Merge branch 'repo_sync_working_branch' of https://github.com/MicrosoftDocs/windows-docs-pr into repo_sync_working_branch

.openpublishing.redirection.json

@@ -79,6 +79,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-exploit-guard/collect-cab-files-exploit-guard-submission.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-exploit-protection-mitigations",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/ios-privacy-statement.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/ios-privacy",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-mam-intune-azure.md",
@@ -14565,41 +14570,86 @@
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-surface-hub",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-surface-hub.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-enterprise.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-enterprise",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-enterprise.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-iot-core.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-iot-core",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-iot-core.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens2.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens2",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens2.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-development-edition.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-development-edition.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-hololens-1st-gen-commercial-suite.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-hololens-1st-gen-commercial-suite.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-admx-backed.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-admx-backed",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-admx-backed.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-admx-backed",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/client-management/mdm/policies-supported-by-group-policy.md",
       "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policy-csps-supported-by-group-policy",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-supported-by-group-policy.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/client-management/mdm/policy-csps-that-can-be-set-using-eas.md",
+      "redirect_url": "https://docs.microsoft.com/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas",
+      "redirect_document_id": false
+    },
     {
       "source_path": "windows/keep-secure/collect-wip-audit-event-logs.md",
       "redirect_url": "https://docs.microsoft.com/windows/threat-protection/windows-information-protection/collect-wip-audit-event-logs",
@@ -15604,6 +15654,11 @@
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/microsoft-defender-atp-mac",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac-whatsnew.md",
@@ -16019,6 +16074,11 @@
       "source_path": "windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction-rules-in-windows-10-enterprise-e3.md",
       "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/attack-surface-reduction",
       "redirect_document_id": true
+    },
+	{
+      "source_path": "windows/security/threat-protection/microsoft-defender-atp/commercial-gov.md.md",
+      "redirect_url": "https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/gov",
+      "redirect_document_id": true
     },
     {
       "source_path": "windows/security/threat-protection/windows-defender-antivirus/office-365-windows-defender-antivirus.md",
@@ -16439,6 +16499,11 @@
       "source_path": "windows/deployment/windows-autopilot/windows-autopilot.md",
       "redirect_url": "https://docs.microsoft.com/mem/autopilot/windows-autopilot",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "windows/hub/windows-10.yml",
+      "redirect_url": "https://docs.microsoft.com/windows/windows-10",
+      "redirect_document_id": false
     }
   ]
 }

browsers/internet-explorer/kb-support/ie-edge-faqs.md

@@ -10,9 +10,7 @@ ms.prod: internet-explorer
 ms.technology:
 ms.topic: kb-support
 ms.custom: CI=111020
-ms.localizationpriority: Normal
+ms.localizationpriority: medium
-# localization_priority: medium
-# ms.translationtype: MT
 ms.date: 01/23/2020
 ---
 # Internet Explorer and Microsoft Edge frequently asked questions (FAQ) for IT Pros

education/developers.yml

@@ -18,16 +18,16 @@ additionalContent:
         # Card
         - title: UWP apps for education
           summary: Learn how to write universal apps for education.
-          url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/
+          url: https://docs.microsoft.com/windows/uwp/apps-for-education/
         # Card
         - title: Take a test API
           summary: Learn how web applications can use the API to provide a locked down experience for taking tests.
-          url: https://docs.microsoft.com/en-us/windows/uwp/apps-for-education/take-a-test-api
+          url: https://docs.microsoft.com/windows/uwp/apps-for-education/take-a-test-api
         # Card
         - title: Office Education Dev center
           summary: Integrate with Office 365 across devices and services to extend Microsoft enterprise-scale compliance and security to students, teachers, and staff in your education app
-          url: https://dev.office.com/industry-verticals/edu
+          url: https://developer.microsoft.com/office/edu
         # Card
         - title: Data Streamer
           summary: Bring new STEM experiences into the classroom with real-time data in Excel using Data Streamer. Data Streamer can send data to Excel from a sensor or application.
-          url: https://docs.microsoft.com/en-us/microsoft-365/education/data-streamer
+          url: https://docs.microsoft.com/microsoft-365/education/data-streamer

education/docfx.json

@@ -7,7 +7,8 @@
           "**/**.yml"
         ],
         "exclude": [
-          "**/obj/**"
+          "**/obj/**",
+          "**/includes/**"
         ]
       }
     ],
@@ -19,7 +20,8 @@
           "**/*.svg"
         ],
         "exclude": [
-          "**/obj/**"
+          "**/obj/**",
+          "**/includes/**"
         ]
       }
     ],

education/includes/education-content-updates.md

@@ -0,0 +1,11 @@
+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
+
+
+
+## Week of October 19, 2020
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 10/22/2020 | [Microsoft 365 Education Documentation for developers](/education/developers) | modified |
+| 10/22/2020 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |

education/windows/windows-editions-for-education-customers.md

@@ -30,10 +30,10 @@ Windows 10, version 1607 introduces two editions designed for the unique needs o
 
 Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
 
-For Cortana<sup>[1](#footnote1)</sup>,
+For Cortana<sup>[1](#footnote1)</sup>:
 - If you're using version 1607, Cortana is removed.
-- If you're using new devices with version 1703, Cortana is turned on by default.
+- If you're using new devices with version 1703 or later, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
+- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
 
 You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 
@@ -49,10 +49,10 @@ Customers who deploy Windows 10 Pro are able to configure the product to have si
 
 Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
 
-For Cortana<sup>1</sup>,
+For Cortana<sup>1</sup>:
 - If you're using version 1607, Cortana<sup>1</sup> is removed.
-- If you're using new devices with version 1703, Cortana is turned on by default.
+- If you're using new devices with version 1703 or later, Cortana is turned on by default.
-- If you're upgrading from version 1607 to version 1703, Cortana will be enabled.
+- If you're upgrading from version 1607 to version 1703 or later, Cortana will be enabled.
 
 You can use the **AllowCortana** policy to turn Cortana off. For more information, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 

store-for-business/add-unsigned-app-to-code-integrity-policy.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Add unsigned app to code integrity policy
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**

store-for-business/device-guard-signing-portal.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com.  
 
 
 **Applies to**

store-for-business/includes/store-for-business-content-updates.md

@@ -0,0 +1,12 @@
+<!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
+
+
+
+## Week of October 26, 2020
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 10/27/2020 | [Add unsigned app to code integrity policy (Windows 10)](/microsoft-store/add-unsigned-app-to-code-integrity-policy) | modified |
+| 10/27/2020 | [Device Guard signing (Windows 10)](/microsoft-store/device-guard-signing-portal) | modified |
+| 10/27/2020 | [Sign code integrity policy with Device Guard signing (Windows 10)](/microsoft-store/sign-code-integrity-policy-with-device-guard-signing) | modified |

store-for-business/sign-code-integrity-policy-with-device-guard-signing.md

@@ -18,10 +18,10 @@ ms.date: 10/17/2017
 # Sign code integrity policy with Device Guard signing
 
 > [!IMPORTANT]
-> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) will be available for consumption starting mid-September 2020, and you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service between September and December 2020.
+> We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until the end of December 2020 to transition to DGSS v2. At the end of December 2020, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by the end of December 2020.
 >
 > Following are the major changes we are making to the service: 
-> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets will be available as a NuGet download.
+> - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
 > -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired at the end of December 2020, you will no longer be able to download the leaf certificates used to sign your files.
 >
@@ -32,7 +32,7 @@ ms.date: 10/17/2017
 > - Download root cert
 > - Download history of your signing operations 
 >
-> We will share detailed instructions and NuGet location before mid-September 2020. For any questions, please contact us at DGSSMigration@microsoft.com for more information on migration.  
+> For any questions, please contact us at DGSSMigration@microsoft.com. 
 
