, see:
 
 - [Windows security baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-windows)
 - [Microsoft Defender ATP baseline settings for Intune](https://docs.microsoft.com/intune/security-baseline-settings-defender-atp)
 
-Ideally, devices onboarded to Microsoft Defender ATP are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Microsoft Defender ATP security baseline layered on top to optimally configure the Microsoft Defender ATP security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
+Ideally, devices onboarded to Defender for Endpoint are deployed both baselines: the Windows Intune security baseline to initially secure Windows and then the Defender for Endpoint security baseline layered on top to optimally configure the Defender for Endpoint security controls. To benefit from the latest data on risks and threats and to minimize conflicts as baselines evolve, always apply the latest versions of the baselines across all products as soon as they are released.
 
 >[!NOTE]
->The Microsoft Defender ATP security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
+>The Defender for Endpoint security baseline has been optimized for physical devices and is currently not recommended for use on virtual machine (VMs) or VDI endpoints. Certain baseline settings can impact remote interactive sessions on virtualized environments.
 
-## Monitor compliance to the Microsoft Defender ATP security baseline
+## Monitor compliance to the Defender for Endpoint security baseline
 
-The **Security baseline** card on [device configuration management](configure-machines.md) provides an overview of compliance across Windows 10 devices that have been assigned the Microsoft Defender ATP security baseline.
+The **Security baseline** card on [device configuration management](configure-machines.md) provides an overview of compliance across Windows 10 devices that have been assigned the Defender for Endpoint security baseline.
 
 ![Security baseline card](images/secconmgmt_baseline_card.png)
    
-*Card showing compliance to the Microsoft Defender ATP security baseline*
+*Card showing compliance to the Defender for Endpoint security baseline*
 
 Each device is given one of the following status types:
 
@@ -65,20 +65,20 @@ To review specific devices, select **Configure security baseline** on the card.
 >[!NOTE]
 >You might experience discrepancies in aggregated data displayed on the device configuration management page and those displayed on overview screens in Intune.
 
-## Review and assign the Microsoft Defender ATP security baseline
+## Review and assign the Microsoft Defender for Endpoint security baseline
 
-Device configuration management monitors baseline compliance only of Windows 10 devices that have been specifically assigned the Microsoft Defender ATP security baseline. You can conveniently review the baseline and assign it to devices on Intune device management.
+Device configuration management monitors baseline compliance only of Windows 10 devices that have been specifically assigned the Microsoft Defender for Endpoint security baseline. You can conveniently review the baseline and assign it to devices on Intune device management.
 
 1. Select **Configure security baseline** on the **Security baseline** card to go to Intune device management. A similar overview of baseline compliance is displayed.
 
    >[!TIP]
-   > Alternatively, you can navigate to the Microsoft Defender ATP security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines > Microsoft Defender ATP baseline**.
+   > Alternatively, you can navigate to the Defender for Endpoint security baseline in the Microsoft Azure portal from **All services > Intune > Device security > Security baselines > Microsoft Defender ATP baseline**.
 
 
 2. Create a new profile.
 
-   ![Microsoft Defender ATP security baseline overview on Intune](images/secconmgmt_baseline_intuneprofile1.png)
    
-   *Microsoft Defender ATP security baseline overview on Intune*
+   ![Microsoft Defender for Endpoint security baseline overview on Intune](images/secconmgmt_baseline_intuneprofile1.png)
    
+   *Microsoft Defender for Endpoint security baseline overview on Intune*
 
 3. During profile creation, you can review and adjust specific settings on the baseline.
 
@@ -98,9 +98,9 @@ Device configuration management monitors baseline compliance only of Windows 10
 >[!TIP]
 >Security baselines on Intune provide a convenient way to comprehensively secure and protect your devices. [Learn more about security baselines on Intune](https://docs.microsoft.com/intune/security-baselines).
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Microsoft Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
 
 ## Related topics
 - [Ensure your devices are configured properly](configure-machines.md)
-- [Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)
+- [Get devices onboarded to Microsoft Defender for Endpoint](configure-machines-onboarding.md)
 - [Optimize ASR rule deployment and detections](configure-machines-asr.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
index 163980b414..9b830a3988 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-machines.md
@@ -23,14 +23,14 @@ ms.topic: conceptual
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint ](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-abovefoldlink)
 
 With properly configured devices, you can boost overall resilience against threats and enhance your capability to detect and respond to attacks. Security configuration management helps ensure that your devices:
 
-- Onboard to Microsoft Defender ATP
-- Meet or exceed the Microsoft Defender ATP security baseline configuration
+- Onboard to Microsoft Defender for Endpoint
+- Meet or exceed the Defender for Endpoint security baseline configuration
 - Have strategic attack surface mitigations in place
 
 Click **Configuration management** from the navigation menu to open the Device configuration management page.
@@ -56,7 +56,7 @@ Before you can ensure your devices are configured properly, enroll them to Intun
 >To enroll Windows devices to Intune, administrators must have already been assigned licenses. [Read about assigning licenses for device enrollment](https://docs.microsoft.com/intune/licenses-assign).
 
 >[!TIP] 
->To optimize device management through Intune, [connect Intune to Microsoft Defender ATP](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
+>To optimize device management through Intune, [connect Intune to Defender for Endpoint](https://docs.microsoft.com/intune/advanced-threat-protection#enable-windows-defender-atp-in-intune).
 
 ## Obtain required permissions
 By default, only users who have been assigned the Global Administrator or the Intune Service Administrator role on Azure AD can manage and assign the device configuration profiles needed for onboarding devices and deploying the security baseline.
@@ -77,8 +77,8 @@ If you have been assigned other roles, ensure you have the necessary permissions
 ## In this section
 Topic | Description
 :---|:---
-[Get devices onboarded to Microsoft Defender ATP](configure-machines-onboarding.md)| Track onboarding status of Intune-managed devices and onboard more devices through Intune. 
-[Increase compliance to the Microsoft Defender ATP security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices.
+[Get devices onboarded to Defender for Endpoint](configure-machines-onboarding.md)| Track onboarding status of Intune-managed devices and onboard more devices through Intune. 
+[Increase compliance to the Defender for Endpoint security baseline](configure-machines-security-baseline.md) | Track baseline compliance and noncompliance. Deploy the security baseline to more Intune-managed devices.
 [Optimize ASR rule deployment and detections](configure-machines-asr.md) | Review rule deployment and tweak detections using impact analysis tools in Microsoft 365 security center.
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-onboardconfigure-belowfoldlink)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
index d5e1655ca5..3ce240d781 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-microsoft-threat-experts.md
@@ -26,20 +26,20 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## Before you begin 
 > [!NOTE]
 > Discuss the eligibility requirements with your Microsoft Technical Service provider and account team before you apply to the managed threat hunting service.
 
-Ensure that you have Microsoft Defender ATP deployed in your environment with devices enrolled, and not just on a laboratory set-up.
+Ensure that you have Defender for Endpoint deployed in your environment with devices enrolled, and not just on a laboratory set-up.
 
-Microsoft Defender ATP customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
+Defender for Endpoint customers need to apply for the Microsoft Threat Experts managed threat hunting service to get proactive Targeted Attack Notifications and to collaborate with experts on demand. Experts on Demand is an add-on service. Targeted Attack Notifications are always included after you have been accepted into Microsoft Threat Experts managed threat hunting service.
 
 If you are not enrolled yet and would like to experience its benefits, go to **Settings** > **General** > **Advanced features** > **Microsoft Threat Experts** to apply. Once accepted, you will get the benefits of Targeted Attack Notifications, and start a  90-day trial of Experts on Demand. Contact your Microsoft representative to get a full Experts on-Demand subscription. 
 
 ## Register to Microsoft Threat Experts managed threat hunting service 
-If you're already a Microsoft Defender ATP customer, you can apply through the Microsoft Defender ATP portal. 
+If you're already a Defender for Endpoint customer, you can apply through the Microsoft Defender for Endpoint portal. 
 
 1. From the navigation pane, go to **Settings > General > Advanced features > Microsoft Threat Experts**.
 
@@ -59,7 +59,7 @@ If you're already a Microsoft Defender ATP customer, you can apply through the M
 
 ## Receive targeted attack notification from Microsoft Threat Experts 
 You can receive targeted attack notification from Microsoft Threat Experts through the following medium:  
-- The Microsoft Defender ATP portal's **Alerts** dashboard  
+- The Defender for Endpoint portal's **Alerts** dashboard  
 - Your email, if you choose to configure it 
 
 To receive targeted attack notifications through email, create an email notification rule.
@@ -116,7 +116,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
 **Alert information**
 - We see a new type of alert for a living-off-the-land binary: [AlertID]. Can you tell us something more about this alert and how we can investigate further?
 - We’ve observed two similar attacks, which try to execute malicious PowerShell scripts but generate different alerts. One is "Suspicious PowerShell command line" and the other is "A malicious file was detected based on indication provided by O365". What is the difference?
-- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Microsoft Defender ATP see these attempts? What type of sign-ins are being monitored?
+- I receive an odd alert today for abnormal number of failed logins from a high profile user’s device. I cannot find any further evidence around these sign-in attempts. How can Defender for Endpoint see these attempts? What type of sign-ins are being monitored?
 - Can you give more context or insights about this alert: “Suspicious behavior by a system utility was observed”. 
 
 **Possible machine compromise**
@@ -125,7 +125,7 @@ Watch this video for a quick overview of the Microsoft Services Hub.
 
 **Threat intelligence details**
 - We detected a phishing email that delivered a malicious Word document to a user. The malicious Word document caused a series of suspicious events, which triggered multiple Microsoft Defender alerts for [malware name] malware. Do you have any information on this malware? If yes, can you send me a link?
-- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Microsoft Defender ATP provides against this threat actor? 
+- I recently saw a [social media reference, for example, Twitter or blog] post about a threat that is targeting my industry. Can you help me understand what protection Defender for Endpoint provides against this threat actor? 
 
 **Microsoft Threat Experts’ alert communications** 
 - Can your incident response team help us address the targeted attack notification that we got?

From 4c2d49189751693bdb7343df3c63c41b525386ce Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 28 Oct 2020 12:58:03 -0700
Subject: [PATCH 112/346] updated link

---
 .../threat-protection/intelligence/macro-malware.md         | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/intelligence/macro-malware.md b/windows/security/threat-protection/intelligence/macro-malware.md
index b6f4a2b873..45dd414624 100644
--- a/windows/security/threat-protection/intelligence/macro-malware.md
+++ b/windows/security/threat-protection/intelligence/macro-malware.md
@@ -43,8 +43,8 @@ We've seen macro malware download threats from the following families:
 
 * Delete any emails from unknown people or with suspicious content. Spam emails are the main way macro malware spreads.
 
-* Enterprises can prevent macro malware from running executable content using [ASR rules](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction#enable-and-audit-attack-surface-reduction-rules)
+* Enterprises can prevent macro malware from running executable content using [ASR rules](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction)
 
-For more tips on protecting yourself from suspicious emails, see [phishing](phishing.md). 
+For more tips on protecting yourself from suspicious emails, see [phishing](phishing.md).
 
-For more general tips, see [prevent malware infection](prevent-malware-infection.md). 
+For more general tips, see [prevent malware infection](prevent-malware-infection.md).

From 743140aa7083e0ea5134951c7c7d5a60921b3089 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 28 Oct 2020 13:25:58 -0700
Subject: [PATCH 113/346] small updates

---
 .../tvm-security-recommendation.md                    |  2 --
 .../microsoft-defender-atp/tvm-supported-os.md        |  1 -
 .../tvm-vulnerable-devices-report.md                  | 11 +++++------
 .../microsoft-defender-atp/tvm-weaknesses.md          |  5 +++--
 4 files changed, 8 insertions(+), 11 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
index 613f488021..b4ffcd5ce4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation.md
@@ -29,8 +29,6 @@ ms.topic: conceptual
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
-[!include[Prerelease information](../../includes/prerelease.md)]
-
 Cybersecurity weaknesses identified in your organization are mapped to actionable security recommendations and prioritized by their impact. Prioritized recommendations help shorten the time to mitigate or remediate vulnerabilities and drive compliance.
 
 Each security recommendation includes actionable remediation steps. To help with task management, the recommendation can also be sent using Microsoft Intune and Microsoft Endpoint Configuration Manager. When the threat landscape changes, the recommendation also changes as it continuously collects information from your environment.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
index f907cb50ed..6e3367187d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-supported-os.md
@@ -22,7 +22,6 @@ ms.topic: article
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
index 84beee6e09..21ba19666d 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-vulnerable-devices-report.md
@@ -1,5 +1,5 @@
 ---
-title: Vulnerable devices report- threat and vulnerability management
+title: Vulnerable devices report - threat and vulnerability management
 description: A report showing vulnerable device trends and current statistics. The goal is for you to understand the breath and scope of your device exposure.
 keywords: mdatp-tvm vulnerable devices, mdatp, tvm, reduce threat & vulnerability exposure, reduce threat and vulnerability, monitor security configuration
 search.product: eADQiWindows 10XVcnh
@@ -19,7 +19,7 @@ ms.collection:
 ms.topic: article
 ---
 
-# Vulnerable devices report- threat and vulnerability management
+# Vulnerable devices report - threat and vulnerability management
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -31,6 +31,7 @@ ms.topic: article
 **Applies to:**
 
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Threat and vulnerability management](next-gen-threat-and-vuln-mgt.md)
 
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-portaloverview-abovefoldlink)
 
@@ -51,13 +52,13 @@ There are two columns:
 
 Each device is counted only once according to the most severe vulnerability found on that device.
 
-![One graph of current device vulnerability severity levels, and one graph showing levels over time](images/tvm-report-severity.png)
+![One graph of current device vulnerability severity levels, and one graph showing levels over time.](images/tvm-report-severity.png)
 
 ## Exploit availability graphs
 
 Each device is counted only once based on the highest level of known exploit.
 
-![One graph of current device exploit availability, and one graph showing availability over time](images/tvm-report-exploit-availability.png)
+![One graph of current device exploit availability, and one graph showing availability over time.](images/tvm-report-exploit-availability.png)
 
 ## Vulnerability age graphs
 
@@ -81,5 +82,3 @@ The number of devices on each Windows 10 version that are exposed due to vulnera
 
 - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
 - [Security recommendations](tvm-security-recommendation.md)
-
-
diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
index aa51efe8ff..9777b6b8d4 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-weaknesses.md
@@ -112,12 +112,12 @@ View related weaknesses information in the device page.
 1. Go to the Microsoft Defender Security Center navigation menu bar, then select the device icon. The **Devices list** page opens.
 2. In the **Devices list** page, select the device name that you want to investigate.
 
-    ![Screenshot of device list with selected device to investigate](images/tvm_machinetoinvestigate.png)
+    ![Device list with selected device to investigate.](images/tvm_machinetoinvestigate.png)
 
 3. The device page will open with details and response options for the device you want to investigate.
 4. Select **Discovered vulnerabilities**.
 
-    ![Screenshot of the device page with details and response options](images/tvm-discovered-vulnerabilities.png)
+    ![Device page with details and response options.](images/tvm-discovered-vulnerabilities.png)
 
 5. Select the vulnerability that you want to investigate to open up a flyout panel with the CVE details, such as: vulnerability description, threat insights, and detection logic.
 
@@ -143,4 +143,5 @@ Report a false positive when you see any vague, inaccurate, or incomplete inform
 - [Threat and vulnerability management overview](next-gen-threat-and-vuln-mgt.md)
 - [Security recommendations](tvm-security-recommendation.md)
 - [Software inventory](tvm-software-inventory.md)
+- [Dashboard insights](tvm-dashboard-insights.md)
 - [View and organize the Microsoft Defender ATP Devices list](machines-view-overview.md)

From b924d11f22fb242b3b20f9d5b3f7bcc8bbe8be66 Mon Sep 17 00:00:00 2001
From: Beth Levin 
Date: Wed, 28 Oct 2020 14:58:08 -0700
Subject: [PATCH 114/346] calculation

---
 .../tvm-exposure-score.md                     | 49 +++++++++++++++----
 1 file changed, 40 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
index f73d28e79c..d23e973e81 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/tvm-exposure-score.md
@@ -41,15 +41,6 @@ The card gives you a high-level view of your exposure score trend over time. Any
 
 ## How it works
 
-Threat and vulnerability management  introduces a new exposure score metric, which visually represents how exposed your devices are to imminent threats.
-
-The exposure score is continuously calculated on each device in the organization. It is influenced by the following factors:
-
-- Weaknesses, such as vulnerabilities discovered on the device
-- External and internal threats such as public exploit code and security alerts
-- Likelihood of the device to get breached given its current security posture
-- Value of the device to the organization given its role and content
-
 The exposure score is broken down into the following levels:
 
 - 0–29: low exposure score
@@ -58,6 +49,46 @@ The exposure score is broken down into the following levels:
 
 You can remediate the issues based on prioritized [security recommendations](tvm-security-recommendation.md) to reduce the exposure score. Each software has weaknesses that are transformed into recommendations and prioritized based on risk to the organization.
 
+## How the score is calculated
+
+The exposure score is continuously calculated on each device in the organization. It is scored & evaluated based on the following categories:
+
+- **Threats** - external and internal threats such as public exploit code and security alerts
+- **Likelihood** - likelihood of the device to get breached given its current security posture
+- **Value** - value of the device to the organization given its role and content
+
+**Device exposure score** = (Threats + Likelihood) x Value
+
+**Organization exposure score** = Avg (All device exposure scores) taking into account organization value multipliers
+
+### Threats
+
+Points are added based on whether the device has any vulnerabilities or misconfigurations, determined by the Common Vulnerability Scoring System (CVSS) base score.
+
+Further points are added based on:
+
+- Exploits availability and whether the exploit is verified or ranked
+- A threat campaign is linked to the vulnerability or misconfiguration
+
+### Likelihood
+
+Points are added based on whether any of the following factors are true:
+
+- The device is internet facing
+- Specific compensating controls are misconfigured
+- An exploit attempt is linked directly to a threat spotted in the organization
+
+### Value
+
+Points are added based on whether any of the following factors are true for a device:
+
+- Contains high business impact (HBI) data
+- Marked as a High Value Asset (HVA) or serves as an important server role (e.g. AD, DNS)
+- Runs a business critical app (BCA)
+- Used by a marked high value user (HVU) (e.g. domain admin, CEO)
+
+If a device is valuable to your organization, it should increase the total organization exposure score.
+
 ## Reduce your threat and vulnerability exposure
 
 Lower your threat and vulnerability exposure by remediating [security recommendations](tvm-security-recommendation.md). Make the most impact to your exposure score by remediating the top security recommendations, which can be viewed in the [threat and vulnerability management dashboard](tvm-dashboard-insights.md).

From 328c42903f62092b0c41a3d3f8f628b2586dae2d Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Wed, 28 Oct 2020 17:18:14 -0700
Subject: [PATCH 115/346] Added TS policies

---
 .../mdm/policy-csp-admx-terminalserver.md     | 5760 +++++++++++++++++
 1 file changed, 5760 insertions(+)

diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 74a8c02c29..d1a599cfa9 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1021,6 +1021,5766 @@ ADMX Info:
 
 
    