 
 **Applies to**

windows/application-management/apps-in-windows-10.md

@@ -39,53 +39,53 @@ You can list all provisioned Windows apps with this PowerShell command:
 Get-AppxProvisionedPackage -Online | Format-Table DisplayName, PackageName
 ```
 
-Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, and 1909.
+Here are the provisioned Windows apps in Windows 10 versions 1803, 1809, 1903, 1909, and 2004.
 
-| Package name                                 | App name                                                                                                           | 1803 | 1809 | 1903 | 1909 | Uninstall through UI? |
+| Package name                                 | App name                                                                                                           | 1803 | 1809 | 1903 | 1909 | 2004 | Uninstall through UI? |
-|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:---------------------:|
+|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------|:----:|:----:|:----:|:----:|:----:|:---------------------:|
-| Microsoft.3DBuilder                          | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe)                                        |      |      |      |      |          Yes          |
+| Microsoft.3DBuilder                          | [3D Builder](ms-windows-store://pdp/?PFN=Microsoft.3DBuilder_8wekyb3d8bbwe)                                        |      |      |      |      |      |          Yes          |
-| Microsoft.BingWeather                        | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.BingWeather                        | [MSN Weather](ms-windows-store://pdp/?PFN=Microsoft.BingWeather_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.DesktopAppInstaller                | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe)                           |   x  |   x  |   x  |   x  |    Via Settings App   |
+| Microsoft.DesktopAppInstaller                | [App Installer](ms-windows-store://pdp/?PFN=Microsoft.DesktopAppInstaller_8wekyb3d8bbwe)                           |   x  |   x  |   x  |   x  |   x  |    Via Settings App   |
-| Microsoft.GetHelp                            | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.GetHelp                            | [Get Help](ms-windows-store://pdp/?PFN=Microsoft.Gethelp_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Getstarted                         | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe)                                   |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Getstarted                         | [Microsoft Tips](ms-windows-store://pdp/?PFN=Microsoft.Getstarted_8wekyb3d8bbwe)                                   |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.HEIFImageExtension                 | [HEIF Image Extensions](ms-windows-store://pdp/?PFN=Microsoft.HEIFImageExtension_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Messaging                          | [Microsoft Messaging](ms-windows-store://pdp/?PFN=Microsoft.Messaging_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Microsoft3DViewer                  | [Mixed Reality Viewer](ms-windows-store://pdp/?PFN=Microsoft.Microsoft3DViewer_8wekyb3d8bbwe)                      |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftOfficeHub                 | [Office](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.MicrosoftSolitaireCollection       | [Microsoft Solitaire Collection](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftSolitaireCollection_8wekyb3d8bbwe) |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.MicrosoftStickyNotes               | [Microsoft Sticky Notes](ms-windows-store://pdp/?PFN=Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.MixedReality.Portal                | [Mixed Reality Portal](ms-windows-store://pdp/?PFN=Microsoft.MixedReality.Portal_8wekyb3d8bbwe)                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.MSPaint                            | [Paint 3D](ms-windows-store://pdp/?PFN=Microsoft.MSPaint_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |          Yes          |
+| Microsoft.Office.OneNote                     | [OneNote for Windows 10](ms-windows-store://pdp/?PFN=Microsoft.Office.OneNote_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |   x  |          Yes          |
-| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.OneConnect                         | [Mobile Plans](ms-windows-store://pdp/?PFN=Microsoft.OneConnect_8wekyb3d8bbwe)                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |                       |
+| Microsoft.Outlook.DesktopIntegrationServices |                                                                                                                    |      |      |      |   x  |   x  |                       |
-| Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.People                             | [Microsoft People](ms-windows-store://pdp/?PFN=Microsoft.People_8wekyb3d8bbwe)                                     |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Print3D                            | [Print 3D](ms-windows-store://pdp/?PFN=Microsoft.Print3D_8wekyb3d8bbwe)                                            |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ScreenSketch                       | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe)                                  |      |   x  |   x  |   x  |           No          |
+| Microsoft.ScreenSketch                       | [Snip & Sketch](ms-windows-store://pdp/?PFN=Microsoft.ScreenSketch_8wekyb3d8bbwe)                                  |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.SkypeApp                           | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c)                                              |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.SkypeApp                           | [Skype](ms-windows-store://pdp/?PFN=Microsoft.SkypeApp_kzf8qxf38zg5c)                                              |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.StorePurchaseApp                   | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe)                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.StorePurchaseApp                   | [Store Purchase App](ms-windows-store://pdp/?PFN=Microsoft.StorePurchaseApp_8wekyb3d8bbwe)                         |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.VP9VideoExtensions                 |                                                                                                                    |      |   x  |   x  |   x  |           No          |
+| Microsoft.VP9VideoExtensions                 |                                                                                                                    |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Wallet                             | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe)                                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Wallet                             | [Microsoft Pay](ms-windows-store://pdp/?PFN=Microsoft.Wallet_8wekyb3d8bbwe)                                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WebMediaExtensions                 | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe)                     |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WebMediaExtensions                 | [Web Media Extensions](ms-windows-store://pdp/?PFN=Microsoft.WebMediaExtensions_8wekyb3d8bbwe)                     |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WebpImageExtension                 | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe)                     |      |   x  |   x  |   x  |           No          |
+| Microsoft.WebpImageExtension                 | [Webp Image Extension](ms-windows-store://pdp/?PFN=Microsoft.WebpImageExtension_8wekyb3d8bbwe)                     |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Windows.Photos                     | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Windows.Photos                     | [Microsoft Photos](ms-windows-store://pdp/?PFN=Microsoft.Windows.Photos_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsAlarms                      | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsAlarms                      | [Windows Alarms & Clock](ms-windows-store://pdp/?PFN=Microsoft.WindowsAlarms_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsCalculator                  | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsCalculator                  | [Windows Calculator](ms-windows-store://pdp/?PFN=Microsoft.WindowsCalculator_8wekyb3d8bbwe)                        |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsCamera                      | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsCamera                      | [Windows Camera](ms-windows-store://pdp/?PFN=Microsoft.WindowsCamera_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| microsoft.windowscommunicationsapps          | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| microsoft.windowscommunicationsapps          | [Mail and Calendar](ms-windows-store://pdp/?PFN=microsoft.windowscommunicationsapps_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsFeedbackHub                 | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsFeedbackHub                 | [Feedback Hub](ms-windows-store://pdp/?PFN=Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe)                             |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsMaps                        | [Windows Maps](ms-windows-store://pdp/?PFN=Microsoft.WindowsMaps_8wekyb3d8bbwe)                                    |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsSoundRecorder               | [Windows Voice Recorder](ms-windows-store://pdp/?PFN=Microsoft.WindowsSoundRecorder_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.WindowsStore                       | [Microsoft Store](ms-windows-store://pdp/?PFN=Microsoft.WindowsStore_8wekyb3d8bbwe)                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.Xbox.TCUI                          | [Xbox Live in-game experience](ms-windows-store://pdp/?PFN=Microsoft.Xbox.TCUI_8wekyb3d8bbwe)                                         |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxApp                            | [Xbox Console Companion](ms-windows-store://pdp/?PFN=Microsoft.XboxApp_8wekyb3d8bbwe)                                                |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGameOverlay                    | [Xbox Game Bar Plugin](ms-windows-store://pdp/?PFN=Microsoft.XboxGameOverlay_8wekyb3d8bbwe)                               |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxGamingOverlay                  | [Xbox Game Bar](ms-windows-store://pdp/?PFN=Microsoft.XboxGamingOverlay_8wekyb3d8bbwe)                       |   x  |   x  |   x  |   x  |   x  |          No          |
-| Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxIdentityProvider               | [Xbox Identity Provider](ms-windows-store://pdp/?PFN=Microsoft.XboxIdentityProvider_8wekyb3d8bbwe)                 |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.XboxSpeechToTextOverlay            |                                                                                                                    |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |           No          |
+| Microsoft.YourPhone                          | [Your Phone](ms-windows-store://pdp/?PFN=Microsoft.YourPhone_8wekyb3d8bbwe)                                        |      |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ZuneMusic                          | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.ZuneMusic                          | [Groove Music](ms-windows-store://pdp/?PFN=Microsoft.ZuneMusic_8wekyb3d8bbwe)                                      |   x  |   x  |   x  |   x  |   x  |           No          |
-| Microsoft.ZuneVideo                          | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe)                                       |   x  |   x  |   x  |   x  |           No          |
+| Microsoft.ZuneVideo                          | [Movies & TV](ms-windows-store://pdp/?PFN=Microsoft.ZuneVideo_8wekyb3d8bbwe)                                       |   x  |   x  |   x  |   x  |   x  |           No          |
 
 >[!NOTE]
 >The Store app can't be removed. If you want to remove and reinstall the Store app, you can only bring Store back by either restoring your system from a backup or resetting your system. Instead of removing the Store app, you should use group policies to hide or disable it.

windows/application-management/docfx.json

@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",

windows/client-management/advanced-troubleshooting-802-authentication.md

@@ -17,17 +17,17 @@ ms.topic: troubleshooting
  
 ## Overview
 
-This is a general troubleshooting of 802.1X wireless and wired clients. With 802.1X and wireless troubleshooting, it's important to know how the flow of authentication works, and then figuring out where it's breaking. It involves a lot of third party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. Since we don't make access points or switches, it won't be an end-to-end Microsoft solution.
+This article includes general troubleshooting for 802.1X wireless and wired clients. While troubleshooting 802.1X and wireless, it's important to know how the flow of authentication works, and then figure out where it's breaking. It involves a lot of third-party devices and software. Most of the time, we have to identify where the problem is, and another vendor has to fix it. We don't make access points or switches, so it's not an end-to-end Microsoft solution.
  
 ## Scenarios
 
-This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 - 10 for clients, and Windows Server 2008 R2 - 2012 R2 for NPS.
+This troubleshooting technique applies to any scenario in which wireless or wired connections with 802.1X authentication is attempted and then fails to establish. The workflow covers Windows 7 through Windows 10 for clients, and Windows Server 2008 R2 through Windows Server 2012 R2 for NPS.
  
-## Known Issues
+## Known issues
 
 None
  
-## Data Collection
+## Data collection
 
 See [Advanced troubleshooting 802.1X authentication data collection](data-collection-for-802-authentication.md).
  
@@ -35,11 +35,11 @@ See [Advanced troubleshooting 802.1X authentication data collection](data-collec
 
 Viewing [NPS authentication status events](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735320(v%3dws.10)) in the Windows Security [event log](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc722404(v%3dws.11)) is one of the most useful troubleshooting methods to obtain information about failed authentications.
 
-NPS event log entries contain information on the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you are not seeing both success and failure events, see the section below on [NPS audit policy](#audit-policy).
+NPS event log entries contain information about the connection attempt, including the name of the connection request policy that matched the connection attempt and the network policy that accepted or rejected the connection attempt. If you don't see both success and failure events, see the [NPS audit policy](#audit-policy) section later in this article.
 
-Check Windows Security Event log on the NPS Server for NPS events corresponding to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
+Check Windows Security Event log on the NPS Server for NPS events that correspond to rejected ([event ID 6273](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735399(v%3dws.10))) or accepted ([event ID 6272](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc735388(v%3dws.10))) connection attempts.
  
-In the event message, scroll to the very bottom, and check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text associated with it.
+In the event message, scroll to the very bottom, and then check the [Reason Code](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v%3dws.10)) field and the text that's associated with it.
  
    ![example of an audit failure](images/auditfailure.png)
    *Example: event ID 6273 (Audit Failure)*<br><br>
@@ -47,35 +47,35 @@ In the event message, scroll to the very bottom, and check the [Reason Code](htt
    ![example of an audit success](images/auditsuccess.png)
    *Example: event ID 6272 (Audit Success)*<br>
 
-‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, Wired AutoConfig operational log is equivalent one.
+‎The WLAN AutoConfig operational log lists information and error events based on conditions detected by or reported to the WLAN AutoConfig service. The operational log contains information about the wireless network adapter, the properties of the wireless connection profile, the specified network authentication, and, in the event of connectivity problems, the reason for the failure. For wired network access, the Wired AutoConfig operational log is an equivalent one.
 
-On the client side, navigate to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, navigate to  **..\Wired-AutoConfig/Operational**. See the following example:
+On the client side, go to **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\WLAN-AutoConfig/Operational** for wireless issues. For wired network access issues, go to  **..\Wired-AutoConfig/Operational**. See the following example:
 
 ![event viewer screenshot showing wired-autoconfig and WLAN autoconfig](images/eventviewer.png)
  
-Most 802.1X authentication issues are due to problems with the certificate that is used for client or server authentication (e.g. invalid certificate, expiration, chain verification failure, revocation check failure, etc.). 
+Most 802.1X authentication issues are because of problems with the certificate that's used for client or server authentication. Examples include invalid certificate, expiration, chain verification failure, and revocation check failure. 
 
-First, validate the type of EAP method being used:
+First, validate the type of EAP method that's used:
  
 ![eap authentication type comparison](images/comparisontable.png)
 
-If a certificate is used for its authentication method, check if the certificate is valid. For server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Right click on the policy and select **Properties**. In the pop-up window, go to the **Constraints** tab and select the **Authentication Methods** section.
+If a certificate is used for its authentication method, check whether the certificate is valid. For the server (NPS) side, you can confirm what certificate is being used from the EAP property menu. In **NPS snap-in**, go to **Policies** > **Network Policies**. Select and hold (or right-click) the policy, and then select **Properties**. In the pop-up window, go to the **Constraints** tab, and then select the **Authentication Methods** section.
 
 ![Constraints tab of the secure wireless connections properties](images/eappropertymenu.png)
  
-The CAPI2 event log will be useful for troubleshooting certificate-related issues.
+The CAPI2 event log is useful for troubleshooting certificate-related issues.
-This log is not enabled by default. You can enable this log by expanding **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, right-clicking **Operational** and then clicking **Enable Log**.
+By default, this log isn't enabled. To enable this log, expand **Event Viewer (Local)\Applications and Services Logs\Microsoft\Windows\CAPI2**, select and hold (or right-click) **Operational**, and then select **Enable Log**.
 
 ![screenshot of event viewer](images/capi.png)
  
-The following article explains how to analyze CAPI2 event logs:
+For information about how to analyze CAPI2 event logs, see
 [Troubleshooting PKI Problems on Windows Vista](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-vista/cc749296%28v=ws.10%29).
 
-When troubleshooting complex 802.1X authentication issues, it is important to understand the 802.1X authentication process. The following figure is an example of wireless connection process with 802.1X authentication:
+When troubleshooting complex 802.1X authentication issues, it's important to understand the 802.1X authentication process. Here's an example of wireless connection process with 802.1X authentication:
 
 ![authenticator flow chart](images/authenticator_flow_chart.png)
  
-If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter in for a client side capture, and **EAP** for an NPS side capture. See the following examples:
+If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both the client and the server (NPS) side, you can see a flow like the one below. Type **EAPOL** in the Display Filter for a client-side capture, and **EAP** for an NPS-side capture. See the following examples:
 
 ![client-side packet capture data](images/clientsidepacket_cap_data.png)
 *Client-side packet capture data*<br><br>
@@ -85,16 +85,16 @@ If you [collect a network packet capture](troubleshoot-tcpip-netmon.md) on both
 ‎
 
 > [!NOTE]
-> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. Follow the instructions under the **Help** menu in Network Monitor to load the reqired [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/) if needed. See the example below.
+> If you have a wireless trace, you can also [view ETL files with network monitor](https://docs.microsoft.com/windows/desktop/ndf/using-network-monitor-to-view-etl-files) and apply the **ONEX_MicrosoftWindowsOneX** and **WLAN_MicrosoftWindowsWLANAutoConfig** Network Monitor filters. If you need to load the required [parser](https://blogs.technet.microsoft.com/netmon/2010/06/04/parser-profiles-in-network-monitor-3-4/), see the instructions under the **Help** menu in Network Monitor. Here's an example:
 
 ![ETL parse](images/etl.png) 
 
 ## Audit policy
 
-NPS audit policy (event logging) for connection success and failure is enabled by default. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
+By default, NPS audit policy (event logging) for connection success and failure is enabled. If you find that one or both types of logging are disabled, use the following steps to troubleshoot.
 
 View the current audit policy settings by running the following command on the NPS server:
-```
+```console
 auditpol /get /subcategory:"Network Policy Server"
 ```
 
@@ -106,13 +106,12 @@ Logon/Logoff
   Network Policy Server                   Success and Failure
 </pre>
 
-If it shows ‘No auditing’, you can run this command to enable it:
+If it says, "No auditing," you can run this command to enable it:
-
+```console
-```
 auditpol /set /subcategory:"Network Policy Server" /success:enable /failure:enable
 ```
 
-Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing via Group Policy. The success/failure setting can be found under **Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Advanced Audit Policy Configuration -> Audit Policies -> Logon/Logoff -> Audit Network Policy Server**.
+Even if audit policy appears to be fully enabled, it sometimes helps to disable and then re-enable this setting. You can also enable Network Policy Server logon/logoff auditing by using Group Policy. To get to the success/failure setting, select **Computer Configuration** > **Policies** > **Windows Settings** > **Security Settings** > **Advanced Audit Policy Configuration** > **Audit Policies** > **Logon/Logoff** > **Audit Network Policy Server**.
 
 ## Additional references
 

windows/client-management/connect-to-remote-aadj-pc.md

@@ -22,13 +22,10 @@ ms.topic: article
 
 - Windows 10
 
-From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup).
+From its release, Windows 10 has supported remote connections to PCs joined to Active Directory. Starting in Windows 10, version 1607, you can also connect to a remote PC that is [joined to Azure Active Directory (Azure AD)](https://docs.microsoft.com/azure/active-directory/user-help/device-management-azuread-joined-devices-setup). Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics).
 
 ![Remote Desktop Connection client](images/rdp.png)
 
-> [!TIP]
-> Starting in Windows 10, version 1809, you can [use biometrics to authenticate to a remote desktop session.](https://docs.microsoft.com/windows/whats-new/whats-new-windows-10-version-1809#remote-desktop-with-biometrics)
-
 ## Set up
 
 - Both PCs (local and remote) must be running Windows 10, version 1607 or later. Remote connections to an Azure AD-joined PC running earlier versions of Windows 10 are not supported.
@@ -37,16 +34,18 @@ From its release, Windows 10 has supported remote connections to PCs joined to A
 Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-guard), a new feature in Windows 10, version 1607, is turned off on the client PC you are using to connect to the remote PC.
 
 - On the PC you want to connect to:
+
   1. Open system properties for the remote PC.
+  
   2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**.
 
      ![Allow remote connections to this computer](images/allow-rdp.png)
 
-  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users to connect to the PC, you must allow remote connections for the local **Authenticated Users** group. Click **Select Users**.
+  3. If the user who joined the PC to Azure AD is the only one who is going to connect remotely, no additional configuration is needed. To allow additional users or groups to connect to the PC, you must allow remote connections for the specified users or groups. Click **Select Users -> Add** and enter the name of the user or group.
 
      > [!NOTE]
      > You can specify individual Azure AD accounts for remote connections by having the user sign in to the remote device at least once, and then running the following PowerShell cmdlet:
-    > ```PowerShell
+     > ```powershell
      > net localgroup "Remote Desktop Users" /add "AzureAD\the-UPN-attribute-of-your-user"
      > ```
      > where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
@@ -55,15 +54,16 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
      > Otherwise this command throws the below error. For example:
      > - for cloud only user: "There is no such global user or group : *name*"
      > - for synced user: "There is no such global user or group : *name*" </br>
-    >
+    
+     > [!NOTE]
      > In Windows 10, version 1709, the user does not have to sign in to the remote device first.
      >
      > In Windows 10, version 1709, you can add other Azure AD users to the **Administrators** group on a device in **Settings** and restrict remote credentials to **Administrators**. If there is a problem connecting remotely, make sure that both devices are joined to Azure AD and that TPM is functioning properly on both devices.
    
-  4. Enter **Authenticated Users**, then click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
+  4. Click **Check Names**. If the **Name Not Found** window opens, click **Locations** and select this PC.
 
      > [!TIP]
-  > When you connect to the remote PC, enter your account name in this format: `AzureAD UPN`. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
+     > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com. The local PC must either be domain-joined or Azure AD-joined. The local PC and remote PC must be in the same Azure AD tenant.
 
      > [!Note]
      > If you cannot connect using Remote Desktop Connection 6.0, you must turn off the new features of RDP 6.0 and revert back to RDP 5.0 by making a few changes in the RDP file. See the details in the [support article](https://support.microsoft.com/help/941641/remote-desktop-connection-6-0-prompts-you-for-credentials-before-you-e).

windows/client-management/docfx.json

@@ -32,6 +32,7 @@
     "externalReference": [],
     "globalMetadata": {
       "breadcrumb_path": "/windows/windows-10/breadcrumb/toc.json",
+      "uhfHeaderId": "MSDocsHeader-M365-IT",
       "ms.technology": "windows",
       "audience": "ITPro",
       "ms.topic": "article",

windows/client-management/manage-settings-app-with-group-policy.md

@@ -19,13 +19,13 @@ ms.topic: article
 
 -   Windows 10, Windows Server 2016
 
-You can now manage the pages that are shown in the Settings app by using Group Policy. This lets you hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
+You can now manage the pages that are shown in the Settings app by using Group Policy. When you use Group Policy to manage pages, you can hide specific pages from users. Before Windows 10, version 1703, you could either show everything in the Settings app or hide it completely.
-To make use of the Settings App group polices on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
+To make use of the Settings App group policies on Windows server 2016, install fix [4457127](https://support.microsoft.com/help/4457127/windows-10-update-kb4457127) or a later cumulative update. 
 
 >[!Note]
 >Each server that you want to manage access to the Settings App must be patched.
 
-To centrally manage the new policies copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra) if your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management.
+If your company uses one or the PolicyDefinitions folder of the Domain Controllers used for Group Policy management, to centrally manage the new policies, copy the ControlPanel.admx and ControlPanel.adml file to [Central Store](https://support.microsoft.com/help/3087759/how-to-create-and-manage-the-central-store-for-group-policy-administra).
 
 This policy is available for both User and Computer depending on the version of the OS. Windows Server 2016 with KB 4457127 applied will have both User and Computer policy. Windows 10, version 1703, added Computer policy for the Settings app. Windows 10, version 1809, added User policy for the Settings app.
 
@@ -39,7 +39,7 @@ Policy paths:
 
 ## Configuring the Group Policy
 
-The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon delimited list of URIs in **Settings Page Visiblity**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). 
+The Group Policy can be configured in one of two ways: specify a list of pages that are shown or specify a list of pages to hide. To do this, add either **ShowOnly:** or **Hide:** followed by a semicolon-delimited list of URIs in **Settings Page Visibility**. For a full list of URIs, see the URI scheme reference section in [Launch the Windows Settings app](https://docs.microsoft.com/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference). 
 
 >[!NOTE]
 > When you specify the URI in the Settings Page Visibility textbox, don't include **ms-settings:** in the string.

windows/client-management/manage-windows-10-in-your-organization-modern-management.md

@@ -53,7 +53,7 @@ As indicated in the diagram, Microsoft continues to provide support for deep man
 With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully-configured, fully-managed devices, you can:
 
 
--   Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/intune/understand-explore/introduction-to-microsoft-intune).
+-   Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/).
 
 -   Create self-contained provisioning packages built with the [Windows Configuration Designer](https://technet.microsoft.com/itpro/windows/deploy/provisioning-packages).
 
@@ -69,7 +69,7 @@ You can envision user and device management as falling into these two categories
 
 -   **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
 
-    -   For corporate devices, they can set up corporate access with [Azure AD Join](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-overview/). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://blogs.technet.microsoft.com/ad/2015/08/14/windows-10-azure-ad-and-microsoft-intune-automatic-mdm-enrollment-powered-by-the-cloud/), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
+    -   For corporate devices, they can set up corporate access with [Azure AD Join](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-overview/). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
 
     -   Likewise, for personal devices, employees can use a new, simplified [BYOD experience](https://azure.microsoft.com/documentation/articles/active-directory-azureadjoin-windows10-devices/) to add their work account to Windows, then access work resources on the device.
 
@@ -135,6 +135,6 @@ There are a variety of steps you can take to begin the process of modernizing de
 
 ## Related topics
 
--   [What is Intune?](https://docs.microsoft.com/intune/introduction-intune)
+-   [What is Intune?](https://docs.microsoft.com//mem/intune/fundamentals/what-is-intune)
 -   [Windows 10 Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider)
 -   [Windows 10 Configuration service Providers](https://docs.microsoft.com/windows/client-management/mdm/configuration-service-provider-reference)

windows/client-management/mdm/TOC.md

@@ -1,5 +1,6 @@
 # [Mobile device management](index.md)
 ## [What's new in MDM enrollment and management](new-in-windows-mdm-enrollment-management.md)
+### [Change history for MDM documentation](change-history-for-mdm-documentation.md)
 ## [Mobile device enrollment](mobile-device-enrollment.md)
 ### [MDM enrollment of Windows devices](mdm-enrollment-of-windows-devices.md)
 #### [Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal](azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md)
@@ -159,14 +160,14 @@
 #### [Personalization DDF file](personalization-ddf.md)
 ### [Policy CSP](policy-configuration-service-provider.md)
 #### [Policy DDF file](policy-ddf-file.md)
-#### [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+#### [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-#### [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+#### [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
-#### [Policy CSPs supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
+#### [Policies in Policy CSP supported by HoloLens 2](policy-csps-supported-by-hololens2.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite](policy-csps-supported-by-hololens-1st-gen-commercial-suite.md)
-#### [Policy CSPs supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
+#### [Policies in Policy CSP supported by HoloLens (1st gen) Development Edition](policy-csps-supported-by-hololens-1st-gen-development-edition.md)
-#### [Policy CSPs supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Enterprise](policy-csps-supported-by-iot-enterprise.md)
-#### [Policy CSPs supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
+#### [Policies in Policy CSP supported by Windows 10 IoT Core](policy-csps-supported-by-iot-core.md)
-#### [Policy CSPs supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
+#### [Policies in Policy CSP supported by Microsoft Surface Hub](policy-csps-supported-by-surface-hub.md)
 #### [Policy CSPs that can be set using Exchange Active Sync (EAS)](policy-csps-that-can-be-set-using-eas.md)
 #### [AboveLock](policy-csp-abovelock.md)
 #### [Accounts](policy-csp-accounts.md)
@@ -174,6 +175,7 @@
 #### [ADMX_AddRemovePrograms](policy-csp-admx-addremoveprograms.md)
 #### [ADMX_AppCompat](policy-csp-admx-appcompat.md)
 #### [ADMX_AuditSettings](policy-csp-admx-auditsettings.md)
+#### [ADMX_Bits](policy-csp-admx-bits.md)
 #### [ADMX_CipherSuiteOrder](policy-csp-admx-ciphersuiteorder.md)
 #### [ADMX_COM](policy-csp-admx-com.md)
 #### [ADMX_Cpls](policy-csp-admx-cpls.md)
@@ -197,17 +199,39 @@
 #### [ADMX_nca](policy-csp-admx-nca.md)
 #### [ADMX_NCSI](policy-csp-admx-ncsi.md)
 #### [ADMX_Netlogon](policy-csp-admx-netlogon.md)
+#### [ADMX_NetworkConnections](policy-csp-admx-networkconnections.md)
 #### [ADMX_OfflineFiles](policy-csp-admx-offlinefiles.md)
 #### [ADMX_PeerToPeerCaching](policy-csp-admx-peertopeercaching.md)
 #### [ADMX_PerformanceDiagnostics](policy-csp-admx-performancediagnostics.md)
+#### [ADMX_PowerShellExecutionPolicy](policy-csp-admx-powershellexecutionpolicy.md)
 #### [ADMX_Reliability](policy-csp-admx-reliability.md)
 #### [ADMX_Scripts](policy-csp-admx-scripts.md)
 #### [ADMX_sdiageng](policy-csp-admx-sdiageng.md)
 #### [ADMX_Securitycenter](policy-csp-admx-securitycenter.md)
+#### [ADMX_Sensors](policy-csp-admx-sensors.md)
 #### [ADMX_Servicing](policy-csp-admx-servicing.md)
 #### [ADMX_SharedFolders](policy-csp-admx-sharedfolders.md)
 #### [ADMX_Sharing](policy-csp-admx-sharing.md)
 #### [ADMX_ShellCommandPromptRegEditTools](policy-csp-admx-shellcommandpromptregedittools.md)
+#### [ADMX_Smartcard](policy-csp-admx-smartcard.md)
+#### [ADMX_Snmp](policy-csp-admx-snmp.md)
+#### [ADMX_StartMenu](policy-csp-admx-startmenu.md)
+#### [ADMX_Taskbar](policy-csp-admx-taskbar.md)
+#### [ADMX_tcpip](policy-csp-admx-tcpip.md)
+#### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
+#### [ADMX_TPM](policy-csp-admx-tpm.md)
+#### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
+#### [ADMX_W32Time](policy-csp-admx-w32time.md)
+#### [ADMX_WCM](policy-csp-admx-wcm.md)
+#### [ADMX_WinCal](policy-csp-admx-wincal.md)
+#### [ADMX_WindowsAnytimeUpgrade](policy-csp-admx-windowsanytimeupgrade.md)
+#### [ADMX_WindowsConnectNow](policy-csp-admx-windowsconnectnow.md)
+#### [ADMX_WindowsExplorer](policy-csp-admx-windowsexplorer.md)
+#### [ADMX_WindowsMediaDRM](policy-csp-admx-windowsmediadrm.md)
+#### [ADMX_WindowsMediaPlayer](policy-csp-admx-windowsmediaplayer.md)
+#### [ADMX_WindowsStore](policy-csp-admx-windowsstore.md)
+#### [ADMX_WinInit](policy-csp-admx-wininit.md)
+#### [ADMX_wlansvc](policy-csp-admx-wlansvc.md)
 #### [ApplicationDefaults](policy-csp-applicationdefaults.md)
 #### [ApplicationManagement](policy-csp-applicationmanagement.md)
 #### [AppRuntime](policy-csp-appruntime.md)
@@ -216,7 +240,7 @@
 #### [Audit](policy-csp-audit.md)
 #### [Authentication](policy-csp-authentication.md)
 #### [Autoplay](policy-csp-autoplay.md)
-#### [Bitlocker](policy-csp-bitlocker.md)
+#### [BitLocker](policy-csp-bitlocker.md)
 #### [BITS](policy-csp-bits.md)
 #### [Bluetooth](policy-csp-bluetooth.md)
 #### [Browser](policy-csp-browser.md)
@@ -254,11 +278,14 @@
 #### [LanmanWorkstation](policy-csp-lanmanworkstation.md)
 #### [Licensing](policy-csp-licensing.md)
 #### [LocalPoliciesSecurityOptions](policy-csp-localpoliciessecurityoptions.md)
+#### [LocalUsersAndGroups](policy-csp-localusersandgroups.md)
 #### [LockDown](policy-csp-lockdown.md)
 #### [Maps](policy-csp-maps.md)
 #### [Messaging](policy-csp-messaging.md)
+#### [MixedReality](policy-csp-mixedreality.md)
 #### [MSSecurityGuide](policy-csp-mssecurityguide.md)
 #### [MSSLegacy](policy-csp-msslegacy.md)
+#### [Multitasking](policy-csp-multitasking.md)
 #### [NetworkIsolation](policy-csp-networkisolation.md)
 #### [Notifications](policy-csp-notifications.md)
 #### [Power](policy-csp-power.md)
@@ -293,6 +320,7 @@
 #### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
 #### [WindowsLogon](policy-csp-windowslogon.md)
 #### [WindowsPowerShell](policy-csp-windowspowershell.md)
+#### [WindowsSandbox](policy-csp-windowssandbox.md)
 #### [WirelessDisplay](policy-csp-wirelessdisplay.md)
 ### [PolicyManager CSP](policymanager-csp.md)
 ### [Provisioning CSP](provisioning-csp.md)

windows/client-management/mdm/accounts-csp.md

@@ -52,6 +52,7 @@ This node specifies the username for a new local user account.  This setting can
 This node specifies the password for a new local user account.  This setting can be managed remotely. 
 
 Supported operation is Add.
+GET operation is not supported.  This setting will report as failed when deployed from the Endpoint Manager.
 
 <a href="" id="users-username-localusergroup"></a>**Users/_UserName_/LocalUserGroup**  
 This optional node specifies the local user group that a local user account should be joined to.  If the node is not set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.

windows/client-management/mdm/azure-active-directory-integration-with-mdm.md

@@ -165,7 +165,10 @@ The following image illustrates how MDM applications will show up in the Azure a
 