 
+
+**ADMX_TerminalServer/TS_CLIENT_CLIPBOARD**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.
+
+You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.
+
+If you enable this policy setting, users cannot redirect Clipboard data.
+
+If you disable this policy setting, Remote Desktop Services always allows Clipboard redirection.
+
+If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow Clipboard redirection*
+-   GP name: *TS_CLIENT_CLIPBOARD*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_COM**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.
+
+You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.
+
+If you enable this policy setting, users cannot redirect server data to the local COM port.
+
+If you disable this policy setting, Remote Desktop Services always allows COM port redirection.
+
+If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow COM port redirection*
+-   GP name: *TS_CLIENT_COM*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_DEFAULT_M**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server.
+
+By default, Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior.
+
+If you enable this policy setting, the default printer is the printer specified on the remote computer.  If you disable this policy setting, the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection.
+
+If you do not configure this policy setting, the default printer is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not set default client printer to be default printer in a session*
+-   GP name: *TS_CLIENT_DEFAULT_M*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_HARDWARE_MODE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the Remote Desktop Connection can use hardware acceleration if supported hardware is available. If you use this setting, the Remote Desktop Client will use only software decoding.
+
+For example, if you have a problem that you suspect may be related to hardware acceleration, use this setting to disable the acceleration; then, if the problem still occurs, you will know that there are additional issues to investigate. If you disable this setting or leave it not configured, the Remote Desktop client will use hardware accelerated decoding if supported hardware is available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow hardware accelerated decoding*
+-   GP name: *TS_CLIENT_DISABLE_HARDWARE_MODE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_DISABLE_PASSWORD_SAVING_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Controls whether a user can save passwords using Remote Desktop Connection.
+
+If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
+
+If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow passwords to be saved*
+-   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_LPT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.
+
+You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows LPT port redirection.
+
+If you enable this policy setting, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.
+
+If you disable this policy setting, LPT port redirection is always allowed.
+
+If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow LPT port redirection*
+-   GP name: *TS_CLIENT_LPT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_PNP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you control the redirection of supported Plug and Play and RemoteFX USB devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.
+
+By default, Remote Desktop Services does not allow redirection of supported Plug and Play and RemoteFX USB devices.
+
+If you disable this policy setting, users can redirect their supported Plug and Play devices to the remote computer. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.
+
+If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.If you do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer only if it is running Windows Server 2012 R2 and earlier versions.
+
+> [!NOTE]
+> You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow supported Plug and Play device redirection*
+-   GP name: *TS_CLIENT_PNP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_PRINTER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions.  You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default, Remote Desktop Services allows this client printer mapping.
+
+If you enable this policy setting, users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions.
+
+If you disable this policy setting, users can redirect print jobs with client printer mapping.  
+
+If you do not configure this policy setting, client printer mapping is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow client printer redirection*
+-   GP name: *TS_CLIENT_PRINTER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+> 
+> This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that is not a certificate thumbprint, it is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
+-   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (.rdp) file publishers.
+
+If you enable this policy setting, any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an .rdp file that is signed by a trusted certificate, the user does not receive any warning messages when they start the file. To obtain the thumbprint, view the certificate details, and then click the Thumbprint field.  
+
+If you disable or do not configure this policy setting, no publisher is treated as a trusted .rdp publisher.  
+
+> [!NOTE]
+> You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user.
+>
+> This policy setting overrides the behavior of the "Allow .rdp files from valid publishers and user's default .rdp settings" policy setting.  If the list contains a string that is not a certificate thumbprint, it is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify SHA1 thumbprints of certificates representing trusted .rdp publishers*
+-   GP name: *TS_CLIENT_TRUSTED_CERTIFICATE_THUMBPRINTS_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_CLIENT_TURN_OFF_UDP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether the UDP protocol will be used to access servers via Remote Desktop Protocol.
+
+If you enable this policy setting, Remote Desktop Protocol traffic will only use the TCP protocol.
+
+If you disable or do not configure this policy setting, Remote Desktop Protocol traffic will attempt to use both TCP and UDP protocols.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn Off UDP On Client*
+-   GP name: *TS_CLIENT_TURN_OFF_UDP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_COLORDEPTH**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum color resolution (color depth) for Remote Desktop Services connections.
+
+You can use this policy setting to set a limit on the color depth of any connection that uses RDP. Limiting the color depth can improve connection performance, particularly over slow links, and reduce server load.
+
+If you enable this policy setting, the color depth that you specify is the maximum color depth allowed for a user's RDP connection. The actual color depth for the connection is determined by the color support available on the client computer. If you select Client Compatible, the highest color depth supported by the client will be used.
+
+If you disable or do not configure this policy setting, the color depth for connections is not specified at the Group Policy level.
+
+> [!NOTE]
+> - Setting the color depth to 24 bits is only supported on Windows Server 2003 and Windows XP Professional.
+> - The value specified in this policy setting is not applied to connections from client computers that are using at least Remote Desktop Protocol 8.0 (computers running at least Windows 8 or Windows Server 2012). The 32-bit color depth format is always used for these connections.
+> - For connections from client computers that are using Remote Desktop Protocol 7.1 or earlier versions that are connecting to computers running at least Windows 8 or Windows Server 2012, the minimum of the following values is used as the color depth format:
+>
+>    - Value specified by this policy setting. 
+>    - Maximum color depth supported by the client.
+>    - Value requested by the client  If the client does not support at least 16 bits, the connection is terminated.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit maximum color depth*
+-   GP name: *TS_COLORDEPTH*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_DELETE_ROAMING_USER_PROFILES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the size of the entire roaming user profile cache on the local drive.
+
+This policy setting only applies to a computer on which the Remote Desktop Session Host role service is installed.
+
+> [!NOTE]
+> If you want to limit the size of an individual user profile, use the "Limit profile size" policy setting located in User Configuration\Policies\Administrative Templates\System\User Profiles.
+
+If you enable this policy setting, you must specify a monitoring interval (in minutes) and a maximum size (in gigabytes) for the entire roaming user profile cache. The monitoring interval determines how often the size of the entire roaming user profile cache is checked. When the size of the entire roaming user profile cache exceeds the maximum size that you have specified, the oldest (least recently used) roaming user profiles will be deleted until the size of the entire roaming user profile cache is less than the maximum size specified.
+
+If you disable or do not configure this policy setting, no restriction is placed on the size of the entire roaming user profile cache on the local drive.  Note:  This policy setting is ignored if the "Prevent Roaming Profile changes from propagating to the server" policy setting located in Computer Configuration\Policies\Administrative Templates\System\User Profiles is enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit the size of the entire roaming user profile cache*
+-   GP name: *TS_DELETE_ROAMING_USER_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_DISABLE_REMOTE_DESKTOP_WALLPAPER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether desktop wallpaper is displayed to clients when they are connected to a remote server using RDP.
+
+You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session.
+
+If you enable this policy setting, wallpaper is not displayed in a Remote Desktop Services session.
+
+If you disable this policy setting, wallpaper is displayed in a Remote Desktop Services session, depending on the client configuration.
+
+If you do not configure this policy setting, Windows Vista displays wallpaper to remote clients connecting through Remote Desktop, depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2008 do not display wallpaper by default to Remote Desktop Services sessions.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove remote desktop wallpaper*
+-   GP name: *TS_DISABLE_REMOTE_DESKTOP_WALLPAPER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_DX_USE_FULL_HWGPU**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions. If you enable this policy setting, all Remote Desktop Services sessions use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter.
+
+If you disable this policy setting, all Remote Desktop Services sessions use the Microsoft Basic Render Driver as the default adapter.
+
+If you do not configure this policy setting, Remote Desktop Services sessions on the RD Session Host server use the Microsoft Basic Render Driver as the default adapter. In all other cases, Remote Desktop Services sessions use the hardware graphics renderer by default.
+
+> [!NOTE]
+> The policy setting affects only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affected by this policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use the hardware default graphics adapter for all Remote Desktop Services sessions*
+-   GP name: *TS_DX_USE_FULL_HWGPU*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_EASY_PRINT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+
+If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.
+
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.
+
+> [!NOTE]
+> If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use Remote Desktop Easy Print printer driver first*
+-   GP name: *TS_EASY_PRINT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_EASY_PRINT_User**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers.
+
+If you enable or do not configure this policy setting, the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used, a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer, the client printer is not available for the Remote Desktop session.
+
+If you disable this policy setting, the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer, the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used, the client printer is not available for the Remote Desktop Services session.
+
+> [!NOTE]
+> If the "Do not allow client printer redirection" policy setting is enabled, the "Use Remote Desktop Easy Print printer driver first" policy setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use Remote Desktop Easy Print printer driver first*
+-   GP name: *TS_EASY_PRINT_User*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_EnableVirtualGraphics**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
+
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.
+
+When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+
+If you disable this policy setting, RemoteFX will be disabled.
+
+If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RemoteFX*
+-   GP name: *TS_EnableVirtualGraphics*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_FALLBACKPRINTDRIVERTYPE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Session Host server fallback printer driver behavior.
+
+By default, the RD Session Host server fallback printer driver is disabled. If the RD Session Host server does not have a printer driver that matches the client's printer, no printer will be available for the Remote Desktop Services session.
+
+If you enable this policy setting, the fallback printer driver is enabled, and the default behavior is for the RD Session Host server to find a suitable printer driver. If one is not found, the client's printer is not available. You can choose to change this default behavior. The available options are: 
+
+- "Do nothing if one is not found" - If there is a printer driver mismatch, the server will attempt to find a suitable driver. If one is not found, the client's printer is not available. This is the default behavior.
+- "Default to PCL if one is not found" - If no suitable printer driver can be found, default to the Printer Control Language (PCL) fallback printer driver.
+- "Default to PS if one is not found" - If no suitable printer driver can be found, default to the PostScript (PS) fallback printer driver.
+- "Show both PCL and PS if one is not found" - If no suitable driver can be found, show both PS and PCL-based fallback printer drivers.  
+
+If you disable this policy setting, the RD Session Host server fallback driver is disabled and the RD Session Host server will not attempt to use the fallback printer driver.
+
+If you do not configure this policy setting, the fallback printer driver behavior is off by default.
+
+> [!NOTE]
+> If the "Do not allow client printer redirection" setting is enabled, this policy setting is ignored and the fallback printer driver is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify RD Session Host server fallback printer driver behavior*
+-   GP name: *TS_FALLBACKPRINTDRIVERTYPE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_FORCIBLE_LOGOFF**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.
+
+This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.
+
+If you enable this policy setting, logging off the connected administrator is not allowed.
+
+If you disable or do not configure this policy setting, logging off the connected administrator is allowed.
+
+> [!NOTE]
+> The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Deny logoff of an administrator logged in to the console session*
+-   GP name: *TS_FORCIBLE_LOGOFF*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_AUTH_METHOD**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users can specify an alternate authentication method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate authentication method, the authentication method that you specify in this policy setting is used by default.
+
+If you disable or do not configure this policy setting, the authentication method that is specified by the user is used, if one is specified. If an authentication method is not specified, the Negotiate protocol that is enabled on the client or a smart card can be used for authentication.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set RD Gateway authentication method*
+-   GP name: *TS_GATEWAY_POLICY_AUTH_METHOD*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_ENABLE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled), the clients will attempt to connect to the remote computer through an RD Gateway server. In this case, the clients will attempt to connect to the RD Gateway server that is specified in the "Set RD Gateway server address" policy setting.
+
+You can enforce this policy setting or you can allow users to overwrite this setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+
+> [!NOTE]
+> To enforce this policy setting, you must also specify the address of the RD Gateway server by using the "Set RD Gateway server address" policy setting, or client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. To enhance security, it is also highly recommended that you specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this policy setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
+
+To allow users to overwrite this policy setting, select the "Allow users to change this setting" check box. When you do this, users on the client can choose not to connect through the RD Gateway server by selecting the "Do not use an RD Gateway server" option. Users can specify a connection method by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify a connection method, the connection method that you specify in this policy setting is used by default.
+
+If you disable or do not configure this policy setting, clients will not use the RD Gateway server address that is specified in the "Set RD Gateway server address" policy setting. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Enable connection through RD Gateway*
+-   GP name: *TS_GATEWAY_POLICY_ENABLE*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_GATEWAY_POLICY_SERVER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies the address of the RD Gateway server that clients must use when attempting to connect to an RD Session Host server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default, when you enable this policy setting, it is enforced. When this policy setting is enforced, users cannot override this setting, even if they select the "Use these RD Gateway server settings" option on the client.
+
+> [!NOTE]
+> It is highly recommended that you also specify the authentication method by using the "Set RD Gateway authentication method" policy setting. If you do not specify an authentication method by using this setting, either the NTLM protocol that is enabled on the client or a smart card can be used.
+
+To allow users to overwrite the "Set RD Gateway server address" policy setting and connect to another RD Gateway server, you must select the "Allow users to change this setting" check box and users will be allowed to specify an alternate RD Gateway server. Users can specify an alternative RD Gateway server by configuring settings on the client, using an RDP file, or using an HTML script. If users do not specify an alternate RD Gateway server, the server that you specify in this policy setting is used by default.
+
+> [!NOTE]
+> If you disable or do not configure this policy setting, but enable the "Enable connections through RD Gateway" policy setting, client connection attempts to any remote computer will fail, if the client cannot connect directly to the remote computer. If an RD Gateway server is specified by the user, a client connection attempt will be made through that RD Gateway server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set RD Gateway server address*
+-   GP name: *TS_GATEWAY_POLICY_SERVER*
+-   GP path: *Windows Components\Remote Desktop Services\RD Gateway*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_JOIN_SESSION_DIRECTORY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker, the Remote Desktop Session Host role service must be installed on the server.
+
+If the policy setting is enabled, the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting.  If you disable this policy setting, the server does not join a farm in RD Connection Broker, and user session tracking is not performed. If the policy setting is disabled, you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker.
+
+If the policy setting is not configured, the policy setting is not specified at the Group Policy level.
+
+> [!NOTE]
+> - If you enable this policy setting, you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings.
+> - For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Join RD Connection Broker*
+-   GP name: *TS_JOIN_SESSION_DIRECTORY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_KEEP_ALIVE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.
+
+After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.
+
+If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.
+
+If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure keep-alive connection interval*
+-   GP name: *TS_KEEP_ALIVE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_LICENSE_SECGROUP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs).
+
+You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default, a license server issues an RDS CAL to any RD Session Host server that requests one.
+
+If you enable this policy setting and this policy setting is applied to a Remote Desktop license server, the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server.  By default, the RDS Endpoint Servers group is empty.
+
+If you disable or do not configure this policy setting, the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting.
+
+> [!NOTE]
+> You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *License server security group*
+-   GP name: *TS_LICENSE_SECGROUP*
+-   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_LICENSE_SERVERS**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the order in which an RD Session Host server attempts to locate Remote Desktop license servers.
+
+If you enable this policy setting, an RD Session Host server first attempts to locate the specified license servers. If the specified license servers cannot be located, the RD Session Host server will attempt automatic license server discovery. In the automatic license server discovery process, an RD Session Host server in a Windows Server-based domain attempts to contact a license server in the following order:
+
+1. Remote Desktop license servers that are published in Active Directory Domain Services.
+2. Remote Desktop license servers that are installed on domain controllers in the same domain as the RD Session Host server.
+
+If you disable or do not configure this policy setting, the RD Session Host server does not specify a license server at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use the specified Remote Desktop license servers*
+-   GP name: *TS_LICENSE_SERVERS*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_LICENSE_TOOLTIP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether notifications are displayed on an RD Session Host server when there are problems with RD Licensing that affect the RD Session Host server.
+
+By default, notifications are displayed on an RD Session Host server after you log on as a local administrator, if there are problems with RD Licensing that affect the RD Session Host server. If applicable, a notification will also be displayed that notes the number of days until the licensing grace period for the RD Session Host server will expire.
+
+If you enable this policy setting, these notifications will not be displayed on the RD Session Host server.
+
+If you disable or do not configure this policy setting, these notifications will be displayed on the RD Session Host server after you log on as a local administrator.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide notifications about RD Licensing problems that affect the RD Session Host server*
+-   GP name: *TS_LICENSE_TOOLTIP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_LICENSING_MODE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the type of Remote Desktop Services client access license (RDS CAL) that is required to connect to this RD Session Host server.
+
+You can use this policy setting to select one of two licensing modes: Per User or Per Device.  Per User licensing mode requires that each user account connecting to this RD Session Host server have an RDS Per User CAL.
+
+Per Device licensing mode requires that each device connecting to this RD Session Host server have an RDS Per Device CAL.
+
+If you enable this policy setting, the Remote Desktop licensing mode that you specify is honored by the Remote Desktop license server.
+
+If you disable or do not configure this policy setting, the licensing mode is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set the Remote Desktop licensing mode*
+-   GP name: *TS_LICENSING_MODE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_MAXDISPLAYRES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum display resolution that can be used by each monitor used to display a Remote Desktop Services session. Limiting the resolution used to display a remote session can improve connection performance, particularly over slow links, and reduce server load.
+
+If you enable this policy setting, you must specify a resolution width and height. The resolution specified will be the maximum resolution that can be used by each monitor used to display a Remote Desktop Services session.
+
+If you disable or do not configure this policy setting, the maximum resolution that can be used by each monitor to display a Remote Desktop Services session will be determined by the values specified on the Display Settings tab in the Remote Desktop Session Host Configuration tool.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit maximum display resolution*
+-   GP name: *TS_MAXDISPLAYRES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_MAXMONITOR**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to limit the number of monitors that a user can use to display a Remote Desktop Services session. Limiting the number of monitors to display a Remote Desktop Services session can improve connection performance, particularly over slow links, and reduce server load.
+
+If you enable this policy setting, you can specify the number of monitors that can be used to display a Remote Desktop Services session. You can specify a number from 1 to 16.
+
+If you disable or do not configure this policy setting, the number of monitors that can be used to display a Remote Desktop Services session is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit number of monitors*
+-   GP name: *TS_MAXMONITOR*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_MAX_CON_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.
+
+You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.
+
+To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.
+
+If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.
+
+If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level.
+
+> [!NOTE]
+> This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Limit number of connections*
+-   GP name: *TS_MAX_CON_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_NoDisconnectMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the "Disconnect" option from the Shut Down Windows dialog box in Remote Desktop Services sessions.
+
+You can use this policy setting to prevent users from using this familiar method to disconnect their client from an RD Session Host server.  If you enable this policy setting, "Disconnect" does not appear as an option in the drop-down list in the Shut Down Windows dialog box.
+
+If you disable or do not configure this policy setting, "Disconnect" is not removed from the list in the Shut Down Windows dialog box.
+
+> [!NOTE]
+> This policy setting affects only the Shut Down Windows dialog box. It does not prevent users from using other methods to disconnect from a Remote Desktop Services session. This policy setting also does not prevent disconnected sessions at the server. You can control how long a disconnected session remains active on the server by configuring the "Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Session Time Limits\Set time limit for disconnected sessions" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove "Disconnect" option from Shut Down dialog*
+-   GP name: *TS_NoDisconnectMenu*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_NoSecurityMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently.
+
+If the status is set to Enabled, Windows Security does not appear in Settings on the Start menu. As a result, users must type a security attention sequence, such as CTRL+ALT+END, to open the Windows Security dialog box on the client computer.
+
+If the status is set to Disabled or Not Configured, Windows Security remains in the Settings menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Windows Security item from Start menu*
+-   GP name: *TS_NoSecurityMenu*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_PROMT_CREDS_CLIENT_COMP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether a user will be prompted on the client computer to provide credentials for a remote connection to an RD Session Host server.
+
+If you enable this policy setting, a user will be prompted on the client computer instead of on the RD Session Host server to provide credentials for a remote connection to an RD Session Host server. If saved credentials for the user are available on the client computer, the user will not be prompted to provide credentials.
+
+> [!NOTE]
+> If you enable this policy setting in releases of Windows Server 2008 R2 with SP1 or Windows Server 2008 R2, and a user is prompted on both the client computer and on the RD Session Host server to provide credentials, clear the Always prompt for password check box on the Log on Settings tab in Remote Desktop Session Host Configuration.
+
+If you disable or do not configure this policy setting, the version of the operating system on the RD Session Host server will determine when a user is prompted to provide credentials for a remote connection to an RD Session Host server.
+
+For Windows Server 2003 and Windows 2000 Server a user will be prompted on the terminal server to provide credentials for a remote connection. For Windows Server 2008 and Windows Server 2008 R2, a user will be prompted on the client computer to provide credentials for a remote connection.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prompt for credentials on the client computer*
+-   GP name: *TS_PROMT_CREDS_CLIENT_COMP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_PreventLicenseUpgrade**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems.
+
+A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example, a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008, and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003.
+
+By default, if the most appropriate RDS CAL is not available for a connection, a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL, if available, to the following:
+
+- A client connecting to a Windows Server 2003 terminal server
+- A client connecting to a Windows 2000 terminal server
+
+If you enable this policy setting, the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired, the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired.
+
+If you disable or do not configure this policy setting, the license server will exhibit the default behavior noted earlier.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent license upgrade*
+-   GP name: *TS_PreventLicenseUpgrade*
+-   GP path: *Windows Components\Remote Desktop Services\RD Licensing*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_RADC_DefaultConnection**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies the default connection URL for RemoteApp and Desktop Connections. The default connection URL is a specific connection that can only be configured by using Group Policy. In addition to the capabilities that are common to all connections, the default connection URL allows document file types to be associated with RemoteApp programs.
+
+The default connection URL must be configured in the form of http://contoso.com/rdweb/Feed/webfeed.aspx.
+
+If you enable this policy setting, the specified URL is configured as the default connection URL for the user and replaces any existing connection URL. The user cannot change the default connection URL. The user's default logon credentials are used when setting up the default connection URL.
+
+If you disable or do not configure this policy setting, the user has no default connection URL.  
+
+> [!NOTE]
+> RemoteApp programs that are installed through RemoteApp and Desktop Connections from an untrusted server can compromise the security of a user's account.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Specify default connection URL*
+-   GP name: *TS_RADC_DefaultConnection*
+-   GP path: *Windows Components\Remote Desktop Services\RemoteApp and Desktop Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_RDSAppX_WaitForRegistration**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user.  By default, when a new user signs in to a computer, the Start screen is shown and apps are registered in the background. However, some apps may not work until app registration is complete.
+
+If you enable this policy setting, user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers.
+
+If you disable or do not configure this policy setting, the Start screen is shown and apps are registered in the background.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Suspend user sign-in to complete app registration*
+-   GP name: *TS_RDSAppX_WaitForRegistration*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_RemoteControl_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected.
+
+Select the desired level of control and permission from the options list:
+
+1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
+2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
+3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
+4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.
+5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.  
+
+If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set rules for remote control of Remote Desktop Services user sessions*
+-   GP name: *TS_RemoteControl_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_RemoteControl_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy setting, administrators can interact with a user's Remote Desktop Services session based on the option selected. 
+
+Select the desired level of control and permission from the options list:
+
+1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session.
+2. Full Control with user's permission: Allows the administrator to interact with the session, with the user's consent.
+3. Full Control without user's permission: Allows the administrator to interact with the session, without the user's consent.
+4. View Session with user's permission: Allows the administrator to watch the session of a remote user with the user's consent.  
+5. View Session without user's permission: Allows the administrator to watch the session of a remote user without the user's consent.
+
+If you disable this policy setting, administrators can interact with a user's Remote Desktop Services session, with the user's consent.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set rules for remote control of Remote Desktop Services user sessions*
+-   GP name: *TS_RemoteControl_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_RemoteDesktopVirtualGraphics**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual experience that remote users will have in Remote Desktop Connection (RDC) connections that use RemoteFX. You can use this policy to balance the network bandwidth usage with the type of graphics experience that is delivered.
+
+Depending on the requirements of your users, you can reduce network bandwidth usage by reducing the screen capture rate. You can also reduce network bandwidth usage by reducing the image quality (increasing the amount of image compression that is performed).
+
+If you have a higher than average bandwidth network, you can maximize the utilization of bandwidth by selecting the highest setting for screen capture rate and the highest setting for image quality.
+
+By default, Remote Desktop Connection sessions that use RemoteFX are optimized for a balanced experience over LAN conditions. If you disable or do not configure this policy setting, Remote Desktop Connection sessions that use RemoteFX will be the same as if the medium screen capture rate and the medium image compression settings were selected (the default behavior).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Optimize visual experience when using RemoteFX*
+-   GP name: *TS_RemoteDesktopVirtualGraphics*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SD_ClustName**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the name of a farm to join in RD Connection Broker. RD Connection Broker uses the farm name to determine which RD Session Host servers are in the same RD Session Host server farm. Therefore, you must use the same farm name for all RD Session Host servers in the same load-balanced farm. The farm name does not have to correspond to a name in Active Directory Domain Services.
+
+If you specify a new farm name, a new farm is created in RD Connection Broker. If you specify an existing farm name, the server joins that farm in RD Connection Broker.
+
+If you enable this policy setting, you must specify the name of a farm in RD Connection Broker.  If you disable or do not configure this policy setting, the farm name is not specified at the Group Policy level.
+
+> [!NOTE]
+> - This policy setting is not effective unless both the Join RD Connection Broker and the Configure RD Connection Broker server name policy settings are enabled and configured by using Group Policy.
+>- For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RD Connection Broker farm name*
+-   GP name: *TS_SD_ClustName*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SD_EXPOSE_ADDRESS**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the redirection method to use when a client device reconnects to an existing Remote Desktop Services session in a load-balanced RD Session Host server farm. This setting applies to an RD Session Host server that is configured to use RD Connection Broker and not to the RD Connection Broker server.
+
+If you enable this policy setting, a Remote Desktop Services client queries the RD Connection Broker server and is redirected to their existing session by using the IP address of the RD Session Host server where their session exists. To use this redirection method, client computers must be able to connect directly by IP address to RD Session Host servers in the farm.
+
+If you disable this policy setting, the IP address of the RD Session Host server is not sent to the client. Instead, the IP address is embedded in a token. When a client reconnects to the load balancer, the routing token is used to redirect the client to their existing session on the correct RD Session Host server in the farm. Only disable this setting when your network load-balancing solution supports the use of RD Connection Broker routing tokens and you do not want clients to directly connect by IP address to RD Session Host servers in the load-balanced farm. 
+
+If you do not configure this policy setting, the Use IP address redirection policy setting is not enforced at the group Group policy Policy level and the default will be used. This setting is enabled by default.
+
+> [!NOTE]
+> For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use IP Address Redirection*
+-   GP name: *TS_SD_EXPOSE_ADDRESS*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SD_Loc**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the RD Connection Broker server that the RD Session Host server uses to track and redirect user sessions for a load-balanced RD Session Host server farm. The specified server must be running the Remote Desktop Connection Broker service. All RD Session Host servers in a load-balanced farm should use the same RD Connection Broker server.
+
+If you enable this policy setting, you must specify the RD Connection Broker server by using its fully qualified domain name (FQDN). In Windows Server 2012, for a high availability setup with multiple RD Connection Broker servers, you must provide a semi-colon separated list of the FQDNs of all the RD Connection Broker servers.
+
+If you disable or do not configure this policy setting, the policy setting is not specified at the Group Policy level.
+
+> [!NOTE]
+> - For Windows Server 2008, this policy setting is supported on at least Windows Server 2008 Standard.
+> - This policy setting is not effective unless the Join RD Connection Broker policy setting is enabled.
+> - To be an active member of an RD Session Host server farm, the computer account for each RD Session Host server in the farm must be a member of one of the following local groups on the RD Connection Broker server: Session Directory Computers, Session Broker Computers, or RDS Endpoint Servers.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RD Connection Broker server name*
+-   GP name: *TS_SD_Loc*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\RD Connection Broker*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SECURITY_LAYER_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to require the use of a specific security layer to secure communications between clients and RD Session Host servers during Remote Desktop Protocol (RDP) connections.
+
+If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the security method specified in this setting. The following security methods are available:
+
+- Negotiate: The Negotiate method enforces the most secure method that is supported by the client. If Transport Layer Security (TLS) version 1.0 is supported, it is used to authenticate the RD Session Host server. If TLS is not supported, native Remote Desktop Protocol (RDP) encryption is used to secure communications, but the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.
+- RDP: The RDP method uses native RDP encryption to secure communications between the client and RD Session Host server. If you select this setting, the RD Session Host server is not authenticated. Native RDP encryption (as opposed to SSL encryption) is not recommended.
+- SSL (TLS 1.0): The SSL method requires the use of TLS 1.0 to authenticate the RD Session Host server. If TLS is not supported, the connection fails. This is the recommended setting for this policy.
+
+If you disable or do not configure this policy setting, the security method to be used for remote connections to RD Session Host servers is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require use of specific security layer for remote (RDP) connections*
+-   GP name: *TS_SECURITY_LAYER_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SELECT_NETWORK_DETECT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify how the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency).  You can choose to disable Connect Time Detect, Continuous Network Detect, or both Connect Time Detect and Continuous Network Detect.
+
+If you disable Connect Time Detect, Remote Desktop Protocol will not determine the network quality at the connect time, and it will assume that all traffic to this server originates from a low-speed connection.
+
+If you disable Continuous Network Detect, Remote Desktop Protocol will not try to adapt the remote user experience to varying network quality.
+
+If you disable Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time; instead it will assume that all traffic to this server originates from a low-speed connection, and it will not try to adapt the user experience to varying network quality.
+
+If you disable or do not configure this policy setting, Remote Desktop Protocol will spend up to a few seconds trying to determine the network quality prior to the connection, and it will continuously try to adapt the user experience to varying network quality.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Select network detection on the server*
+-   GP name: *TS_SELECT_NETWORK_DETECT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SELECT_TRANSPORT**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which protocols can be used for Remote Desktop Protocol (RDP) access to this server.
+
+If you enable this policy setting, you must specify if you would like RDP to use UDP.  You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)". If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.
+
+If the UDP connection is not successful or if you select "Use only TCP," all of the RDP traffic will use TCP.
+
+If you disable or do not configure this policy setting, RDP will choose the optimal protocols for delivering the best user experience.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Select RDP transport protocols*
+-   GP name: *TS_SELECT_TRANSPORT*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to enable RemoteApp programs to use advanced graphics, including support for transparency, live thumbnails, and seamless application moves. This policy setting applies only to RemoteApp programs and does not apply to remote desktop sessions.
+
+If you enable or do not configure this policy setting, RemoteApp programs published from this RD Session Host server will use these advanced graphics.
+
+If you disable this policy setting, RemoteApp programs published from this RD Session Host server will not use these advanced graphics. You may want to choose this option if you discover that applications published as RemoteApp programs do not support these advanced graphics.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use advanced RemoteFX graphics for RemoteApp*
+-   GP name: *TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_AUTH**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client will establish a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
+
+If you enable this policy setting, you must specify one of the following settings:
+- Always connect, even if authentication fails: The client connects to the RD Session Host server even if the client cannot authenticate the RD Session Host server.
+- Warn me if authentication fails: The client attempts to authenticate the RD Session Host server. If the RD Session Host server can be authenticated, the client establishes a connection to the RD Session Host server. If the RD Session Host server cannot be authenticated, the user is prompted to choose whether to connect to the RD Session Host server without authenticating the RD Session Host server.
+- Do not connect if authentication fails: The client establishes a connection to the RD Session Host server only if the RD Session Host server can be authenticated. 
+
+If you disable or do not configure this policy setting, the authentication setting that is specified in Remote Desktop Connection or in the .rdp file determines whether the client establishes a connection to the RD Session Host server when the client cannot authenticate the RD Session Host server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure server authentication for client*
+-   GP name: *TS_SERVER_AUTH*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_AVC444_MODE_PREFERRED**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
+-   GP name: *TS_SERVER_AVC444_MODE_PREFERRED*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_AVC_HW_ENCODE_PREFERRED**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you enable H.264/AVC hardware encoding support for Remote Desktop Connections. When you enable hardware encoding, if an error occurs, we will attempt to use software encoding. If you disable or do not configure this policy, we will always use software encoding.
+
+If you set the encoding option to “Always Attempt”, Remote Desktop will always try to use H.264/AVC hardware encoding when available, be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-V host machine.
+
+If you set the encoding option to “Attempt only for RemoteFX vGPU virtual machines” be aware that, for Windows Server running Hyper-V with RemoteFX vGPU enabled, the policy has to be set on the Hyper-V host machine.
+
+If you set the encoding option to “Attempt only for non-RemoteFX vGPU scenarios”, Remote Desktop attempts to use hardware encoding for all scenarios except RemoteFX vGPU.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure H.264/AVC hardware encoding for Remote Desktop Connections*
+-   GP name: *TS_SERVER_AVC_HW_ENCODE_PREFERRED*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_COMPRESSOR**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify which Remote Desktop Protocol (RDP) compression algorithm to use.
+
+By default, servers use an RDP compression algorithm that is based on the server's hardware configuration.
+
+If you enable this policy setting, you can specify which RDP compression algorithm to use. If you select the algorithm that is optimized to use less memory, this option is less memory-intensive, but uses more network bandwidth. If you select the algorithm that is optimized to use less network bandwidth, this option uses less network bandwidth, but is more memory-intensive. Additionally, a third option is available that balances memory usage and network bandwidth. In Windows  8 only the compression algorithm that balances memory usage and bandwidth is used.
+
+You can also choose not to use an RDP compression algorithm. Choosing not to use an RDP compression algorithm will use more network bandwidth and is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use an RDP compression algorithm, some graphics data will still be compressed.
+
+If you disable or do not configure this policy setting, the default RDP compression algorithm will be used.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure compression for RemoteFX data*
+-   GP name: *TS_SERVER_COMPRESSOR*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_IMAGE_QUALITY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual quality for remote users when connecting to this computer by using Remote Desktop Connection. You can use this policy setting to balance the network bandwidth usage with the visual quality that is delivered.
+
+If you enable this policy setting and set quality to Low, RemoteFX Adaptive Graphics uses an encoding mechanism that results in low quality images. This mode consumes the lowest amount of network bandwidth of the quality modes.
+
+If you enable this policy setting and set quality to Medium, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images. This mode provides better graphics quality than low quality and uses less bandwidth than high quality.
+
+If you enable this policy setting and set quality to High, RemoteFX Adaptive Graphics uses an encoding mechanism that results in high quality images and consumes moderate network bandwidth.  
+
+If you enable this policy setting and set quality to Lossless, RemoteFX Adaptive Graphics uses lossless encoding. In this mode, the color integrity of the graphics data is not impacted. However, this setting results in a significant increase in network bandwidth consumption. We recommend that you set this for very specific cases only.
+
+If you disable or do not configure this policy setting, RemoteFX Adaptive Graphics uses an encoding mechanism that results in medium quality images.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure image quality for RemoteFX Adaptive Graphics*
+-   GP name: *TS_SERVER_IMAGE_QUALITY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_LEGACY_RFX**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the availability of RemoteFX on both a Remote Desktop Virtualization Host (RD Virtualization Host) server and a Remote Desktop Session Host (RD Session Host) server.
+
+When deployed on an RD Virtualization Host server, RemoteFX delivers a rich user experience by rendering content on the server by using graphics processing units (GPUs). By default, RemoteFX for RD Virtualization Host uses server-side GPUs to deliver a rich user experience over LAN connections and RDP 7.1.
+
+When deployed on an RD Session Host server, RemoteFX delivers a rich user experience by using a hardware-accelerated compression scheme.
+
+If you enable this policy setting, RemoteFX will be used to deliver a rich user experience over LAN connections and RDP 7.1.
+
+If you disable this policy setting, RemoteFX will be disabled.
+
+If you do not configure this policy setting, the default behavior will be used. By default, RemoteFX for RD Virtualization Host is enabled and RemoteFX for RD Session Host is disabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RemoteFX*
+-   GP name: *TS_SERVER_LEGACY_RFX*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_PROFILE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to configure the RemoteFX experience for Remote Desktop Session Host or Remote Desktop Virtualization Host servers. By default, the system will choose the best experience based on available nework bandwidth.
+
+If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
+1. Let the system choose the experience for the network condition
+2. Optimize for server scalability
+3. Optimize for minimum bandwidth usage
+
+If you disable or do not configure this policy setting, the RemoteFX experience will change dynamically based on the network condition."
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure RemoteFX Adaptive Graphics*
+-   GP name: *TS_SERVER_PROFILE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_VISEXP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the visual experience that remote users receive in Remote Desktop Services sessions. Remote sessions on the remote computer are then optimized to support this visual experience.
+
+By default, Remote Desktop Services sessions are optimized for rich multimedia, such as applications that use Silverlight or Windows Presentation Foundation.
+
+If you enable this policy setting, you must select the visual experience for which you want to optimize Remote Desktop Services sessions. You can select either Rich multimedia or Text.
+
+If you disable or do not configure this policy setting, Remote Desktop Services sessions are optimized for rich multimedia.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Optimize visual experience for Remote Desktop Service Sessions*
+-   GP name: *TS_SERVER_VISEXP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment\RemoteFX for Windows Server 2008 R2*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SERVER_WDDM_GRAPHICS_DRIVER**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting prioritizes the H.264/AVC 444 graphics mode for non-RemoteFX vGPU scenarios. When you use this setting on the RDP server, the server will use H.264/AVC 444 as the codec in an RDP 10 connection where both the client and server can use H.264/AVC 444.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prioritize H.264/AVC 444 graphics mode for Remote Desktop Connections*
+-   GP name: *TS_SERVER_WDDM_GRAPHICS_DRIVER*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
+
+You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+
+If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for disconnected sessions*
+-   GP name: *TS_SESSIONS_Disconnected_Timeout_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Disconnected_Timeout_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions.
+
+You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default, Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session.  When a session is in a disconnected state, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
+
+If you enable this policy setting, disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time, select Never. If you have a console session, disconnected session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. Be y default, Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for disconnected sessions*
+-   GP name: *TS_SESSIONS_Disconnected_Timeout_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.
+
+If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.  
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active but idle Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Idle_Limit_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Idle_Limit_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects, which allows the user to press a key or move the mouse to keep the session active. If you have a console session, idle session time limits do not apply.
+
+If you disable or do not configure this policy setting, the time limit is not specified at the Group Policy level. By default,  Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active but idle Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Idle_Limit_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Limits_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Limits_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SESSIONS_Limits_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected.
+
+If you enable this policy setting, you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects, which allows the user to save open files and close programs. If you have a console session, active session time limits do not apply.
+
+If you disable or do not configure this policy setting, this policy setting is not specified at the Group Policy level. By default, Remote Desktop Services allows sessions to remain active for an unlimited amount of time.
+
+If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached, you can configure the policy setting Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits\End session when time limits are reached.
+
+> [!NOTE]
+> This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set time limit for active Remote Desktop Services sessions*
+-   GP name: *TS_SESSIONS_Limits_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SINGLE_SESSION**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to restrict users to a single Remote Desktop Services session.
+
+If you enable this policy setting, users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at the next logon.
+
+If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services.
+
+If you do not configure this policy setting, this policy setting is not specified at the Group Policy level.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Restrict Remote Desktop Services users to a single Remote Desktop Services session*
+-   GP name: *TS_SINGLE_SESSION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_SMART_CARD**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.
+
+If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.
+
+If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.
+
+> [!NOTE]
+> The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow smart card device redirection*
+-   GP name: *TS_SMART_CARD*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_START_PROGRAM_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Configures Remote Desktop Services to run a specified program automatically upon connection.
+
+You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
+
+By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.
+
+To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.
+
+If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.
+
+If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
+
+> [!NOTE]
+> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Start a program on connection*
+-   GP name: *TS_START_PROGRAM_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_START_PROGRAM_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Configures Remote Desktop Services to run a specified program automatically upon connection.
+
+You can use this setting to specify a program to run automatically when a user logs on to a remote computer.
+
+By default, Remote Desktop Services sessions provide access to the full Windows desktop, unless otherwise specified with this setting, by the server administrator, or by the user in configuring the client connection. Enabling this setting overrides the "Start Program" settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed, and when the user exits the program the session is automatically logged off.
+
+To use this setting, in Program path and file name, type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary, in Working Directory, type the fully qualified path to the starting directory for the program. If you leave Working Directory blank, the program runs with its default working directory. If the specified program path, file name, or working directory is not the name of a valid directory, the RD Session Host server connection fails with an error message.
+
+If the status is set to Enabled, Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory, if Working Directory is not specified) as the working directory for the program.
+
+If the status is set to Disabled or Not Configured, Remote Desktop Services sessions start with the full desktop, unless the server administrator or user specify otherwise. (See "Computer Configuration\Administrative Templates\System\Logon\Run these programs at user logon" setting.)  
+
+> [!NOTE]
+> This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting overrides.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Start a program on connection*
+-   GP name: *TS_START_PROGRAM_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_Session_End_On_Limit_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
+
+You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.
+
+Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+
+If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+
+If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.  If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+
+> [!NOTE]
+> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *End session when time limits are reached*
+-   GP name: *TS_Session_End_On_Limit_1*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_Session_End_On_Limit_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it.
+
+You can use this setting to direct Remote Desktop Services to end a session (that is, the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default, Remote Desktop Services disconnects sessions that reach their time limits.
+
+Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings.
+
+If you enable this policy setting, Remote Desktop Services ends any session that reaches its time-out limit.
+
+If you disable this policy setting, Remote Desktop Services always disconnects a timed-out session, even if specified otherwise by the server administrator.  If you do not configure this policy setting, Remote Desktop Services disconnects a timed-out session, unless specified otherwise in local settings.
+
+> [!NOTE]
+> This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured, the Computer Configuration setting takes precedence.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *End session when time limits are reached*
+-   GP name: *TS_Session_End_On_Limit_2*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_TEMP_DELETE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether Remote Desktop Services retains a user's per-session temporary folders at logoff.
+
+You can use this setting to maintain a user's session-specific temporary folders on a remote computer, even if the user logs off from a session. By default, Remote Desktop Services deletes a user's temporary folders when the user logs off.
+
+If you enable this policy setting, a user's per-session temporary folders are retained when the user logs off from a session.
+
+If you disable this policy setting, temporary folders are deleted when a user logs off, even if the server administrator specifies otherwise.
+
+If you do not configure this policy setting, Remote Desktop Services deletes the temporary folders from the remote computer at logoff, unless specified otherwise by the server administrator.  
+
+> [!NOTE]
+> This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not delete temp folders upon exit*
+-   GP name: *TS_TEMP_DELETE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_TEMP_PER_SESSION**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders.
+
+You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default, Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user's profile folder and are named with the sessionid.
+
+If you enable this policy setting, per-session temporary folders are not created. Instead, a user's temporary files for all sessions on the remote computer are stored in a common Temp folder under the user's profile folder on the remote computer.
+
+If you disable this policy setting, per-session temporary folders are always created, even if the server administrator specifies otherwise.
+
+If you do not configure this policy setting, per-session temporary folders are created unless the server administrator specifies otherwise.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not use temporary folders per session*
+-   GP name: *TS_TEMP_PER_SESSION*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_TIME_ZONE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the client computer redirects its time zone settings to the Remote Desktop Services session.
+
+If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).
+
+If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.
+
+> [!NOTE]
+> Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5.1 or later.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow time zone redirection*
+-   GP name: *TS_TIME_ZONE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_TSCC_PERMISSIONS_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server.
+
+You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the  RD Session Host server. By default, administrators are able to make such changes.
+
+If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only.
+
+If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider.
+
+> [!NOTE]
+> The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow local administrators to customize permissions*
+-   GP name: *TS_TSCC_PERMISSIONS_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_TURNOFF_SINGLEAPP**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer, even if an initial program is already specified in the default user profile, Remote Desktop Connection, Remote Desktop Services client, or through Group Policy.
+
+If you enable this policy setting, the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings.
+
+If you disable or do not configure this policy setting, an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified, the desktop is always displayed on the remote computer after the client connects to the remote computer.
+
+> [!NOTE]
+> If this policy setting is enabled, then the "Start a program on connection" policy setting is ignored.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Always show desktop on connection*
+-   GP name: *TS_TURNOFF_SINGLEAPP*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_USB_REDIRECTION_DISABLE**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Redirected RemoteFX USB devices will not be available for local usage on this computer.
+
+If you enable this policy setting, you can choose to give the ability to redirect other supported RemoteFX USB devices over RDP to all users or only to users who are in the Administrators group on the computer.
+
+If you disable or do not configure this policy setting, other supported RemoteFX USB devices are not available for RDP redirection by using any user account.
+
+For this change to take effect, you must restart Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow RDP redirection of other supported RemoteFX USB devices from this computer*
+-   GP name: *TS_USB_REDIRECTION_DISABLE*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Connection Client\RemoteFX USB Device Redirection*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_USER_AUTHENTICATION_POLICY**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether to require user authentication for remote connections to the RD Session Host server by using Network Level Authentication. This policy setting enhances security by requiring that user authentication occur earlier in the remote connection process.
+
+If you enable this policy setting, only client computers that support Network Level Authentication can connect to the RD Session Host server.
+
+To determine whether a client computer supports Network Level Authentication, start Remote Desktop Connection on the client computer, click the icon in the upper-left corner of the Remote Desktop Connection dialog box, and then click About. In the About Remote Desktop Connection dialog box, look for the phrase Network Level Authentication supported.
+
+If you disable this policy setting, Network Level Authentication is not required for user authentication before allowing remote connections to the RD Session Host server.
+
+If you do not configure this policy setting, the local setting on the target computer will be enforced. On Windows Server 2012 and Windows 8, Network Level Authentication is enforced by default.
+
+> [!IMPORTANT]
+> Disabling this policy setting provides less security because user authentication will occur later in the remote connection process.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Require user authentication for remote connections by using Network Level Authentication*
+-   GP name: *TS_USER_AUTHENTICATION_POLICY*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_USER_HOME**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user's home directory for a Remote Desktop Services session.
+
+To use this setting, select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share, type the Home Dir Root Path in the form \\Computername\Sharename, and then select the drive letter to which you want the network share to be mapped.
+
+If you choose to keep the home directory on the local computer, type the Home Dir Root Path in the form "Drive:\Path" (without quotes), without environment variables or ellipses. Do not specify a placeholder for user alias, because Remote Desktop Services automatically appends this at logon.
+
+> [!NOTE]
+> The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path, Remote Desktop Services places user home directories in the network location.  
+
+If the status is set to Enabled, Remote Desktop Services creates the user's home directory in the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and the user's alias.  
+
+If the status is set to Disabled or Not Configured, the user's home directory is as specified at the server.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set Remote Desktop Services User Home Directory*
+-   GP name: *TS_USER_HOME*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_USER_MANDATORY_PROFILES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether Remote Desktop Services uses a mandatory profile for all users connecting remotely to the RD Session Host server.
+
+If you enable this policy setting, Remote Desktop Services uses the path specified in the "Set path for Remote Desktop Services Roaming User Profile" policy setting as the root folder for the mandatory user profile. All users connecting remotely to the RD Session Host server use the same user profile.
+
+If you disable or do not configure this policy setting, mandatory user profiles are not used by users connecting remotely to the RD Session Host server.
+
+> [!NOTE]
+> For this policy setting to take effect, you must also enable and configure the "Set path for Remote Desktop Services Roaming User Profile" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Use mandatory profiles on the RD Session Host server*
+-   GP name: *TS_USER_MANDATORY_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
+
+**ADMX_TerminalServer/TS_USER_PROFILES**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles.
+
+By default, Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored, allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles.
+
+If you enable this policy setting, Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user.
+
+To configure this policy setting, type the path to the network share in the form of \\Computername\Sharename. Do not specify a placeholder for the user account name, because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist, Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server.
+
+If you disable or do not configure this policy setting, user profiles are stored locally on the RD Session Host server. You can configure a user's profile path on the Remote Desktop Services Profile tab on the user's account Properties dialog box.
+
+> [!NOTE]
+> - The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session.
+> - To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server, use this policy setting together with the "Use mandatory profiles on the RD Session Host server" policy setting located in Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\RD Session Host\Profiles. The path set in the "Set path for Remote Desktop Services Roaming User Profile" policy setting should contain the mandatory profile.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Set path for Remote Desktop Services Roaming User Profile*
+-   GP name: *TS_USER_PROFILES*
+-   GP path: *Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles*
+-   GP ADMX file name: *TerminalServer.admx*
+
+
+
+
    
+
 Footnotes:
 
 - 1 - Available in Windows 10, version 1607.