 ### Add cloud-based MDM to the app gallery
 
-You should work with the Azure AD engineering team if your MDM application is cloud-based. The following table shows the required information to create an entry in the Azure AD app gallery.
+> [!NOTE]
+> You should work with the Azure AD engineering team if your MDM application is cloud-based and needs to be enabled as a multi-tenant MDM application 
+
+The following table shows the required information to create an entry in the Azure AD app gallery.
 
 <table>
 <colgroup>

windows/client-management/mdm/configuration-service-provider-reference.md

@@ -1557,13 +1557,13 @@ Additional lists:
 	<th>Mobile Enterprise</th>
 </tr>
 <tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
 </tr>
 </table>
 

windows/client-management/mdm/devicestatus-csp.md

@@ -36,9 +36,8 @@ Supported operation is Get.
 <a href="" id="devicestatus-cellularidentities"></a>**DeviceStatus/CellularIdentities**  
 Required. Node for queries on the SIM cards.
 
-> **Note**  Multiple SIMs are supported.
+>[!NOTE]
-
+>Multiple SIMs are supported.
- 
 
 <a href="" id="devicestatus-cellularidentities-imei"></a>**DeviceStatus/CellularIdentities/**<strong>*IMEI*</strong>  
 The unique International Mobile Station Equipment Identity (IMEI) number of the mobile device. An IMEI is present for each SIM card on the device.
@@ -107,7 +106,7 @@ Supported operation is Get.
 Node for the compliance query.
 
 <a href="" id="devicestatus-compliance-encryptioncompliance"></a>**DeviceStatus/Compliance/EncryptionCompliance**  
-Boolean value that indicates compliance with the enterprise encryption policy. The value is one of the following:
+Boolean value that indicates compliance with the enterprise encryption policy for OS (system) drives. The value is one of the following:
 
 -   0 - not encrypted
 -   1 - encrypted

windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md

@@ -33,7 +33,7 @@ See [Support Tip: Ingesting Office ADMX-backed policies using Microsoft Intune](
 ## Enable a policy
 
 > [!NOTE]
-> See [Understanding ADMX-backed policy CSPs](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
+> See [Understanding ADMX-backed policies in Policy CSP](https://docs.microsoft.com/windows/client-management/mdm/understanding-admx-backed-policies).
 
 1.  Find the policy from the list [ADMX-backed policies](policy-csps-admx-backed.md). You need the following information listed in the policy description.  
     - GP English name

windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -119,6 +119,7 @@ Requirements:
     > [!NOTE]
     > In Windows 10, version 1903, the MDM.admx file was updated to include an option to select which credential is used to enroll the device. **Device Credential** is a new option that will only have an effect on clients that have installed Windows 10, version 1903 or later. 
     > The default behavior for older releases is to revert to **User Credential**. 
+    > **Device Credential** is not supported for enrollment type when you have a ConfigMgr Agent on your device. 
 
     When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called " Schedule created by enrollment client for automatically enrolling in MDM from AAD." 
 

windows/client-management/mdm/esim-enterprise-management.md

@@ -12,15 +12,17 @@ ms.topic: conceptual
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
-The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to leverage an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will leverage the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and installation happens on the background and not impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
+The eSIM Profile Management Solution puts the Mobile Device Management (MDM) Provider in the front and center. The whole idea is to use an already existing solution that customers are familiar with and that they use to manage devices. The expectations from an MDM are that it will use the same sync mechanism that it uses for device policies to push any policy to the eSIM profile, and be able to use Groups and Users the same way. This way, the eSIM profile download and the installation happen in the background without impacting the end user. Similarly, the IT admin would use the same method of managing the eSIM profiles (Assignment/de-assignment, etc.) the same way as they currently do device management.
- If you are a Mobile Device Management (MDM) Provider and would like to support eSIM Management on Windows, you should do the following:
+ If you are a Mobile Device Management (MDM) Provider and want to support eSIM Management on Windows, perform the following steps:
 - Onboard to Azure Active Directory
-- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, please contact them and learn more about their onboarding. If you would like to support multiple mobile operators, [orchestrator providers]( https://www.idemia.com/esim-management-facilitation) are there to act as a proxy that will handle MDM onboarding as well as mobile operator onboarding. Their main [role]( https://www.idemia.com/smart-connect-hub) is to enable the process to be as painless but scalable to all parties. 
+- Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. Contact mobile operators directly or contact orchestrator providers. Windows provides the capability for eSIM profiles to be managed by MDM providers in the case of enterprise use cases. However, Windows does not limit how ecosystem partners might want to offer this to their own partners and/or customers. As such, the eSIM profile management capability is something that can be supported by integrating with the Window OMA-DM. This makes it possible to remotely manage the eSIM profiles according to the company policies. As an MDM provider, if you are looking to integrate/onboard to a mobile operator on a 1:1 basis, contact them and learn more about their onboarding. If you would like to integrate and work with only one MDM provider, contact that provider directly. If you would like to offer eSIM management to customers using different MDM providers, contact an orchestrator provider. Orchestrator providers act as proxy handling MDM onboarding as well as mobile operator onboarding. Their role is to make the process as painless and scalable as possible for all parties. Potential orchestrator providers you could contact include:
+    - [HPE’s Device Entitlement Gateway](https://www.hpe.com/emea_europe/en/solutions/digital-communications-services.html)
+    - [IDEMIA’s The Smart Connect - Hub](https://www.idemia.com/smart-connect-hub)
 - Assess solution type that you would like to provide your customers
 - Batch/offline solution
 - IT Admin can manually import a flat file containing list of eSIM activation codes, and provision eSIM on LTE enabled devices.
-- Operator does not have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
+- Operator doesn't have visibility over status of the eSIM profiles and device eSIM has been downloaded and installed to
 - Real-time solution
 - MDM automatically syncs with the Operator backend system for subscription pool and eSIM management, via sim vendor solution component. IT Admin can view subscription pool and provision eSIM in real time.
 - Operator is notified of the status of each eSIM profile and has visibility on which devices are being used
-**Note:** The solution type is not noticeable to the end-user. The choice between the two is made between the MDM and the Mobile Operator.
+**Note:** End users don't notice the solution type. The choice between the two is made between the MDM and the Mobile Operator.

windows/client-management/mdm/firewall-csp.md

@@ -248,10 +248,10 @@ Sample syncxml to provision the firewall settings to evaluate
 <p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
 
 <a href="" id="localaddressranges"></a>**FirewallRules/*FirewallRuleName*/LocalAddressRanges**
-<p style="margin-left: 20px">Comma separated list of local addresses covered by the rule. The default value is &quot;<em>&quot;. Valid tokens include:</p>
+<p style="margin-left: 20px">Comma separated list of local addresses covered by the rule. The default value is "*". Valid tokens include:</p>
 <ul>
-<li>&quot;</em>&quot; indicates any local address. If present, this must be the only token included.</li>
+<li>"*" indicates any local address. If present, this must be the only token included.</li>
-<li>A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask not a network prefix is specified, the subnet mask defaults to 255.255.255.255.</li>
+<li>A subnet can be specified using either the subnet mask or network prefix notation. If neither a subnet mask nor a network prefix is specified, the subnet mask defaults to 255.255.255.255.</li>
 <li>A valid IPv6 address.</li>
 <li>An IPv4 address range in the format of &quot;start address - end address&quot; with no spaces included.</li>
 <li>An IPv6 address range in the format of &quot;start address - end address&quot; with no spaces included.</li>
@@ -260,9 +260,9 @@ Sample syncxml to provision the firewall settings to evaluate
 <p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Replace, and Delete.</p>
 
 <a href="" id="remoteaddressranges"></a>**FirewallRules/*FirewallRuleName*/RemoteAddressRanges**
-<p style="margin-left: 20px">List of comma separated tokens specifying the remote addresses covered by the rule. The default value is &quot;<em>&quot;. Valid tokens include:</p>
+<p style="margin-left: 20px">List of comma separated tokens specifying the remote addresses covered by the rule. The default value is "*". Valid tokens include:</p>
 <ul>
-<li>&quot;</em>&quot; indicates any remote address. If present, this must be the only token included.</li>
+<li>"*" indicates any remote address. If present, this must be the only token included.</li>
 <li>&quot;Defaultgateway&quot;</li>
 <li>&quot;DHCP&quot;</li>
 <li>&quot;DNS&quot;</li>

windows/client-management/mdm/healthattestation-csp.md

@@ -74,7 +74,7 @@ The following is a list of functions performed by the Device HealthAttestation C
 
 <strong>DHA-Enabled MDM (Device HealthAttestation enabled device management solution)</strong>
 <p style="margin-left: 20px">Device HealthAttestation enabled (DHA-Enabled) device management solution is a device management tool that is integrated with the DHA feature.</p>
-<p style="margin-left: 20px">DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromized by advanced security threats or running a malicious (jailbroken) operating system.</p>
+<p style="margin-left: 20px">DHA-Enabled device management solutions enable enterprise IT managers to raise the security protection bar for their managed devices based on hardware (TPM) protected data that can be trusted even if a device is compromised by advanced security threats or running a malicious (jailbroken) operating system.</p>
 <p style="margin-left: 20px">The following list of operations are performed by DHA-Enabled-MDM:</p>
 <ul>
 <li>Enables the DHA feature on a DHA-Enabled device</li>
@@ -195,10 +195,10 @@ The following diagram shows the Device HealthAttestation configuration service p
 
 <p style="margin-left: 20px">The following list shows some examples of supported values. For the complete list of status see <a href="#device-healthattestation-csp-status-and-error-codes" data-raw-source="[Device HealthAttestation CSP status and error codes](#device-healthattestation-csp-status-and-error-codes)">Device HealthAttestation CSP status and error codes</a>.</p>
 
--   0 - (HEALTHATTESTATION\_CERT\_RETRI_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
+-   0 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_UNINITIALIZED): DHA-CSP is preparing a request to get a new DHA-EncBlob from DHA-Service
--   1 - (HEALTHATTESTATION\_CERT\_RETRI_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
+-   1 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_REQUESTED): DHA-CSP is waiting for the DHA-Service to respond back, and issue a DHA-EncBlob to the device
 -   2 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_FAILED): A valid DHA-EncBlob could not be retrieved from the DHA-Service for reasons other than discussed in the DHA error/status codes
--   3 - (HEALTHATTESTATION\_CERT\_RETRI_COMPLETE): DHA-Data is ready for pick up
+-   3 - (HEALTHATTESTATION\_CERT\_RETRIEVAL_COMPLETE): DHA-Data is ready for pick up
 
 <a href="" id="forceretrieve"></a>**ForceRetrieve** (Optional)  
 <p style="margin-left: 20px">Instructs the client to initiate a new request to DHA-Service, and get a new DHA-EncBlob (a summary of the boot state that is issued by DHA-Service). This option should only be used if the MDM server enforces a certificate freshness policy, which needs to force a device to get a fresh encrypted blob from DHA-Service.</p>
@@ -220,7 +220,7 @@ The following diagram shows the Device HealthAttestation configuration service p
 <a href="" id="correlationid"></a>**CorrelationId** (Required)  
 <p style="margin-left: 20px">Identifies a unique device health attestation session. CorrelationId is used to correlate DHA-Service logs with the MDM server events and Client event logs for debug and troubleshooting.</p>
 
-<p style="margin-left: 20px">Value type is integer, the minimum value is - 2,147,483,648 and the maximun value is 2,147,483,647. The supported operation is Get.</p>
+<p style="margin-left: 20px">Value type is integer, the minimum value is - 2,147,483,648 and the maximum value is 2,147,483,647. The supported operation is Get.</p>
 
 <a href="" id="hasendpoint"></a>**HASEndpoint** (Optional)
 <p style="margin-left: 20px">Identifies the fully qualified domain name (FQDN) of the DHA-Service that is assigned to perform attestation. If an FQDN is not assigned, DHA-Cloud (Microsoft owned and operated cloud service) will be used as the default attestation service.</p>
@@ -359,8 +359,8 @@ The following example shows a sample call that triggers collection and verificat
 
 After the client receives the health attestation request, it sends a response. The following list describes the responses, along with a recommended action to take.
 
-- If the response is HEALTHATTESTATION\_CERT_RETRI_COMPLETE (3) then proceed to the next section.
+- If the response is HEALTHATTESTATION\_CERT_RETRIEVAL_COMPLETE (3) then proceed to the next section.
-- If the response is HEALTHATTESTATION_CERT_RETRI_REQUESTED (1) or HEALTHATTESTATION_CERT_RETRI_UNINITIALIZED (0) wait for an alert, then proceed to the next section.
+- If the response is HEALTHATTESTATION_CERT_RETRIEVAL_REQUESTED (1) or HEALTHATTESTATION_CERT_RETRIEVAL_UNINITIALIZED (0) wait for an alert, then proceed to the next section.
 
 Here is a sample alert that is issued by DHA_CSP:
 
@@ -830,7 +830,7 @@ Each of these are described in further detail in the following sections, along w
     <tr>
         <td style="vertical-align:top">3</td>
         <td style="vertical-align:top">HEALTHATTESTATION_CERT_RETRIEVAL_COMPLETE</td>
-        <td style="vertical-align:top">This state signifies that the device failed to retrieve DHA-EncBlob from DHA-Server.</td>
+        <td style="vertical-align:top">This state signifies that the device has successfully retrieved DHA-EncBlob from the DHA-Server.</td>
     </tr>
     <tr>
         <td style="vertical-align:top">4</td>

windows/client-management/mdm/networkqospolicy-csp.md

@@ -25,7 +25,7 @@ The following actions are supported:
 - Layer 3 tagging using a differentiated services code point (DSCP) value
 
 > [!NOTE]
-> The NetworkQoSPolicy configuration service provider is supported only in Microsoft Surface Hub.
+> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004.
 
 The following diagram shows the NetworkQoSPolicy configuration service provider in tree format.
 

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -1,6 +1,6 @@
 ---
-title: ADMX-backed policy CSPs
+title: ADMX-backed policies in Policy CSP
-description: ADMX-backed policy CSPs
+description: ADMX-backed policies in Policy CSP
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,15 +9,15 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/18/2020
+ms.date: 10/08/2020
 ---
 
-# ADMX-backed policy CSPs
+# ADMX-backed policies in Policy CSP
 
 > [!div class="op_single_selector"]
 >
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy-CSPs](policy-csps-admx-backed.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
@@ -42,6 +42,24 @@ ms.date: 08/18/2020
 - [ADMX_AppCompat/AppCompatTurnOffUserActionRecord](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffuseractionrecord)
 - [ADMX_AppCompat/AppCompatTurnOffProgramInventory](./policy-csp-admx-appcompat.md#admx-appcompat-appcompatturnoffprograminventory)
 - [ADMX_AuditSettings/IncludeCmdLine](./policy-csp-admx-auditsettings.md#admx-auditsettings-includecmdline)
+- [ADMX_Bits/BITS_DisableBranchCache](./policy-csp-admx-bits.md#admx-bits-bits-disablebranchcache)
+- [ADMX_Bits/BITS_DisablePeercachingClient](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingclient)
+- [ADMX_Bits/BITS_DisablePeercachingServer](./policy-csp-admx-bits.md#admx-bits-bits-disablepeercachingserver)
+- [ADMX_Bits/BITS_EnablePeercaching](./policy-csp-admx-bits.md#admx-bits-bits-enablepeercaching)
+- [ADMX_Bits/BITS_MaxBandwidthServedForPeers](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthservedforpeers)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Maintenance](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-maintenance)
+- [ADMX_Bits/BITS_MaxBandwidthV2_Work](./policy-csp-admx-bits.md#admx-bits-bits-maxbandwidthv2-work)
+- [ADMX_Bits/BITS_MaxCacheSize](./policy-csp-admx-bits.md#admx-bits-bits-maxcachesize)
+- [ADMX_Bits/BITS_MaxContentAge](./policy-csp-admx-bits.md#admx-bits-bits-maxcontentage)
+- [ADMX_Bits/BITS_MaxDownloadTime](./policy-csp-admx-bits.md#admx-bits-bits-maxdownloadtime)
+- [ADMX_Bits/BITS_MaxFilesPerJob](./policy-csp-admx-bits.md#admx-bits-bits-maxfilesperjob)
+- [ADMX_Bits/BITS_MaxJobsPerMachine](./policy-csp-admx-bits.md#admx-bits-bits-maxjobspermachine)
+- [ADMX_Bits/BITS_MaxJobsPerUser](./policy-csp-admx-bits.md#admx-bits-bits-maxjobsperuser)
+- [ADMX_Bits/BITS_MaxRangesPerFile](./policy-csp-admx-bits.md#admx-bits-bits-maxrangesperfile)
+- [ADMX_CipherSuiteOrder/SSLCipherSuiteOrder](./policy-csp-admx-ciphersuiteorder.md#admx-ciphersuiteorder-sslciphersuiteorder)
+- [ADMX_CipherSuiteOrder/SSLCurveOrder](./policy-csp-admx-ciphersuiteorder.md#admx-ciphersuiteorder-sslcurveorder)
+- [ADMX_COM/AppMgmt_COM_SearchForCLSID_1](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-1)
+- [ADMX_COM/AppMgmt_COM_SearchForCLSID_2](./policy-csp-admx-com.md#admx-com-appmgmt-com-searchforclsid-2)
 - [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile)
 - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
@@ -121,6 +139,110 @@ ms.date: 08/18/2020
 - [ADMX_MMC/MMC_LinkToWeb](./policy-csp-admx-mmc.md#admx-mmc-mmc-linktoweb)
 - [ADMX_MMC/MMC_Restrict_Author](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-author)
 - [ADMX_MMC/MMC_Restrict_To_Permitted_Snapins](./policy-csp-admx-mmc.md#admx-mmc-mmc-restrict-to-permitted-snapins)
+- [ADMX_MMCSnapins/MMC_ADMComputers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admcomputers-1)
+- [ADMX_MMCSnapins/MMC_ADMComputers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admcomputers-2)
+- [ADMX_MMCSnapins/MMC_ADMUsers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admusers-1)
+- [ADMX_MMCSnapins/MMC_ADMUsers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-admusers-2)
+- [ADMX_MMCSnapins/MMC_ADSI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-adsi)
+- [ADMX_MMCSnapins/MMC_ActiveDirDomTrusts](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activedirdomtrusts)
+- [ADMX_MMCSnapins/MMC_ActiveDirSitesServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activedirsitesservices)
+- [ADMX_MMCSnapins/MMC_ActiveDirUsersComp](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-activediruserscomp)
+- [ADMX_MMCSnapins/MMC_AppleTalkRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-appletalkrouting)
+- [ADMX_MMCSnapins/MMC_AuthMan](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-authman)
+- [ADMX_MMCSnapins/MMC_CertAuth](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certauth)
+- [ADMX_MMCSnapins/MMC_CertAuthPolSet](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certauthpolset)
+- [ADMX_MMCSnapins/MMC_Certs](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certs)
+- [ADMX_MMCSnapins/MMC_CertsTemplate](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-certstemplate)
+- [ADMX_MMCSnapins/MMC_ComponentServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-componentservices)
+- [ADMX_MMCSnapins/MMC_ComputerManagement](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-computermanagement)
+- [ADMX_MMCSnapins/MMC_ConnectionSharingNAT](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-connectionsharingnat)
+- [ADMX_MMCSnapins/MMC_DCOMCFG](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dcomcfg)
+- [ADMX_MMCSnapins/MMC_DFS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dfs)
+- [ADMX_MMCSnapins/MMC_DHCPRelayMgmt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-dhcprelaymgmt)
+- [ADMX_MMCSnapins/MMC_DeviceManager_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-devicemanager-1)
+- [ADMX_MMCSnapins/MMC_DeviceManager_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-devicemanager-2)
+- [ADMX_MMCSnapins/MMC_DiskDefrag](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-diskdefrag)
+- [ADMX_MMCSnapins/MMC_DiskMgmt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-diskmgmt)
+- [ADMX_MMCSnapins/MMC_EnterprisePKI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-enterprisepki)
+- [ADMX_MMCSnapins/MMC_EventViewer_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-1)
+- [ADMX_MMCSnapins/MMC_EventViewer_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-2)
+- [ADMX_MMCSnapins/MMC_EventViewer_3](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-3)
+- [ADMX_MMCSnapins/MMC_EventViewer_4](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-eventviewer-4)
+- [ADMX_MMCSnapins/MMC_FAXService](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-faxservice)
+- [ADMX_MMCSnapins/MMC_FailoverClusters](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-failoverclusters)
+- [ADMX_MMCSnapins/MMC_FolderRedirection_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-folderredirection-1)
+- [ADMX_MMCSnapins/MMC_FolderRedirection_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-folderredirection-2)
+- [ADMX_MMCSnapins/MMC_FrontPageExt](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-frontpageext)
+- [ADMX_MMCSnapins/MMC_GroupPolicyManagementSnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicymanagementsnapin)
+- [ADMX_MMCSnapins/MMC_GroupPolicySnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicysnapin)
+- [ADMX_MMCSnapins/MMC_GroupPolicyTab](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-grouppolicytab)
+- [ADMX_MMCSnapins/MMC_HRA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-hra)
+- [ADMX_MMCSnapins/MMC_IAS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ias)
+- [ADMX_MMCSnapins/MMC_IASLogging](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iaslogging)
+- [ADMX_MMCSnapins/MMC_IEMaintenance_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iemaintenance-1)
+- [ADMX_MMCSnapins/MMC_IEMaintenance_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iemaintenance-2)
+- [ADMX_MMCSnapins/MMC_IGMPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-igmprouting)
+- [ADMX_MMCSnapins/MMC_IIS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iis)
+- [ADMX_MMCSnapins/MMC_IPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-iprouting)
+- [ADMX_MMCSnapins/MMC_IPSecManage_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmanage-gp)
+- [ADMX_MMCSnapins/MMC_IPXRIPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxriprouting)
+- [ADMX_MMCSnapins/MMC_IPXRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxrouting)
+- [ADMX_MMCSnapins/MMC_IPXSAPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipxsaprouting)
+- [ADMX_MMCSnapins/MMC_IndexingService](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-indexingservice)
+- [ADMX_MMCSnapins/MMC_IpSecManage](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmanage)
+- [ADMX_MMCSnapins/MMC_IpSecMonitor](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ipsecmonitor)
+- [ADMX_MMCSnapins/MMC_LocalUsersGroups](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-localusersgroups)
+- [ADMX_MMCSnapins/MMC_LogicalMappedDrives](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-logicalmappeddrives)
+- [ADMX_MMCSnapins/MMC_NPSUI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-npsui)
+- [ADMX_MMCSnapins/MMC_NapSnap](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-napsnap)
+- [ADMX_MMCSnapins/MMC_NapSnap_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-napsnap-gp)
+- [ADMX_MMCSnapins/MMC_Net_Framework](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-net-framework)
+- [ADMX_MMCSnapins/MMC_OCSP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ocsp)
+- [ADMX_MMCSnapins/MMC_OSPFRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ospfrouting)
+- [ADMX_MMCSnapins/MMC_PerfLogsAlerts](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-perflogsalerts)
+- [ADMX_MMCSnapins/MMC_PublicKey](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-publickey)
+- [ADMX_MMCSnapins/MMC_QoSAdmission](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-qosadmission)
+- [ADMX_MMCSnapins/MMC_RAS_DialinUser](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ras-dialinuser)
+- [ADMX_MMCSnapins/MMC_RIPRouting](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-riprouting)
+- [ADMX_MMCSnapins/MMC_RIS](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-ris)
+- [ADMX_MMCSnapins/MMC_RRA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-rra)
+- [ADMX_MMCSnapins/MMC_RSM](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-rsm)
+- [ADMX_MMCSnapins/MMC_RemStore](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remstore)
+- [ADMX_MMCSnapins/MMC_RemoteAccess](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remoteaccess)
+- [ADMX_MMCSnapins/MMC_RemoteDesktop](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-remotedesktop)
+- [ADMX_MMCSnapins/MMC_ResultantSetOfPolicySnapIn](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-resultantsetofpolicysnapin)
+- [ADMX_MMCSnapins/MMC_Routing](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-routing)
+- [ADMX_MMCSnapins/MMC_SCA](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sca)
+- [ADMX_MMCSnapins/MMC_SMTPProtocol](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-smtpprotocol)
+- [ADMX_MMCSnapins/MMC_SNMP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-snmp)
+- [ADMX_MMCSnapins/MMC_ScriptsMachine_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsmachine-1)
+- [ADMX_MMCSnapins/MMC_ScriptsMachine_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsmachine-2)
+- [ADMX_MMCSnapins/MMC_ScriptsUser_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsuser-1)
+- [ADMX_MMCSnapins/MMC_ScriptsUser_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-scriptsuser-2)
+- [ADMX_MMCSnapins/MMC_SecuritySettings_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitysettings-1)
+- [ADMX_MMCSnapins/MMC_SecuritySettings_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitysettings-2)
+- [ADMX_MMCSnapins/MMC_SecurityTemplates](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-securitytemplates)
+- [ADMX_MMCSnapins/MMC_SendConsoleMessage](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sendconsolemessage)
+- [ADMX_MMCSnapins/MMC_ServerManager](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-servermanager)
+- [ADMX_MMCSnapins/MMC_ServiceDependencies](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-servicedependencies)
+- [ADMX_MMCSnapins/MMC_Services](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-services)
+- [ADMX_MMCSnapins/MMC_SharedFolders](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sharedfolders)
+- [ADMX_MMCSnapins/MMC_SharedFolders_Ext](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sharedfolders-ext)
+- [ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstalationcomputers-1)
+- [ADMX_MMCSnapins/MMC_SoftwareInstalationComputers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstalationcomputers-2)
+- [ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_1](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstallationusers-1)
+- [ADMX_MMCSnapins/MMC_SoftwareInstallationUsers_2](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-softwareinstallationusers-2)
+- [ADMX_MMCSnapins/MMC_SysInfo](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sysinfo)
+- [ADMX_MMCSnapins/MMC_SysProp](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-sysprop)
+- [ADMX_MMCSnapins/MMC_TPMManagement](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-tpmmanagement)
+- [ADMX_MMCSnapins/MMC_Telephony](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-telephony)
+- [ADMX_MMCSnapins/MMC_TerminalServices](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-terminalservices)
+- [ADMX_MMCSnapins/MMC_WMI](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wmi)
+- [ADMX_MMCSnapins/MMC_WindowsFirewall](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-windowsfirewall)
+- [ADMX_MMCSnapins/MMC_WindowsFirewall_GP](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-windowsfirewall-gp)
+- [ADMX_MMCSnapins/MMC_WiredNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirednetworkpolicy)
+- [ADMX_MMCSnapins/MMC_WirelessMon](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessmon)
+- [ADMX_MMCSnapins/MMC_WirelessNetworkPolicy](./policy-csp-admx-mmcsnapins.md#admx-mmcsnapins-mmc-wirelessnetworkpolicy)
 - [ADMX_MSAPolicy/IncludeMicrosoftAccount_DisableUserAuthCmdLine](./policy-csp-admx-msapolicy.md#admx-msapolicy-microsoftaccount-disableuserauth)
 - [ADMX_nca/CorporateResources](./policy-csp-admx-nca.md#admx-nca-corporateresources)
 - [ADMX_nca/CustomCommands](./policy-csp-admx-nca.md#admx-nca-customcommands)
@@ -172,6 +294,33 @@ ms.date: 08/18/2020
 - [ADMX_Netlogon/Netlogon_SysvolShareCompatibilityMode](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-sysvolsharecompatibilitymode)
 - [ADMX_Netlogon/Netlogon_TryNextClosestSite](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-trynextclosestsite)
 - [ADMX_Netlogon/Netlogon_UseDynamicDns](./policy-csp-admx-netlogon.md#admx-netlogon-netlogon-usedynamicdns)
+- [ADMX_NetworkConnections/NC_AddRemoveComponents](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-addremovecomponents)
+- [ADMX_NetworkConnections/NC_AdvancedSettings](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-advancedsettings)
+- [ADMX_NetworkConnections/NC_AllowAdvancedTCPIPConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-allowadvancedtcpipconfig)
+- [ADMX_NetworkConnections/NC_ChangeBindState](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-changebindstate)
+- [ADMX_NetworkConnections/NC_DeleteAllUserConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deletealluserconnection)
+- [ADMX_NetworkConnections/NC_DeleteConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-deleteconnection)
+- [ADMX_NetworkConnections/NC_DialupPrefs](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-dialupprefs)
+- [ADMX_NetworkConnections/NC_DoNotShowLocalOnlyIcon](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-donotshowlocalonlyicon)
+- [ADMX_NetworkConnections/NC_EnableAdminProhibits](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-enableadminprohibits)
+- [ADMX_NetworkConnections/NC_ForceTunneling](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-forcetunneling)
+- [ADMX_NetworkConnections/NC_IpStateChecking](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-ipstatechecking)
+- [ADMX_NetworkConnections/NC_LanChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanchangeproperties)
+- [ADMX_NetworkConnections/NC_LanConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanconnect)
+- [ADMX_NetworkConnections/NC_LanProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-lanproperties)
+- [ADMX_NetworkConnections/NC_NewConnectionWizard](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-newconnectionwizard)
+- [ADMX_NetworkConnections/NC_PersonalFirewallConfig](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-personalfirewallconfig)
+- [ADMX_NetworkConnections/NC_RasAllUserProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasalluserproperties)
+- [ADMX_NetworkConnections/NC_RasChangeProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-raschangeproperties)
+- [ADMX_NetworkConnections/NC_RasConnect](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasconnect)
+- [ADMX_NetworkConnections/NC_RasMyProperties](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-rasmyproperties)
+- [ADMX_NetworkConnections/NC_RenameAllUserRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamealluserrasconnection)
+- [ADMX_NetworkConnections/NC_RenameConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renameconnection)
+- [ADMX_NetworkConnections/NC_RenameLanConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamelanconnection)
+- [ADMX_NetworkConnections/NC_RenameMyRasConnection](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-renamemyrasconnection)
+- [ADMX_NetworkConnections/NC_ShowSharedAccessUI](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-showsharedaccessui)
+- [ADMX_NetworkConnections/NC_Statistics](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-statistics)
+- [ADMX_NetworkConnections/NC_StdDomainUserSetLocation](./policy-csp-admx-networkconnections.md#admx-networkconnections-nc-stddomainusersetlocation)
 - [ADMX_OfflineFiles/Pol_AlwaysPinSubFolders](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-alwayspinsubfolders)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_1](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-1)
 - [ADMX_OfflineFiles/Pol_AssignedOfflineFiles_2](./policy-csp-admx-offlinefiles.md#admx-offlinefiles-pol-assignedofflinefiles-2)
@@ -231,6 +380,10 @@ ms.date: 08/18/2020
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_2](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-2)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_3](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-3)
 - [ADMX_PerformanceDiagnostics/WdiScenarioExecutionPolicy_4](./policy-csp-admx-performancediagnostics.md#admx-performancediagnostics-wdiscenarioexecutionpolicy-4)
+- [ADMX_PowerShellExecutionPolicy/EnableModuleLogging](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablemodulelogging)