From 1071dec802efdbd2f3cdf56ed5faf8b3340379ae Mon Sep 17 00:00:00 2001
From: Sunayana Singh <57405155+sunasing@users.noreply.github.com>
Date: Thu, 29 Oct 2020 11:17:21 +0530
Subject: [PATCH 116/346] Minor fixes based on feedback

---
 .../microsoft-defender-atp-ios-privacy-information.md  | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index db4144d60a..8a5045c2cc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -23,9 +23,11 @@ ms.topic: conceptual
 # Privacy information - Microsoft Defender ATP for iOS
 
 >[!NOTE] 
-> Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. Microsoft or your organization, does not see your browsing activity.
+> Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
 
-Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. The information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected, and to support the service. 
+Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. The information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected, and to support the service.
+
+For more details about data storage, see [Microsoft Defender ATP data storage and privacy](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy).
 
 ## Required data 
 
@@ -77,9 +79,7 @@ Optional diagnostic data includes:
 
 - App, CPU, and network usage for Microsoft Defender ATP. 
 
-- Features configured by the admin. 
-
-- Basic information about the browsers on the device. 
+- Features configured by the admin for Microsoft Defender ATP. 
 
 Feedback Data is collected through in-app feedback provided by the user. 
 

From 8fcd3edafe87395d59ce97a6d68b6dc8239e4cc7 Mon Sep 17 00:00:00 2001
From: Herbert Mauerer <41573578+HerbertMauerer@users.noreply.github.com>
Date: Thu, 29 Oct 2020 14:07:32 +0100
Subject: [PATCH 117/346] Update
 configure-server-exclusions-microsoft-defender-antivirus.md

fix typo:

  - `%systemroot%\Sysvol\*\Ntfrs_cmp*\`
---
 .../configure-server-exclusions-microsoft-defender-antivirus.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
index fc90bc6dbc..1fa6c1665b 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/configure-server-exclusions-microsoft-defender-antivirus.md
@@ -157,7 +157,7 @@ This section lists the default exclusions for all Windows Server 2016 and 2019 r
 
 - The FRS staging folder. The staging folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage`
 
-  - `%systemroot%\Sysvol\*\Nntfrs_cmp*\`
+  - `%systemroot%\Sysvol\*\Ntfrs_cmp*\`
 
 - The FRS preinstall folder. This folder is specified by the folder `Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory`
 

From 6a0166763fe3156ea938d9cf1a433ce6328a2831 Mon Sep 17 00:00:00 2001
From: Lovina Saldanha 
Date: Thu, 29 Oct 2020 20:39:07 +0530
Subject: [PATCH 118/346] update-4567381-Batch4

rebranding
---
 .../configure-mssp-notifications.md           |  4 +-
 .../configure-mssp-support.md                 |  8 +--
 .../configure-proxy-internet.md               | 34 ++++-----
 .../configure-server-endpoints.md             | 69 +++++++++----------
 .../microsoft-defender-atp/configure-siem.md  | 22 +++---
 .../connected-applications.md                 | 10 +--
 .../microsoft-defender-atp/contact-support.md |  8 +--
 .../controlled-folders.md                     |  8 +--
 .../create-alert-by-reference.md              |  8 +--
 .../custom-detection-rules.md                 |  4 +-
 .../custom-detections-manage.md               |  2 +-
 .../customize-attack-surface-reduction.md     |  2 +-
 .../customize-controlled-folders.md           |  2 +-
 .../customize-exploit-protection.md           |  2 +-
 .../data-retention-settings.md                | 10 +--
 .../data-storage-privacy.md                   | 26 +++----
 .../defender-compatibility.md                 | 12 ++--
 .../delete-ti-indicator-by-id.md              |  4 +-
 .../deployment-phases.md                      | 15 ++--
 .../deployment-strategy.md                    | 18 ++---
 .../device-timeline-event-flag.md             |  8 +--
 .../edr-in-block-mode.md                      | 12 ++--
 .../enable-attack-surface-reduction.md        |  4 +-
 .../enable-controlled-folders.md              |  4 +-
 .../enable-exploit-protection.md              |  2 +-
 25 files changed, 148 insertions(+), 150 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
index 200173258f..e75588efda 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-notifications.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
 
 
 >[!NOTE]
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
index f5b7cb8755..dde5d47ec5 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-mssp-support.md
@@ -24,9 +24,9 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-mssp-support-abovefoldlink)
  
 
 [!include[Prerelease information](../../includes/prerelease.md)]
@@ -44,7 +44,7 @@ The integration will allow MSSPs to take the following actions:
 - Get email notifications, and 
 - Fetch alerts through security information and event management (SIEM) tools
 
-Before MSSPs can take these actions, the MSSP customer will need to grant access to their Microsoft Defender ATP tenant so that the MSSP can access the portal. 
+Before MSSPs can take these actions, the MSSP customer will need to grant access to their Defender for Endpoint tenant so that the MSSP can access the portal. 
  
 
 Typically, MSSP customers take the initial configuration steps to grant MSSPs access to their Windows Defender Security Central tenant. After access is granted, other configuration steps can be done by either the MSSP customer or the MSSP.
@@ -54,7 +54,7 @@ In general, the following configuration steps need to be taken:
 
 
 - **Grant the MSSP access to Microsoft Defender Security Center** 
    
-This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Microsoft Defender ATP tenant.
+This action needs to be done by the MSSP customer. It grants the MSSP access to the MSSP customer's Defender for Endpoint tenant.
  
 
 - **Configure alert notifications sent to MSSPs** 
    
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
index d0fbea257b..5a084ba92a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-proxy-internet.md
@@ -26,13 +26,13 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-configureendpointsscript-abovefoldlink)
 
-The Microsoft Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Microsoft Defender ATP service.
+The Defender for Endpoint sensor requires Microsoft Windows HTTP (WinHTTP) to report sensor data and communicate with the Defender for Endpoint service.
 
-The embedded Microsoft Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Microsoft Defender ATP cloud service.
+The embedded Defender for Endpoint sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Defender for Endpoint cloud service.
 
 >[!TIP]
 >For organizations that use forward proxies as a gateway to the Internet, you can use network protection to investigate behind a proxy. For more information, see [Investigate connection events that occur behind forward proxies](investigate-behind-proxy.md).
@@ -44,7 +44,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
   - Web Proxy Auto-discovery Protocol (WPAD)
 
     > [!NOTE]
-    > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Microsoft Defender ATP URL exclusions in the proxy, see [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
+    > If you're using Transparent proxy or WPAD in your network topology, you don't need special configuration settings. For more information on Defender for Endpoint URL exclusions in the proxy, see [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server).
 
 - Manual static proxy configuration:
   - Registry based configuration
@@ -52,7 +52,7 @@ The WinHTTP configuration setting is independent of the Windows Internet (WinINe
 
 ## Configure the proxy server manually using a registry-based static proxy
 
-Configure a registry-based static proxy to allow only Microsoft Defender ATP sensor to report diagnostic data and communicate with Microsoft Defender ATP services if a computer is not be permitted to connect to the Internet.
+Configure a registry-based static proxy to allow only Defender for Endpoint sensor to report diagnostic data and communicate with Defender for Endpoint services if a computer is not be permitted to connect to the Internet.
 
 The static proxy is configurable through Group Policy (GP). The group policy can be found under:
 
@@ -105,7 +105,7 @@ netsh winhttp reset proxy
 
 See [Netsh Command Syntax, Contexts, and Formatting](https://docs.microsoft.com/windows-server/networking/technologies/netsh/netsh-contexts) to learn more.
 
-## Enable access to Microsoft Defender ATP service URLs in the proxy server
+## Enable access to Microsoft Defender for Endpoint service URLs in the proxy server
 
 If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, add the domains listed in the downloadable sheet to the allowed domains list.
 
@@ -114,7 +114,7 @@ The following downloadable spreadsheet lists the services and their associated U
 
 |**Spreadsheet of domains list**|**Description**|
 |:-----|:-----|
-|![Thumb image for Microsoft Defender ATP URLs spreadsheet](images/mdatp-urls.png)
      | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

    [Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
+|![Thumb image for Microsoft Defender for Endpoint URLs spreadsheet](images/mdatp-urls.png)
      | Spreadsheet of specific DNS records for service locations, geographic locations, and OS. 

    [Download the spreadsheet here.](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-urls.xlsx) 
 
 
 If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the domains listed in the above table from HTTPS scanning.
@@ -130,7 +130,7 @@ If a proxy or firewall has HTTPS scanning (SSL inspection) enabled, exclude the
 > [!NOTE]
 > If you are using Microsoft Defender Antivirus in your environment, see [Configure network connections to the Microsoft Defender Antivirus cloud service](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/configure-network-connections-microsoft-defender-antivirus).
 
-If a proxy or firewall is blocking anonymous traffic, as Microsoft Defender ATP sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
+If a proxy or firewall is blocking anonymous traffic, as Defender for Endpoint sensor is connecting from system context, make sure anonymous traffic is permitted in the previously listed URLs.
 
 ### Microsoft Monitoring Agent (MMA) - proxy and firewall requirements for older versions of Windows client or Windows Server
 
@@ -150,7 +150,7 @@ The information below list the proxy and firewall configuration information requ
 
 Please see the following guidance to eliminate the wildcard (*) requirement for your specific environment when using the Microsoft Monitoring Agent (MMA) for previous versions of Windows.
 
-1.	Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Microsoft Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Microsoft Defender ATP](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016).
+1.	Onboard a previous operating system with the Microsoft Monitoring Agent (MMA) into Defender for Endpoint (for more information, see [Onboard previous versions of Windows on Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2010326) and [Onboard Windows servers](configure-server-endpoints.md#windows-server-2008-r2-sp1-windows-server-2012-r2-and-windows-server-2016).
 
 2.	Ensure the machine is successfully reporting into the Microsoft Defender Security Center portal.
 
@@ -169,9 +169,9 @@ The *.blob.core.windows.net URL endpoint can be replaced with the URLs shown in
 
 ## Verify client connectivity to Microsoft Defender ATP service URLs
 
-Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Microsoft Defender ATP service URLs.
+Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Defender for Endpoint service URLs.
 
-1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Microsoft Defender ATP sensor is running on.
+1. Download the [MDATP Client Analyzer tool](https://aka.ms/mdatpanalyzer) to the PC where Defender for Endpoint sensor is running on.
 
 2. Extract the contents of MDATPClientAnalyzer.zip on the device.
 
@@ -196,7 +196,7 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
 5. Extract the *MDATPClientAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
 
 6. Open *MDATPClientAnalyzerResult.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. 

    
-   The tool checks the connectivity of Microsoft Defender ATP service URLs that Microsoft Defender ATP client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Microsoft Defender ATP  services. For example:
+   The tool checks the connectivity of Defender for Endpoint service URLs that Defender for Endpoint client is configured to interact with. It then prints the results into the *MDATPClientAnalyzerResult.txt* file for each URL that can potentially be used to communicate with the Defender for Endpoint services. For example:
 
    ```text
    Testing URL : https://xxx.microsoft.com/xxx
@@ -207,18 +207,18 @@ Verify the proxy configuration completed successfully, that WinHTTP can discover
    5 - Command line proxy: Doesn't exist
    ```
 
-If at least one of the connectivity options returns a (200) status, then the Microsoft Defender ATP client can communicate with the tested URL properly using this connectivity method. 

    
+If at least one of the connectivity options returns a (200) status, then the Defender for Endpoint client can communicate with the tested URL properly using this connectivity method. 

    
 
-However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Microsoft Defender ATP service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
+However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Defender for Endpoint service URLs in the proxy server](#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 > [!NOTE]
 > The Connectivity Analyzer tool is not compatible with ASR rule [Block process creations originating from PSExec and WMI commands](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-exploit-guard/attack-surface-reduction#attack-surface-reduction-rules). You will need to temporarily disable this rule to run the connectivity tool.
 
 
 > [!NOTE]
-> When the TelemetryProxyServer is set, in Registry or via Group Policy, Microsoft Defender ATP will fall back to direct if it can't access the defined proxy.
+> When the TelemetryProxyServer is set, in Registry or via Group Policy, Defender for Endpoint will fall back to direct if it can't access the defined proxy.
 
 ## Related topics
 
 - [Onboard Windows 10 devices](configure-endpoints.md)
-- [Troubleshoot Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Troubleshoot Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
index fb0e253b2c..12a1b2f2be 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-server-endpoints.md
@@ -17,7 +17,7 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Onboard Windows servers to the Microsoft Defender ATP service
+# Onboard Windows servers to the Microsoft Defender for Endpoint service
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -30,21 +30,21 @@ ms.topic: article
 - Windows Server (SAC) version 1803 and later
 - Windows Server 2019 and later
 - Windows Server 2019 core edition
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-> Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
+> Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configserver-abovefoldlink)
 
 
-Microsoft Defender ATP extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.
+Defender for Endpoint extends support to also include the Windows Server operating system. This support provides advanced attack detection and investigation capabilities seamlessly through the Microsoft Defender Security Center console.
 
-For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Microsoft Defender ATP](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
+For a practical guidance on what needs to be in place for licensing and infrastructure, see [Protecting Windows Servers with Defender for Endpoint](https://techcommunity.microsoft.com/t5/What-s-New/Protecting-Windows-Server-with-Windows-Defender-ATP/m-p/267114#M128).
 
 For guidance on how to download and use Windows Security Baselines for Windows servers, see [Windows Security Baselines](https://docs.microsoft.com/windows/device-security/windows-security-baselines).
 
 
 ## Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016
 
-You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Microsoft Defender ATP by using any of the following options:
+You can onboard Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016 to Defender for Endpoint by using any of the following options:
 
 - **Option 1**: [Onboard by installing and configuring Microsoft Monitoring Agent (MMA)](#option-1-onboard-by-installing-and-configuring-microsoft-monitoring-agent-mma)
 - **Option 2**: [Onboard through Azure Security Center](#option-2-onboard-windows-servers-through-azure-security-center)
@@ -55,23 +55,23 @@ After completing the onboarding steps using any of the provided options, you'll
 
 
 > [!NOTE]
-> Microsoft defender ATP standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
+> Defender for Endpoint standalone server license is required, per node, in order to onboard a Windows server through Microsoft Defender Security Center (Option 1), or an Azure Security Center Standard license is required, per node, in order to onboard a Windows server through Azure Security Center (Option 2), see [Supported features available in Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-services).
 
 
 ### Option 1: Onboard by installing and configuring Microsoft Monitoring Agent (MMA)
-You'll need to install and configure MMA for Windows servers to report sensor data to Microsoft Defender ATP. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
+You'll need to install and configure MMA for Windows servers to report sensor data to Defender for Endpoint. For more information, see [Collect log data with Azure Log Analytics agent](https://docs.microsoft.com/azure/azure-monitor/platform/log-analytics-agent).
 
-If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Microsoft Defender ATP workspace through Multihoming support.
+If you're already leveraging System Center Operations Manager (SCOM) or Azure Monitor (formerly known as Operations Management Suite (OMS)), attach the Microsoft Monitoring Agent (MMA) to report to your Defender for Endpoint workspace through Multihoming support.
 
 In general, you'll need to take the following steps:
 1. Fulfill the onboarding requirements outlined in **Before you begin** section.
 2. Turn on server monitoring from Microsoft Defender Security center.
-3. Install and configure MMA for the server to report sensor data to Microsoft Defender ATP.
+3. Install and configure MMA for the server to report sensor data to Defender for Endpoint.
 4. Configure and update System Center Endpoint Protection clients.
 
 
 > [!TIP]
-> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Microsoft Defender ATP endpoint](run-detection-test.md).
+> After onboarding the device, you can choose to run a detection test to verify that it is properly onboarded to the service. For more information, see [Run a detection test on a newly onboarded Defender for Endpoint endpoint](run-detection-test.md).
 
 
 #### Before you begin 
@@ -92,7 +92,7 @@ Perform the following steps to fulfill the onboarding requirements:
 
 
 
-### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender ATP
+### Install and configure Microsoft Monitoring Agent (MMA) to report sensor data to Microsoft Defender for Endpoint
 
 1. Download the agent setup file: [Windows 64-bit agent](https://go.microsoft.com/fwlink/?LinkId=828603).
 
@@ -106,14 +106,14 @@ Perform the following steps to fulfill the onboarding requirements:
 
 
 ### Configure Windows server proxy and Internet connectivity settings if needed
-If your servers need to use a proxy to communicate with Microsoft Defender ATP, use one of the following methods to configure the MMA to use the proxy server:
+If your servers need to use a proxy to communicate with Defender for Endpoint, use one of the following methods to configure the MMA to use the proxy server:
 
 
 - [Configure the MMA to use a proxy server](https://docs.microsoft.com/azure/azure-monitor/platform/agent-windows#install-agent-using-setup-wizard)
 
 - [Configure Windows to use a proxy server for all connections](configure-proxy-internet.md)
 
-If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Microsoft Defender ATP service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. 
+If a proxy or firewall is in use, please ensure that servers can access all of the Microsoft Defender ATP service URLs directly and without SSL interception. For more information, see [enable access to Defender for Endpoint service URLs](configure-proxy-internet.md#enable-access-to-microsoft-defender-atp-service-urls-in-the-proxy-server). Use of SSL interception will prevent the system from communicating with the Defender for Endpoint service. 
 
 Once completed, you should see onboarded Windows servers in the portal within an hour.
 
@@ -124,17 +124,16 @@ Once completed, you should see onboarded Windows servers in the portal within an
 
 3. Click **Onboard Servers in Azure Security Center**.
 
-4. Follow the onboarding instructions in [Microsoft Defender Advanced Threat Protection with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
+4. Follow the onboarding instructions in [Microsoft Defender for Endpoint with Azure Security Center](https://docs.microsoft.com/azure/security-center/security-center-wdatp).
 
 After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
 
 ### Option 3: Onboard Windows servers through Microsoft Endpoint Configuration Manager version 2002 and later
-You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender Advanced Threat Protection in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
+You can onboard Windows Server 2012 R2 and Windows Server 2016 by using Microsoft Endpoint Configuration Manager version 2002 and later. For more information, see [Microsoft Defender for Endpoint
+ in Microsoft Endpoint Configuration Manager current branch](https://docs.microsoft.com/mem/configmgr/protect/deploy-use/defender-advanced-threat-protection).
 
 After completing the onboarding steps, you'll need to [Configure and update System Center Endpoint Protection clients](#configure-and-update-system-center-endpoint-protection-clients).
 
-
-
 ## Windows Server (SAC) version 1803, Windows Server 2019, and Windows Server 2019 Core edition
 You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windows Server 2019 Core edition by using the following deployment methods:
 
@@ -150,7 +149,7 @@ You can onboard Windows Server (SAC) version 1803, Windows Server 2019, or Windo
 
 Support for Windows Server, provide deeper insight into activities happening on the Windows server, coverage for kernel and memory attack detection, and enables response actions on Windows Server endpoint as well.
 
-1. Configure Microsoft Defender ATP onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
+1. Configure Defender for Endpoint onboarding settings on the Windows server. For more information, see [Onboard Windows 10 devices](configure-endpoints.md).
 
 2. If you're running a third-party antimalware solution, you'll need to apply the following Microsoft Defender AV passive mode settings. Verify that it was configured correctly:
 
@@ -179,28 +178,28 @@ Support for Windows Server, provide deeper insight into activities happening on
     For information on how to use Group Policy to configure and manage Microsoft Defender Antivirus on your Windows servers, see [Use Group Policy settings to configure and manage Microsoft Defender Antivirus](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/use-group-policy-microsoft-defender-antivirus).
 
 ## Integration with Azure Security Center
-Microsoft Defender ATP can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Microsoft Defender ATP to provide improved threat detection for Windows Servers.
+Defender for Endpoint can integrate with Azure Security Center to provide a comprehensive Windows server protection solution. With this integration, Azure Security Center can leverage the power of Defender for Endpoint to provide improved threat detection for Windows Servers.
 
 The following capabilities are included in this integration:
-- Automated onboarding - Microsoft Defender ATP sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
+- Automated onboarding - Defender for Endpoint sensor is automatically enabled on Windows Servers that are onboarded to Azure Security Center. For more information on Azure Security Center onboarding, see [Onboarding to Azure Security Center Standard for enhanced security](https://docs.microsoft.com/azure/security-center/security-center-onboarding).
 
     > [!NOTE]
     > Automated onboarding is only applicable for Windows Server 2008 R2 SP1, Windows Server 2012 R2, and Windows Server 2016.
 
-- Windows servers monitored by Azure Security Center will also be available in Microsoft Defender ATP - Azure Security Center seamlessly connects to the Microsoft Defender ATP tenant, providing a single view across clients and servers.  In addition, Microsoft Defender ATP alerts will be available in the Azure Security Center console.
+- Windows servers monitored by Azure Security Center will also be available in Defender for Endpoint - Azure Security Center seamlessly connects to the Defender for Endpoint tenant, providing a single view across clients and servers.  In addition, Defender for Endpoint alerts will be available in the Azure Security Center console.
 - Server investigation -  Azure Security Center customers can access Microsoft Defender Security Center to perform detailed investigation to uncover the scope of a potential breach.
 
 > [!IMPORTANT]
-> - When you use Azure Security Center to monitor servers, a Microsoft Defender ATP tenant is automatically created (in the US for US users, in the EU for European and UK users).
    
-Data collected by Microsoft Defender ATP is stored in the geo-location of the tenant as identified during provisioning.
-> - If you use Microsoft Defender ATP before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
+> - When you use Azure Security Center to monitor servers, a Defender for Endpoint tenant is automatically created (in the US for US users, in the EU for European and UK users).
    
+Data collected by Defender for Endpoint is stored in the geo-location of the tenant as identified during provisioning.
+> - If you use Defender for Endpoint before using Azure Security Center, your data will be stored in the location you specified when you created your tenant even if you integrate with Azure Security Center at a later time.
 > - Once configured, you cannot change the location where your data is stored. If you need to move your data to another location, you need to contact Microsoft Support to reset the tenant. 
    
 Server endpoint monitoring utilizing this integration has been disabled for Office 365 GCC customers.
 
 
 ## Configure and update System Center Endpoint Protection clients
 
-Microsoft Defender ATP integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
+Defender for Endpoint integrates with System Center Endpoint Protection. The integration provides visibility to malware detections and to stop propagation of an attack in your organization by banning potentially malicious files or suspected malware.
 
 The following steps are required to enable this integration:
 - Install the [January 2017 anti-malware platform update for Endpoint Protection clients](https://support.microsoft.com/help/3209361/january-2017-anti-malware-platform-update-for-endpoint-protection-clie).
@@ -214,28 +213,28 @@ You can offboard Windows Server (SAC), Windows Server 2019, and Windows Server 2
 
 For other Windows server versions, you have two options to offboard Windows servers from the service:
 - Uninstall the MMA agent
-- Remove the Microsoft Defender ATP workspace configuration
+- Remove the Defender for Endpoint workspace configuration
 
 > [!NOTE]
 > Offboarding causes the Windows server to stop sending sensor data to the portal but data from the Windows server, including reference to any alerts it has had will be retained for up to 6 months.
 
 ### Uninstall Windows servers by uninstalling the MMA agent
-To offboard the Windows server, you can uninstall the MMA agent from the Windows server or detach it from reporting to your Microsoft Defender ATP workspace. After offboarding the agent, the Windows server will no longer send sensor data to Microsoft Defender ATP.
+To offboard the Windows server, you can uninstall the MMA agent from the Windows server or detach it from reporting to your Defender for Endpoint workspace. After offboarding the agent, the Windows server will no longer send sensor data to Defender for Endpoint.
 For more information, see [To disable an agent](https://docs.microsoft.com/azure/log-analytics/log-analytics-windows-agents#to-disable-an-agent).
 
-### Remove the Microsoft Defender ATP workspace configuration
+### Remove the Defender for Endpoint workspace configuration
 To offboard the Windows server, you can use either of the following methods:
 
-- Remove the Microsoft Defender ATP workspace configuration from the MMA agent
+- Remove the Defender for Endpoint workspace configuration from the MMA agent
 - Run a PowerShell command to remove the configuration
 
-#### Remove the Microsoft Defender ATP workspace configuration from the MMA agent
+#### Remove the Defender for Endpoint workspace configuration from the MMA agent
 
 1. In the **Microsoft Monitoring Agent Properties**, select the **Azure Log Analytics (OMS)** tab.
 
-2. Select the Microsoft Defender ATP workspace, and click **Remove**.
+2. Select the Defender for Endpoint workspace, and click **Remove**.
 
-    ![Image of Microsoft Monitoring Agen Properties](images/atp-mma.png)
+    ![Image of Microsoft Monitoring Agent Properties](images/atp-mma.png)
 
 #### Run a PowerShell command to remove the configuration
 
@@ -261,5 +260,5 @@ To offboard the Windows server, you can use either of the following methods:
 - [Onboard Windows 10 devices](configure-endpoints.md)
 - [Onboard non-Windows devices](configure-endpoints-non-windows.md)
 - [Configure proxy and Internet connectivity settings](configure-proxy-internet.md)
-- [Run a detection test on a newly onboarded Microsoft Defender ATP device](run-detection-test.md)
-- [Troubleshooting Microsoft Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding.md)
+- [Run a detection test on a newly onboarded Defender for Endpoint device](run-detection-test.md)
+- [Troubleshooting Microsoft Defender for Endpoint onboarding issues](troubleshoot-onboarding.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
index aa9008f98a..56a52b04ba 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-siem.md
@@ -24,21 +24,21 @@ ms.topic: article
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-configuresiem-abovefoldlink) 
 
 ## Pull detections using security information and events management (SIEM) tools
 
 >[!NOTE]
->- [Microsoft Defender ATP Alert](alerts.md) is composed from one or more detections.
->- [Microsoft Defender ATP Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
->-The Microsoft Defender ATP Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
+>- [Microsoft Defender for Endpoint Alert](alerts.md) is composed from one or more detections.
+>- [Microsoft Defender for Endpoint Detection](api-portal-mapping.md) is composed from the suspicious event occurred on the Device and its related Alert details.
+>-The Microsoft Defender for Endpoint Alert API is the latest API for alert consumption and contain a detailed list of related evidence for each alert. For more information, see [Alert methods and properties](alerts.md) and [List alerts](get-alerts.md).
 
-Microsoft Defender ATP supports security information and event management (SIEM) tools to pull detections. Microsoft Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
+Defender for Endpoint supports security information and event management (SIEM) tools to pull detections. Defender for Endpoint exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to pull detections from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
 
 
-Microsoft Defender ATP currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
+Defender for Endpoint currently supports the following specific SIEM solution tools through a dedicated SIEM integration model:
 
 - IBM QRadar
 - Micro Focus ArcSight
@@ -47,12 +47,12 @@ Other SIEM solutions (such as Splunk, RSA NetWitness) are supported through a di
 
 To use either of these supported SIEM tools you'll need to:
 
-- [Enable SIEM integration in Microsoft Defender ATP](enable-siem-integration.md)
+- [Enable SIEM integration in Defender for Endpoint](enable-siem-integration.md)
 - Configure the supported SIEM tool:
-     - [Configure HP ArcSight to pull Microsoft Defender ATP detections](configure-arcsight.md)
-     - Configure IBM QRadar to pull Microsoft Defender ATP detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
+     - [Configure HP ArcSight to pull Defender for Endpoint detections](configure-arcsight.md)
+     - Configure IBM QRadar to pull Defender for Endpoint detections For more information, see [IBM Knowledge Center](https://www.ibm.com/support/knowledgecenter/SS42VS_DSM/com.ibm.dsm.doc/c_dsm_guide_MS_Win_Defender_ATP_overview.html?cp=SS42VS_7.3.1).
 
-For more information on the list of fields exposed in the Detection API see, [Microsoft Defender ATP Detection fields](api-portal-mapping.md).
+For more information on the list of fields exposed in the Detection API see, [Defender for Endpoint Detection fields](api-portal-mapping.md).
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
index 389002a969..99a86d51e7 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/connected-applications.md
@@ -18,17 +18,17 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Connected applications in Microsoft Defender ATP
+# Connected applications in Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-Connected applications integrates with the Microsoft Defender ATP platform using APIs. 
+Connected applications integrates with the Defender for Endpoint platform using APIs. 
 
-Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender ATP APIs.  In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
+Applications use standard OAuth 2.0 protocol to authenticate and provide tokens for use with Microsoft Defender for Endpoint APIs.  In addition, Azure Active Directory (Azure AD) applications allow tenant admins to set explicit control over which APIs can be accessed using the corresponding app.
  
 You'll need to follow [these steps](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/apis-intro) to use the APIs with the connected application.
  
@@ -37,7 +37,7 @@ From the left navigation menu, select **Partners & APIs** > **Connected AAD appl
 
  
 ## View connected application details
-The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender ATP in your organization. You can review the usage of the connected applications: last seen, number of requests in the past 24 hours, and request trends in the last 30 days.
+The Connected applications page provides information about the Azure AD applications connected to Microsoft Defender for Endpoint in your organization. You can review the usage of the connected applications: last seen, number of requests in the past 24 hours, and request trends in the last 30 days.
 
 ![Image of connected apps](images/connected-apps.png)
  
diff --git a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
index 252019ef63..b8af068443 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/contact-support.md
@@ -17,15 +17,15 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Contact Microsoft Defender ATP support
+# Contact Microsoft Defender for Endpoint support
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
-Microsoft Defender ATP has recently upgraded the support process to offer a more modern and advanced support experience. 
+Defender for Endpoint has recently upgraded the support process to offer a more modern and advanced support experience. 
 
 The new widget allows customers to:
 - Find solutions to common problems
@@ -68,7 +68,7 @@ In case the suggested articles are not sufficient, you can open a service reques
 
 ## Open a service request
 
-Learn how to open support tickets by contacting Microsoft Defender ATP support. 
+Learn how to open support tickets by contacting Defender for Endpoint support. 
 
 
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
index 7687279880..4895d24e44 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/controlled-folders.md
@@ -24,13 +24,13 @@ ms.custom: asr
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## What is controlled folder access?
 
 Controlled folder access helps you protect your valuable data from malicious apps and threats, like ransomware. Controlled folder access protects your data by checking apps against a list of known, trusted apps. Supported on Windows Server 2019 and Windows 10 clients, controlled folder access can be turned on using the Windows Security App or in Microsoft Endpoint Configuration Manager and Intune (for managed devices). 
 
-Controlled folder access works best with [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Controlled folder access works best with [Microsoft Defender for Endpoint](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md), which gives you detailed reporting into controlled folder access events and blocks as part of the usual [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
 ## How does controlled folder access work?
 
@@ -54,9 +54,9 @@ Controlled folder access requires enabling [Microsoft Defender Antivirus real-ti
 
 ## Review controlled folder access events in the Microsoft Defender Security Center
 
-Microsoft Defender ATP provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
+Defender for Endpoint provides detailed reporting into events and blocks as part of its [alert investigation scenarios](../microsoft-defender-atp/investigate-alerts.md).
 
-You can query Microsoft Defender ATP data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
+You can query Microsoft Defender for Endpoint data by using [Advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-windows-defender-advanced-threat-protection). If you're using [audit mode](audit-windows-defender.md), you can use advanced hunting to see how controlled folder access settings would affect your environment if they were enabled.
 
 Example query:
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
index 887c5716d1..a5c286ef37 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/create-alert-by-reference.md
@@ -21,14 +21,14 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
 Creates new [Alert](alerts.md) on top of **Event**.
-
    **Microsoft Defender ATP Event** is required for the alert creation.
+
    **Microsoft Defender for Endpoint Event** is required for the alert creation.
 
    You will need to supply 3 parameters from the Event in the request: **Event Time**, **Machine ID** and **Report ID**. See example below.
 
    You can use an event found in Advanced Hunting API or Portal.
 
    If there existing an open alert on the same Device with the same Title, the new created alert will be merged with it.
@@ -41,7 +41,7 @@ Creates new [Alert](alerts.md) on top of **Event**.
 
 ## Permissions
 
-One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender ATP APIs](apis-intro.md)
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Use Microsoft Defender for Endpoint APIs](apis-intro.md)
 
 Permission type |	Permission	|	Permission display name
 :---|:---|:---
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 9135224d1c..17e23e40fc 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -25,7 +25,7 @@ ms.date: 09/20/2020
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
 
@@ -109,7 +109,7 @@ Your custom detection rule can automatically take actions on files or devices th
 
 These actions are applied to devices in the `DeviceId` column of the query results:
 
-- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Microsoft Defender ATP service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
+- **Isolate device**—applies full network isolation, preventing the device from connecting to any application or service, except for the Defender for Endpoint service. [Learn more about device isolation](respond-machine-alerts.md#isolate-devices-from-the-network)
 - **Collect investigation package**—collects device information in a ZIP file. [Learn more about the investigation package](respond-machine-alerts.md#collect-investigation-package-from-devices)
 - **Run antivirus scan**—performs a full Microsoft Defender Antivirus scan on the device
 - **Initiate investigation**—starts an [automated investigation](automated-investigations.md) on the device
diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
index 93b295e31b..ef5088e134 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detections-manage.md
@@ -24,7 +24,7 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Manage your existing [custom detection rules](custom-detection-rules.md) to ensure they are effectively finding threats and taking actions. Explore how to view the list of rules, check their previous runs, and review the alerts they have triggered. You can also run a rule on demand and modify it.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
index 3ca15689d2..81ede44b00 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reduction.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 > [!IMPORTANT]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
index d4f8aeab39..b689c58a11 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-controlled-folders.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Controlled folder access helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is supported on Windows Server 2019 and Windows 10 clients.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
index 6124ea2318..e0f6337ab6 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/customize-exploit-protection.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 Exploit protection automatically applies a number of exploit mitigation techniques on both the operating system processes and on individual apps.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
index 51f62dd09c..7932cfb153 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-retention-settings.md
@@ -16,7 +16,7 @@ audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: conceptual
 ---
-# Verify data storage location and update data retention settings for Microsoft Defender ATP 
+# Verify data storage location and update data retention settings for Microsoft Defender for Endpoint
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
@@ -24,12 +24,12 @@ ms.topic: conceptual
 **Applies to:**
 
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-gensettings-abovefoldlink)
 
-During the onboarding process, a wizard takes you through the data storage and retention settings of Microsoft Defender ATP. 
+During the onboarding process, a wizard takes you through the data storage and retention settings of Defender for Endpoint. 
 
 After completing the onboarding, you can verify your selection in the data retention settings page.
 
@@ -52,5 +52,5 @@ You can verify the data location by navigating to **Settings** > **Data retentio
 
 ## Related topics
 - [Update data retention settings](data-retention-settings.md)
-- [Configure alert notifications in Microsoft Defender ATP](configure-email-notifications.md)
+- [Configure alert notifications in Defender for Endpoint](configure-email-notifications.md)
 - [Configure advanced features](advanced-features.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
index 6e76ce4bee..25c69f5fb1 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/data-storage-privacy.md
@@ -17,29 +17,29 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ---
 
-# Microsoft Defender ATP data storage and privacy
+# Microsoft Defender for Endpoint data storage and privacy
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
+- [Microsoft Defender for Endpoint](https://wincom.blob.core.windows.net/documents/Windows10_Commercial_Comparison.pdf)
 
 
 
-This section covers some of the most frequently asked questions regarding privacy and data handling for Microsoft Defender ATP.
+This section covers some of the most frequently asked questions regarding privacy and data handling for Defender for Endpoint.
 > [!NOTE]
-> This document explains the data storage and privacy details related to Microsoft Defender ATP. For more information related to Microsoft Defender ATP and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
+> This document explains the data storage and privacy details related to Defender for Endpoint. For more information related to Defender for Endpoint and other products and services like Microsoft Defender Antivirus and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
 
-## What data does Microsoft Defender ATP collect?
+## What data does Microsoft Defender for Endpoint collect?
 
-Microsoft Defender ATP will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
+Microsoft Defender for Endpoint will collect and store information from your configured devices in a customer dedicated and segregated tenant specific to the service for administration, tracking, and reporting purposes. 
 
 Information collected includes file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and device details (such as device identifiers, names, and the operating system version).
 
 Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
-This data enables Microsoft Defender ATP to:
+This data enables Defender for Endpoint to:
 - Proactively identify indicators of attack (IOAs) in your organization
 - Generate alerts if a possible attack was detected
 - Provide your security operations with a view into devices, files, and URLs related to threat signals from your network, enabling you to investigate and explore the presence of security threats on the network.
@@ -47,16 +47,16 @@ This data enables Microsoft Defender ATP to:
 Microsoft does not use your data for advertising.
 
 ## Data protection and encryption
-The Microsoft Defender ATP service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
+The Defender for Endpoint service utilizes state of the art data protection technologies which are based on Microsoft Azure infrastructure. 
 
-There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Microsoft Defender ATP service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
+There are various aspects relevant to data protection that our service takes care of. Encryption is one of the most critical and it includes data encryption at rest, encryption in flight, and key management with Key Vault. For more information on other technologies used by the Defender for Endpoint service, see [Azure encryption overview](https://docs.microsoft.com/azure/security/security-azure-encryption-overview). 
 
 In all scenarios, data is encrypted using 256-bit [AES encryption](https://en.wikipedia.org/wiki/Advanced_Encryption_Standard) at the minimum.
 
 
 ## Data storage location
 
-Microsoft Defender ATP operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Microsoft Defender ATP uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.
+Defender for Endpoint operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Defender for Endpoint uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service.
 
 Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States.
 
@@ -90,10 +90,10 @@ Your data will be kept and will be available to you while the license is under g
 
 
 ## Can Microsoft help us maintain regulatory compliance?
-Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Microsoft Defender ATP services against their own legal and regulatory requirements. Microsoft Defender ATP has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional and industry-specific certifications.
+Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Defender for Endpoint services against their own legal and regulatory requirements. Defender for Endpoint has achieved a number of certifications including ISO, SOC, FedRAMP High, and PCI and continues to pursue additional national, regional and industry-specific certifications.
 
 By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run.
 
-For more information on the Microsoft Defender ATP certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/). 
+For more information on the Defender for Endpoint certification reports, see [Microsoft Trust Center](https://servicetrust.microsoft.com/). 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-datastorage-belowfoldlink) 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
index cae9259b66..f84762a3a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/defender-compatibility.md
@@ -27,18 +27,18 @@ ms.date: 04/24/2018
 
 
 - Windows Defender
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-defendercompat-abovefoldlink)
 
-The Microsoft Defender Advanced Threat Protection agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
+The Microsoft Defender for Endpoint agent depends on Microsoft Defender Antivirus for some capabilities such as file scanning.
 
 >[!IMPORTANT]
->Microsoft Defender ATP does not adhere to the Microsoft Defender Antivirus Exclusions settings. 
+>Defender for Endpoint does not adhere to the Microsoft Defender Antivirus Exclusions settings. 
 
-You must configure Security intelligence updates on the Microsoft Defender ATP devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
+You must configure Security intelligence updates on the Defender for Endpoint devices whether Microsoft Defender Antivirus is the active antimalware or not. For more information, see [Manage Microsoft Defender Antivirus updates and apply baselines](../microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md).
 
 If an onboarded device is protected by a third-party antimalware client, Microsoft Defender Antivirus on that endpoint will enter into passive mode.
 
@@ -46,4 +46,4 @@ Microsoft Defender Antivirus will continue to receive updates, and the *mspeng.e
 
 The Microsoft Defender Antivirus interface will be disabled, and users on the device will not be able to use Microsoft Defender Antivirus to perform on-demand scans or configure most options.
 
-For more information, see the [Microsoft Defender Antivirus and Microsoft Defender ATP compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
+For more information, see the [Microsoft Defender Antivirus and Defender for Endpoint compatibility topic](../microsoft-defender-antivirus/microsoft-defender-antivirus-compatibility.md).
diff --git a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
index 5b8786d978..123ce4959e 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/delete-ti-indicator-by-id.md
@@ -21,9 +21,9 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-- Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
+- Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-exposedapis-abovefoldlink) 
 
 
 ## API description
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
index 9e8296bde8..eaad0ee26f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-phases.md
@@ -24,20 +24,20 @@ ms.topic: article
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 
-There are three phases in deploying Microsoft Defender ATP:
+There are three phases in deploying Defender for Endpoint:
 
 |Phase | Description | 
 |:-------|:-----|
-| ![Phase 1: Prepare](images/prepare.png)
    [Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Microsoft Defender ATP: 

    - Stakeholders and sign-off 
     - Environment considerations 
    - Access 
     - Adoption order
+| ![Phase 1: Prepare](images/prepare.png)
    [Phase 1: Prepare](prepare-deployment.md)| Learn about what you need to consider when deploying Defender for Endpoint: 

    - Stakeholders and sign-off 
     - Environment considerations 
    - Access 
     - Adoption order
 |  ![Phase 2: Setup](images/setup.png) 
    [Phase 2: Setup](production-deployment.md)|  Take the initial steps to access Microsoft Defender Security Center. You'll be guided on:

    - Validating the licensing 
      - Completing the setup wizard within the portal
    - Network configuration|
 |  ![Phase 3: Onboard](images/onboard.png) 
    [Phase 3: Onboard](onboarding.md) | Onboard devices to the service so the Microsoft Defender ATP service can get sensor data from them. 
 
 
 
-The deployment guide will guide you through the recommended path in deploying Microsoft Defender ATP. 
+The deployment guide will guide you through the recommended path in deploying Defender for Endpoint. 
 
 If you're unfamiliar with the general deployment planning steps, check out the [Plan deployment](deployment-strategy.md) topic to get a  high-level overview of the general deployment steps and methods.
 
@@ -47,9 +47,9 @@ The following is in scope for this deployment guide:
 
 -   Use of Microsoft Endpoint Configuration Manager and Microsoft Endpoint Manager to onboard endpoints into the service and configure capabilities
 
--   Enabling Microsoft Defender ATP endpoint detection and response (EDR)  capabilities
+-   Enabling Defender for Endpoint endpoint detection and response (EDR)  capabilities
 
--   Enabling Microsoft Defender ATP endpoint protection platform (EPP)
+-   Enabling Defender for Endpoint endpoint protection platform (EPP)
     capabilities
 
     -   Next-generation protection
@@ -61,7 +61,6 @@ The following is in scope for this deployment guide:
 
 The following are out of scope of this deployment guide:
 
--   Configuration of third-party solutions that might integrate with Microsoft
-    Defender ATP
+-   Configuration of third-party solutions that might integrate with Defender for Endpoint
 
 -   Penetration testing in production environment
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
index 1da9daaa7f..9c14158aa2 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-strategy.md
@@ -16,18 +16,18 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Plan your Microsoft Defender ATP deployment 
+# Plan your Microsoft Defender for Endpoint deployment 
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
 **Applies to:**
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
->Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
+>Want to experience Defender for Endpoint? [Sign up for a free trial.](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp?ocid=docs-wdatp-secopsdashboard-abovefoldlink) 
 
-Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Microsoft Defender ATP. 
+Depending on the requirements of your environment, we've put together material to help guide you through the various options you can adopt to deploy Defender for Endpoint. 
 
-These are the general steps you need to take to deploy Microsoft Defender ATP:
+These are the general steps you need to take to deploy Defender for Endpoint:
 
 ![Image of deployment flow](images/onboarding-flow-diagram.png)
 
@@ -41,16 +41,16 @@ We understand that every enterprise environment is unique, so we've provided sev
 
 Depending on your environment, some tools are better suited for certain architectures. 
 
-Use the following material to select the appropriate Microsoft Defender ATP architecture that best suites your organization.
+Use the following material to select the appropriate Defender for Endpoint architecture that best suites your organization.
 
 |**Item**|**Description**|
 |:-----|:-----|
-|[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
     [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
    •  Cloud-native 
    •  Co-management 
    •  On-premise
    • Evaluation and local onboarding
      • 
+|[![Thumb image for Defender for Endpoint deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
       [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: 
      •  Cloud-native 
      •  Co-management 
      •  On-premise
      • Evaluation and local onboarding
        • 
 
 
 
 ## Step 2: Select deployment method
-Microsoft Defender ATP supports a variety of endpoints that you can onboard to the service. 
+Defender for Endpoint supports a variety of endpoints that you can onboard to the service. 
 
 The following table lists the supported endpoints and the corresponding deployment tool that you can use so that you can plan the deployment appropriately.
 
@@ -65,7 +65,7 @@ The following table lists the supported endpoints and the corresponding deployme
 
 
 ## Step 3: Configure capabilities
-After onboarding endpoints, configure the security capabilities in Microsoft Defender ATP so that you can maximize the robust security protection available in the suite. Capabilities include:
+After onboarding endpoints, configure the security capabilities in Defender for Endpoint so that you can maximize the robust security protection available in the suite. Capabilities include:
 
 - Endpoint detection and response
 - Next-generation protection
diff --git a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
index bd99bff2fa..8ab3495d50 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/device-timeline-event-flag.md
@@ -16,15 +16,15 @@ ms.collection: M365-security-compliance
 ms.topic: article
 ---
 
-# Microsoft Defender ATP device timeline event flags
+# Microsoft Defender for Endpoint device timeline event flags
 
 [!INCLUDE [Microsoft 365 Defender rebranding](../../includes/microsoft-defender.md)]
 
-**Applies to:** [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+**Applies to:** [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
-Event flags in the Microsoft Defender ATP device timeline help you filter and organize specific events when you're  investigate potential attacks.
+Event flags in the Defender for Endpoint device timeline help you filter and organize specific events when you're  investigate potential attacks.
 
-The Microsoft Defender ATP device timeline provides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related. 
+The Defender for Endpoint device timeline provides a chronological view of the events and associated alerts observed on a device. This list of events provides full visibility into any events, files, and IP addresses observed on the device. The list can sometimes be lengthy. Device timeline event flags help you track events that could be related. 
 
 After you've gone through a device timeline, you can sort, filter, and export the specific events that you flagged.
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index be7793c044..dd5ae76ded 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -28,18 +28,18 @@ ms.collection:
 
 **Applies to:**
 
-- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+- [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 ## What is EDR in block mode?
 
-When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Microsoft Defender ATP blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach. 
+When [endpoint detection and response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/overview-endpoint-detection-response) (EDR) in block mode is turned on, Defender for Endpoint blocks malicious artifacts or behaviors that are observed through post-breach protection. EDR in block mode works behind the scenes to remediate malicious artifacts that are detected, post breach. 
 
 EDR in block mode is also integrated with [threat & vulnerability management](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/next-gen-threat-and-vuln-mgt). Your organization's security team will get a [security recommendation](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/tvm-security-recommendation) to turn EDR in block mode on if it isn't already enabled. 
 
 :::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
 
 > [!NOTE]
-> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
+> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender for Endpoint baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
 
 ## What happens when something is detected?
 
@@ -87,11 +87,11 @@ No. EDR in block mode does not affect third-party antivirus protection running o
 
 ### Why do I need to keep Microsoft Defender Antivirus up to date? 
 
-Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date.  
+Because Microsoft Defender Antivirus detects and remediates malicious items, it's important to keep it up to date to leverage the latest device learning models, behavioral detections, and heuristics for EDR in block mode to be most effective. The [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) stack of capabilities works in an integrated manner, and to get best protection value, you should keep Microsoft Defender Antivirus up to date.  
 
 ### Why do we need cloud protection on? 
 
-Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
+Cloud protection is needed to turn on the feature on the device. Cloud protection allows [Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) to deliver the latest and greatest protection based on our breadth and depth of security intelligence, along with behavioral and device learning models.
 
 ## See also
 
@@ -99,5 +99,5 @@ Cloud protection is needed to turn on the feature on the device. Cloud protectio
 
 [Behavioral blocking and containment](behavioral-blocking-containment.md)
 
-[Better together: Microsoft Defender Antivirus and Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)
+[Better together: Microsoft Defender Antivirus and Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/why-use-microsoft-antivirus)
 
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
index 36216eb833..6262a58c47 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-attack-surface-reduction.md
@@ -32,7 +32,7 @@ Each ASR rule contains one of three settings:
 - Block: Enable the ASR rule
 - Audit: Evaluate how the ASR rule would impact your organization if enabled
 
-To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
+To use ASR rules, you must have either a Windows 10 Enterprise E3 or E5 license. We recommend E5 licenses so you can take advantage of the advanced monitoring and reporting capabilities that are available in [Microsoft Defender for Endpoint](https://docs.microsoft.com/windows/security/threat-protection) (Defender for Endpoint). Advanced monitoring and reporting capabilities aren't available with an E3 license, but you can develop your own monitoring and reporting tools to use in conjunction with ASR rules.
 
 > [!TIP]
 > To learn more about Windows licensing, see [Windows 10 Licensing](https://www.microsoft.com/licensing/product-licensing/windows10?activetab=windows10-pivot:primaryr5) and get the [Volume Licensing guide for Windows 10](https://download.microsoft.com/download/2/D/1/2D14FE17-66C2-4D4C-AF73-E122930B60F6/Windows-10-Volume-Licensing-Guide.pdf).
@@ -51,7 +51,7 @@ Enterprise-level management such as Intune or Microsoft Endpoint Configuration M
 
 You can exclude files and folders from being evaluated by most attack surface reduction rules. This means that even if an ASR rule determines the file or folder contains malicious behavior, it will not block the file from running. This could potentially allow unsafe files to run and infect your devices.
 
-You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Microsoft Defender ATP file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).)
+You can also exclude ASR rules from triggering based on certificate and file hashes by allowing specified Defender for Endpoint file and certificate indicators. (See [Manage indicators](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/manage-indicators).)
 
 > [!IMPORTANT]
 > Excluding files or folders can severely reduce the protection provided by ASR rules. Excluded files will be allowed to run, and no report or event will be recorded.
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
index 6f00213b3c..8af897f9a0 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-controlled-folders.md
@@ -22,7 +22,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Controlled folder access](controlled-folders.md) helps you protect valuable data from malicious apps and threats, such as ransomware. Controlled folder access is included with Windows 10 and Windows Server 2019.
 
@@ -134,4 +134,4 @@ Use `Disabled` to turn off the feature.
 
 * [Protect important folders with controlled folder access](controlled-folders.md)
 * [Customize controlled folder access](customize-controlled-folders.md)
-* [Evaluate Microsoft Defender ATP](../microsoft-defender-atp/evaluate-atp.md)
+* [Evaluate Microsoft Defender for Endpoint](../microsoft-defender-atp/evaluate-atp.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
index 2d44c8da7d..368d58eee8 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/enable-exploit-protection.md
@@ -21,7 +21,7 @@ manager: dansimp
 
 **Applies to:**
 
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2146631)
+* [Microsoft Defender for Endpoint](https://go.microsoft.com/fwlink/p/?linkid=2146631)
 
 [Exploit protection](exploit-protection.md) helps protect against malware that uses exploits to infect devices and spread. Exploit protection consists of a number of mitigations that can be applied to either the operating system or individual apps.
 

From 42a4d7fbb561ca1b13476b2242f7e19daa22db72 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Thu, 29 Oct 2020 08:09:21 -0700
Subject: [PATCH 119/346] Update
 windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md

Co-authored-by: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp-ios-privacy-information.md          | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
index 8a5045c2cc..80c74d4717 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-ios-privacy-information.md
@@ -22,7 +22,7 @@ ms.topic: conceptual
 
 # Privacy information - Microsoft Defender ATP for iOS
 
->[!NOTE] 
+> [!NOTE]
 > Microsoft Defender ATP for iOS uses a VPN to provide the Web Protection feature. This is not a regular VPN and is a local or self-looping VPN that does not take traffic outside the device. **Microsoft or your organization, does not see your browsing activity.**
 
 Microsoft Defender ATP for iOS collects information from your configured iOS devices and stores it in the same tenant where you have Microsoft Defender ATP. The information is collected to help keep Microsoft Defender ATP for iOS secure, up-to-date, performing as expected, and to support the service.
@@ -94,4 +94,3 @@ For more information, see [More on Privacy](https://aka.ms/mdatpiosprivacystatem
 
 
 
-

From 4045c1cc76c8313a094ddc5a8a6ba2d7bb0b3782 Mon Sep 17 00:00:00 2001
From: julihooper <65675989+julihooper@users.noreply.github.com>
Date: Thu, 29 Oct 2020 09:55:20 -0700
Subject: [PATCH 120/346] Update respond-machine-alerts.md

Adding a Note for what min requirements are for collecting MpSupport logs via CIP feature.
---
 .../microsoft-defender-atp/respond-machine-alerts.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
index 98a8d61680..89647f9832 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/respond-machine-alerts.md
@@ -110,7 +110,7 @@ The package contains the following folders:
 | System Information| Contains a SystemInformation.txt file which lists system information such as OS version and network cards.                                                                                     |
 | Temp Directories| Contains a set of text files that lists the files located in %Temp% for every user in the system. 

         This can help to track suspicious files that an attacker may have dropped on the system. 

         
        NOTE: If the file contains the following message: “The system cannot find the path specified”, it means that there is no temp directory for this user, and might be because the user didn’t log in to the system.
                                                                                                                                                 |
 | Users and Groups| Provides a list of files that each represent a group and its members.                                                                                                                   |
-|WdSupportLogs| Provides the MpCmdRunLog.txt and MPSupportFiles.cab                                                                                                                   |
+|WdSupportLogs| Provides the MpCmdRunLog.txt and MPSupportFiles.cab  

         
        NOTE: This folder will only be created on Windows 10, version 1709 or later with February 2020 update rollup or more recent installed:
         Win10 1709 (RS3) Build 16299.1717 : [KB4537816](https://support.microsoft.com/en-us/help/4537816/windows-10-update-kb4537816) 
         Win10 1803 (RS4) Build 17134.1345 : [KB4537795](https://support.microsoft.com/en-us/help/4537795/windows-10-update-kb4537795) 
         Win10 1809 (RS5) Build 17763.1075 : [KB4537818](https://support.microsoft.com/en-us/help/4537818/windows-10-update-kb4537818) 
         Win10 1903/1909 (19h1/19h2) Builds 18362.693 and 18363.693 : [KB4535996](https://support.microsoft.com/en-us/help/4535996/windows-10-update-kb4535996) 
                                                                                                                            |
 | CollectionSummaryReport.xls| This file is a summary of the investigation package collection, it contains the list of data points, the command used to extract the data, the execution status, and the error code in case of failure. You can use this report to track if the package includes all the expected data and identify if there were any errors. |
 
 ## Run Microsoft Defender Antivirus scan on devices

From d2e38a7c7b90e5b21e585042d61c55a0cceebfcd Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 11:38:44 -0700
Subject: [PATCH 121/346] Update faq-md-app-guard.md

---
 .../faq-md-app-guard.md                       | 94 +++++++++++++++----
 1 file changed, 76 insertions(+), 18 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
index b3bb7867ee..867107aeaa 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/faq-md-app-guard.md
@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 09/14/2020
+ms.date: 10/29/2020
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -22,19 +22,18 @@ Answering frequently asked questions about Microsoft Defender Application Guard
 
 ## Frequently Asked Questions
 
-### Can I enable Application Guard on machines equipped with 4GB RAM?
+### Can I enable Application Guard on machines equipped with 4 GB RAM?
+We recommend 8 GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
 
-We recommend 8GB RAM for optimal performance but you may use the following registry DWORD values to enable Application Guard on machines that aren't meeting the recommended hardware configuration.
+`HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is four cores.)                                                   
 
-`HKLM\software\Microsoft\Hvsi\SpecRequiredProcessorCount` (Default is 4 cores.)                                                   
+`HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB` (Default is 8 GB.)
 
-`HKLM\software\Microsoft\Hvsi\SpecRequiredMemoryInGB` (Default is 8GB.)
-
-`HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB` (Default is 5GB.)
+`HKLM\software\Microsoft\Hvsi\SpecRequiredFreeDiskSpaceInGB` (Default is 5 GB.)
 
 ### Can employees download documents from the Application Guard Edge session onto host devices? 
 
-In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This is managed by policy.
+In Windows 10 Enterprise edition 1803, users will be able to download documents from the isolated Application Guard container to the host PC. This capability is managed by policy.
 
 In Windows 10 Enterprise edition 1709 or Windows 10 Professional edition 1803, it is not possible to download files from the isolated Application Guard container to the host PC. However, employees can use the **Print as PDF** or **Print as XPS** options and save those files to the host device. 
 
@@ -44,20 +43,16 @@ Depending on your organization's settings, employees can copy and paste images (
 
 ### Why don't employees see their Favorites in the Application Guard Edge session?
 
-To help keep the Application Guard Edge session secure and isolated from the host device, favorites that are stored in an Application Guard Edge session are not copied to the host device. 
+To help keep the Application Guard Edge session secure and isolated from the host device, we don't copy the Favorites stored in the Application Guard Edge session back to the host device. 
 
-### Are extensions supported in the Application Guard?
+### Why aren’t employees able to see their Extensions in the Application Guard Edge session?
 
-Extension installs in the container are supported from Microsoft Edge version 81. For more details, see [Extension support inside the container](https://docs.microsoft.com/deployedge/microsoft-edge-security-windows-defender-application-guard#extension-support-inside-the-container).
+Currently, the Application Guard Edge session doesn't support Extensions. However, we're closely monitoring your feedback about this. 
 
 ### How do I configure Microsoft Defender Application Guard to work with my network proxy (IP-Literal Addresses)? 
 
 Microsoft Defender Application Guard requires proxies to have a symbolic name, not just an IP address. IP-Literal proxy settings such as `192.168.1.4:81` can be annotated as `itproxy:81` or using a record such as `P19216810010` for a proxy with an IP address of `192.168.100.10`. This applies to Windows 10 Enterprise edition 1709 or higher. These would be for the proxy policies under Network Isolation in Group Policy or Intune. 
 
-If Application Guard is used with network proxies, they need to be specified by fully qualified domain name (FQDN) in the system proxy settings (likewise in a PAC script if that is the type of proxy configuration used). Additionally these proxies need to be marked as *neutral* in the **Application trust** list. The FQDNs for the PAC file and the proxy servers the PAC file redirects to must be added as neutral resources in the network isolation policies that are used by Application Guard. You can verify this by going to `edge://application-guard-internals/#utilities` and entering the FQDN for the pac/proxy in the **check url trust** field. Verify that it says *Neutral.*
-
-Optionally, if possible, the IP addresses associated with the server hosting the above should be removed from the enterprise IP ranges in the network isolation policies that are used by Application Guard. Additionally, go to `edge://application-guard-internals/#utilities` to view the Application Guard proxy configuration. This step can be done in both the host and within Application Guard to verify that each side is using the proxy setup you expect.
-
 ### Which Input Method Editors (IME) in 19H1 are not supported? 
 
 The following Input Method Editors (IME) introduced in Windows 10, version 1903 are currently not supported in Microsoft Defender Application Guard.
@@ -76,7 +71,7 @@ The following Input Method Editors (IME) introduced in Windows 10, version 1903
 
 ### I enabled the hardware acceleration policy on my Windows 10 Enterprise, version 1803 deployment. Why are my users still only getting CPU rendering? 
 
-This feature is currently experimental-only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, please contact Microsoft and we’ll work with you to enable the feature.
+This feature is currently experimental only and is not functional without an additional regkey provided by Microsoft. If you would like to evaluate this feature on a deployment of Windows 10 Enterprise, version 1803, contact Microsoft and we’ll work with you to enable the feature.
 
 ### What is the WDAGUtilityAccount local account? 
 
@@ -92,12 +87,75 @@ When using Windows Pro or Windows Enterprise, you will have access to using Appl
 
 ### Is there a size limit to the domain lists that I need to configure?
 
-Yes, both the enterprise resource domains hosted in the cloud and the domains categorized as both work and personal have a 16383B limit.
+Yes, both the Enterprise Resource domains hosted in the cloud and the Domains categorized as both work and personal have a 16383-B limit.
 
 ### Why does my encryption driver break Microsoft Defender Application Guard?
 
-Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, Microsoft Defender Application Guard will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
+Microsoft Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message ("0x80070013 ERROR_WRITE_PROTECT").  
+
+### Why do the Network Isolation policies in Group Policy and CSP look different?
+
+There is not a one-to-one mapping among all the Network Isolation policies between CSP and GP. Mandatory network isolation policies to deploy WDAG are different between CSP and GP.
+
+Mandatory network isolation GP policy to deploy WDAG: "DomainSubnets or CloudResources"
+Mandatory network isolation CSP policy to deploy WDAG: "EnterpriseCloudResources or (EnterpriseIpRange and EnterpriseNetworkDomainNames)"
+For EnterpriseNetworkDomainNames, there is no mapped CSP policy.
+
+Windows Defender Application Guard accesses files from a VHD mounted on the host that needs to be written during setup. If an encryption driver prevents a VHD from being mounted or from being written to, WDAG will not work and result in an error message (`0x80070013 ERROR_WRITE_PROTECT`). 
 
 ### Why did Application Guard stop working after I turned off hyperthreading?
 
 If hyperthreading is disabled (because of an update applied through a KB article or through BIOS settings), there is a possibility Application Guard no longer meets the minimum requirements. 
+
+### Why am I getting the error message ("ERROR_VIRTUAL_DISK_LIMITATION")?
+
+Application Guard may not work correctly on NTFS compressed volumes. If this issue persists, try uncompressing the volume. 
+
+### Why am I getting the error message ("ERR_NAME_NOT_RESOLVED") after not being able to reach PAC file?
+
+This is a known issue. To mitigate this you need to create two firewall rules.
+For guidance on how to create a firewall rule by using group policy, see:
+- [Create an inbound icmp rule](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule)
+- [Open Group Policy management console for Microsoft Defender Firewall](https://docs.microsoft.com/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security)
+
+First rule (DHCP Server):
+1. Program path: %SystemRoot%\System32\svchost.exe
+2. Local Service: Sid:  S-1-5-80-2009329905-444645132-2728249442-922493431-93864177  (Internet Connection Service (SharedAccess))
+3. Protocol UDP
+4. Port 67
+
+Second rule (DHCP Client)
+This is the same as the first rule, but scoped to local port 68.
+In the Microsoft Defender Firewall user interface go through the following steps:
+1. Right click on inbound rules, create a new rule.
+2. Choose **custom rule**.
+3. Program path: **%SystemRoot%\System32\svchost.exe**.
+4. Protocol Type: UDP, Specific ports: 67, Remote port: any.
+5. Any IP addresses.
+6. Allow the connection.
+7. All profiles.
+8. The new rule should show up in the user interface. Right click on the **rule** > **properties**.
+9. In the **Programs and services** tab, Under the **Services** section click on **settings**. Choose **Apply to this Service** and select **Internet Connection Sharing (ICS) Shared Access**.
+
+### Why can I not launch Application Guard when Exploit Guard is enabled?
+
+There is a known issue such that if you change the Exploit Protection settings for CFG and possibly others, hvsimgr cannot launch. To mitigate this issue, go to Windows Security-> App and Browser control -> Exploit Protection Setting -> switch CFG to the “use default".
+
+
+### How can I have ICS in enabled state yet still use Application Guard?
+
+This is a two-step process.
+
+Step 1:
+
+Enable Internet Connection sharing by changing the Group Policy setting *Prohibit use of Internet Connection Sharing on your DNS domain network*, which is part of the MS Security baseline from Enabled to Disabled.
+ 
+Step 2:
+ 
+1. Disable IpNat.sys from ICS load
+System\CurrentControlSet\Services\SharedAccess\Parameters\DisableIpNat = 1
+2. Configure ICS (SharedAccess) to enabled
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 3
+3. Disabling IPNAT (Optional)
+HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNat\Start = 4
+4. Reboot.
\ No newline at end of file

From f992bbbfa82ca9abc38b028a76d2c151b883005c Mon Sep 17 00:00:00 2001
From: Herman Arnedo Mahr <37333944+hermanarnedo@users.noreply.github.com>
Date: Thu, 29 Oct 2020 22:24:55 +0100
Subject: [PATCH 122/346] Update
 enroll-a-windows-10-device-automatically-using-group-policy.md

**Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device.
---
 ...oll-a-windows-10-device-automatically-using-group-policy.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 7a91385e10..a6ac91e10f 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -118,7 +118,8 @@ Requirements:
 
     > [!NOTE]
     > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. 
-    > The default behavior for older releases is to revert to **User Credential**.
+    > The default behavior for older releases is to revert to **User Credential**. 
+    > **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device. 
 