+- [ADMX_PowerShellExecutionPolicy/EnableScripts](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enablescripts)
+- [ADMX_PowerShellExecutionPolicy/EnableTranscripting](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enabletranscripting)
+- [ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath](./policy-csp-admx-powershellexecutionpolicy.md#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath)
 - [ADMX_Reliability/EE_EnablePersistentTimeStamp](./policy-csp-admx-reliability.md#admx-reliability-ee-enablepersistenttimestamp)
 - [ADMX_Reliability/PCH_ReportShutdownEvents](./policy-csp-admx-reliability.md#admx-reliability-pch-reportshutdownevents)
 - [ADMX_Reliability/ShutdownEventTrackerStateFile](./policy-csp-admx-reliability.md#admx-reliability-shutdowneventtrackerstatefile)
@@ -251,15 +404,396 @@ ms.date: 08/18/2020
 - [ADMX_sdiageng/ScriptedDiagnosticsExecutionPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticsexecutionpolicy)
 - [ADMX_sdiageng/ScriptedDiagnosticsSecurityPolicy](./policy-csp-admx-sdiageng.md#admx-sdiageng-scripteddiagnosticssecuritypolicy)
 - [ADMX_Securitycenter/SecurityCenter_SecurityCenterInDomain](/policy-csp-admx-securitycenter.md#admx-securitycenter-securitycenter-securitycenterindomain)
+- [ADMX_Sensors/DisableLocationScripting_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-1)
+- [ADMX_Sensors/DisableLocationScripting_2](./policy-csp-admx-sensors.md#admx-sensors-disablelocationscripting-2)
+- [ADMX_Sensors/DisableLocation_1](./policy-csp-admx-sensors.md#admx-sensors-disablelocation-1)
+- [ADMX_Sensors/DisableSensors_1](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-1)
+- [ADMX_Sensors/DisableSensors_2](./policy-csp-admx-sensors.md#admx-sensors-disablesensors-2)
 - [ADMX_Servicing/Servicing](./policy-csp-admx-servicing.md#admx-servicing-servicing)
 - [ADMX_SharedFolders/PublishDfsRoots](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishdfsroots)
 - [ADMX_SharedFolders/PublishSharedFolders](./policy-csp-admx-sharedfolders.md#admx-sharedfolders-publishsharedfolders)
-- [ADMX_Sharing/DisableHomeGroup](./policy-csp-admx-sharing.md#admx-sharing-disablehomegroup)
 - [ADMX_Sharing/NoInplaceSharing](./policy-csp-admx-sharing.md#admx-sharing-noinplacesharing)
 - [ADMX_ShellCommandPromptRegEditTools/DisableCMD](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
 - [ADMX_ShellCommandPromptRegEditTools/DisableRegedit](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disableregedit)
 - [ADMX_ShellCommandPromptRegEditTools/DisallowApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disallowapps)
 - [ADMX_ShellCommandPromptRegEditTools/RestrictApps](./policy-csp-admx-shellcommandpromptregedittools.md#admx-shellcommandpromptregedittools-disablecmd)
+- [ADMX_Smartcard/AllowCertificatesWithNoEKU](./policy-csp-admx-smartcard.md#admx-smartcard-allowcertificateswithnoeku)
+- [ADMX_Smartcard/AllowIntegratedUnblock](./policy-csp-admx-smartcard.md#admx-smartcard-allowintegratedunblock)
+- [ADMX_Smartcard/AllowSignatureOnlyKeys](./policy-csp-admx-smartcard.md#admx-smartcard-allowsignatureonlykeys)
+- [ADMX_Smartcard/AllowTimeInvalidCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-allowtimeinvalidcertificates)
+- [ADMX_Smartcard/CertPropEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certpropenabledstring)
+- [ADMX_Smartcard/CertPropRootCleanupString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootcleanupstring)
+- [ADMX_Smartcard/CertPropRootEnabledString](./policy-csp-admx-smartcard.md#admx-smartcard-certproprootenabledstring)
+- [ADMX_Smartcard/DisallowPlaintextPin](./policy-csp-admx-smartcard.md#admx-smartcard-disallowplaintextpin)
+- [ADMX_Smartcard/EnumerateECCCerts](./policy-csp-admx-smartcard.md#admx-smartcard-enumerateecccerts)
+- [ADMX_Smartcard/FilterDuplicateCerts](./policy-csp-admx-smartcard.md#admx-smartcard-filterduplicatecerts)
+- [ADMX_Smartcard/ForceReadingAllCertificates](./policy-csp-admx-smartcard.md#admx-smartcard-forcereadingallcertificates)
+- [ADMX_Smartcard/IntegratedUnblockPromptString](./policy-csp-admx-smartcard.md#admx-smartcard-integratedunblockpromptstring)
+- [ADMX_Smartcard/ReverseSubject](./policy-csp-admx-smartcard.md#admx-smartcard-reversesubject)
+- [ADMX_Smartcard/SCPnPEnabled](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpenabled)
+- [ADMX_Smartcard/SCPnPNotification](./policy-csp-admx-smartcard.md#admx-smartcard-scpnpnotification)
+- [ADMX_Smartcard/X509HintsNeeded](./policy-csp-admx-smartcard.md#admx-smartcard-x509hintsneeded)
+- [ADMX_Snmp/SNMP_Communities](./policy-csp-admx-snmp.md#admx-snmp-snmp-communities)
+- [ADMX_Snmp/SNMP_PermittedManagers](./policy-csp-admx-snmp.md#admx-snmp-snmp-permittedmanagers)
+- [ADMX_Snmp/SNMP_Traps_Public](./policy-csp-admx-snmp.md#admx-snmp-snmp-traps-public)
+- [ADMX_StartMenu/AddSearchInternetLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-addsearchinternetlinkinstartmenu)
+- [ADMX_StartMenu/ClearRecentDocsOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentdocsonexit)
+- [ADMX_StartMenu/ClearRecentProgForNewUserInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-clearrecentprogfornewuserinstartmenu)
+- [ADMX_StartMenu/ClearTilesOnExit](./policy-csp-admx-startmenu.md#admx-startmenu-cleartilesonexit)
+- [ADMX_StartMenu/DesktopAppsFirstInAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-desktopappsfirstinappsview)
+- [ADMX_StartMenu/DisableGlobalSearchOnAppsView](./policy-csp-admx-startmenu.md#admx-startmenu-disableglobalsearchonappsview)
+- [ADMX_StartMenu/ForceStartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-forcestartmenulogoff)
+- [ADMX_StartMenu/GoToDesktopOnSignIn](./policy-csp-admx-startmenu.md#admx-startmenu-gotodesktoponsignin)
+- [ADMX_StartMenu/GreyMSIAds](./policy-csp-admx-startmenu.md#admx-startmenu-greymsiads)
+- [ADMX_StartMenu/HidePowerOptions](./policy-csp-admx-startmenu.md#admx-startmenu-hidepoweroptions)
+- [ADMX_StartMenu/Intellimenus](./policy-csp-admx-startmenu.md#admx-startmenu-intellimenus)
+- [ADMX_StartMenu/LockTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-locktaskbar)
+- [ADMX_StartMenu/MemCheckBoxInRunDlg](./policy-csp-admx-startmenu.md#admx-startmenu-memcheckboxinrundlg)
+- [ADMX_StartMenu/NoAutoTrayNotify](./policy-csp-admx-startmenu.md#admx-startmenu-noautotraynotify)
+- [ADMX_StartMenu/NoBalloonTip](./policy-csp-admx-startmenu.md#admx-startmenu-noballoontip)
+- [ADMX_StartMenu/NoChangeStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nochangestartmenu)
+- [ADMX_StartMenu/NoClose](./policy-csp-admx-startmenu.md#admx-startmenu-noclose)
+- [ADMX_StartMenu/NoCommonGroups](./policy-csp-admx-startmenu.md#admx-startmenu-nocommongroups)
+- [ADMX_StartMenu/NoFavoritesMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nofavoritesmenu)
+- [ADMX_StartMenu/NoFind](./policy-csp-admx-startmenu.md#admx-startmenu-nofind)
+- [ADMX_StartMenu/NoGamesFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nogamesfolderonstartmenu)
+- [ADMX_StartMenu/NoHelp](./policy-csp-admx-startmenu.md#admx-startmenu-nohelp)
+- [ADMX_StartMenu/NoInstrumentation](./policy-csp-admx-startmenu.md#admx-startmenu-noinstrumentation)
+- [ADMX_StartMenu/NoMoreProgramsList](./policy-csp-admx-startmenu.md#admx-startmenu-nomoreprogramslist)
+- [ADMX_StartMenu/NoNetAndDialupConnect](./policy-csp-admx-startmenu.md#admx-startmenu-nonetanddialupconnect)
+- [ADMX_StartMenu/NoPinnedPrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nopinnedprograms)
+- [ADMX_StartMenu/NoRecentDocsMenu](./policy-csp-admx-startmenu.md#admx-startmenu-norecentdocsmenu)
+- [ADMX_StartMenu/NoResolveSearch](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvesearch)
+- [ADMX_StartMenu/NoResolveTrack](./policy-csp-admx-startmenu.md#admx-startmenu-noresolvetrack)
+- [ADMX_StartMenu/NoRun](./policy-csp-admx-startmenu.md#admx-startmenu-norun)
+- [ADMX_StartMenu/NoSMConfigurePrograms](./policy-csp-admx-startmenu.md#admx-startmenu-nosmconfigureprograms)
+- [ADMX_StartMenu/NoSMMyDocuments](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmydocuments)
+- [ADMX_StartMenu/NoSMMyMusic](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmymusic)
+- [ADMX_StartMenu/NoSMMyNetworkPlaces](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmynetworkplaces)
+- [ADMX_StartMenu/NoSMMyPictures](./policy-csp-admx-startmenu.md#admx-startmenu-nosmmypictures)
+- [ADMX_StartMenu/NoSearchCommInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomminstartmenu)
+- [ADMX_StartMenu/NoSearchComputerLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchcomputerlinkinstartmenu)
+- [ADMX_StartMenu/NoSearchEverywhereLinkInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearcheverywherelinkinstartmenu)
+- [ADMX_StartMenu/NoSearchFilesInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchfilesinstartmenu)
+- [ADMX_StartMenu/NoSearchInternetInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchinternetinstartmenu)
+- [ADMX_StartMenu/NoSearchProgramsInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nosearchprogramsinstartmenu)
+- [ADMX_StartMenu/NoSetFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nosetfolders)
+- [ADMX_StartMenu/NoSetTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-nosettaskbar)
+- [ADMX_StartMenu/NoStartMenuDownload](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenudownload)
+- [ADMX_StartMenu/NoStartMenuHomegroup](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuhomegroup)
+- [ADMX_StartMenu/NoStartMenuRecordedTV](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenurecordedtv)
+- [ADMX_StartMenu/NoStartMenuSubFolders](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenusubfolders)
+- [ADMX_StartMenu/NoStartMenuVideos](./policy-csp-admx-startmenu.md#admx-startmenu-nostartmenuvideos)
+- [ADMX_StartMenu/NoStartPage](./policy-csp-admx-startmenu.md#admx-startmenu-nostartpage)
+- [ADMX_StartMenu/NoTaskBarClock](./policy-csp-admx-startmenu.md#admx-startmenu-notaskbarclock)
+- [ADMX_StartMenu/NoTaskGrouping](./policy-csp-admx-startmenu.md#admx-startmenu-notaskgrouping)
+- [ADMX_StartMenu/NoToolbarsOnTaskbar](./policy-csp-admx-startmenu.md#admx-startmenu-notoolbarsontaskbar)
+- [ADMX_StartMenu/NoTrayContextMenu](./policy-csp-admx-startmenu.md#admx-startmenu-notraycontextmenu)
+- [ADMX_StartMenu/NoTrayItemsDisplay](./policy-csp-admx-startmenu.md#admx-startmenu-notrayitemsdisplay)
+- [ADMX_StartMenu/NoUninstallFromStart](./policy-csp-admx-startmenu.md#admx-startmenu-nouninstallfromstart)
+- [ADMX_StartMenu/NoUserFolderOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nouserfolderonstartmenu)
+- [ADMX_StartMenu/NoUserNameOnStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-nousernameonstartmenu)
+- [ADMX_StartMenu/NoWindowsUpdate](./policy-csp-admx-startmenu.md#admx-startmenu-nowindowsupdate)
+- [ADMX_StartMenu/PowerButtonAction](./policy-csp-admx-startmenu.md#admx-startmenu-powerbuttonaction)
+- [ADMX_StartMenu/QuickLaunchEnabled](./policy-csp-admx-startmenu.md#admx-startmenu-quicklaunchenabled)
+- [ADMX_StartMenu/RemoveUnDockPCButton](./policy-csp-admx-startmenu.md#admx-startmenu-removeundockpcbutton)
+- [ADMX_StartMenu/ShowAppsViewOnStart](./policy-csp-admx-startmenu.md#admx-startmenu-showappsviewonstart)
+- [ADMX_StartMenu/ShowRunAsDifferentUserInStart](./policy-csp-admx-startmenu.md#admx-startmenu-showrunasdifferentuserinstart)
+- [ADMX_StartMenu/ShowRunInStartMenu](./policy-csp-admx-startmenu.md#admx-startmenu-showruninstartmenu)
+- [ADMX_StartMenu/ShowStartOnDisplayWithForegroundOnWinKey](./policy-csp-admx-startmenu.md#admx-startmenu-showstartondisplaywithforegroundonwinkey)
+- [ADMX_StartMenu/StartMenuLogOff](./policy-csp-admx-startmenu.md#admx-startmenu-startmenulogoff)
+- [ADMX_StartMenu/StartPinAppsWhenInstalled](./policy-csp-admx-startmenu.md#admx-startmenu-startpinappswheninstalled)
+- [ADMX_Taskbar/DisableNotificationCenter](./policy-csp-admx-taskbar.md#admx-taskbar-disablenotificationcenter)
+- [ADMX_Taskbar/EnableLegacyBalloonNotifications](./policy-csp-admx-taskbar.md#admx-taskbar-enablelegacyballoonnotifications)
+- [ADMX_Taskbar/HideSCAHealth](./policy-csp-admx-taskbar.md#admx-taskbar-hidescahealth)
+- [ADMX_Taskbar/HideSCANetwork](./policy-csp-admx-taskbar.md#admx-taskbar-hidescanetwork)
+- [ADMX_Taskbar/HideSCAPower](./policy-csp-admx-taskbar.md#admx-taskbar-hidescapower)
+- [ADMX_Taskbar/HideSCAVolume](./policy-csp-admx-taskbar.md#admx-taskbar-hidescavolume)
+- [ADMX_Taskbar/NoBalloonFeatureAdvertisements](./policy-csp-admx-taskbar.md#admx-taskbar-noballoonfeatureadvertisements)
+- [ADMX_Taskbar/NoPinningStoreToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningstoretotaskbar)
+- [ADMX_Taskbar/NoPinningToDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtodestinations)
+- [ADMX_Taskbar/NoPinningToTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-nopinningtotaskbar)
+- [ADMX_Taskbar/NoRemoteDestinations](./policy-csp-admx-taskbar.md#admx-taskbar-noremotedestinations)
+- [ADMX_Taskbar/NoSystraySystemPromotion](./policy-csp-admx-taskbar.md#admx-taskbar-nosystraysystempromotion)
+- [ADMX_Taskbar/ShowWindowsStoreAppsOnTaskbar](./policy-csp-admx-taskbar.md#admx-taskbar-showwindowsstoreappsontaskbar)
+- [ADMX_Taskbar/TaskbarLockAll](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarlockall)
+- [ADMX_Taskbar/TaskbarNoAddRemoveToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoaddremovetoolbar)
+- [ADMX_Taskbar/TaskbarNoDragToolbar](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnodragtoolbar)
+- [ADMX_Taskbar/TaskbarNoMultimon](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnomultimon)
+- [ADMX_Taskbar/TaskbarNoNotification](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnonotification)
+- [ADMX_Taskbar/TaskbarNoPinnedList](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnopinnedlist)
+- [ADMX_Taskbar/TaskbarNoRedock](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoredock)
+- [ADMX_Taskbar/TaskbarNoResize](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnoresize)
+- [ADMX_Taskbar/TaskbarNoThumbnail](./policy-csp-admx-taskbar.md#admx-taskbar-taskbarnothumbnail)
+- [ADMX_tcpip/6to4_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name)
+- [ADMX_tcpip/6to4_Router_Name_Resolution_Interval](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-router-name-resolution-interval)
+- [ADMX_tcpip/6to4_State](./policy-csp-admx-tcpip.md#admx-tcpip-6to4-state)
+- [ADMX_tcpip/IPHTTPS_ClientState](./policy-csp-admx-tcpip.md#admx-tcpip-iphttps-clientstate)
+- [ADMX_tcpip/IP_Stateless_Autoconfiguration_Limits_State](./policy-csp-admx-tcpip.md#admx-tcpip-ip-stateless-autoconfiguration-limits-state)
+- [ADMX_tcpip/ISATAP_Router_Name](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-router-name)
+- [ADMX_tcpip/ISATAP_State](./policy-csp-admx-tcpip.md#admx-tcpip-isatap-state)
+- [ADMX_tcpip/Teredo_Client_Port](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-client-port)
+- [ADMX_tcpip/Teredo_Default_Qualified](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-default-qualified)
+- [ADMX_tcpip/Teredo_Refresh_Rate](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-refresh-rate)
+- [ADMX_tcpip/Teredo_Server_Name](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-server-name)
+- [ADMX_tcpip/Teredo_State](./policy-csp-admx-tcpip.md#admx-tcpip-teredo-state)
+- [ADMX_tcpip/Windows_Scaling_Heuristics_State](./policy-csp-admx-tcpip.md#admx-tcpip-windows-scaling-heuristics-state)
+- [ADMX_Thumbnails/DisableThumbnails](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnails)
+- [ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbnailsonnetworkfolders)
+- [ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders](./policy-csp-admx-thumbnails.md#admx-thumbnails-disablethumbsdbonnetworkfolders)
+- [ADMX_TPM/BlockedCommandsList_Name](./policy-csp-admx-tpm.md#admx-tpm-blockedcommandslist-name)
+- [ADMX_TPM/ClearTPMIfNotReady_Name](./policy-csp-admx-tpm.md#admx-tpm-cleartpmifnotready-name)
+- [ADMX_TPM/IgnoreDefaultList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignoredefaultlist-name)
+- [ADMX_TPM/IgnoreLocalList_Name](./policy-csp-admx-tpm.md#admx-tpm-ignorelocallist-name)
+- [ADMX_TPM/OSManagedAuth_Name](./policy-csp-admx-tpm.md#admx-tpm-osmanagedauth-name)
+- [ADMX_TPM/OptIntoDSHA_Name](./policy-csp-admx-tpm.md#admx-tpm-optintodsha-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureDuration_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureduration-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailureindividualthreshold-name)
+- [ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name](./policy-csp-admx-tpm.md#admx-tpm-standarduserauthorizationfailuretotalthreshold-name)
+- [ADMX_TPM/UseLegacyDAP_Name](./policy-csp-admx-tpm.md#admx-tpm-uselegacydap-name)
+- [ADMX_UserExperienceVirtualization/Calculator](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-calculator)
+- [ADMX_UserExperienceVirtualization/ConfigureSyncMethod](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configuresyncmethod)
+- [ADMX_UserExperienceVirtualization/ConfigureVdi](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-configurevdi)
+- [ADMX_UserExperienceVirtualization/ContactITDescription](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactitdescription)
+- [ADMX_UserExperienceVirtualization/ContactITUrl](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-contactiturl)
+- [ADMX_UserExperienceVirtualization/DisableWin8Sync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewin8sync)