     When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
 

From 54374628474721770b4554dd0390b218c681bab2 Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Thu, 29 Oct 2020 14:28:36 -0700
Subject: [PATCH 123/346] Update windowsdefenderapplicationguard-csp.md

---
 .../mdm/windowsdefenderapplicationguard-csp.md                  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 6e88afcf72..377215d1a7 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -125,7 +125,7 @@ The following list shows the supported values:
 - 1 - Non-enterprise content embedded on enterprise sites are stopped from opening in Internet Explorer or Microsoft Edge outside of Microsoft Defender Application Guard.
 
 > [!NOTE]
-> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated eventually. 
+> This policy setting is no longer supported in the new Microsoft Edge browser. The policy will be deprecated and removed in a future release. 
 
 
 ADMX Info:  

From 955b4d373ee3db7215b3d5bddcd88cfcafbc1a7e Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 14:42:30 -0700
Subject: [PATCH 124/346] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...-baselines-microsoft-defender-antivirus.md | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 1c395b1018..8d8ba61c53 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -13,7 +13,7 @@ ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
-ms.date: 10/26/2020
+ms.date: 10/29/2020
 ---
 
 # Manage Microsoft Defender Antivirus updates and apply baselines
@@ -69,23 +69,27 @@ For more information, see [Manage the sources for Microsoft Defender Antivirus p
 
 For information how to update or how to install the platform update, see [Update for Windows Defender antimalware platform](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform).
 
-All our updates contain performance improvements, serviceability improvements, and integration improvements (Cloud, Microsoft 365 Defender).
+All our updates contain 
+- performance improvements;
+- serviceability improvements; and 
+- integration improvements (Cloud, Microsoft 365 Defender).
 
        
 
 
 
        
- October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17500.x)
+ October-2020 (Platform: 4.18.2010.x | Engine: 1.1.17600.5)
 
- Security intelligence update version: **1.325.x.x**  
- Released: **date**  
+ Security intelligence update version: **1.32x.x.x**  
+ Released: **October 29, 2020**  
  Platform: **4.18.2010.x**  
- Engine: **1.1.17500.x**  
+ Engine: **1.1.17600.5**  
  Support phase: **Security and Critical Updates**
     
 ### What's new
-- item
-- item
-- item
+- New descriptions for special threat categories
+- Improved emulation capabilities
+- Improved host address allow/block capabilities
+- Disallow clearing exclusions using local PowerShell if a no-override policy is active
 
 ### Known Issues
 No known issues  

From 8192754fd8301d8058323f82d9e6272576cd591b Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 14:53:53 -0700
Subject: [PATCH 125/346] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 ...s-baselines-microsoft-defender-antivirus.md | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 8d8ba61c53..4872b527aa 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -106,7 +106,7 @@ No known issues
 ### What's new
 - Admin permissions are required to restore files in quarantine
 - XML formatted events are now supported
-- CSP support for ignoring exclusion merge
+- CSP support for ignoring exclusion merges
 - New management interfaces for:
    - UDP Inspection
    - Network Protection on Server 2019
@@ -336,7 +336,7 @@ During the technical support (only) phase, commercially reasonable support incid
 The below table provides the Microsoft Defender Antivirus platform and engine versions that are shipped with the latest Windows 10 releases:    
 
 |Windows 10 release  |Platform version  |Engine version |Support phase |
-|-|-|-|-|
+|:---|:---|:---|:---|
 |2004  (20H1) |4.18.2004.6 |1.1.17000.2 | Technical upgrade Support (Only) |
 |1909  (19H2) |4.18.1902.5 |1.1.16700.3 | Technical upgrade Support (Only) |
 |1903  (19H1) |4.18.1902.5 |1.1.15600.4 | Technical upgrade Support (Only) |
@@ -351,10 +351,10 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof
 
 ## See also
 
-Article | Description 
----|---
-[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources.
-[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded.
-[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon.
-[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events.
-[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines.
+| Article | Description  |
+|:---|:---|
+|[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. |
+|[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. |
+|[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon. |
+|[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. |
+|[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. |

From 54c4107321155fc8949cbef81b1833633a179c0a Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 15:10:29 -0700
Subject: [PATCH 126/346] Update
 manage-updates-baselines-microsoft-defender-antivirus.md

---
 .../manage-updates-baselines-microsoft-defender-antivirus.md    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
index 4872b527aa..9b48b566fb 100644
--- a/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
+++ b/windows/security/threat-protection/microsoft-defender-antivirus/manage-updates-baselines-microsoft-defender-antivirus.md
@@ -355,6 +355,6 @@ Windows 10 release info: [Windows lifecycle fact sheet](https://support.microsof
 |:---|:---|
 |[Manage how protection updates are downloaded and applied](manage-protection-updates-microsoft-defender-antivirus.md) | Protection updates can be delivered through a number of sources. |
 |[Manage when protection updates should be downloaded and applied](manage-protection-update-schedule-microsoft-defender-antivirus.md) | You can schedule when protection updates should be downloaded. |
-|[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan at the next logon. |
+|[Manage updates for endpoints that are out of date](manage-outdated-endpoints-microsoft-defender-antivirus.md) | If an endpoint misses an update or scheduled scan, you can force an update or scan the next time a user signs in. |
 |[Manage event-based forced updates](manage-event-based-updates-microsoft-defender-antivirus.md) | You can set protection updates to be downloaded at startup or after certain cloud-delivered protection events. |
 |[Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-microsoft-defender-antivirus.md)| You can specify settings, such as whether updates should occur on battery power, that are especially useful for mobile devices and virtual machines. |

From bed689f9e85c8555389a6ab53e041f55dbe49dad Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 15:18:45 -0700
Subject: [PATCH 127/346] Update behavioral-blocking-containment.md

---
 .../microsoft-defender-atp/behavioral-blocking-containment.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
index b69250703a..2fa08f4dea 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/behavioral-blocking-containment.md
@@ -59,7 +59,7 @@ The following image shows an example of an alert that was triggered by behaviora
 
 - **[Feedback-loop blocking](feedback-loop-blocking.md)** (also referred to as rapid protection) Threat detections are observed through behavioral intelligence. Threats are stopped and prevented from running on other endpoints. (Feedback-loop blocking is enabled by default.) 
 
-- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode, currently in preview, is not enabled by default; you turn it on in the Microsoft Defender Security Center.) 
+- **[Endpoint detection and response (EDR) in block mode](edr-in-block-mode.md)** Malicious artifacts or behaviors that are observed through post-breach protection are blocked and contained. EDR in block mode works even if Microsoft Defender Antivirus is not the primary antivirus solution. (EDR in block mode is not enabled by default; you turn it on in the Microsoft Defender Security Center.) 
 
 Expect more to come in the area of behavioral blocking and containment, as Microsoft continues to improve threat protection features and capabilities. To see what's planned and rolling out now, visit the [Microsoft 365 roadmap](https://www.microsoft.com/microsoft-365/roadmap).
 

From 5799fa8f1e3ab53621b90d425ae1d130489c6363 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 15:20:09 -0700
Subject: [PATCH 128/346] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md                 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index be7793c044..d2f696ea94 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -39,7 +39,7 @@ EDR in block mode is also integrated with [threat & vulnerability management](ht
 :::image type="content" source="images/edrblockmode-TVMrecommendation.png" alt-text="recommendation to turn on EDR in block mode":::
 
 > [!NOTE]
-> EDR in block mode is currently in preview, available to organizations who have opted in to receive **[preview features](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/preview)**. To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
+> To get the best protection, make sure to **[deploy Microsoft Defender ATP baselines](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-machines-security-baseline)**.
 
 ## What happens when something is detected?
 

From 3f084174ce1d62a38257862681e9ffd34440e258 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Thu, 29 Oct 2020 15:25:35 -0700
Subject: [PATCH 129/346] Update edr-in-block-mode.md

---
 .../microsoft-defender-atp/edr-in-block-mode.md             | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
index d2f696ea94..b9ed49274a 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/edr-in-block-mode.md
@@ -70,10 +70,10 @@ The following image shows an instance of unwanted software that was detected and
 |---------|---------|
 |Permissions |Global Administrator or Security Administrator role assigned in [Azure Active Directory](https://docs.microsoft.com/azure/active-directory/fundamentals/active-directory-users-assign-role-azure-portal). See [Basic permissions](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/basic-permissions). |
 |Operating system     |One of the following versions: 
        - Windows 10 (all releases) 
        - Windows Server 2016 or later         |
-|Windows E5 enrollment     |Windows E5 is included in the following subscriptions: 
        - Microsoft 365 E5 
        - Microsoft 365 E3 together with the Identity & Threat Protection offering 

        See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans).       |
+|Windows E5 enrollment     |Windows E5 is included in the following subscriptions: 
        - Microsoft 365 E5 
        - Microsoft 365 E3 together with the Identity & Threat Protection offering 

        See [Components](https://docs.microsoft.com/microsoft-365/enterprise/microsoft-365-overview?view=o365-worldwide&preserve-view=true#components) and [features and capabilities for each plan](https://www.microsoft.com/microsoft-365/compare-all-microsoft-365-plans).       |
 |Cloud-delivered protection |Make sure Microsoft Defender Antivirus is configured such that cloud-delivered protection is enabled. 

        See [Enable cloud-delivered protection](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-antivirus/enable-cloud-protection-microsoft-defender-antivirus). |
-|Microsoft Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. 
        In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
-|Microsoft Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps) cmdlet as an administrator. 
         In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
+|Microsoft Defender Antivirus antimalware client |Make sure your client is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) cmdlet as an administrator. 
        In the **AMProductVersion** line, you should see **4.18.2001.10** or above. |
+|Microsoft Defender Antivirus engine |Make sure your engine is up to date. Using PowerShell, run the [Get-MpComputerStatus](https://docs.microsoft.com/powershell/module/defender/get-mpcomputerstatus?view=win10-ps&preserve-view=true) cmdlet as an administrator. 
         In the **AMEngineVersion** line, you should see **1.1.16700.2** or above. |
 
 > [!IMPORTANT]
 > To get the best protection value, make sure your antivirus solution is configured to receive regular updates and essential features, and that your exclusions are defined. 

From 286c1ff5708a22c7f839c26f2243df910a422040 Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 29 Oct 2020 16:28:12 -0700
Subject: [PATCH 130/346] Added ADMX_WindowsExplorer policies

---
 windows/client-management/mdm/TOC.md          |    1 +
 .../mdm/policies-in-policy-csp-admx-backed.md |   71 +
 .../policy-configuration-service-provider.md  |  219 +
 .../mdm/policy-csp-admx-windowsexplorer.md    | 5367 +++++++++++++++++
 4 files changed, 5658 insertions(+)
 create mode 100644 windows/client-management/mdm/policy-csp-admx-windowsexplorer.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index 2f06abcfc0..41da383f69 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -226,6 +226,7 @@
 #### [ADMX_WinCal](policy-csp-admx-wincal.md)
 #### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
 #### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
+#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
 #### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
 #### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
 #### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index da688c9114..5952cfc7ae 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -582,6 +582,77 @@ ms.date: 10/08/2020
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
 - [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
 - [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
+- [ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-checksamesourceandtargetforfranddfs)
+- [ADMX_WindowsExplorer/ClassicShell](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-classicshell)
+- [ADMX_WindowsExplorer/ConfirmFileDelete](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-confirmfiledelete)
+- [ADMX_WindowsExplorer/DefaultLibrariesLocation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-defaultlibrarieslocation)
+- [ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablebinddirectlytopropertysetstorage)
+- [ADMX_WindowsExplorer/DisableIndexedLibraryExperience](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableindexedlibraryexperience)
+- [ADMX_WindowsExplorer/DisableKnownFolders](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableknownfolders)
+- [ADMX_WindowsExplorer/DisableSearchBoxSuggestions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablesearchboxsuggestions)
+- [ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enableshellshortcuticonremotepath)
+- [ADMX_WindowsExplorer/EnableSmartScreen](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enablesmartscreen)
+- [ADMX_WindowsExplorer/EnforceShellExtensionSecurity](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enforceshellextensionsecurity)
+- [ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-explorerribbonstartsminimized)
+- [ADMX_WindowsExplorer/HideContentViewModeSnippets](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-hidecontentviewmodesnippets)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trustedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trustedlockdown)
+- [ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-linkresolveignorelinkinfo)
+- [ADMX_WindowsExplorer/MaxRecentDocs](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-maxrecentdocs)
+- [ADMX_WindowsExplorer/NoBackButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nobackbutton)
+- [ADMX_WindowsExplorer/NoCDBurning](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocdburning)
+- [ADMX_WindowsExplorer/NoCacheThumbNailPictures](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocachethumbnailpictures)
+- [ADMX_WindowsExplorer/NoChangeAnimation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangeanimation)
+- [ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangekeyboardnavigationindicators)
+- [ADMX_WindowsExplorer/NoDFSTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodfstab)
+- [ADMX_WindowsExplorer/NoDrives](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodrives)
+- [ADMX_WindowsExplorer/NoEntireNetwork](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noentirenetwork)
+- [ADMX_WindowsExplorer/NoFileMRU](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemru)
+- [ADMX_WindowsExplorer/NoFileMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemenu)
+- [ADMX_WindowsExplorer/NoFolderOptions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofolderoptions)
+- [ADMX_WindowsExplorer/NoHardwareTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nohardwaretab)
+- [ADMX_WindowsExplorer/NoManageMyComputerVerb](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomanagemycomputerverb)
+- [ADMX_WindowsExplorer/NoMyComputerSharedDocuments](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomycomputershareddocuments)
+- [ADMX_WindowsExplorer/NoNetConnectDisconnect](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonetconnectdisconnect)
+- [ADMX_WindowsExplorer/NoNewAppAlert](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonewappalert)
+- [ADMX_WindowsExplorer/NoPlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noplacesbar)
+- [ADMX_WindowsExplorer/NoRecycleFiles](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norecyclefiles)
+- [ADMX_WindowsExplorer/NoRunAsInstallPrompt](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norunasinstallprompt)
+- [ADMX_WindowsExplorer/NoSearchInternetTryHarderButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosearchinternettryharderbutton)
+- [ADMX_WindowsExplorer/NoSecurityTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosecuritytab)
+- [ADMX_WindowsExplorer/NoShellSearchButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noshellsearchbutton)
+- [ADMX_WindowsExplorer/NoStrCmpLogical](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nostrcmplogical)
+- [ADMX_WindowsExplorer/NoViewContextMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewcontextmenu)
+- [ADMX_WindowsExplorer/NoViewOnDrive](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewondrive)
+- [ADMX_WindowsExplorer/NoWindowsHotKeys](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nowindowshotkeys)
+- [ADMX_WindowsExplorer/NoWorkgroupContents](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noworkgroupcontents)
+- [ADMX_WindowsExplorer/PlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-placesbar)
+- [ADMX_WindowsExplorer/PromptRunasInstallNetPath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-promptrunasinstallnetpath)
+- [ADMX_WindowsExplorer/RecycleBinSize](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-recyclebinsize)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-1)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-2)
+- [ADMX_WindowsExplorer/ShowHibernateOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showhibernateoption)
+- [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
+- [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
+- [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
 - [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
 - [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
 - [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 4f04904352..f30a3e0abe 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2091,6 +2091,225 @@ The following diagram shows the Policy configuration service provider in tree fo
   
 
    
 
+
+### ADMX_WindowsExplorer policies  
+
+
    
+  
    
+    ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS
+  
    
+  
    
+    ADMX_WindowsExplorer/ClassicShell
+  
    
+  
    
+    ADMX_WindowsExplorer/ConfirmFileDelete
+  
    
+  
    
+    ADMX_WindowsExplorer/DefaultLibrariesLocation
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableIndexedLibraryExperience
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableKnownFolders
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableSearchBoxSuggestions
+  
    
+  
    
+    ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath
+  
    
+  
    
+    ADMX_WindowsExplorer/EnableSmartScreen
+  
    
+  
    
+    ADMX_WindowsExplorer/EnforceShellExtensionSecurity
+  
    
+  
    
+    ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized
+  
    
+  
    
+    ADMX_WindowsExplorer/HideContentViewModeSnippets
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo
+  
    
+  
    
+    ADMX_WindowsExplorer/MaxRecentDocs
+  
    
+  
    
+    ADMX_WindowsExplorer/NoBackButton
+  
    
+  
    
+    ADMX_WindowsExplorer/NoCDBurning
+  
    
+  
    
+    ADMX_WindowsExplorer/NoCacheThumbNailPictures
+  
    
+  
    
+    ADMX_WindowsExplorer/NoChangeAnimation
+  
    
+  
    
+    ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators
+  
    
+  
    
+    ADMX_WindowsExplorer/NoDFSTab
+  
    
+  
    
+    ADMX_WindowsExplorer/NoDrives
+  
    
+  
    
+    ADMX_WindowsExplorer/NoEntireNetwork
+  
    
+  
    
+    ADMX_WindowsExplorer/NoFileMRU
+  
    
+  
    
+    ADMX_WindowsExplorer/NoFileMenu
+  
    
+  
    
+    ADMX_WindowsExplorer/NoFolderOptions
+  
    
+  
    
+    ADMX_WindowsExplorer/NoHardwareTab
+  
    
+  
    
+    ADMX_WindowsExplorer/NoManageMyComputerVerb
+  
    
+  
    
+    ADMX_WindowsExplorer/NoMyComputerSharedDocuments
+  
    
+  
    
+    ADMX_WindowsExplorer/NoNetConnectDisconnect
+  
    
+  
    
+    ADMX_WindowsExplorer/NoNewAppAlert
+  
    
+  
    
+    ADMX_WindowsExplorer/NoPlacesBar
+  
    
+  
    
+    ADMX_WindowsExplorer/NoRecycleFiles
+  
    
+  
    
+    ADMX_WindowsExplorer/NoRunAsInstallPrompt
+  
    
+  
    
+    ADMX_WindowsExplorer/NoSearchInternetTryHarderButton
+  
    
+  
    
+    ADMX_WindowsExplorer/NoSecurityTab
+  
    
+  
    
+    ADMX_WindowsExplorer/NoShellSearchButton
+  
    
+  
    
+    ADMX_WindowsExplorer/NoStrCmpLogical
+  
    
+  
    
+    ADMX_WindowsExplorer/NoViewContextMenu
+  
    
+  
    
+    ADMX_WindowsExplorer/NoViewOnDrive
+  
    
+  
    
+    ADMX_WindowsExplorer/NoWindowsHotKeys
+  
    
+  
    
+    ADMX_WindowsExplorer/NoWorkgroupContents
+  
    
+  
    
+    ADMX_WindowsExplorer/PlacesBar
+  
    
+  
    
+    ADMX_WindowsExplorer/PromptRunasInstallNetPath
+  
    
+  
    
+    ADMX_WindowsExplorer/RecycleBinSize
+  
    
+  
    
+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1
+  
    
+  
    
+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2
+  
    
+  
    
+    ADMX_WindowsExplorer/ShowHibernateOption
+  
    
+  
    
+    ADMX_WindowsExplorer/ShowSleepOption
+  
    
+  
    
+    ADMX_WindowsExplorer/TryHarderPinnedLibrary
+  
    
+  
    
+    ADMX_WindowsExplorer/TryHarderPinnedOpenSearch
+  
    
+
    
+
 ### ADMX_WindowsMediaDRM policies  
 
 
    
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
new file mode 100644
index 0000000000..da00432094
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -0,0 +1,5367 @@
+---
+title: Policy CSP - ADMX_WindowsExplorer
+description: Policy CSP - ADMX_WindowsExplorer
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsExplorer
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
    
+
+
+
+## ADMX_WindowsExplorer policies  
+
+
    
+  
    
+    ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS
+  
    
+  
    
+    ADMX_WindowsExplorer/ClassicShell
+  
    
+  
    
+    ADMX_WindowsExplorer/ConfirmFileDelete
+  
    
+  
    
+    ADMX_WindowsExplorer/DefaultLibrariesLocation
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableIndexedLibraryExperience
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableKnownFolders
+  
    
+  
    
+    ADMX_WindowsExplorer/DisableSearchBoxSuggestions
+  
    
+  
    
+    ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath
+  
    
+  
    
+    ADMX_WindowsExplorer/EnableSmartScreen
+  
    
+  
    
+    ADMX_WindowsExplorer/EnforceShellExtensionSecurity
+  
    
+  
    
+    ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized
+  
    
+  
    
+    ADMX_WindowsExplorer/HideContentViewModeSnippets
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted
+  
    
+  
    
+    ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown
+  
    
+  
    
+    ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo
+  
    
+  
    
+    ADMX_WindowsExplorer/MaxRecentDocs
+  
    
+  
    
+    ADMX_WindowsExplorer/NoBackButton
+  
    
+  
    
+    ADMX_WindowsExplorer/NoCDBurning
+  
    
+  
    
+    ADMX_WindowsExplorer/NoCacheThumbNailPictures
+  
    
+  
    
+    ADMX_WindowsExplorer/NoChangeAnimation
+  
    
+  
    
+    ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators
+  
    
+  
    
+    ADMX_WindowsExplorer/NoDFSTab
+  
    
+  
    
+    ADMX_WindowsExplorer/NoDrives
+  
    
+  
    
+    ADMX_WindowsExplorer/NoEntireNetwork
+  
    
+  
    
+    ADMX_WindowsExplorer/NoFileMRU
+  
    
+  
    
+    ADMX_WindowsExplorer/NoFileMenu
+  
    
+  
    
+    ADMX_WindowsExplorer/NoFolderOptions
+  
    
+  
    
+    ADMX_WindowsExplorer/NoHardwareTab
+  
    
+  
    
+    ADMX_WindowsExplorer/NoManageMyComputerVerb
+  
    
+  
    
+    ADMX_WindowsExplorer/NoMyComputerSharedDocuments
+  
    
+  
    
+    ADMX_WindowsExplorer/NoNetConnectDisconnect
+  
    
+  
    
+    ADMX_WindowsExplorer/NoNewAppAlert
+  
    
+  
    
+    ADMX_WindowsExplorer/NoPlacesBar
+  
    
+  
    
+    ADMX_WindowsExplorer/NoRecycleFiles
+  
    
+  
    
+    ADMX_WindowsExplorer/NoRunAsInstallPrompt
+  
    
+  
    
+    ADMX_WindowsExplorer/NoSearchInternetTryHarderButton
+  
    
+  
    
+    ADMX_WindowsExplorer/NoSecurityTab
+  
    
+  
    
+    ADMX_WindowsExplorer/NoShellSearchButton
+  
    
+  
    
+    ADMX_WindowsExplorer/NoStrCmpLogical
+  
    
+  
    
+    ADMX_WindowsExplorer/NoViewContextMenu
+  
    
+  
    
+    ADMX_WindowsExplorer/NoViewOnDrive
+  
    
+  
    
+    ADMX_WindowsExplorer/NoWindowsHotKeys
+  
    
+  
    
+    ADMX_WindowsExplorer/NoWorkgroupContents
+  
    
+  
    
+    ADMX_WindowsExplorer/PlacesBar
+  
    
+  
    
+    ADMX_WindowsExplorer/PromptRunasInstallNetPath
+  
    
+  
    
+    ADMX_WindowsExplorer/RecycleBinSize
+  
    
+  
    
+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1
+  
    
+  
    
+    ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2
+  
    
+  
    
+    ADMX_WindowsExplorer/ShowHibernateOption
+  
    
+  
    
+    ADMX_WindowsExplorer/ShowSleepOption
+  
    
+  
    
+    ADMX_WindowsExplorer/TryHarderPinnedLibrary
+  
    
+  
    
+    ADMX_WindowsExplorer/TryHarderPinnedOpenSearch
+  
    
+
    
+
+
+
    
+
+
+**ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent data loss when you change the target location for Folder Redirection, and the new and old targets point to the same network share, but have different network paths.
+
+If you enable this policy setting, Folder Redirection creates a temporary file in the old location in order to verify that new and old locations point to the same network share. If both new and old locations point to the same share, the target path is updated and files are not copied or deleted. The temporary file is deleted.
+
+If you disable or do not configure this policy setting, Folder Redirection does not create a temporary file and functions as if both new and old locations point to different shares when their network paths are different.
+
+> [!NOTE]
+> If the paths point to different network shares, this policy setting is not required. If the paths point to the same network share, any data contained in the redirected folders is deleted if this policy setting is not enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Verify old and new Folder Redirection targets point to the same share before redirecting*
+-   GP name: *CheckSameSourceAndTargetForFRAndDFS*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ClassicShell**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting allows an administrator to revert specific Windows Shell behavior to classic Shell behavior.
+
+If you enable this setting, users cannot configure their system to open items by single-clicking (such as in Mouse in Control Panel). As a result, the user interface looks and operates like the interface for Windows NT 4.0, and users cannot restore the new features.
+
+Enabling this policy will also turn off the preview pane and set the folder options for File Explorer to Use classic folders view and disable the users ability to change these options.
+
+If you disable or not configure this policy, the default File Explorer behavior is applied to the user.
+
+> [!NOTE]
+> In operating systems earlier than Windows Vista, enabling this policy will also disable the Active Desktop and Web view. This setting will also take precedence over the "Enable Active Desktop" setting. If both policies are enabled, Active Desktop is disabled. Also, see the "Disable Active Desktop" setting in User Configuration\Administrative Templates\Desktop\Active Desktop and the "Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon" setting in User Configuration\Administrative Templates\Windows Components\File Explorer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn on Classic Shell*
+-   GP name: *ClassicShell*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ConfirmFileDelete**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Allows you to have File Explorer display a confirmation dialog  whenever a file is deleted or moved to the Recycle Bin.
+
+If you enable this setting, a confirmation dialog is displayed when a file is deleted or moved to the Recycle Bin by the user.
+
+If you disable or do not configure this setting, the default behavior of not displaying a confirmation dialog occurs.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Display confirmation dialog when deleting files*
+-   GP name: *ConfirmFileDelete*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/DefaultLibrariesLocation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a location where all default Library definition files for users/machines reside.
+
+If you enable this policy setting, administrators can specify a path where all default Library definition files for users reside. The user will not be allowed to make changes to these Libraries from the UI. On every logon, the policy settings are verified and Libraries for the user are updated or changed according to the path defined.
+
+If you disable or do not configure this policy setting, no changes are made to the location of the default Library definition files.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Location where all default Library definition files for users/machines reside.*
+-   GP name: *DefaultLibrariesLocation*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Changes the behavior of IShellFolder::BindToObject for IID_IPropertySetStorage to not bind directly to the IPropertySetStorage implementation, and to include the intermediate layers provided by the Property System.
+
+This behavior is consistent with Windows Vista's behavior in this scenario.
+
+This disables access to user-defined properties, and properties stored in NTFS secondary streams.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable binding directly to IPropertySetStorage without intermediate layers.*
+-   GP name: *DisableBindDirectlyToPropertySetStorage*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/DisableIndexedLibraryExperience**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off Windows Libraries features that need indexed file metadata to function properly.
+
+If you enable this policy, some Windows Libraries features will be turned off to better handle included folders that have been redirected to non-indexed network locations.
+
+Setting this policy will:  
+
+- Disable all Arrangement views except for "By Folder"
+- Disable all Search filter suggestions other than "Date Modified" and "Size"
+- Disable view of file content snippets in Content mode when search results are returned
+- Disable ability to stack in the Context menu and Column headers
+- Exclude Libraries from the scope of Start search  This policy will not enable users to add unsupported locations to Libraries
+
+If you enable this policy, Windows Libraries features that rely on indexed file data will be disabled.
+
+If you disable or do not configure this policy, all default Windows Libraries features will be enabled.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off Windows Libraries features that rely on indexed file data*
+-   GP name: *DisableIndexedLibraryExperience*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/DisableKnownFolders**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify a list of known folders that should be disabled.
+
+Disabling a known folder will prevent the underlying file or directory from being created via the known folder API. If the folder exists before the policy is applied, the folder must be manually deleted since the policy only blocks the creation of the folder.
+
+You can specify a known folder using its known folder id or using its canonical name. For example, the Sample Videos known folder can be disabled by specifying {440fcffd-a92b-4739-ae1a-d4a54907c53f} or SampleVideos.
+
+> [!NOTE]
+> Disabling a known folder can introduce application compatibility issues in applications that depend on the existence of the known folder.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Disable Known Folders*
+-   GP name: *DisableKnownFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/DisableSearchBoxSuggestions**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Disables suggesting recent queries for the Search Box and prevents entries into the Search Box from being stored in the registry for future references.
+
+File Explorer shows suggestion pop-ups as users type into the Search Box.
+
+These suggestions are based on their past entries into the Search Box.
+
+> [!NOTE]
+> If you enable this policy, File Explorer will not show suggestion pop-ups as users type into the Search Box, and it will not store Search Box entries into the registry for future references. If the user types a property, values that match this property will be shown but no data will be saved in the registry or re-shown on subsequent uses of the search box.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off display of recent search entries in the File Explorer search box*
+-   GP name: *DisableSearchBoxSuggestions*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether remote paths can be used for file shortcut (.lnk file) icons.
+
+If you enable this policy setting, file shortcut icons are allowed to be obtained from remote paths.
+
+If you disable or do not configure this policy setting, file shortcut icons that use remote paths are prevented from being displayed.
+
+> [!NOTE]
+> Allowing the use of remote paths in file shortcut icons can expose users’ computers to security risks.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow the use of remote paths in file shortcut icons*
+-   GP name: *EnableShellShortcutIconRemotePath*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/EnableSmartScreen**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that do not appear to be suspicious. 
+
+Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
+
+If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:  
+
+- Warn and prevent bypass
+- Warn  
+
+If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs will not present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app. If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen will not warn the user again for that app if the user tells SmartScreen to run the app.
+
+If you disable this policy, SmartScreen will be turned off for all users. Users will not be warned if they try to run suspicious apps from the Internet.
+
+If you do not configure this policy, SmartScreen will be enabled by default, but users may change their settings.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Configure Windows Defender SmartScreen*
+-   GP name: *EnableSmartScreen*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/EnforceShellExtensionSecurity**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This setting is designed to ensure that shell extensions can operate on a per-user basis.
+
+If you enable this setting, Windows is directed to only run those shell extensions that have either been approved by an administrator or that will not impact other users of the machine. A shell extension only runs if there is an entry in at least one of the following locations in registry.
+
+For shell extensions that have been approved by the administrator and are available to all users of the computer, there must be an entry at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
+
+For shell extensions to run on a per-user basis, there must be an entry at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow only per user or approved shell extensions*
+-   GP name: *EnforceShellExtensionSecurity*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to specify whether the ribbon appears minimized or in full when new File Explorer windows are opened.
+
+If you enable this policy setting, you can set how the ribbon appears the first time users open File Explorer and whenever they open new windows.
+
+If you disable or do not configure this policy setting, users can choose how the ribbon appears when they open new windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Start File Explorer with ribbon minimized*
+-   GP name: *ExplorerRibbonStartsMinimized*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/HideContentViewModeSnippets**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off the display of snippets in Content view mode.
+
+If you enable this policy setting, File Explorer will not display snippets in Content view mode.
+
+If you disable or do not configure this policy setting, File Explorer shows snippets in Content view mode by default.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off the display of snippets in Content view mode*
+-   GP name: *HideContentViewModeSnippets*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Internet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_InternetLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Intranet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_IntranetLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_LocalMachine*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_LocalMachineLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Restricted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users cannot preview items or get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_RestrictedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_Trusted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether a user may preview an item from this zone or display custom thumbnails in the preview pane in File Explorer. While this policy setting usually applies to items returned by OpenSearch queries using Search Connectors (which allow rich searching of remote sources from within the File Explorer), it might affect other items as well that are marked from this zone. For example, some application-specific items such as MAPI (Messaging Application Programming Interface) items that are returned as search results in File Explorer will be affected. MAPI items reside in the Internet zone, so disabling this policy for the Internet zone will prevent the previewing of these items in File Explorer. For the case of custom thumbnails, it is the zone of the thumbnail that is checked, not the zone of item. Typically these are the same but a source is able to define a specific location of a thumbnail that is different than the location of the item.
+
+If you enable this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you disable this policy setting, users will be prevented from previewing items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+If you do not configure this policy setting, users can preview items and get custom thumbnails from OpenSearch query results in this zone using File Explorer.
+
+Changes to this setting may not be applied until the user logs off from Windows.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow previewing and custom thumbnails of OpenSearch query results in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchPreview_TrustedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Internet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_InternetLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Intranet*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_IntranetLockdown*
+-   GP path: *WWindows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_LocalMachine*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_LocalMachineLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Restricted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users cannot perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_RestrictedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_Trusted*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to manage whether OpenSearch queries in this zone can be performed using Search Connectors in File Explorer. Search Connectors allow rich searching of remote sources from within File Explorer. Search results will be returned in File Explorer and can be acted upon like local files.
+
+If you enable this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+If you disable this policy setting, users are prevented from performing OpenSearch queries in this zone using Search Connectors.
+
+If you do not configure this policy setting, users can perform OpenSearch queries in this zone using Search Connectors.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Allow OpenSearch queries in File Explorer*
+-   GP name: *IZ_Policy_OpenSearchQuery_TrustedLockdown*
+-   GP path: *Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows traces shortcuts back to their sources when it cannot find the target on the user's system.
+
+Shortcut files typically include an absolute path to the original target file as well as the relative path to the current target file. When the system cannot find the file in the current target path, then, by default, it searches for the target in the original path. If the shortcut has been copied to a different computer, the original path might lead to a network computer, including external resources, such as an Internet server.
+
+If you enable this policy setting, Windows only searches the current target path. It does not search for the original path even when it cannot find the target file in the current target path.
+
+If you disable or do not configure this policy setting, Windows searches for the original path when it cannot find the target file in the current target path.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not track Shell shortcuts during roaming*
+-   GP name: *LinkResolveIgnoreLinkInfo*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/MaxRecentDocs**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the maximum number of shortcuts the system can display in the Recent Items menu on the Start menu. The Recent Items menu contains shortcuts to the nonprogram files the user has most recently opened.
+
+If you enable this policy setting, the system displays the number of shortcuts specified by the policy setting.
+
+If you disable or do not configure this policy setting, by default, the system displays shortcuts to the 10 most recently opened documents.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Maximum number of recent documents*
+-   GP name: *MaxRecentDocs*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoBackButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Hide the Back button in the Open dialog box. This policy setting lets you remove new features added in Microsoft Windows 2000 Professional, so the Open dialog box appears as it did in Windows NT 4.0 and earlier. This policy setting affects only programs that use the standard Open dialog box provided to developers of Windows programs.
+
+If you enable this policy setting, the Back button is removed from the standard Open dialog box.
+
+If you disable or do not configure this policy setting, the Back button is displayed for any standard Open dialog box. To see an example of the standard Open dialog box, start Notepad and, on the File menu, click Open.
+
+> [!NOTE]
+> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. Also, third-party applications with Windows 2000 or later certification to are required to adhere to this policy setting.
+
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the common dialog back button*
+-   GP name: *NoBackButton*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoCDBurning**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove CD Burning features. File Explorer allows you to create and modify re-writable CDs if you have a CD writer connected to your PC.
+
+If you enable this policy setting, all features in the File Explorer that allow you to use your CD writer are removed.
+
+If you disable or do not configure this policy setting, users are able to use the File Explorer CD burning features.
+
+> [!NOTE]
+> This policy setting does not prevent users from using third-party applications to create or modify CDs using a CD writer.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove CD Burning features*
+-   GP name: *NoCDBurning*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoCacheThumbNailPictures**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn off caching of thumbnail pictures.
+
+If you enable this policy setting, thumbnail views are not cached.
+
+If you disable or do not configure this policy setting, thumbnail views are cached.
+
+> [!NOTE]
+> For shared corporate workstations or computers where security is a top concern, you should enable this policy setting to turn off the thumbnail view cache, because the thumbnail cache can be read by everyone.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off caching of thumbnail pictures*
+-   GP name: *NoCacheThumbNailPictures*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoChangeAnimation**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from enabling or disabling minor animations in the operating system for the movement of windows, menus, and lists.
+
+If you enable this policy setting, the "Use transition effects for menus and tooltips" option in Display in Control Panel is disabled, and cannot be toggled by users.
+
+Effects, such as animation, are designed to enhance the user's experience but might be confusing or distracting to some users.
+
+If you disable or do not configure this policy setting, users are allowed to turn on or off these minor system animations using the "Use transition effects for menus and tooltips" option in Display in Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove UI to change menu animation setting*
+-   GP name: *NoChangeAnimation*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Disables the "Hide keyboard navigation indicators until I use the ALT key" option in Display in Control Panel. When this Display Properties option is selected, the underlining that indicates a keyboard shortcut character (hot key) does not appear on menus until you press ALT.
+
+Effects, such as transitory underlines, are designed to enhance the user's experience but might be confusing or distracting to some users.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove UI to change keyboard navigation indicator setting*
+-   GP name: *NoChangeKeyboardNavigationIndicators*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoDFSTab**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the DFS tab from File Explorer.
+
+If you enable this policy setting, the DFS (Distributed File System) tab is removed from File Explorer and from other programs that use the File Explorer browser, such as My Computer. As a result, users cannot use this tab to view or change the properties of the DFS shares available from their computer. This policy setting does not prevent users from using other methods to configure DFS.
+
+If you disable or do not configure this policy setting, the DFS tab is available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove DFS tab*
+-   GP name: *NoDFSTab*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoDrives**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to hide these specified drives in My Computer.
+
+This policy setting allows you to remove the icons representing selected hard drives from My Computer and File Explorer. Also, the drive letters representing the selected drives do not appear in the standard Open dialog box.
+
+If you enable this policy setting, select a drive or combination of drives in the drop-down list.
+
+> [!NOTE]
+> This policy setting removes the drive icons. Users can still gain access to drive contents by using other methods, such as by typing the path to a directory on the drive in the Map Network Drive dialog box, in the Run dialog box, or in a command window. Also, this policy setting does not prevent users from using programs to access these drives or their contents. And, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
+
+If you disable or do not configure this policy setting, all drives are displayed, or select the "Do not restrict drives" option in the drop-down list. Also, see the "Prevent access to drives from My Computer" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide these specified drives in My Computer*
+-   GP name: *NoDrives*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoEntireNetwork**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes all computers outside of the user's workgroup or local domain from lists of network resources in File Explorer and Network Locations.
+
+If you enable this setting, the system removes the Entire Network option and the icons representing networked computers from Network Locations and from the browser associated with the Map Network Drive option.
+
+This setting does not prevent users from viewing or connecting to computers in their workgroup or domain. It also does not prevent users from connecting to remote computers by other commonly used methods, such as by typing the share name in the Run dialog box or the Map Network Drive dialog box.
+
+To remove computers in the user's workgroup or domain from lists of network resources, use the "No Computers Near Me in Network Locations" setting.
+
+> [!NOTE]
+> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *No Entire Network in Network Locations*
+-   GP name: *NoEntireNetwork*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoFileMRU**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the list of most recently used files from the Open dialog box.
+
+If you disable this setting or do not configure it, the "File name" field includes a drop-down list of recently used files. If you enable this setting, the "File name" field is a simple text box. Users must browse directories to find a file or type a file name in the text box.
+
+This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
+
+To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.
+
+> [!NOTE]
+> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the dropdown list of recent files*
+-   GP name: *NoFileMRU*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoFileMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the File menu from My Computer and File Explorer.
+
+This setting does not prevent users from using other methods to perform tasks available on the File menu.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove File menu from File Explorer*
+-   GP name: *NoFileMenu*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoFolderOptions**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to prevent users from accessing Folder Options through the View tab on the ribbon in File Explorer.
+
+Folder Options allows users to change the way files and folders open, what appears in the navigation pane, and other advanced view settings.
+
+If you enable this policy setting, users will receive an error message if they tap or click the Options button or choose the Change folder and search options command, and they will not be able to open Folder Options.
+
+If you disable or do not configure this policy setting, users can open Folder Options from the View tab on the ribbon.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon*
+-   GP name: *NoFolderOptions*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoHardwareTab**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Hardware tab. This setting removes the Hardware tab from Mouse, Keyboard, and Sounds and Audio Devices in Control Panel. It also removes the Hardware tab from the Properties dialog box for all local drives, including hard drives, floppy disk drives, and CD-ROM drives. As a result, users cannot use the Hardware tab to view or change the device list or device properties, or use the Troubleshoot button to resolve problems with the device.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Hardware tab*
+-   GP name: *NoHardwareTab*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoManageMyComputerVerb**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Manage item from the File Explorer context menu. This context menu appears when you right-click File Explorer or My Computer.
+
+The Manage item opens Computer Management (Compmgmt.msc), a console tool that includes many of the primary Windows 2000 administrative tools, such as Event Viewer, Device Manager, and Disk Management. You must be an administrator to use many of the features of these tools.
+
+This setting does not remove the Computer Management item from the Start menu (Start, Programs, Administrative Tools, Computer Management), nor does it prevent users from using other methods to start Computer Management.
+
+> [!TIP]
+> To hide all context menus, use the "Remove File Explorer's default context menu" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hides the Manage item on the File Explorer context menu*
+-   GP name: *NoManageMyComputerVerb*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoMyComputerSharedDocuments**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Shared Documents folder from My Computer. When a Windows client is in a workgroup, a Shared Documents icon appears in the File Explorer Web view under "Other Places" and also under "Files Stored on This Computer" in My Computer. Using this policy setting, you can choose not to have these items displayed.
+
+If you enable this policy setting, the Shared Documents folder is not displayed in the Web view or in My Computer.
+
+If you disable or do not configure this policy setting, the Shared Documents folder is displayed in Web view and also in My Computer when the client is part of a workgroup.
+
+> [!NOTE]
+> The ability to remove the Shared Documents folder via Group Policy is only available on Windows XP Professional.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Shared Documents from My Computer*
+-   GP name: *NoMyComputerSharedDocuments*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoNetConnectDisconnect**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from using File Explorer or Network Locations to map or disconnect network drives.
+
+If you enable this setting, the system removes the Map Network Drive and Disconnect Network Drive commands from the toolbar and Tools menus in File Explorer and Network Locations and from menus that appear when you right-click the File Explorer or Network Locations icons.
+
+This setting does not prevent users from connecting to another computer by typing the name of a shared folder in the Run dialog box.
+
+> [!NOTE]
+> This setting was documented incorrectly on the Explain tab in Group Policy for Windows 2000. The Explain tab states incorrectly that this setting prevents users from connecting and disconnecting drives.
+>
+> It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove "Map Network Drive" and "Disconnect Network Drive"*
+-   GP name: *NoNetConnectDisconnect*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoNewAppAlert**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy removes the end-user notification for new application associations. These associations are based on file types (e.g. *.txt) or protocols (e.g. http:).
+
+If this group policy is enabled, no notifications will be shown. If the group policy is not configured or disabled, notifications will be shown to the end user if a new application has been installed that can handle the file type or protocol association that was invoked.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not show the 'new application installed' notification*
+-   GP name: *NoNewAppAlert*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoPlacesBar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the shortcut bar from the Open dialog box. This setting, and others in this folder, lets you remove new features added in Windows 2000 Professional, so that the Open dialog box looks like it did in Windows NT 4.0 and earlier. These policies only affect programs that use the standard Open dialog box provided to developers of Windows programs.
+
+To see an example of the standard Open dialog box, start Wordpad and, on the File menu, click Open.
+
+> [!NOTE]
+> In Windows Vista, this policy  setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style. It is a requirement for third-party applications with Windows 2000 or later certification to adhere to this setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Hide the common dialog places bar*
+-   GP name: *NoPlacesBar*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoRecycleFiles**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. When a file or folder is deleted in File Explorer, a copy of the file or folder is placed in the Recycle Bin. Using this setting, you can change this behavior.
+
+If you enable this setting, files and folders that are deleted using File Explorer will not be placed in the Recycle Bin and will therefore be permanently deleted.
+
+If you disable or do not configure this setting, files and folders deleted using File Explorer will be placed in the Recyele Bin.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not move deleted files to the Recycle Bin*
+-   GP name: *NoRecycleFiles*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoRunAsInstallPrompt**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from submitting alternate logon credentials to install a program.
+
+This setting suppresses the "Install Program As Other User" dialog box for local and network installations. This dialog box, which prompts the current user for the user name and password of an administrator, appears when users who are not administrators try to install programs locally on their computers. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
+
+Many programs can be installed only by an administrator. If you enable this setting and a user does not have sufficient permissions to install a program, the installation continues with the current user's logon credentials. As a result, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
+
+If you disable this setting or do not configure it, the "Install Program As Other User" dialog box appears whenever users install programs locally on the computer.
+
+By default, users are not prompted for alternate logon credentials when installing programs from a network share. If enabled, this setting overrides the "Request credentials for network installations" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Do not request alternate credentials*
+-   GP name: *NoRunAsInstallPrompt*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoSearchInternetTryHarderButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. If you enable this policy, the "Internet" "Search again" link will not be shown when the user performs a search in the Explorer window.
+
+If you disable this policy, there will be an "Internet" "Search again" link when the user performs a search in the Explorer window. This button launches a search in the default browser with the search terms.
+
+If you do not configure this policy (default), there will be an "Internet" link when the user performs a search in the Explorer window.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove the Search the Internet "Search again" link*
+-   GP name: *NoSearchInternetTryHarderButton*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoSecurityTab**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes the Security tab from File Explorer.
+
+If you enable this setting, users opening the Properties dialog box for all file system objects, including folders, files, shortcuts, and drives, will not be able to access the Security tab. As a result, users will be able to neither change the security settings nor view a list of all users that have access to the resource in question.
+
+If you disable or do not configure this setting, users will be able to access the security tab.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Security tab*
+-   GP name: *NoSecurityTab*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoShellSearchButton**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove the Search button from the File Explorer toolbar. If you enable this policy setting, the Search button is removed from the Standard Buttons toolbar that appears in File Explorer and other programs that use the File Explorer window, such as My Computer and Network Locations. Enabling this policy setting does not remove the Search button or affect any search features of Internet browser windows, such as the Internet Explorer window.
+
+If you disable or do not configure this policy setting, the Search button is available from the File Explorer toolbar.
+
+This policy setting does not affect the Search items on the File Explorer context menu or on the Start menu. To remove Search from the Start menu, use the "Remove Search menu from Start menu" policy setting (in User Configuration\Administrative Templates\Start Menu and Taskbar). To hide all context menus, use the "Remove File Explorer's default context menu" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove Search button from File Explorer*
+-   GP name: *NoShellSearchButton*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoStrCmpLogical**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to have file names sorted literally (as in Windows 2000 and earlier) rather than in numerical order.
+
+If you enable this policy setting, File Explorer will sort file names by each digit in a file name (for example, 111 < 22 < 3).
+
+If you disable or do not configure this policy setting, File Explorer will sort file names by increasing number value (for example, 3 < 22 < 111).
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off numerical sorting in File Explorer*
+-   GP name: *NoStrCmpLogical*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoViewContextMenu**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Removes shortcut menus from the desktop and File Explorer. Shortcut menus appear when you right-click an item.
+
+If you enable this setting, menus do not appear when you right-click the desktop or when you right-click the items in File Explorer. This setting does not prevent users from using other methods to issue commands available on the shortcut menus.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Remove File Explorer's default context menu*
+-   GP name: *NoViewContextMenu*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoViewOnDrive**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prevents users from using My Computer to gain access to the content of selected drives.
+
+If you enable this setting, users can browse the directory structure of the selected drives in My Computer or File Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.
+
+To use this setting, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not restrict drives" option from the drop-down list.
+
+> [!NOTE]
+> The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the action.
+>
+> Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics. Also, see the "Hide these specified drives in My Computer" setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Prevent access to drives from My Computer*
+-   GP name: *NoViewOnDrive*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoWindowsHotKeys**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Turn off Windows Key hotkeys. Keyboards with a Windows key provide users with shortcuts to common shell features. For example, pressing the keyboard sequence Windows+R opens the Run dialog box; pressing Windows+E starts File Explorer.
+
+By using this setting, you can disable these Windows Key hotkeys.
+
+If you enable this setting, the Windows Key hotkeys are unavailable.
+
+If you disable or do not configure this setting, the Windows Key hotkeys are available.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off Windows Key hotkeys*
+-   GP name: *NoWindowsHotKeys*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/NoWorkgroupContents**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to remove computers in the user's workgroup and domain from lists of network resources in File Explorer and Network Locations.
+
+If you enable this policy setting, the system removes the "Computers Near Me" option and the icons representing nearby computers from Network Locations. This policy setting also removes these icons from the Map Network Drive browser.
+
+If you disable or do not configure this policy setting, computers in the user's workgroup and domain appear in lists of network resources in File Explorer and Network Locations.
+
+This policy setting does not prevent users from connecting to computers in their workgroup or domain by other commonly used methods, such as typing the share name in the Run dialog box or the Map Network Drive dialog box.
+
+To remove network computers from lists of network resources, use the "No Entire Network in Network Locations" policy setting.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *No Computers Near Me in Network Locations*
+-   GP name: *NoWorkgroupContents*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/PlacesBar**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Configures the list of items displayed in the Places Bar in the Windows File/Open dialog. If enable this setting you can specify from 1 to 5 items to be displayed in the Places Bar.
+
+The valid items you may display in the Places Bar are:
+
+1. Shortcuts to a local folders -- (example: `C:\Windows`)
+2. Shortcuts to remote folders -- (`\\server\share`)
+3. FTP folders
+4. web folders
+5. Common Shell folders.
+
+The list of Common Shell Folders that may be specified:
+
+Desktop, Recent Places, Documents, Pictures, Music, Recently Changed, Attachments and Saved Searches.
+
+If you disable or do not configure this setting the default list of items will be displayed in the Places Bar.
+
+> [!NOTE]
+> In Windows Vista, this policy setting applies only to applications that are using the Windows XP common dialog box style. This policy setting does not apply to the new Windows Vista common dialog box style.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Items displayed in Places Bar*
+-   GP name: *PlacesBar*
+-   GP path: *Windows Components\File Explorer\Common Open File Dialog*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/PromptRunasInstallNetPath**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Prompts users for alternate logon credentials during network-based installations.
+
+This setting displays the "Install Program As Other User" dialog box even when a program is being installed from files on a network computer across a local area network connection.
+
+If you disable this setting or do not configure it, this dialog box appears only when users are installing programs from local media.
+
+The "Install Program as Other User" dialog box prompts the current user for the user name and password of an administrator. This setting allows administrators who have logged on as regular users to install programs without logging off and logging on again using their administrator credentials.
+
+If the dialog box does not appear, the installation proceeds with the current user's permissions. If these permissions are not sufficient, the installation might fail, or it might complete but not include all features. Or, it might appear to complete successfully, but the installed program might not operate correctly.
+
+> [!NOTE]
+> If it is enabled, the "Do not request alternate credentials" setting takes precedence over this setting. When that setting is enabled, users are not prompted for alternate logon credentials on any installation.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Request credentials for network installations*
+-   GP name: *PromptRunasInstallNetPath*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/RecycleBinSize**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Limits the percentage of a volume's disk space that can be used to store deleted files.
+
+If you enable this setting, the user has a maximum amount of disk space that may be used for the Recycle Bin on their workstation.
+
+If you disable or do not configure this setting, users can change the total amount of disk space used by the Recycle Bin.
+
+> [!NOTE]
+> This setting is applied to all volumes.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Maximum allowed Recycle Bin size*
+-   GP name: *RecycleBinSize*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+
+If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
+
+If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off shell protocol protected mode*
+-   GP name: *ShellProtocolProtectedModeTitle_1*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to configure the amount of functionality that the shell protocol can have. When using the full functionality of this protocol, applications can open folders and launch files. The protected mode reduces the functionality of this protocol allowing applications to only open a limited set of folders. Applications are not able to open files with this protocol when it is in the protected mode. It is recommended to leave this protocol in the protected mode to increase the security of Windows.
+
+If you enable this policy setting the protocol is fully enabled, allowing the opening of folders and files.
+
+If you disable this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+If you do not configure this policy setting the protocol is in the protected mode, allowing applications to only open a limited set of folders.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Turn off shell protocol protected mode*
+-   GP name: *ShellProtocolProtectedModeTitle_2*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ShowHibernateOption**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Shows or hides hibernate from the power options menu.
+
+If you enable this policy setting, the hibernate option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
+
+If you disable this policy setting, the hibernate option will never be shown in the Power Options menu.
+
+If you do not configure this policy setting, users will be able to choose whether they want hibernate to show through the Power Options Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show hibernate in the power options menu*
+-   GP name: *ShowHibernateOption*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/ShowSleepOption**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. Shows or hides sleep from the power options menu.
+
+If you enable this policy setting, the sleep option will be shown in the Power Options menu (as long as it is supported by the machine's hardware).
+
+If you disable this policy setting, the sleep option will never be shown in the Power Options menu.
+
+If you do not configure this policy setting, users will be able to choose whether they want sleep to show through the Power Options Control Panel.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Show sleep in the power options menu*
+-   GP name: *ShowSleepOption*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/TryHarderPinnedLibrary**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows up to five Libraries or Search Connectors to be pinned to the "Search again" links and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. To add a Library or Search Connector link, specify the path of the .Library-ms or .searchConnector-ms file in the "Location" text box (for example, "C:\sampleLibrary.Library-ms" for the Documents library, or "C:\sampleSearchConnector.searchConnector-ms" for a Search Connector). The pinned link will only work if this path is valid and the location contains the specified .Library-ms or .searchConnector-ms file.
+
+You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
+
+The first several links will also be pinned to the Start menu. A total of four links can be included on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Search Connectors/Libraries and pinned Internet/intranet search links. Search Connector/Library links take precedence over Internet/intranet search links.
+
+If you enable this policy setting, the specified Libraries or Search Connectors will appear in the "Search again" links and the Start menu links.
+
+If you disable or do not configure this policy setting, no Libraries or Search Connectors will appear in the "Search again" links or the Start menu links.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Pin Libraries or Search Connectors to the "Search again" links and the Start menu*
+-   GP name: *TryHarderPinnedLibrary*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+
+**ADMX_WindowsExplorer/TryHarderPinnedOpenSearch**  
+
+
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
+    
+    
+
+
    Windows EditionSupported?
    Homecross mark
    Procross mark
    Businesscross mark
    Enterprisecheck mark
    Educationcross mark
    
+
+
+
    
+
+
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+
    
+
+
+
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to add Internet or intranet sites to the "Search again" links located at the bottom of search results in File Explorer and the Start menu links. The "Search again" links at the bottom of the Search Results view allow the user to reconduct a search but in a different location. The Internet search site will be searched with the text in the search box. To add an Internet search site, specify the URL of the search site in OpenSearch format with {searchTerms} for the query string (for example, http://www.example.com/results.aspx?q={searchTerms}).
+
+You can add up to five additional links to the "Search again" links at the bottom of results returned in File Explorer after a search is executed. These links will be shared between Internet search sites and Search Connectors/Libraries. Search Connector/Library links take precedence over Internet search links.
+
+The first several links will also be pinned to the Start menu. A total of four links can be pinned on the Start menu. The "See more results" link will be pinned first by default, unless it is disabled via Group Policy. The "Search the Internet" link is pinned second, if it is pinned via Group Policy (though this link is disabled by default). If a custom Internet search link is pinned using the "Custom Internet search provider" Group Policy, this link will be pinned third on the Start menu. The remaining link(s) will be shared between pinned Internet/intranet links and pinned Search Connectors/Libraries. Search Connector/Library links take precedence over Internet/intranet search links.
+
+If you enable this policy setting, the specified Internet sites will appear in the "Search again" links and the Start menu links.
+
+If you disable or do not configure this policy setting, no custom Internet search sites will be added to the "Search again" links or the Start menu links.
+
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+
+ADMX Info:  
+-   GP English name: *Pin Internet search sites to the "Search again" links and the Start menu*
+-   GP name: *TryHarderPinnedOpenSearch*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *WindowsExplorer.admx*
+
+
+
+
    
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+
\ No newline at end of file

From d0584bde816c72b2ca8b8871c03a9a14673042fd Mon Sep 17 00:00:00 2001
From: ManikaDhiman 
Date: Thu, 29 Oct 2020 16:34:43 -0700
Subject: [PATCH 131/346] Fixed broken links

---
 .../mdm/policies-in-policy-csp-admx-backed.md | 44 +++++++++----------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 5952cfc7ae..f17aa74561 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -395,28 +395,28 @@ ms.date: 10/08/2020
 - [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
 - [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
 - [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
-- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md.#admx-taskbar-disablenotificationcenter)
-- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md.#admx-taskbar-enablelegacyballoonnotifications)
-- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescahealth)
-- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescanetwork)
-- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescapower)
-- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md.#admx-taskbar-hidescavolume)
-- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md.#admx-taskbar-noballoonfeatureadvertisements)
-- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningstoretotaskbar)
-- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtodestinations)
-- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-nopinningtotaskbar)
-- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md.#admx-taskbar-noremotedestinations)
-- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md.#admx-taskbar-nosystraysystempromotion)
-- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md.#admx-taskbar-showwindowsstoreappsontaskbar)
-- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarlockall)
-- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoaddremovetoolbar)
-- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnodragtoolbar)
-- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnomultimon)
-- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnonotification)
-- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnopinnedlist)
-- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoredock)
-- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnoresize)
-- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md.#admx-taskbar-taskbarnothumbnail)
+- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
+- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
+- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
+- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md#admx-taskbar-hidescanetwork)
+- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md#admx-taskbar-hidescapower)
+- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md#admx-taskbar-hidescavolume)
+- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md#admx-taskbar-noballoonfeatureadvertisements)
+- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningstoretotaskbar)
+- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtodestinations)
+- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtotaskbar)
+- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-noremotedestinations)
+- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md#admx-taskbar-nosystraysystempromotion)
+- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-showwindowsstoreappsontaskbar)
+- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarlockall)
+- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoaddremovetoolbar)
+- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnodragtoolbar)
+- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnomultimon)
+- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnonotification)
+- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnopinnedlist)
+- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoredock)
+- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoresize)
+- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnothumbnail)
 - [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
 - [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
 - [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)

From 870fe5bfbc1a14ef2d43253048d4200590eac89f Mon Sep 17 00:00:00 2001
From: Daniel Simpson 
Date: Thu, 29 Oct 2020 19:35:42 -0700
Subject: [PATCH 132/346] acrolinx fixes

---
 .../threat-protection/fips-140-validation.md  | 1261 ++++++++---------
 1 file changed, 630 insertions(+), 631 deletions(-)

diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 262058bf1d..a03d84b411 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -1,15 +1,14 @@
 ---
-title: FIPS 140 Validation
+title: Federal Information Processing Standard (FIPS) 140 Validation
 description: This topic provides information on how Microsoft products and cryptographic modules comply with the U.S. Federal government standard FIPS 140.
 ms.prod: w10
 audience: ITPro
-author: dulcemontemayor
+author: dansimp
 ms.author: dansimp
 manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 11/05/2019
 ms.reviewer: 
 ---
 
@@ -43,7 +42,7 @@ Each of the cryptographic modules has a defined security policy that must be met
  
 ### Step 3: Enable the FIPS security policy
 
-Windows provides the security policy setting, “System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode.  When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode.  The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).  
+Windows provides the security policy setting, “System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing,” which is used by some Microsoft products to determine whether to operate in a FIPS 140-2 approved mode.  When this policy is enabled, the validated cryptographic modules in Windows will also operate in FIPS approved mode.  The policy may be set using Local Security Policy, as part of Group Policy, or through a Modern Device Management (MDM) solution.   For more information on the policy, see [System cryptography: Use FIPS-compliant algorithms for encryption, hashing, and signing](https://docs.microsoft.com/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing).  
 
 ### Step 4: Ensure only FIPS validated cryptographic algorithms are used
 
@@ -73,7 +72,7 @@ This caveat identifies required configuration and security rules that must be fo
 
 ### What is the relationship between FIPS 140-2 and Common Criteria?
 
-These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria is designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
+These are two separate security standards with different, but complementary, purposes. FIPS 140-2 is designed specifically for validating software and hardware cryptographic modules, while Common Criteria are designed to evaluate security functions in IT software and hardware products. Common Criteria evaluations often rely on FIPS 140-2 validations to provide assurance that basic cryptographic functionality is implemented properly.
 
 ### How does FIPS 140 relate to Suite B?
 
@@ -304,11 +303,11 @@ Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
 
 
 
-\[1\] Applies only to Home, Pro, Enterprise, Education and S
+\[1\] Applies only to Home, Pro, Enterprise, Education, and S.
 