+- [ADMX_UserExperienceVirtualization/DisableWindowsOSSettings](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-disablewindowsossettings)
+- [ADMX_UserExperienceVirtualization/EnableUEV](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-enableuev)
+- [ADMX_UserExperienceVirtualization/Finance](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-finance)
+- [ADMX_UserExperienceVirtualization/FirstUseNotificationEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-firstusenotificationenabled)
+- [ADMX_UserExperienceVirtualization/Games](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-games)
+- [ADMX_UserExperienceVirtualization/InternetExplorer8](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer8)
+- [ADMX_UserExperienceVirtualization/InternetExplorer9](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer9)
+- [ADMX_UserExperienceVirtualization/InternetExplorer10](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer10)
+- [ADMX_UserExperienceVirtualization/InternetExplorer11](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorer11)
+- [ADMX_UserExperienceVirtualization/InternetExplorerCommon](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-internetexplorercommon)
+- [ADMX_UserExperienceVirtualization/Maps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maps)
+- [ADMX_UserExperienceVirtualization/MaxPackageSizeInBytes](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-maxpackagesizeinbytes)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010infopath)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointdesigner)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010SharePointWorkspace](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010sharepointworkspace)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2010Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2010word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013accessbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013commonbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013excelbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopath)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013InfoPathBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013infopathbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013lyncbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onedriveforbusiness)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013onenotebackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013outlookbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013powerpointbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013projectbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013publisherbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesigner](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesigner)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013SharePointDesignerBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013sharepointdesignerbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013uploadcenter)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013visiobackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2013WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2013wordbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Access](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016access)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016AccessBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016accessbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Common](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016common)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016CommonBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016commonbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Excel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excel)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ExcelBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016excelbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Lync](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lync)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016LyncBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016lyncbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneDriveForBusiness](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onedriveforbusiness)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNote](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenote)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OneNoteBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016onenotebackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Outlook](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlook)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016OutlookBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016outlookbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPoint](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpoint)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PowerPointBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016powerpointbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Project](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016project)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016ProjectBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016projectbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Publisher](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisher)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016PublisherBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016publisherbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016UploadCenter](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016uploadcenter)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Visio](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visio)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016VisioBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016visiobackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016Word](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016word)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice2016WordBackup](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice2016wordbackup)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Access2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365access2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Common2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365common2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Excel2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365excel2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365InfoPath2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365infopath2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Lync2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365lync2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365OneNote2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365onenote2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Outlook2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365outlook2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365PowerPoint2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365powerpoint2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Project2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365project2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Publisher2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365publisher2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365SharePointDesigner2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365sharepointdesigner2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Visio2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365visio2016)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2013](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2013)
+- [ADMX_UserExperienceVirtualization/MicrosoftOffice365Word2016](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-microsoftoffice365word2016)
+- [ADMX_UserExperienceVirtualization/Music](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-music)
+- [ADMX_UserExperienceVirtualization/News](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-news)
+- [ADMX_UserExperienceVirtualization/Notepad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-notepad)
+- [ADMX_UserExperienceVirtualization/Reader](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-reader)
+- [ADMX_UserExperienceVirtualization/RepositoryTimeout](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-repositorytimeout)
+- [ADMX_UserExperienceVirtualization/SettingsStoragePath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingsstoragepath)
+- [ADMX_UserExperienceVirtualization/SettingsTemplateCatalogPath](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-settingstemplatecatalogpath)
+- [ADMX_UserExperienceVirtualization/Sports](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-sports)
+- [ADMX_UserExperienceVirtualization/SyncEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncenabled)
+- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetwork](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetwork)
+- [ADMX_UserExperienceVirtualization/SyncOverMeteredNetworkWhenRoaming](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncovermeterednetworkwhenroaming)
+- [ADMX_UserExperienceVirtualization/SyncProviderPingEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncproviderpingenabled)
+- [ADMX_UserExperienceVirtualization/SyncUnlistedWindows8Apps](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-syncunlistedwindows8apps)
+- [ADMX_UserExperienceVirtualization/Travel](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-travel)
+- [ADMX_UserExperienceVirtualization/TrayIconEnabled](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-trayiconenabled)
+- [ADMX_UserExperienceVirtualization/Video](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video)
+- [ADMX_UserExperienceVirtualization/Weather](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather)
+- [ADMX_UserExperienceVirtualization/Wordpad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad)
+- [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config)
+- [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
+- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)
+- [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpserver)
+- [ADMX_WCM/WCM_DisablePowerManagement](./policy-csp-admx-wcm.md#admx-wcm-wcm-disablepowermanagement)
+- [ADMX_WCM/WCM_EnableSoftDisconnect](./policy-csp-admx-wcm.md#admx-wcm-wcm-enablesoftdisconnect)
+- [ADMX_WCM/WCM_MinimizeConnections](./policy-csp-admx-wcm.md#admx-wcm-wcm-minimizeconnections)
+- [ADMX_WinCal/TurnOffWinCal_1](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-1)
+- [ADMX_WinCal/TurnOffWinCal_2](./policy-csp-admx-wincal.md#admx-wincal-turnoffwincal-2)
+- [ADMX_WindowsAnytimeUpgrade/Disabled](./policy-csp-admx-windowsanytimeupgrade.md#admx-windowsanytimeupgrade-disabled)
+- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_1](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-1)
+- [ADMX_WindowsConnectNow/WCN_DisableWcnUi_2](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-disablewcnui-2)
+- [ADMX_WindowsConnectNow/WCN_EnableRegistrar](./policy-csp-admx-windowsconnectnow.md#admx-windowsconnectnow-wcn-enableregistrar)
+- [ADMX_WindowsExplorer/CheckSameSourceAndTargetForFRAndDFS](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-checksamesourceandtargetforfranddfs)
+- [ADMX_WindowsExplorer/ClassicShell](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-classicshell)
+- [ADMX_WindowsExplorer/ConfirmFileDelete](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-confirmfiledelete)
+- [ADMX_WindowsExplorer/DefaultLibrariesLocation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-defaultlibrarieslocation)
+- [ADMX_WindowsExplorer/DisableBindDirectlyToPropertySetStorage](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablebinddirectlytopropertysetstorage)
+- [ADMX_WindowsExplorer/DisableIndexedLibraryExperience](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableindexedlibraryexperience)
+- [ADMX_WindowsExplorer/DisableKnownFolders](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disableknownfolders)
+- [ADMX_WindowsExplorer/DisableSearchBoxSuggestions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-disablesearchboxsuggestions)
+- [ADMX_WindowsExplorer/EnableShellShortcutIconRemotePath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enableshellshortcuticonremotepath)
+- [ADMX_WindowsExplorer/EnableSmartScreen](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enablesmartscreen)
+- [ADMX_WindowsExplorer/EnforceShellExtensionSecurity](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-enforceshellextensionsecurity)
+- [ADMX_WindowsExplorer/ExplorerRibbonStartsMinimized](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-explorerribbonstartsminimized)
+- [ADMX_WindowsExplorer/HideContentViewModeSnippets](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-hidecontentviewmodesnippets)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchPreview_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchpreview-trustedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Internet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_InternetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-internetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Intranet](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranet)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_IntranetLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-intranetlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachine](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachine)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_LocalMachineLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-localmachinelockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Restricted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restricted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_RestrictedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-restrictedlockdown)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_Trusted](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trusted)
+- [ADMX_WindowsExplorer/IZ_Policy_OpenSearchQuery_TrustedLockdown](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-iz-policy-opensearchquery-trustedlockdown)
+- [ADMX_WindowsExplorer/LinkResolveIgnoreLinkInfo](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-linkresolveignorelinkinfo)
+- [ADMX_WindowsExplorer/MaxRecentDocs](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-maxrecentdocs)
+- [ADMX_WindowsExplorer/NoBackButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nobackbutton)
+- [ADMX_WindowsExplorer/NoCDBurning](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocdburning)
+- [ADMX_WindowsExplorer/NoCacheThumbNailPictures](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nocachethumbnailpictures)
+- [ADMX_WindowsExplorer/NoChangeAnimation](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangeanimation)
+- [ADMX_WindowsExplorer/NoChangeKeyboardNavigationIndicators](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nochangekeyboardnavigationindicators)
+- [ADMX_WindowsExplorer/NoDFSTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodfstab)
+- [ADMX_WindowsExplorer/NoDrives](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nodrives)
+- [ADMX_WindowsExplorer/NoEntireNetwork](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noentirenetwork)
+- [ADMX_WindowsExplorer/NoFileMRU](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemru)
+- [ADMX_WindowsExplorer/NoFileMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofilemenu)
+- [ADMX_WindowsExplorer/NoFolderOptions](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nofolderoptions)
+- [ADMX_WindowsExplorer/NoHardwareTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nohardwaretab)
+- [ADMX_WindowsExplorer/NoManageMyComputerVerb](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomanagemycomputerverb)
+- [ADMX_WindowsExplorer/NoMyComputerSharedDocuments](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nomycomputershareddocuments)
+- [ADMX_WindowsExplorer/NoNetConnectDisconnect](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonetconnectdisconnect)
+- [ADMX_WindowsExplorer/NoNewAppAlert](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nonewappalert)
+- [ADMX_WindowsExplorer/NoPlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noplacesbar)
+- [ADMX_WindowsExplorer/NoRecycleFiles](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norecyclefiles)
+- [ADMX_WindowsExplorer/NoRunAsInstallPrompt](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-norunasinstallprompt)
+- [ADMX_WindowsExplorer/NoSearchInternetTryHarderButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosearchinternettryharderbutton)
+- [ADMX_WindowsExplorer/NoSecurityTab](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nosecuritytab)
+- [ADMX_WindowsExplorer/NoShellSearchButton](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noshellsearchbutton)
+- [ADMX_WindowsExplorer/NoStrCmpLogical](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nostrcmplogical)
+- [ADMX_WindowsExplorer/NoViewContextMenu](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewcontextmenu)
+- [ADMX_WindowsExplorer/NoViewOnDrive](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noviewondrive)
+- [ADMX_WindowsExplorer/NoWindowsHotKeys](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-nowindowshotkeys)
+- [ADMX_WindowsExplorer/NoWorkgroupContents](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-noworkgroupcontents)
+- [ADMX_WindowsExplorer/PlacesBar](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-placesbar)
+- [ADMX_WindowsExplorer/PromptRunasInstallNetPath](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-promptrunasinstallnetpath)
+- [ADMX_WindowsExplorer/RecycleBinSize](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-recyclebinsize)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_1](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-1)
+- [ADMX_WindowsExplorer/ShellProtocolProtectedModeTitle_2](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-shellprotocolprotectedmodetitle-2)
+- [ADMX_WindowsExplorer/ShowHibernateOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showhibernateoption)
+- [ADMX_WindowsExplorer/ShowSleepOption](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-showsleepoption)
+- [ADMX_WindowsExplorer/TryHarderPinnedLibrary](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedlibrary)
+- [ADMX_WindowsExplorer/TryHarderPinnedOpenSearch](./policy-csp-admx-windowsexplorer.md#admx-windowsexplorer-tryharderpinnedopensearch)
+- [ADMX_WindowsMediaDRM/DisableOnline](./policy-csp-admx-windowsmediadrm.md#admx-windowsmediadrm-disableonline)
+- [ADMX_WindowsMediaPlayer/ConfigureHTTPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurehttpproxysettings)
+- [ADMX_WindowsMediaPlayer/ConfigureMMSProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configuremmsproxysettings)
+- [ADMX_WindowsMediaPlayer/ConfigureRTSPProxySettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-configurertspproxysettings)
+- [ADMX_WindowsMediaPlayer/DisableAutoUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disableautoupdate)
+- [ADMX_WindowsMediaPlayer/DisableNetworkSettings](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablenetworksettings)
+- [ADMX_WindowsMediaPlayer/DisableSetupFirstUseConfiguration](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-disablesetupfirstuseconfiguration)
+- [ADMX_WindowsMediaPlayer/DoNotShowAnchor](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-donotshowanchor)
+- [ADMX_WindowsMediaPlayer/DontUseFrameInterpolation](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-dontuseframeinterpolation)
+- [ADMX_WindowsMediaPlayer/EnableScreenSaver](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-enablescreensaver)
+- [ADMX_WindowsMediaPlayer/HidePrivacyTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hideprivacytab)
+- [ADMX_WindowsMediaPlayer/HideSecurityTab](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-hidesecuritytab)
+- [ADMX_WindowsMediaPlayer/NetworkBuffering](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-networkbuffering)
+- [ADMX_WindowsMediaPlayer/PolicyCodecUpdate](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-policycodecupdate)
+- [ADMX_WindowsMediaPlayer/PreventCDDVDMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventcddvdmetadataretrieval)
+- [ADMX_WindowsMediaPlayer/PreventLibrarySharing](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventlibrarysharing)
+- [ADMX_WindowsMediaPlayer/PreventMusicFileMetadataRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventmusicfilemetadataretrieval)
+- [ADMX_WindowsMediaPlayer/PreventQuickLaunchShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventquicklaunchshortcut)
+- [ADMX_WindowsMediaPlayer/PreventRadioPresetsRetrieval](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventradiopresetsretrieval)
+- [ADMX_WindowsMediaPlayer/PreventWMPDeskTopShortcut](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-preventwmpdesktopshortcut)
+- [ADMX_WindowsMediaPlayer/SkinLockDown](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-skinlockdown)
+- [ADMX_WindowsMediaPlayer/WindowsStreamingMediaProtocols](./policy-csp-admx-windowsmediaplayer.md#admx-windowsmediaplayer-windowsstreamingmediaprotocols)
+- [ADMX_WindowsStore/DisableAutoDownloadWin8](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableautodownloadwin8)
+- [ADMX_WindowsStore/DisableOSUpgrade_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-1)
+- [ADMX_WindowsStore/DisableOSUpgrade_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-disableosupgrade-2)
+- [ADMX_WindowsStore/RemoveWindowsStore_1](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-1)
+- [ADMX_WindowsStore/RemoveWindowsStore_2](./policy-csp-admx-windowsstore.md#admx-windowsstore-removewindowsstore-2)
+- [ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription](./policy-csp-admx-wininit.md#admx-wininit-disablenamedpipeshutdownpolicydescription)
+- [ADMX_WinInit/Hiberboot](./policy-csp-admx-wininit.md#admx-wininit-hiberboot)
+- [ADMX_WinInit/ShutdownTimeoutHungSessionsDescription](./policy-csp-admx-wininit.md#admx-wininit-shutdowntimeouthungsessionsdescription)
+- [ADMX_wlansvc/SetCost](./policy-csp-admx-wlansvc.md#admx-wlansvc-setcost)
+- [ADMX_wlansvc/SetPINEnforced](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinenforced)
+- [ADMX_wlansvc/SetPINPreferred](./policy-csp-admx-wlansvc.md#admx-wlansvc-setpinpreferred) 
 - [AppRuntime/AllowMicrosoftAccountsToBeOptional](./policy-csp-appruntime.md#appruntime-allowmicrosoftaccountstobeoptional)
 - [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
 - [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)

windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Group Policy
+title: Policies in Policy CSP supported by Group Policy
-description: Policy CSPs supported by Group Policy
+description: Policies in Policy CSP supported by Group Policy
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,12 +12,12 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Group Policy
+# Policies in Policy CSP supported by Group Policy
 
 > [!div class="op_single_selector"]
 > 
-> - [Policy CSPs supported by Group Policy](policy-csps-supported-by-group-policy.md)
+> - [Policies in Policy CSP supported by Group Policy](policy-csps-supported-by-group-policy.md)
-> - [ADMX-backed policy CSPs](policy-csps-admx-backed.md)
+> - [ADMX-backed policies in Policy CSP](policy-csps-admx-backed.md)
 >
 
 - [AboveLock/AllowCortanaAboveLock](./policy-csp-abovelock.md#abovelock-allowcortanaabovelock)

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
-description: Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+description: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/17/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Commercial Suite
+# Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens (1st gen) Development Edition
+title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
-description: Policy CSPs supported by HoloLens (1st gen) Development Edition
+description: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by HoloLens (1st gen) Development Edition
+# Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by HoloLens 2
+title: Policies in Policy CSP supported by HoloLens 2
-description: Policy CSPs supported by HoloLens 2
+description: Policies in Policy CSP supported by HoloLens 2
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -9,10 +9,10 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 05/11/2020
+ms.date: 10/08/2020
 ---
 
-# Policy CSPs supported by HoloLens 2
+# Policies in Policy CSP supported by HoloLens 2
 
 > [!div class="op_single_selector"]
 >
@@ -50,6 +50,17 @@ ms.date: 05/11/2020
 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
+- [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
+- [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled)
+- [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics)
+- [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled)
+- [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled)
+- [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+- [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+- [Power/EnergySaverBatteryThresholdOnBattery](./policy-csp-power.md#power-energysaverbatterythresholdonbattery)
+- [Power/EnergySaverBatteryThresholdPluggedIn](./policy-csp-power.md#power-energysaverbatterythresholdpluggedin)
+- [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+- [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
 - [Privacy/AllowInputPersonalization](policy-csp-privacy.md#privacy-allowinputpersonalization)
 - [Privacy/LetAppsAccessAccountInfo](policy-csp-privacy.md#privacy-letappsaccessaccountinfo)
 - [Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps)
@@ -73,7 +84,8 @@ ms.date: 05/11/2020
 - [Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps) <sup>8</sup>
 - [Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps) <sup>8</sup>
 - [Search/AllowSearchToUseLocation](policy-csp-search.md#search-allowsearchtouselocation)
-- [Security/RequireDeviceEncryption](policy-csp-security.md#security-requiredeviceencryption)
+- [Security/AllowAddProvisioningPackage](policy-csp-security.md#security-allowaddprovisioningpackage)
+- [Security/AllowRemoveProvisioningPackage](policy-csp-security.md#security-allowremoveprovisioningpackage)
 - [Settings/AllowDateTime](policy-csp-settings.md#settings-allowdatetime)
 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
@@ -81,6 +93,10 @@ ms.date: 05/11/2020
 - [System/AllowLocation](policy-csp-system.md#system-allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
 - [System/AllowTelemetry](policy-csp-system.md#system-allowtelemetry)
+- [TimeLanguageSettings/ConfigureTimeZone](./policy-csp-timelanguagesettings.md#timelanguagesettings-configuretimezone)
+- [Update/ActiveHoursEnd](./policy-csp-update.md#update-activehoursend)
+- [Update/ActiveHoursMaxRange](./policy-csp-update.md#update-activehoursmaxrange)
+- [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart)
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
@@ -91,6 +107,7 @@ ms.date: 05/11/2020
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
+- [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
 - [Update/UpdateServiceUrl](policy-csp-update.md#update-updateserviceurl)
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>

windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Core
+title: Policies in Policy CSP supported by Windows 10 IoT Core
-description: Policy CSPs supported by Windows 10 IoT Core
+description: Policies in Policy CSP supported by Windows 10 IoT Core
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 09/16/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Core
+# Policies in Policy CSP supported by Windows 10 IoT Core
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-enterprise.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Windows 10 IoT Enterprise
+title: Policies in Policy CSP supported by Windows 10 IoT Enterprise
-description: Policy CSPs supported by Windows 10 IoT Enterprise
+description: Policies in Policy CSP supported by Windows 10 IoT Enterprise
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs supported by Windows 10 IoT Enterprise
+# Policies in Policy CSP supported by Windows 10 IoT Enterprise
 
 > [!div class="op_single_selector"]
 >

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs supported by Microsoft Surface Hub
+title: Policies in Policy CSP supported by Microsoft Surface Hub
-description: Policy CSPs supported by Microsoft Surface Hub
+description: Policies in Policy CSP supported by Microsoft Surface Hub
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/22/2020
 ---
 
-# Policy CSPs supported by Microsoft Surface Hub
+# Policies in Policy CSP supported by Microsoft Surface Hub
 
 
 - [ApplicationManagement/AllowAppStoreAutoUpdate](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-applicationmanagement#applicationmanagement-allowappstoreautoupdate)

windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md

@@ -1,6 +1,6 @@
 ---
-title: Policy CSPs that can be set using Exchange Active Sync (EAS)
+title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
-description: Policy CSPs that can be set using Exchange Active Sync (EAS)
+description: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
@@ -12,7 +12,7 @@ ms.localizationpriority: medium
 ms.date: 07/18/2019
 ---
 
-# Policy CSPs that can be set using Exchange Active Sync (EAS)
+# Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
 
 - [Camera/AllowCamera](policy-csp-camera.md#camera-allowcamera)  
 - [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#cellular-showappcellularaccessui)  

windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md

@@ -97,7 +97,7 @@ For information about supported cipher suites, see [Cipher Suites in TLS/SSL (Sc
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *SSL Cipher Suite Order*
--   GP name: *Functions*
+-   GP name: *SSLCipherSuiteOrder*
 -   GP path: *Network/SSL Configuration Settings*
 -   GP ADMX file name: *CipherSuiteOrder.admx*
 
@@ -180,7 +180,7 @@ CertUtil.exe -DisplayEccCurve
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *ECC Curve Order*
--   GP name: *EccCurves*
+-   GP name: *SSLCurveOrder*
 -   GP path: *Network/SSL Configuration Settings*
 -   GP ADMX file name: *CipherSuiteOrder.admx*
 

windows/client-management/mdm/policy-csp-admx-com.md

@@ -99,7 +99,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Download missing COM components*
--   GP name: *COMClassStore*
+-   GP name: *AppMgmt_COM_SearchForCLSID_1*
 -   GP path: *System*
 -   GP ADMX file name: *COM.admx*
 
@@ -174,7 +174,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Download missing COM components*
--   GP name: *COMClassStore*
+-   GP name: *AppMgmt_COM_SearchForCLSID_2*
 -   GP path: *System*
 -   GP ADMX file name: *COM.admx*
 

windows/client-management/mdm/policy-csp-admx-digitallocker.md

@@ -96,7 +96,7 @@ If you disable or do not configure this setting, Digital Locker can be run.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow Digital Locker to run*
--   GP name: *DoNotRunDigitalLocker*
+-   GP name: *Digitalx_DiableApplication_TitleText_1*
 -   GP path: *Windows Components/Digital Locker*
 -   GP ADMX file name: *DigitalLocker.admx*
 
@@ -167,7 +167,7 @@ If you disable or do not configure this setting, Digital Locker can be run.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow Digital Locker to run*
--   GP name: *DoNotRunDigitalLocker*
+-   GP name: *Digitalx_DiableApplication_TitleText_2*
 -   GP path: *Windows Components/Digital Locker*
 -   GP ADMX file name: *DigitalLocker.admx*
 

windows/client-management/mdm/policy-csp-admx-dwm.md

@@ -109,7 +109,7 @@ If you disable or do not configure this policy setting, the default internal col
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify a default color*
--   GP name: *DefaultColorizationColorState*
+-   GP name: *DwmDefaultColorizationColor_1*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
 
@@ -182,7 +182,7 @@ If you disable or do not configure this policy setting, the default internal col
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify a default color*
--   GP name: *DefaultColorizationColorState*
+-   GP name: *DwmDefaultColorizationColor_2*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
 
@@ -253,7 +253,7 @@ Changing this policy setting requires a logoff for it to be applied.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow window animations*
--   GP name: *DisallowAnimations*
+-   GP name: *DwmDisallowAnimations_1*
 -   GP path: *Windows Components/Desktop Window Manager*
 -   GP ADMX file name: *DWM.admx*
 
@@ -324,7 +324,7 @@ Changing this policy setting requires a logoff for it to be applied.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow window animations*
--   GP name: *DisallowAnimations*
+-   GP name: *DwmDisallowAnimations_2*
 -   GP path: *Windows Components/Desktop Window Manager*
 -   GP ADMX file name: *DWM.admx*
 
@@ -396,7 +396,7 @@ If you disable or do not configure this policy setting, you allow users to chang
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow color changes*
--   GP name: *DisallowColorizationColorChanges*
+-   GP name: *DwmDisallowColorizationColorChanges_1*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
 
@@ -468,7 +468,7 @@ If you disable or do not configure this policy setting, you allow users to chang
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow color changes*
--   GP name: *DisallowColorizationColorChanges*
+-   GP name: *DwmDisallowColorizationColorChanges_2*
 -   GP path: *Windows Components/Desktop Window Manager/Window Frame Coloring*
 -   GP ADMX file name: *DWM.admx*
 

windows/client-management/mdm/policy-csp-admx-eventforwarding.md

@@ -97,7 +97,7 @@ This setting applies across all subscriptions for the forwarder (source computer
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure forwarder resource usage*
--   GP name: *MaxForwardingRate*
+-   GP name: *ForwarderResourceUsage*
 -   GP path: *Windows Components/Event Forwarding*
 -   GP ADMX file name: *EventForwarding.admx*
 

windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md

@@ -94,7 +94,7 @@ By default, the RPC protocol message between File Server VSS provider and File S
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers.*