-\[2\] Applies only to Pro, Enterprise, Education, S, Mobile and Surface Hub
+\[2\] Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
 
-\[3\] Applies only to Pro, Enterprise Education and S
+\[3\] Applies only to Pro, Enterprise, Education, and S
 
 ##### Windows 10 Anniversary Update (Version 1607)
 
@@ -397,11 +396,11 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
 
 
 
-\[1\] Applies only to Home, Pro, Enterprise and Enterprise LTSB
+\[1\] Applies only to Home, Pro, Enterprise, and Enterprise LTSB
 
-\[2\] Applies only to Pro, Enterprise, Enterprise LTSB and Mobile
+\[2\] Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
 
-\[3\] Applies only to Pro, Enterprise and Enterprise LTSB
+\[3\] Applies only to Pro, Enterprise, and Enterprise LTSB
 
 ##### Windows 10 November 2015 Update (Version 1511)
 
@@ -491,13 +490,13 @@ Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
 
 
 
-\[4\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
+\[4\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
 
-\[5\] Applies only to Home, Pro, Enterprise, Mobile and Surface Hub
+\[5\] Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
 
-\[6\] Applies only to Home, Pro and Enterprise
+\[6\] Applies only to Home, Pro, and Enterprise
 
-\[7\] Applies only to Pro, Enterprise, Mobile and Surface Hub
+\[7\] Applies only to Pro, Enterprise, Mobile, and Surface Hub
 
 \[8\] Applies only to Enterprise and Enterprise LTSB
 
@@ -700,7 +699,7 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 #1892
 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
    
 
    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert. ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
    
 
    
 
 
@@ -710,9 +709,9 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 #1891
 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
    
 
    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and ); ECDSA (Cert. ); HMAC (Cert. ); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RNG (Cert. ); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
    
 
    
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Boot Manager
@@ -760,9 +759,9 @@ Validated Editions: RT, Home, Pro, Enterprise, Phone
 #1893
 FIPS Approved algorithms: DSA (Cert. #686); SHS (Cert. #1902); Triple-DES (Cert. #1386); Triple-DES MAC (Triple-DES Cert. #1386, vendor affirmed)
    
 
    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert. ); Triple-DES MAC (Triple-DES Cert. , vendor affirmed)
    
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. #1386, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Cert., vendor affirmed)
    
 
    
-Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. , key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
+Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert., key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
 
 Enhanced Cryptographic Provider (RSAENH.DLL)
@@ -803,9 +802,9 @@ Validated Editions: Windows 7, Windows 7 SP1
 1329
 FIPS Approved algorithms: AES (Certs. #1168 and #1178); AES GCM (Cert. #1168, vendor-affirmed); AES GMAC (Cert. #1168, vendor-affirmed); DRBG (Certs. #23 and #24); DSA (Cert. #386); ECDSA (Cert. #141); HMAC (Cert. #677); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 to 256 bits of encryption strength); RNG (Cert. #649); RSA (Certs. #559 and #560); SHS (Cert. #1081); Triple-DES (Cert. #846)
    
 
    
-Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and ); SHS (Cert. ); Triple-DES (Cert. )
    
+Other algorithms: AES (Cert. #1168, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)
    
 
    
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
+Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4
 
 
 Kernel Mode Cryptographic Primitives Library (cng.sys)
@@ -829,7 +828,7 @@ Validated Editions: Windows 7, Windows 7 SP1
 1319
 FIPS Approved algorithms: AES (Certs. #1168 and #1177); HMAC (Cert. #675); RSA (Cert. #557); SHS (Cert. #1081)
    
 
    
-Other algorithms: MD5#1168 and ); HMAC (Cert. ); RSA (Cert. ); SHS (Cert. )
    
+Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)
    
 
    
 Other algorithms: MD5
 
@@ -946,7 +945,7 @@ Validated Editions: Ultimate Edition
 Kernel Mode Security Support Provider Interface (ksecdd.sys)
 6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.228696.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869
 1000
-
    FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and ); ECDSA (Cert. ); HMAC (Cert. ); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
    
+
    FIPS Approved algorithms: AES (Certs. #739 and #756); ECDSA (Cert. #82); HMAC (Cert. #412); RNG (Cert. #435 and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. #353 and #357); SHS (Cert. #753); Triple-DES (Cert. #656)#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
    
 
    Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
    
 
 
@@ -1649,9 +1648,9 @@ Validated Editions: Server, Storage Server
 1892
 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258); DSA (Cert. #687); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
    
 
    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert. ); HMAC (Cert. #); KAS (Cert. ); KBKDF (Cert. ); PBKDF (vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
    
 
    
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Kernel Mode Cryptographic Primitives Library (cng.sys)
@@ -1659,9 +1658,9 @@ Validated Editions: Server, Storage Server
 1891
 FIPS Approved algorithms: AES (Certs. #2197 and #2216); DRBG (Certs. #258 and #259); ECDSA (Cert. #341); HMAC (Cert. #1345); KAS (Cert. #36); KBKDF (Cert. #3); PBKDF (vendor affirmed); RNG (Cert. #1110); RSA (Certs. #1133 and #1134); SHS (Cert. #1903); Triple-DES (Cert. #1387)
    
 
    
-Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
    
+Other algorithms: AES (Cert. #2197, key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
    
 
    
-Other algorithms: AES (Cert. , key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
+Other algorithms: AES (Cert., key wrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)
 
 
 Boot Manager
@@ -1841,7 +1840,7 @@ Validated Editions: Server, Storage Server
 1007
 FIPS Approved algorithms: AES (Certs. #739 and #757); ECDSA (Cert. #83); HMAC (Cert. #413); RNG (Cert. #435 and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. #353 and #358); SHS (Cert. #753); Triple-DES (Cert. #656)
    
 
    
-Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert. ); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and ); SHS (Cert. ); Triple-DES (Cert. )
    
+Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)
    
 
    
 Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)
 
@@ -2165,7 +2164,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Key Lengths: 128, 192, 256 (bits)
    • 
 

 
-
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

+
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #4903

 
Version 10.0.16299

 
 
@@ -2484,7 +2483,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
 
 
-
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

+
Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4897

 
Version 10.0.16299

 
 
@@ -2520,7 +2519,7 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)
    • 
 
 
    AES Val#4897
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #4898
    
 
    Version 10.0.16299
    
 
 
@@ -2559,288 +2558,288 @@ The following tables are organized by cryptographic algorithms with their modes,
 
  • AAD Length: 0-65536
    • 
 
 
    AES Val#4897
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations #4894
    
 
    Version 10.0.16299
    
 
 
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    OFB ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    OFB (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #4627
    
 
    Version 10.0.15063
    
 
 
-
    KW ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
    
+
    KW (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
    
 
    AES Val#4624
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations #4626
    
 
    Version 10.0.15063
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#4624
    
 
     
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations #4625
    
 
    Version 10.0.15063
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    IV Generated: ( External ) ; PT Lengths Tested: ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 1024 , 8 , 1016 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); AAD Lengths tested: (0, 1024, 8, 1016); 96BitIV_Supported
    
 
    GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #4624
    
 
    Version 10.0.15063
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4434
    
 
    Version 7.00.2872
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #4433
    
 
    Version 8.00.6246
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4431
    
 
    Version 7.00.2872
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #4430
    
 
    Version 8.00.6246
    
 
 
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    OFB ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    OFB (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #4074
    
 
    Version 10.0.14393
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    
 GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #4064
    
 
    Version 10.0.14393
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #4063
    
 Version 10.0.14393
 
 
-
    KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 192 , 256 , 320 , 2048 )
    
+
    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)
    
 
    AES Val#4064
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #4062
    
 
    Version 10.0.14393
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#4064
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations #4061
    
 
    Version 10.0.14393
    
 
 
-
    KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
    
+
    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
    
 
    AES Val#3629
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #3652
    
 
    Version 10.0.10586
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#3629
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations #3653
    
 
    Version 10.0.10586
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations #3630
    
 Version 10.0.10586
 
 
-
    ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96BitIV_Supported
    
 GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d) (f)) KS: XTS_256((e/d) (f))
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #3629
    
 
    
 
    
 
    Version 10.0.10586
    
 
 
-
    KW  ( AE , AD , AES-128 , AES-192 , AES-256 , FWD , 128 , 256 , 192 , 320 , 2048 )
    
+
    KW  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)
    
 
    AES Val#3497
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #3507
    
 
    Version 10.0.10240
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#3497
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations #3498
    
 
    Version 10.0.10240
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 ); CBC ( e/d; 128 , 192 , 256 ); CFB8 ( e/d; 128 , 192 , 256 ); CFB128 ( e/d; 128 , 192 , 256 ); CTR ( int only; 128 , 192 , 256 )
    
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC(Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 0 , 0 ) ; 96BitIV_Supported
    
+
    ECB (e/d; 128, 192, 256); CBC (e/d; 128, 192, 256); CFB8 (e/d; 128, 192, 256); CFB128 (e/d; 128, 192, 256); CTR (int only; 128, 192, 256)
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC(Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated:  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); AAD Lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96BitIV_Supported
    
 GMAC_Supported
    
-
    XTS( (KS: XTS_128( (e/d) (f) ) KS: XTS_256( (e/d) (f) )
    
+
    XTS((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))
    
 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #3497
    
 Version 10.0.10240
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #3476
    
 Version 10.0.10240
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #2853
    
 
    Version 6.3.9600
    
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#2832
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BitLocker� Cryptographic Implementations #2848
    
 
    Version 6.3.9600
    
 
 
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 0 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 192; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 ) (KS: 256; Block Size(s): Full / Partial ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 0 Max: 16 )
    
-
    GCM (KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    (KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-
    IV Generated:  ( Externally ) ; PT Lengths Tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested:  ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested:  ( 8 , 1024 ) ; 96BitIV_Supported ;
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)
    
+
    GCM (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    (KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+
    IV Generated:  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); AAD Lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96BitIV_Supported;
    
 OtherIVLen_Supported
    
 GMAC_Supported
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #2832
    
 
    Version 6.3.9600
    
 
 
-
    CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
+
    CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)
    
 AES Val#2197
    
-
    CMAC (Generation/Verification ) (KS: 128; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 192; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 ) (KS: 256; Block Size(s): ; Msg Len(s) Min: 0 Max: 2^16 ; Tag Len(s) Min: 16 Max: 16 )
    
+
    CMAC (Generation/Verification) (KS: 128; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s); Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)
    
 AES Val#2197
    
-
    GCM(KS: AES_128( e/d ) Tag Length(s): 128 120 112 104 96 ) (KS: AES_192( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-(KS: AES_256( e/d ) Tag Length(s): 128 120 112 104 96 )
    
-IV Generated: ( Externally ) ; PT Lengths Tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; AAD Lengths tested: ( 0 , 128 , 1024 , 8 , 1016 ) ; IV Lengths Tested: ( 8 , 1024 ) ; 96BitIV_Supported
    
+
    GCM(KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)
    
+(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)
    
+IV Generated: (Externally); PT Lengths Tested: (0, 128, 1024, 8, 1016); AAD Lengths tested: (0, 128, 1024, 8, 1016); IV Lengths Tested: (8, 1024); 96BitIV_Supported
    
 GMAC_Supported
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #2216
 
 
-
    CCM (KS: 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 12 (Tag Length(s): 16 )
    
+
    CCM (KS: 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)
    
 
    AES Val#2196
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #2198
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
-
    CFB128 ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
+
    CFB128 (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #2197
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #2196
 
 
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 – 0 , 2^16 ) (Payload Length Range: 0 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
+CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 – 0, 2^16 ) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
    
 AES Val#1168
 
    Windows Server 2008 R2 and SP1 CNG algorithms #1187
    
 
    Windows 7 Ultimate and SP1 CNG algorithms #1178
    
 
 
-CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
+CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
 AES Val#1168
 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #1177
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
     
    
 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168
 
 
 
    GCM
    
 
    GMAC
    
-Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168 , vendor-affirmed
+Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #1168, vendor-affirmed
 
 
-CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
+CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
 Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #760
 
 
-CCM (KS: 128 , 192 , 256 ) (Assoc. Data Len Range: 0 - 0 , 2^16 ) (Payload Length Range: 1 - 32 ( Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
+CCM (KS: 128, 192, 256) (Assoc. Data Len Range: 0 - 0, 2^16 ) (Payload Length Range: 1 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16 )
 
    Windows Server 2008 CNG algorithms #757
    
 
    Windows Vista Ultimate SP1 CNG algorithms #756
    
 
 
-
    CBC ( e/d; 128 , 256 );
    
-
    CCM (KS: 128 , 256 ) (Assoc. Data Len Range: 0 - 8 ) (Payload Length Range: 4 - 32 ( Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16 )
    
+
    CBC (e/d; 128, 256);
    
+
    CCM (KS: 128, 256) (Assoc. Data Len Range: 0 - 8) (Payload Length Range: 4 - 32 (Nonce Length(s): 7 8 12 13 (Tag Length(s): 4 6 8 14 16)
    
 
    Windows Vista Ultimate BitLocker Drive Encryption #715
    
 
    Windows Vista Ultimate BitLocker Drive Encryption #424
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CFB8 ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CFB8 (e/d; 128, 192, 256);
    
 
    Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation #739
    
 
    Windows Vista Symmetric Algorithm Implementation #553
    
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
-
    CTR ( int only; 128 , 192 , 256 )
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
+
    CTR (int only; 128, 192, 256)
    
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #2023
 
 
-
    ECB ( e/d; 128 , 192 , 256 );
    
-
    CBC ( e/d; 128 , 192 , 256 );
    
+
    ECB (e/d; 128, 192, 256);
    
+
    CBC (e/d; 128, 192, 256);
    
 
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #2024
    
 
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #818
    
 
    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #781
    
@@ -2891,7 +2890,7 @@ Deterministic Random Bit Generator (DRBG)
 
 
 
    Prerequisite: AES #4903
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1733
    
 
    Version 10.0.16299
    
 
 
@@ -2930,74 +2929,74 @@ Deterministic Random Bit Generator (DRBG)
 
 
 
    Prerequisite: AES #4897
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1730
    
 
    Version 10.0.16299
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4627 ) ]
+CTR_DRBG: [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4627)]
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1556
    
 
    Version 10.0.15063
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4624 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4624)]
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1555
    
 
    Version 10.0.15063
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4434 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4434)]
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1433
    
 
    Version 7.00.2872
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4433 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4433)]
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #1432
    
 
    Version 8.00.6246
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4431 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4431)]
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1430
    
 
    Version 7.00.2872
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4430 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4430)]
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1429
    
 
    Version 8.00.6246
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#4074 ) ]
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
    
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#4074)]
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #1222
    
 
    Version 10.0.14393
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#4064 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#4064)]
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #1217
    
 
    Version 10.0.14393
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3629 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3629)]
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #955
    
 
    Version 10.0.10586
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#3497 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#3497)]
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #868
    
 
    Version 10.0.10240
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2832 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2832)]
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #489
    
 
    Version 6.3.9600
    
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: ( AES-256 ) ( AES Val#2197 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES Val#2197)]
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #258
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#2023 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#2023)]
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #193
 
 
-CTR_DRBG: [ Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: ( AES-256 ) ( AES Val#1168 ) ]
+CTR_DRBG:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES Val#1168)]
 Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library #23
 
 
@@ -3133,16 +3132,16 @@ Deterministic Random Bit Generator (DRBG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1301
    
 
    Version 10.0.16299
    
 
 
 
    FIPS186-4:
    
-
    PQG(gen)PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-
    PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-
    KeyPairGen:   [ (2048,256) ; (3072,256) ]
    
-
    SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-
    SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+
    PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
    
+
    PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+
    KeyPairGen:   [(2048,256); (3072,256)]
    
+
    SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+
    SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val#3790
    
 
    DRBG: Val# 1555
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1223
    
@@ -3150,16 +3149,16 @@ Deterministic Random Bit Generator (DRBG)
 
 
 FIPS186-4:
    
-PQG(ver)PARMS TESTED:       [ (1024,160) SHA( 1 ); ]
    
-SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
    
+PQG(ver)PARMS TESTED:       [(1024,160) SHA(1); ]
    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
 SHS: Val# 3649
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1188
    
 
    Version 7.00.2872
    
 
 
 FIPS186-4:
    
-PQG(ver)PARMS TESTED:       [ (1024,160) SHA( 1 ); ]
    
-SIG(ver)PARMS TESTED:   [ (1024,160) SHA( 1 ); ]
    
+PQG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
+SIG(ver)PARMS TESTED:   [(1024,160) SHA(1); ]
    
 SHS: Val#3648
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1187
    
 
    Version 8.00.6246
    
@@ -3167,12 +3166,12 @@ SHS: 
 
    FIPS186-4:
    
 PQG(gen)    PARMS TESTED: [
    
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
    
-SIG(gen)PARMS TESTED:   [ (2048,256)
    
-SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)]
    
+SIG(gen)PARMS TESTED:   [(2048,256)
    
+SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #1098
    
@@ -3180,9 +3179,9 @@ DRBG: 
 
    FIPS186-4:
    
-PQG(gen)    PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ] PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 )]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ] SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)] PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)] SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 3047
    
 DRBG: Val# 955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #1024
    
@@ -3190,10 +3189,10 @@ DRBG: 
 
    FIPS186-4:
    
-PQG(gen)    PARMS TESTED:   [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
    
-SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ] SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+PQG(gen)PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)]
    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ] SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 2886
    
 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #983
    
@@ -3202,12 +3201,12 @@ DRBG: 
 
    FIPS186-4:
    
 PQG(gen)    PARMS TESTED:   [
    
-(2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED:   [ (2048,256)
    
-SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-KeyPairGen:    [ (2048,256) ; (3072,256) ]
    
-SIG(gen)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED:   [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED:   [(2048,256)
    
+SHA(256); (3072,256) SHA(256)]
    
+KeyPairGen:    [(2048,256); (3072,256)]
    
+SIG(gen)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 
    SHS: Val# 2373
    
 DRBG: Val# 489
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #855
    
@@ -3220,10 +3219,10 @@ DRBG: #1903
    
 DRBG: #258
    
 
    FIPS186-4:
    
-PQG(gen)PARMS TESTED    : [ (2048,256)SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-PQG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
-SIG(gen)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ); ]
    
-SIG(ver)PARMS TESTED: [ (2048,256) SHA( 256 ); (3072,256) SHA( 256 ) ]
    
+PQG(gen)PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]
    
+PQG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
    
+SIG(gen)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256); ]
    
+SIG(ver)PARMS TESTED: [(2048,256) SHA(256); (3072,256) SHA(256)]
    
 SHS: #1903
    
 DRBG: #258
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical DSA List Val#687.
    
@@ -3445,7 +3444,7 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #4009, DRBG #1733
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1252
    
 
    Version 10.0.16299
    
 
 
@@ -3615,7 +3614,7 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1247
    
 
    Version 10.0.16299
    
 
 
@@ -3649,12 +3648,12 @@ SHS: SHA-1 (BYTE)
    
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1246
    
 
    Version 10.0.16299
    
 
 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 TestingCandidates )
    
+PKG: CURVES(P-256 P-384 TestingCandidates)
    
 SHS: Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #1136
    
@@ -3662,10 +3661,10 @@ DRBG: 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS:     Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1135
    
@@ -3673,10 +3672,10 @@ DRBG: 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS:     Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1133
    
@@ -3684,10 +3683,10 @@ DRBG: 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
    
 SHS:    Val# 3649
    
 DRBG:Val# 1430
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1073
    
@@ -3695,10 +3694,10 @@ PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
    
 
 
 FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))
    
 SHS:Val#3648
    
 DRBG:Val# 1429
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1072
    
@@ -3706,21 +3705,21 @@ PKG: CURVES( P-256 P-384 P-521 ExtraRandomBits )
    
 
 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 TestingCandidates )
    
-PKV: CURVES( P-256 P-384 )
    
-SigGen: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SigVer: CURVES( P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) )
    
+PKG: CURVES(P-256 P-384 TestingCandidates)
    
+PKV: CURVES(P-256 P-384)
    
+SigGen: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SigVer: CURVES(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1222
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #920
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-PKV: CURVES( P-256 P-384 P-521 )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+PKV: CURVES(P-256 P-384 P-521)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val# 3347
    
 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #911
    
@@ -3728,9 +3727,9 @@ DRBG: 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val# 3047
    
 DRBG: Val# 955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #760
    
@@ -3738,9 +3737,9 @@ DRBG: 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val# 2886
    
 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #706
    
@@ -3748,9 +3747,9 @@ DRBG: 
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 
    SHS: Val#2373
    
 DRBG: Val# 489
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #505
    
@@ -3758,16 +3757,16 @@ DRBG: 
 
    FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS:     #1903
    
 DRBG: #258
    
-SIG(ver):CURVES( P-256 P-384 P-521 )
    
+SIG(ver):CURVES(P-256 P-384 P-521)
    
 SHS: #1903
    
 DRBG: #258
    
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS: #1903
    
 DRBG: #258
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#341.
    
@@ -3775,16 +3774,16 @@ Some of the previously validated components for this validation have been remove
 
 
 
    FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
 
    FIPS186-4:
    
-PKG: CURVES    ( P-256 P-384 P-521 ExtraRandomBits )
    
-SigGen: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
-SigVer: CURVES( P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512) )
    
+PKG: CURVES(P-256 P-384 P-521 ExtraRandomBits)
    
+SigGen: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)
    
+SigVer: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))
    
 SHS: Val#1773
    
 DRBG: Val# 193
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#295.
    
@@ -3792,10 +3791,10 @@ Some of the previously validated components for this validation have been remove
 
 
 FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#1081
    
 DRBG: Val# 23
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#1081
    
 DRBG: Val# 23
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#142. See Historical ECDSA List Val#141.
@@ -3804,9 +3803,9 @@ Some of the previously validated components for this validation have been remove
 
 
 FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#753
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#753
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#83. See Historical ECDSA List Val#82.
 
    Windows Server 2008 CNG algorithms #83
    
@@ -3814,10 +3813,10 @@ Some of the previously validated components for this validation have been remove
 
 
 FIPS186-2:
    
-PKG: CURVES    ( P-256 P-384 P-521 )
    
+PKG: CURVES(P-256 P-384 P-521)
    
 SHS: Val#618
    
 RNG: Val# 321
    
-SIG(ver): CURVES( P-256 P-384 P-521 )
    
+SIG(ver): CURVES(P-256 P-384 P-521)
    
 SHS: Val#618
    
 RNG: Val# 321
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical ECDSA List Val#60.
@@ -3886,7 +3885,7 @@ Some of the previously validated components for this validation have been remove
 
 
 
    Prerequisite: SHS #4009
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #3270
    
 
    Version 10.0.16299
    
 
 
@@ -3979,160 +3978,160 @@ Some of the previously validated components for this validation have been remove
 
 
 
    Prerequisite: SHS #4009
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #3267
    
 
    Version 10.0.16299
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #3062
    
 
    Version 10.0.15063
    
 
 
-
    HMAC-SHA1(Key Sizes Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#3790
    
+
    HMAC-SHA1(Key Sizes Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#3790
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #3061
    
 
    Version 10.0.15063
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3652
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3652
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3652
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3652
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3652
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3652
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3652
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2946
    
 
    Version 7.00.2872
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3651
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3651
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3651
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3651
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3651
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3651
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3651
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2945
    
 
    Version 8.00.6246
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3649
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3649
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal# 3649
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3649
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3649
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3649
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal# 3649
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2943
    
 
    Version 7.00.2872
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#3648
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#3648
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#3648
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#3648
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#3648
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#3648
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#3648
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2942
    
 
    Version 8.00.6246
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHS Val# 3347
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3347
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3347
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2661
    
 
    Version 10.0.14393
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val# 3347
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val# 3347
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val# 3347
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val# 3347
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val# 3347
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val# 3347
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2651
    
 
    Version 10.0.14393
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
-
    HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHS Val# 3047
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations #2381
    
 
    Version 10.0.10586
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHSVal# 2886
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHSVal# 2886
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
  SHSVal# 2886
    
-
    HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHSVal# 2886
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #2233
    
 
    Version 10.0.10240
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    HMAC-SHA256 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    HMAC-SHA384 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
-
    HMAC-SHA512 ( Key Size Ranges Tested:  KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested:  KSBS)
    
 SHS Val#2373
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1773
    
 
    Version 6.3.9600
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS Val#2764
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS Val#2764
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS Val#2764
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS Val#2764
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS Val#2764
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS Val#2764
    
 
    Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) #2122
    
 
    Version 5.2.29344
    
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KS#1902
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KS#1902
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KS#1902
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #1347
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHS#1902
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHS#1902
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHS#1902
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHS#1902
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS#1902
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS#1902
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS#1902
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS#1902
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1346
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)
    
 
    SHS#1903
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS )
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS)
    
 
    SHS#1903
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS )
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS)
    
 
    SHS#1903
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS )
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS)
    
 
    SHS#1903
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1345
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1773
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
    
-
    Tinker HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1773
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1773
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1773
    
+
    Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1773
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1773
    
 Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1364
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1774
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1774
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1774
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1774
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1774
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1774
    
 Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1227
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#1081
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#1081
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#1081
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#1081
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#1081
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#1081
    
 
    Windows Server 2008 R2 and SP1 CNG algorithms #686
    
 
    Windows 7 and SP1 CNG algorithms #677
    
 
    Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) #687
    
@@ -4140,108 +4139,108 @@ SHS 
 
    HMAC-SHA1(Key Sizes Ranges Tested: KSVal#1081
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#1081
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#1081
    
 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations #675
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#816
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#816
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#816
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#816
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#816
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#816
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#816
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#816
    
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #452
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#753
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#753
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#753
    
 Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations #415
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS )SHS Val#753
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS)SHS Val#753
    
 
    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #408
    
 
    Windows Vista Enhanced Cryptographic Provider (RSAENH) #407
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS )SHSVal#618
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHSVal#618
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618
    
 Windows Vista Enhanced Cryptographic Provider (RSAENH) #297
 
 
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#785
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#785
 
    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #429
    
 
    Windows XP, vendor-affirmed
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#783
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#783
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#783
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#783
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#783
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#783
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#783
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#783
    
 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #428
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#613
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#613
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#613
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#613
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#613
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#613
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#613
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#613
    
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #289
 
 
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#610
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#610
 Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) #287
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#753
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#753
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#753
    
 
    Windows Server 2008 CNG algorithms #413
    
 
    Windows Vista Ultimate SP1 CNG algorithms #412
    
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#737
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#737
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#737
    
 Windows Vista Ultimate BitLocker Drive Encryption #386
 
 
-
    HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#618
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#618
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#618
    
 Windows Vista CNG algorithms #298
 
 
-
    HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#589
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS )SHSVal#589
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#589
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#589
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#589
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHSVal#589
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#589
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#589
    
 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #267
 
 
-
    HMAC-SHA1 ( Key Sizes Ranges Tested: KSBS ) SHSVal#578
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#578
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#578
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#578
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#578
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#578
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#578
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#578
    
 Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) #260
 
 
 
    HMAC-SHA1 (Key Sizes Ranges Tested: KSVal#495
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSVal#495
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSVal#495
    
 Windows Vista BitLocker Drive Encryption #199
 
 
-HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#364
+HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#364
 
    Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #99
    
 
    Windows XP, vendor-affirmed
    
 
 
-
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS ) SHSVal#305
    
-
    HMAC-SHA256 ( Key Size Ranges Tested: KSBS ) SHSVal#305
    
-
    HMAC-SHA384 ( Key Size Ranges Tested: KSBS ) SHSVal#305
    
-
    HMAC-SHA512 ( Key Size Ranges Tested: KSBS ) SHSVal#305
    
+
    HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHSVal#305
    
+
    HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHSVal#305
    
+
    HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHSVal#305
    
+
    HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHSVal#305
    
 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #31
 
 
@@ -4325,7 +4324,7 @@ SHS #4009, ECDSA #1252, DRBG #1733
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #149
    
 
    Version 10.0.16299
    
 
 
@@ -4778,11 +4777,11 @@ SHS #4009, DSA #1301, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #146
    
 
    Version 10.0.16299
    
 
 
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration ) SCHEMES [ FullUnified ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) SCHEMES [FullUnified (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC)]
    
 
    SHS Val#3790
    
 DSA Val#1135
    
 DRBG Val#1556
    
@@ -4790,15 +4789,15 @@ DRBG 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
    
 SHS     Val#3790
    
 DSA Val#1223
    
 DRBG Val#1555
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    
 SHS Val#3790
    
 ECDSA Val#1133
    
@@ -4807,29 +4806,29 @@ DRBG 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB: SHA256 ) ( FC: SHA256 ) ] [ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB: SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB: SHA256) (FC: SHA256)] [dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB: SHA256 HMAC) (FC: SHA256   HMAC)]
    
 SHS     Val# 3649
    
 DSA Val#1188
    
 DRBG Val#1430
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #115
    
 
    Version 7.00.2872
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhHybridOneFlow ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
-[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FB:SHA256 HMAC ) ( FC: SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhHybridOneFlow (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
    
+[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FB:SHA256 HMAC) (FC: SHA256   HMAC)]
    
 SHS Val#3648
    
 DSA Val#1187
    
 DRBG Val#1429
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256   SHA256   HMAC ) ( ED: P-384   SHA384   HMAC ) ( EE: P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES [EphemeralUnified (No_KC) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256   SHA256   HMAC) (ED: P-384   SHA384   HMAC) (EE: P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    
 SHS Val#3648
    
 ECDSA Val#1072
    
@@ -4838,70 +4837,70 @@ DRBG 
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration )
    
-SCHEMES  [ FullUnified  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)
    
+SCHEMES  [FullUnified  (No_KC  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC)]
    
 
    SHS Val# 3347 ECDSA Val#920 DRBG Val#1222
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #93
    
 
    Version 10.0.14393
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation )
    
-SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)
    
+SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val# 3347 DSA Val#1098 DRBG Val#1217
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val# 3347 DSA Val#1098 ECDSA Val#911 DRBG Val#1217 HMAC Val#2651
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #92
    
 
    Version 10.0.14393
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val# 3047 DSA Val#1024 DRBG Val#955
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val# 3047 ECDSA Val#760 DRBG Val#955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #72
    
 
    Version 10.0.10586
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val# 2886 DSA Val#983 DRBG Val#868
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val# 2886 ECDSA Val#706 DRBG Val#868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #64
    
 
    Version 10.0.10240
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation ) SCHEMES  [ dhEphem  ( KARole(s): Initiator / Responder )
    
-( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FB:  SHA256 ) ( FC:  SHA256 ) ] [ dhStatic ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( FB:  SHA256 HMAC ) ( FC:  SHA256   HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)
    
+(FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]
    
 
    SHS Val#2373 DSA Val#855 DRBG Val#489
    
-
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration ) SCHEMES  [ EphemeralUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH  ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
-[ StaticUnified ( No_KC  &lt; KARole(s): Initiator / Responder &gt; ) ( EC:  P-256   SHA256   HMAC ) ( ED:  P-384   SHA384   HMAC ) ( EE:  P-521   HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC:  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
+[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]
    
 
    SHS Val#2373 ECDSA Val#505 DRBG Val#489
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #47
    
 
    Version 6.3.9600
    
 
 
-
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation ) SCHEMES [ dhEphem ( KARole(s): Initiator / Responder )
    
-( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhOneFlow ( KARole(s): Initiator / Responder ) ( FA: SHA256 ) ( FB: SHA256 ) ( FC: SHA256 ) ]
    
-[ dhStatic ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( FA: SHA256 HMAC ) ( FB: SHA256 HMAC ) ( FC: SHA256 HMAC ) ]
    
+
    FFC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [dhEphem (KARole(s): Initiator / Responder)
    
+(FA: SHA256) (FB: SHA256) (FC: SHA256)]
    
+[dhOneFlow (KARole(s): Initiator / Responder) (FA: SHA256) (FB: SHA256) (FC: SHA256)]
    
+[dhStatic (No_KC &lt; KARole(s): Initiator / Responder&gt;) (FA: SHA256 HMAC) (FB: SHA256 HMAC) (FC: SHA256 HMAC)]
    
 SHS #1903 DSA Val#687 DRBG #258
    
-
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration ) SCHEMES [ EphemeralUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ) ]
    
-[ OnePassDH( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 ) ( ED: P-384 SHA384 ) ( EE: P-521 (SHA512, HMAC_SHA512) ) ) ]
    
-[ StaticUnified ( No_KC &lt; KARole(s): Initiator / Responder&gt; ) ( EC: P-256 SHA256 HMAC ) ( ED: P-384 SHA384 HMAC ) ( EE: P-521 HMAC (SHA512, HMAC_SHA512) ) ]
    
+
    ECC: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) SCHEMES [EphemeralUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512)))]
    
+[OnePassDH(No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256) (ED: P-384 SHA384) (EE: P-521 (SHA512, HMAC_SHA512)))]
    
+[StaticUnified (No_KC &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (ED: P-384 SHA384 HMAC) (EE: P-521 HMAC (SHA512, HMAC_SHA512))]
    
 
    
 SHS #1903 ECDSA Val#341 DRBG #258
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #36
@@ -4960,7 +4959,7 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
 
 
 
    K prerequisite: DRBG #1733, KAS #149
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #160
    
 
    Version 10.0.16299
    
 
 
@@ -5017,11 +5016,11 @@ SP 800-108 Key-Based Key Derivation Functions (KBKDF)
 
 
 
    K prerequisite: KAS #146
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations #157
    
 
    Version 10.0.16299
    
 
 
-CTR_Mode: ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+CTR_Mode: (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    
 KAS Val#128
    
 DRBG Val#1556
    
@@ -5030,7 +5029,7 @@ MAC 
-CTR_Mode: ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+CTR_Mode: (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    
 KAS     Val#127
    
 AES Val#4624
    
@@ -5040,37 +5039,37 @@ MAC 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA384] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#93 DRBG Val#1222 MAC Val#2661
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #102
    
 
    Version 10.0.14393
    
 
 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#92 AES Val#4064 DRBG Val#1217 MAC Val#2651
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #101
    
 
    Version 10.0.14393
    
 
 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#72 AES Val#3629 DRBG Val#955 MAC Val#2381
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations #72
    
 
    Version 10.0.10586
    
 
 
-
    CTR_Mode:  ( Llength( Min20 Max64 ) MACSupported( [CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    KAS Val#64 AES Val#3497 RBG Val#868 MAC Val#2233
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #66
    
 
    Version 10.0.10240
    
 
 
-
    CTR_Mode:  ( Llength( Min0 Max0 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode:  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    DRBG Val#489 MAC Val#1773
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #30
    
 
    Version 6.3.9600
    
 
 
-
    CTR_Mode: ( Llength( Min0 Max4 ) MACSupported( [HMACSHA1] [HMACSHA256] [HMACSHA512] ) LocationCounter( [BeforeFixedData] ) rlength( [32] ) )
    
+
    CTR_Mode: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))
    
 
    DRBG #258 HMAC Val#1345
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #3
 
@@ -5092,12 +5091,12 @@ Random Number Generator (RNG)
 
 
 
    FIPS 186-2 General Purpose
    
-
    [ (x-Original); (SHA-1) ]
    
+
    [(x-Original); (SHA-1)]
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1110
 
 
 FIPS 186-2
    
-[ (x-Original); (SHA-1) ]    
+[(x-Original); (SHA-1)]
 
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1060
    
 
    Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #292
    
 
    Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) #286
    
@@ -5105,16 +5104,16 @@ Random Number Generator (RNG)
 
 
 
    FIPS 186-2
    
-[ (x-Change Notice); (SHA-1) ]
    
+[(x-Change Notice); (SHA-1)]
    
 
    FIPS 186-2 General Purpose
    
-[ (x-Change Notice); (SHA-1) ]
    
+[(x-Change Notice); (SHA-1)]
    
 
    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library #649
    
 
    Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation #435
    
 
    Windows Vista RNG implementation #321
    
 
 
 FIPS 186-2 General Purpose
    
-[ (x-Change Notice); (SHA-1) ]    
+[(x-Change Notice); (SHA-1)]
 
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #470
    
 
    Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) #449
    
 
    Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #447
    
@@ -5123,7 +5122,7 @@ Random Number Generator (RNG)
 
 
 FIPS 186-2
    
-[ (x-Change Notice); (SHA-1) ]    
+[(x-Change Notice); (SHA-1)]
 
    Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) #448
    
 
    Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider #314
    
 
@@ -5228,7 +5227,7 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1733
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #2676
    
 
    Version 10.0.16299
    
 
 
@@ -5263,7 +5262,7 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations #2674
    
 
    Version 10.0.16299
    
 
 
@@ -5637,7 +5636,7 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #2668
    
 
    Version 10.0.16299
    
 
 
@@ -5707,34 +5706,34 @@ Random Number Generator (RNG)
 
 
 
    Prerequisite: SHS #4009, DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2667
    
 
    Version 10.0.16299
    
 
 
 FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
    
 SHA Val#3790
 
    Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations #2524
    
 
    Version 10.0.15063
    
 
 
 FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3790
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations #2523
    
 
    Version 10.0.15063
    
 
 
 FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 SHA Val#3790
    
 DRBG: Val# 1555
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #2522
    
@@ -5743,11 +5742,11 @@ DRBG: 
 FIPS186-4:
    
 186-4KEY(gen):
    
-PGM(ProbRandom:     ( 2048 , 3072 ) PPTT:( C.2 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 SHA     Val#3790
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2521
    
 
    Version 10.0.15063
    
@@ -5755,14 +5754,14 @@ SHA 
 
    FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1    Val#3652
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3652, SHA-256Val#3652, SHA-384Val#3652, SHA-512Val#3652
    
 
    FIPS186-4:
    
-ALG[ANSIX9.31]     Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
    
+SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3652
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2415
    
 
    Version 7.00.2872
    
@@ -5770,27 +5769,27 @@ SHA 
 
    FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1    Val#3651
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096 , SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3651, SHA-256Val#3651, SHA-384Val#3651, SHA-512Val#3651
    
 
    FIPS186-4:
    
-ALG[ANSIX9.31]     Sig(Gen): (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA( 1 )) (2048 SHA( 1 )) (3072 SHA( 1 ))
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[ANSIX9.31] Sig(Gen): (2048 SHA(1)) (3072 SHA(1))
    
+SIG(gen) with SHA-1 affirmed for use with protocols only.     Sig(Ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3651
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2414
    
 
    Version 8.00.6246
    
 
 
 
    FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 4096 , SHS: SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val# 3649 , SHA-256Val# 3649 , SHA-384Val# 3649 , SHA-512Val# 3649
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val# 3649, SHA-256Val# 3649, SHA-384Val# 3649, SHA-512Val# 3649
    
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e (10001) ;
    
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val# 3649
    
 DRBG: Val# 1430
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2412
    
@@ -5798,13 +5797,13 @@ DRBG: 
 
    FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 4096 , SHS: SHA-256    Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 4096, SHS: SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#3648, SHA-256Val#3648, SHA-384Val#3648, SHA-512Val#3648
    
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e (10001) ;
    
-PGM(ProbRandom: ( 2048 , 3072 ) PPTT:( C.2 )
    
-ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbRandom: (2048, 3072) PPTT:(C.2)
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+     SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 SHA Val#3648
    
 DRBG: Val# 1429
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2411
    
@@ -5812,231 +5811,231 @@ DRBG: 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 1 , 256 , 384 )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 )) (2048 SHA( 1 , 256 , 384 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.
    
+Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))
    
 
    SHA Val# 3347
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #2206
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val# 3347 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation #2195
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#3346
    
 
    soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations #2194
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val# 3347 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #2193
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]: Sig(Gen):     (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
-
    Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+
    Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val# 3347 DRBG: Val# 1217
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #2192
    
 
    Version 10.0.14393
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen)    :  FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen):  FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val# 3047 DRBG: Val# 955
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation #1889
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#3048
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations #1871
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val# 3047
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations #1888
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]: Sig(Gen)    : (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
-Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val# 3047
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations #1887
    
 
    Version 10.0.10586
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ( 10001 ) ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e (10001);
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val# 2886 DRBG: Val# 868
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation #1798
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2871
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations #1784
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2871
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations #1783
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]:     Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
-Sig(Ver): (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val# 2886
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations #1802
    
 
    Version 10.0.10240
    
 
 
 
    FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e ;
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e;
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 
    SHA Val#2373 DRBG: Val# 489
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 RSA Key Generation Implementation #1487
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2373
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations #1494
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5    ] SIG(gen) (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))
    
 
    SHA Val#2373
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #1493
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-[RSASSA-PSS]:     Sig(Gen): (2048 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
- Sig(Ver): (1024 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 62 ) )) (2048 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) )) (3072 SHA( 1 SaltLen( 20 ) , 256 SaltLen( 32 ) , 384 SaltLen( 48 ) , 512 SaltLen( 64 ) ))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
+ Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))
    
 
    SHA Val#2373
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations #1519
    
 
    Version 6.3.9600
    
 
 
 
    FIPS186-4:
    
-ALG[RSASSA-PKCS1_V1_5]     SIG(gen) (2048 SHA( 256 , 384 , 512-256 )) (3072 SHA( 256 , 384 , 512-256 ))
    
-SIG(Ver) (1024 SHA( 1 , 256 , 384 , 512-256 )) (2048 SHA( 1 , 256 , 384 , 512-256 )) (3072 SHA( 1 , 256 , 384 , 512-256 ))
    
-[RSASSA-PSS]: Sig(Gen): (2048 SHA( 256 , 384 , 512 )) (3072 SHA( 256 , 384 , 512 ))
    
-Sig(Ver): (1024 SHA( 1 , 256 , 384 , 512 )) (2048 SHA( 1 , 256 , 384 , 512 )) (3072 SHA( 1 , 256 , 384 , 512 , 512 ))
    
+ALG[RSASSA-PKCS1_V1_5] SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256))
    
+SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))
    
+[RSASSA-PSS]: Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))
    
+Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512))
    
 SHA #1903
    
 
    Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1134.
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #1134
 
 
 FIPS186-4:
    
-186-4KEY(gen):     FIPS186-4_Fixed_e , FIPS186-4_Fixed_e_Value
    
-PGM(ProbPrimeCondition): 2048 , 3072 PPTT:( C.3 )
    
+186-4KEY(gen): FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value
    
+PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)
    
 SHA #1903 DRBG: #258
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation #1133
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: #258
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: #258
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256#1902, SHA-384#1902, SHA-512#1902,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1#1902, SHA-256#1902, SHA-#1902, SHA-512#1902,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1132.
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #1132
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1774, SHA-256Val#1774, SHA-384Val#1774, SHA-512Val#1774,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1052.
 Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1052
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 193
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 193
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1773, SHA-256Val#1773, SHA-384Val#1773, SHA-512Val#1773,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#1051.
 Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #1051
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#568.
 Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) #568
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#567. See Historical RSA List Val#560.
 
    Windows Server 2008 R2 and SP1 CNG algorithms #567
    
 
    Windows 7 and SP1 CNG algorithms #560
    
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 DRBG: Val# 23
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: Val# 23
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#559.
 Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation #559
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#1081, SHA-256Val#1081, SHA-384Val#1081, SHA-512Val#1081,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#557.
 Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) #557
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#816, SHA-256Val#816, SHA-384Val#816, SHA-512Val#816,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#395.
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #395
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#783
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#783
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#783, SHA-384Val#783, SHA-512Val#783,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#371.
 Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) #371
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#358. See Historical RSA List Val#357.
 
    Windows Server 2008 CNG algorithms #358
    
 
    Windows Vista SP1 CNG algorithms #357
    
@@ -6044,81 +6043,81 @@ Some of the previously validated components for this validation have been remove
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#753, SHA-256Val#753, SHA-384Val#753, SHA-512Val#753,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#355. See Historical RSA List Val#354.
 
    Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) #355
    
 
    Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) #354
    
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#353.
 Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation #353
 
 
 FIPS186-2:
    
-ALG[ANSIX9.31]:     Key(gen)(MOD: 2048 , 3072 , 4096 PubKey Values: 65537 RNG: Val# 321
    
+ALG[ANSIX9.31]: Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: Val# 321
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#258.
 Windows Vista RSA key generation implementation #258
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
-ALG[RSASSA-PSS]: SIG(gen); 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+ALG[RSASSA-PSS]: SIG(gen); 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#257.
 Windows Vista CNG algorithms #257
 
 
 FIPS186-2:
    
-ALG[RSASSA-PKCS1_V1_5]:     SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#618, SHA-256Val#618, SHA-384Val#618, SHA-512Val#618,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#255.
 Windows Vista Enhanced Cryptographic Provider (RSAENH) #255
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#613, SHA-256Val#613, SHA-384Val#613, SHA-512Val#613,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#245.
 Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #245
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#589, SHA-256Val#589, SHA-384Val#589, SHA-512Val#589,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#230.
 Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) #230
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#578, SHA-256Val#578, SHA-384Val#578, SHA-512Val#578,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#222.
 Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) #222
 
 
 FIPS186-2:
    
 ALG[RSASSA-PKCS1_V1_5]:
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#364
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#364
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#81.
 Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) #81
 
 
 FIPS186-2:
    
 ALG[ANSIX9.31]:
    
-SIG(ver); 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305
    
-ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048 , 3072 , 4096 , SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
-SIG(ver): 1024 , 1536 , 2048 , 3072 , 4096 , SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
+SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305
    
+ALG[RSASSA-PKCS1_V1_5]: SIG(gen) 2048, 3072, 4096, SHS: SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
+SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1Val#305, SHA-256Val#305, SHA-384Val#305, SHA-512Val#305,
    
 Some of the previously validated components for this validation have been removed because they are now non-compliant per the SP800-131A transition. See Historical RSA List Val#52.
 Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) #52
 
@@ -6209,7 +6208,7 @@ Some of the previously validated components for this validation have been remove
 
  • Supports Empty Message
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #4009
    
 
    Version 10.0.16299
    
 
 
@@ -6495,106 +6494,106 @@ Version 6.3.9600
 
  • Keying Option: 1
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #2556
    
 
    Version 10.0.16299
    
 
 
-TECB( KO 1 e/d, ) ; TCBC( KO 1 e/d, ) ; TCFB8( KO 1 e/d, ) ; TCFB64( KO 1 e/d, )
+TECB(KO 1 e/d,); TCBC(KO 1 e/d,); TCFB8(KO 1 e/d,); TCFB64(KO 1 e/d,)
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #2459
    
 
    Version 10.0.15063
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,)
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2384
    
 
    Version 8.00.6246
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,)
    
 
    Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) #2383
    
 
    Version 8.00.6246
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    CTR ( int only )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    CTR (int only)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2382
    
 
    Version 7.00.2872
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,)
    
 
    Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) #2381
    
 
    Version 8.00.6246
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations #2227
    
 
    
 
    
 
    Version 10.0.14393
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations #2024
    
 
    
 
    
 
    Version 10.0.10586
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations #1969
    
 
    
 
    
 
    Version 10.0.10240
    
 
 
-
    TECB( KO 1 e/d, ) ;
    
-
    TCBC( KO 1 e/d, ) ;
    
-
    TCFB8( KO 1 e/d, ) ;
    
-
    TCFB64( KO 1 e/d, )
    
+
    TECB(KO 1 e/d,);
    
+
    TCBC(KO 1 e/d,);
    
+
    TCFB8(KO 1 e/d,);
    
+
    TCFB64(KO 1 e/d,)
    
 
    Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #1692
    
 
    Version 6.3.9600
    
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 ) ;
    
-
    TCFB64( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2);
    
+
    TCFB64(e/d; KO 1, 2)
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #1387
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) #1386
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation #846
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation #656
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 ) ;
    
-
    TCFB8( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2);
    
+
    TCFB8(e/d; KO 1, 2)
    
 Windows Vista Symmetric Algorithm Implementation #549
 
 
@@ -6603,8 +6602,8 @@ Version 6.3.9600
 
    Windows 7 and SP1 and Windows Server 2008 R2 and SP1 #846, vendor-affirmed
    
 
 
-
    TECB( e/d; KO 1,2 ) ;
    
-
    TCBC( e/d; KO 1,2 )
    
+
    TECB(e/d; KO 1, 2);
    
+
    TCBC(e/d; KO 1, 2)
    
 
    Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) #1308
    
 
    Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) #1307
    
 
    Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) #691
    
@@ -6707,7 +6706,7 @@ Version 6.3.9600
 
  • Padding Algorithms: PKCS 1.5
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations #1518
    
 
    Version 10.0.16299
    
 
 
@@ -6988,7 +6987,7 @@ Version 6.3.9600
 
 
 
    Prerequisite: DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1503
    
 
    Version 10.0.16299
    
 
 
@@ -6998,7 +6997,7 @@ Version 6.3.9600
 
  • Modulus Size: 2048 (bits)
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1502
    
 
    Version 10.0.16299
    
 
 
@@ -7009,7 +7008,7 @@ Version 6.3.9600
 
  • Padding Algorithms: PKCS 1.5
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations #1501
    
 
    Version 10.0.16299
    
 
 
@@ -7022,7 +7021,7 @@ Version 6.3.9600
 
 
 
    Prerequisite: DRBG #1730
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1499
    
 
    Version 10.0.16299
    
 
 
@@ -7032,7 +7031,7 @@ Version 6.3.9600
 
  • Modulus Size: 2048 (bits)
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations #1498
    
 
    Version 10.0.16299
    
 
     
    
 
@@ -7044,7 +7043,7 @@ Version 6.3.9600
 
  • Padding Algorithms: PKCS 1.5
    • 
 
 
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1497
    
 
    Version 10.0.16299
    
 
 
@@ -7110,20 +7109,20 @@ Version 6.3.9600
 
 
 
    Prerequisite: SHS #4009, HMAC #3267
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
 
    Version 10.0.16299
    
 
 
 
    FIPS186-4 ECDSA
    
 
    Signature Generation of hash sized messages
    
-
    ECDSA SigGen Component: CURVES( P-256 P-384 P-521 )
    
+
    ECDSA SigGen Component: CURVES(P-256 P-384 P-521)
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations #1284
    
 Version 10.0. 15063
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1279
    
 Version 10.0. 15063
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #922
    
 Version 10.0.14393
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #894
    
 Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations #666
    
 Version 10.0.10586
    
 
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations #288
    
@@ -7139,7 +7138,7 @@ Version 10.0.15063
    
 Version 10.0.15063
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1280
    
 Version 10.0.15063
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #893
    
 Version 10.0.14393
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations #888
    
 Version 10.0.14393
    
@@ -7158,7 +7157,7 @@ Version 6.3.9600
    
 Version 10.0.15063
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1281
    
 Version 10.0.15063
    
-
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4 and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
    
+
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations #895
    
 Version 10.0.14393
    
 
    Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations #887
    
 Version 10.0.14393
    
@@ -7170,7 +7169,7 @@ Version  10.0.10240
    
 
 
    SP800-135
    
 
    Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS
    
-
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update and Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
+
    Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  #1496
    
 
    Version 10.0.16299
    
 
    Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations #1278
    
 Version 10.0.15063
    
@@ -7184,7 +7183,7 @@ Version 10.0.14393
    
 Version 10.0.10586
    
 
    Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp #575
    
 Version  10.0.10240
    
-
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
    
+
    Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp #323
    
 Version 6.3.9600
    
 
 

From 08af59293939817e1e09369356adb3111322cbd9 Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 30 Oct 2020 08:42:27 -0700
Subject: [PATCH 133/346] Update vpnv2-csp.md

---
 windows/client-management/mdm/vpnv2-csp.md | 200 ++++++++++-----------
 1 file changed, 99 insertions(+), 101 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 7196ffe3dd..5f3d865cbd 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -2,14 +2,14 @@
 title: VPNv2 CSP
 description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
 ms.assetid: 51ADA62E-1EE5-4F15-B2AD-52867F5B2AD2
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 11/01/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 CSP
@@ -19,19 +19,19 @@ The VPNv2 configuration service provider allows the mobile device management (MD
 
 Here are the requirements for this CSP:
 
--   VPN configuration commands must be wrapped in an Atomic block in SyncML.
--   For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
--   Instead of changing individual properties, follow these steps to make any changes:
+- VPN configuration commands must be wrapped in an Atomic block in SyncML.
+- For best results, configure your VPN certificates first before pushing down VPN profiles to devices. If you are using Windows Information Protection (WIP) (formerly known as Enterprise Data Protection), then you should configure VPN first before you configure WIP policies.
+- Instead of changing individual properties, follow these steps to make any changes:
 
-    -   Send a Delete command for the ProfileName to delete the entire profile.
-    -   Send the entire profile again with new values wrapped in an Atomic block.
+  - Send a Delete command for the ProfileName to delete the entire profile.
+  - Send the entire profile again with new values wrapped in an Atomic block.
 
     In certain conditions you can change some properties directly, but we do not recommend it.
 
 The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
 
--   C:\\Windows\\schemas\\EAPHost
--   C:\\Windows\\schemas\\EAPMethods
+- `C:\\Windows\\schemas\\EAPHost`
+- `C:\\Windows\\schemas\\EAPMethods`
 
 The following diagram shows the VPNv2 configuration service provider in tree format.
 
@@ -45,7 +45,8 @@ Unique alpha numeric identifier for the profile. The profile name must not inclu
 
 Supported operations include Get, Add, and Delete.
 
-> **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
+> [!NOTE]
+> If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
 **VPNv2/**ProfileName**/AppTriggerList**  
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
@@ -64,8 +65,8 @@ App identity, which is either an app’s package family name or file path. The t
 **VPNv2/**ProfileName**/AppTriggerList/**appTriggerRowId**/App/Type**  
 Returns the type of **App/Id**. This value can be either of the following:
 
--   PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application.
--   FilePath - When this is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
+- PackageFamilyName - When this is returned, the App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of the Microsoft Store application.
+- FilePath - When this is returned, the App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
 
 Value type is chr. Supported operation is Get.
 
@@ -99,8 +100,8 @@ Value type is int. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/RouteList/**routeRowId**/ExclusionRoute**  
 Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values:
 
--   False (default) - This route will direct traffic over the VPN
--   True - This route will direct traffic over the physical interface.
+- False (default) - This route will direct traffic over the VPN
+- True - This route will direct traffic over the physical interface.
 
 Supported operations include Get, Add, Replace, and Delete.
 
@@ -117,16 +118,16 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainName**  
 Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types:
 
--   FQDN - Fully qualified domain name
--   Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend a **.** to the DNS suffix.
+- FQDN - Fully qualified domain name
+- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend a **.** to the DNS suffix.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/DomainNameType**  
 Returns the namespace type. This value can be one of the following:
 
--   FQDN - If the DomainName was not prepended with a **.** and applies only to the fully qualified domain name (FQDN) of a specified host.
--   Suffix - If the DomainName was prepended with a **.** and applies to the specified namespace, all records in that namespace, and all subdomains.
+- FQDN - If the DomainName was not prepended with a **.** and applies only to the fully qualified domain name (FQDN) of a specified host.
+- Suffix - If the DomainName was prepended with a **.** and applies to the specified namespace, all records in that namespace, and all subdomains.
 
 Value type is chr. Supported operation is Get.
 
@@ -138,9 +139,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/DomainNameInformationList/**dniRowId**/WebProxyServers**  
 Optional. Web Proxy Server IP address if you are redirecting traffic through your intranet.
 
-> **Note**  Currently only one web proxy server is supported.
-
- 
+> [!NOTE]
+> Currently only one web proxy server is supported.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -166,9 +166,8 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList**  
 An optional node that specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
 
-> **Note**  Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
-
- 
+> [!NOTE]
+> Once a TrafficFilterList is added, all traffic are blocked other than the ones matching the rules.
 
 When adding multiple rules, each rule operates based on an OR with the other rules. Within each rule, each property operates based on an AND with each other.
 
@@ -183,9 +182,9 @@ App identity for the app-based traffic filter.
 
 The value for this node can be one of the following:
 
--   PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
--   FilePath - This App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
--   SYSTEM – This value enables Kernel Drivers to send traffic through VPN (for example, PING or SMB).
+- PackageFamilyName - This App/Id value represents the PackageFamilyName of the app. The PackageFamilyName is the unique name of a Microsoft Store application.
+- FilePath - This App/Id value represents the full file path of the app. For example, `C:\Windows\System\Notepad.exe`.
+- SYSTEM – This value enables Kernel Drivers to send traffic through VPN (for example, PING or SMB).
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -205,18 +204,16 @@ Value type is int. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/LocalPortRanges**  
 A list of comma separated values specifying local port ranges to allow. For example, `100-120, 200, 300-320`.
 
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
-
- 
+> [!NOTE]
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RemotePortRanges**  
 A list of comma separated values specifying remote port ranges to allow. For example, `100-120, 200, 300-320`.
 
-> **Note**  Ports are only valid when the protocol is set to TCP=6 or UDP=17.
-
- 
+> [!NOTE]
+> Ports are only valid when the protocol is set to TCP=6 or UDP=17.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -233,8 +230,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/RoutingPolicyType**  
 Specifies the routing policy if an App or Claims type is used in the traffic filter. The scope of this property is for this traffic filter rule alone. The value can be one of the following:
 
--   SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces.
--   ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.
+- SplitTunnel - For this traffic filter rule, only the traffic meant for the VPN interface (as determined by the networking stack) goes over the interface. Internet traffic can continue to go over the other interfaces.
+- ForceTunnel - For this traffic rule all IP traffic must go through the VPN Interface only.
 
 This is only applicable for App ID based Traffic Filter rules.
 
@@ -243,8 +240,8 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/TrafficFilterList/**trafficFilterId**/Direction**  
 Added in Windows 10, version 2004. Specifies the traffic direction to apply this policy to. Default is Outbound. The value can be one of the following:
 
--   Outbound - The rule applies to all outbound traffic
--   Inbound - The rule applies to all inbound traffic
+- Outbound - The rule applies to all outbound traffic
+- nbound - The rule applies to all inbound traffic
 
 If no inbound filter is provided, then by default all unsolicated inbound traffic will be blocked.
 
@@ -265,21 +262,22 @@ Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/AlwaysOn**  
 An optional flag to enable Always On mode. This will automatically connect the VPN at sign-in and will stay connected until the user manually disconnects.
 
-> **Note**  Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
+> [!NOTE]
+> Always On only works for the active profile. The first profile provisioned that can be auto triggered will automatically be set as active.
 
 Preserving user Always On preference
 
 Windows has a feature to preserve a user’s AlwaysOn preference.  In the event that a user manually unchecks the “Connect    automatically” checkbox, Windows will remember this user preference for this profile name by adding the profile name to the value AutoTriggerDisabledProfilesList.  
 Should a management tool remove/add the same profile name back and set AlwaysOn to true, Windows will not check the box if the profile name exists in the below registry value in order to preserve user preference.
-Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config
+Key: `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`
 Value: AutoTriggerDisabledProfilesList
 Type: REG_MULTI_SZ
 
 
 Valid values:
 
--   False (default) - Always On is turned off.
--   True - Always On is turned on.
+- False (default) - Always On is turned off.
+- True - Always On is turned on.
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
@@ -288,15 +286,15 @@ Lockdown profile.
 
 Valid values:
 
--   False (default) - this is not a LockDown profile.
--   True - this is a LockDown profile.
+- False (default) - this is not a LockDown profile.
+- True - this is a LockDown profile.
 
 When the LockDown profile is turned on, it does the following things:
 
--   First, it automatically becomes an "always on" profile.
--   Second, it can never be disconnected.
--   Third, if the profile is not connected, then the user has no network.
--   Fourth, no other profiles may be connected or modified.
+- First, it automatically becomes an "always on" profile.
+- Second, it can never be disconnected.
+- Third, if the profile is not connected, then the user has no network.
+- Fourth, no other profiles may be connected or modified.
 
 A Lockdown profile must be deleted before you can add, remove, or connect other profiles.
 
@@ -307,14 +305,14 @@ Device tunnel profile.
 
 Valid values:
 
--   False (default) - this is not a device tunnel profile.
--   True - this is a device tunnel profile.
+- False (default) - this is not a device tunnel profile.
+- True - this is a device tunnel profile.
 
 When the DeviceTunnel profile is turned on, it does the following things:
 
--   First, it automatically becomes an "always on" profile.
--   Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
--   Third, no other device tunnel profile maybe be present on the same machine.
+- First, it automatically becomes an "always on" profile.
+- Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
+- Third, no other device tunnel profile maybe be present on the same machine.
 
 A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
 
@@ -325,8 +323,8 @@ Allows registration of the connection's address in DNS.
 
 Valid values:
 
--   False = Do not register the connection's address in DNS (default).
--   True = Register the connection's addresses in DNS.
+- False = Do not register the connection's address in DNS (default).
+- True = Register the connection's addresses in DNS.
 
 **VPNv2/**ProfileName**/DnsSuffix**  
 Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
@@ -445,22 +443,23 @@ Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 **VPNv2/**ProfileName**/NativeProfile/RoutingPolicyType**  
 Optional for native profiles. Type of routing policy. This value can be one of the following:
 
--   SplitTunnel - Traffic can go over any interface as determined by the networking stack.
--   ForceTunnel - All IP traffic must go over the VPN interface.
+- SplitTunnel - Traffic can go over any interface as determined by the networking stack.
+- ForceTunnel - All IP traffic must go over the VPN interface.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
 **VPNv2/**ProfileName**/NativeProfile/NativeProtocolType**  
 Required for native profiles. Type of tunneling protocol used. This value can be one of the following:
 
--   PPTP
--   L2TP
--   IKEv2
--   Automatic
+- PPTP
+- L2TP
+- IKEv2
+- Automatic
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
-> **Note** The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
+> [!NOTE]
+> The **Automatic** option means that the device will try each of the built-in tunneling protocols until one succeeds. It will attempt protocols in following order: SSTP, IKEv2, PPTP and then L2TP. This order is not customizable. 
 
 **VPNv2/**ProfileName**/NativeProfile/Authentication**  
 Required node for native profile. It contains authentication information for the native VPN profile.
@@ -512,12 +511,12 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   MD596
--   SHA196
--   SHA256128
--   GCMAES128
--   GCMAES192
--   GCMAES256
+- MD596
+- SHA196
+- SHA256128
+- GCMAES128
+- GCMAES192
+- GCMAES256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -526,14 +525,14 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   DES
--   DES3
--   AES128
--   AES192
--   AES256
--   GCMAES128
--   GCMAES192
--   GCMAES256
+- DES
+- DES3
+- AES128
+- AES192
+- AES256
+- GCMAES128
+- GCMAES192
+- GCMAES256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -542,13 +541,13 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   DES
--   DES3
--   AES128
--   AES192
--   AES256
--   AES\_GCM_128
--   AES\_GCM_256
+- DES
+- DES3
+- AES128
+- AES192
+- AES256
+- AES\_GCM_128
+- AES\_GCM_256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -557,10 +556,10 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   MD5
--   SHA196
--   SHA256
--   SHA384
+- MD5
+- SHA196
+- SHA256
+- SHA384
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -569,12 +568,12 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   Group1
--   Group2
--   Group14
--   ECP256
--   ECP384
--   Group24
+- Group1
+- Group2
+- Group14
+- ECP256
+- ECP384
+- Group24
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -583,13 +582,13 @@ Added in Windows 10, version 1607.
 
 The following list contains the valid values:
 
--   PFS1
--   PFS2
--   PFS2048
--   ECP256
--   ECP384
--   PFSMM
--   PFS24
+- PFS1
+- PFS2
+- PFS2048
+- ECP256
+- ECP384
+- PFSMM
+- PFS24
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -1318,8 +1317,7 @@ Servers
       
 ```
 
-## Related topics
-
+## See also
 
 [Configuration service provider reference](configuration-service-provider-reference.md)
 

From 8e7f2e1b7ea7ea32c7569734753c224d18f4962c Mon Sep 17 00:00:00 2001
From: Denise Vangel-MSFT 
Date: Fri, 30 Oct 2020 08:45:05 -0700
Subject: [PATCH 134/346] Update vpnv2-ddf-file.md

---
 windows/client-management/mdm/vpnv2-ddf-file.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index d29d533690..ea97295698 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -2,14 +2,14 @@
 title: VPNv2 DDF file
 description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
 ms.assetid: 4E2F36B7-D2EE-4F48-AD1A-6BDE7E72CC94
-ms.reviewer: 
+ms.reviewer: pesmith
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 12/05/2017
+ms.date: 10/30/2020
 ---
 
 # VPNv2 DDF file

From 3965c127243c72fcd4f6a9eb768a4afbf0c25364 Mon Sep 17 00:00:00 2001
From: Tudor Dobrila 
Date: Fri, 30 Oct 2020 11:32:25 -0700
Subject: [PATCH 135/346] Release notes 101.10.72

---
 .../threat-protection/microsoft-defender-atp/mac-whatsnew.md  | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
index f14a0d3752..bccb1bed4f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/mac-whatsnew.md
@@ -43,6 +43,10 @@ ms.topic: conceptual
 > 2. Refer to this documentation for detailed configuration information and instructions: [New configuration profiles for macOS Catalina and newer versions of macOS](mac-sysext-policies.md).
 > 3. Monitor this page for an announcement of the actual release of MDATP for Mac agent update.
 
+## 101.10.72
+
+- Bug fixes
+
 ## 101.09.61
 
 - Added a new managed preference for [disabling the option to send feedback](mac-preferences.md#show--hide-option-to-send-feedback)

From cc1d0620d126f4a56902766a9e65df9c5580f8f2 Mon Sep 17 00:00:00 2001
From: Joey Caparas 
Date: Fri, 30 Oct 2020 13:12:33 -0700
Subject: [PATCH 136/346] enhancements

---
 windows/security/threat-protection/TOC.md     |  3 ++-
 .../deployment-rings.md                       | 27 +++++++++----------
 2 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/windows/security/threat-protection/TOC.md b/windows/security/threat-protection/TOC.md
index 4cfb2a5ce5..7cb35259d5 100644
--- a/windows/security/threat-protection/TOC.md
+++ b/windows/security/threat-protection/TOC.md
@@ -19,7 +19,8 @@
 ### [Deployment phases](microsoft-defender-atp/deployment-phases.md)
 ### [Phase 1: Prepare](microsoft-defender-atp/prepare-deployment.md)
 ### [Phase 2: Set up](microsoft-defender-atp/production-deployment.md)
-### [Phase 3: Onboard](microsoft-defender-atp/onboarding.md)
+### [Phase 3: Onboard]()
+#### [Onboarding overview](microsoft-defender-atp/onboarding.md)
 #### [Deployment rings](microsoft-defender-atp/deployment-rings.md)
 #### [Onboarding using Microsoft Endpoint Configuration Manager](microsoft-defender-atp/onboarding-endpoint-configuration-manager.md)
 #### [Onboarding using Microsoft Endpoint Manager](microsoft-defender-atp/onboarding-endpoint-manager.md)
diff --git a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
index b9a48bb7c4..8ad96f8300 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/deployment-rings.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy Microsoft Defender ATP in rings
-description: Learn how deploy Microsoft Defender ATP in rings
+description: Learn how to deploy Microsoft Defender ATP in rings
 keywords: deploy, rings, evaluate, pilot, insider fast, insider slow, setup, onboard, phase, deployment, deploying, adoption, configuring
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -50,16 +50,20 @@ Table 1 provides an example of the deployment rings you might use.
 |**Deployment ring**|**Description**|
 |:-----|:-----|
 Evaluate | Ring 1: Identify 50 systems for pilot testing 
-Pilot | Ring 2: 50-100  systems 
     	
-Full deployment | Ring 3: Roll out service to the rest of environment in larger increments.
+Pilot | Ring 2: Identify the next 50-100  endpoints in production environment 
     	
+Full deployment | Ring 3: Roll out service to the rest of environment in larger increments
 
 
-### Evaluate
-Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be less than 50 endpoints. 
 
-#### Exit criteria
+### Exit criteria
+An example set of exit criteria for these rings can include:
 - Devices show up in the device inventory list
 - Alerts appear in dashboard
+- [Run a detection test](run-detection-test.md)
+- [Run a simulated attack on a device](attack-simulations.md)
+
+### Evaluate
+Identify a small number of test machines in your environment to onboard to the service. Ideally, these machines would be fewer than 50 endpoints. 
 
 
 ### Pilot
@@ -76,10 +80,6 @@ The following table shows the supported endpoints and the corresponding tool you
 | **Android**  | [Microsoft Endpoint Manager](android-intune.md)               | 
 
 
-#### Exit criteria
-- Devices show up in the device inventory list
-- [Run a detection test](run-detection-test.md)
-- [Run a simulated attack on a device](attack-simulations.md)
 
 
 ### Full deployment
@@ -92,16 +92,15 @@ Use the following material to select the appropriate Microsoft Defender ATP arch
 |:-----|:-----|
 |[![Thumb image for Microsoft Defender ATP deployment strategy](images/mdatp-deployment-strategy.png)](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)
     [PDF](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.pdf)  \| [Visio](https://github.com/MicrosoftDocs/windows-itpro-docs/raw/public/windows/security/threat-protection/microsoft-defender-atp/downloads/mdatp-deployment-strategy.vsdx) | The architectural material helps you plan your deployment for the following architectures: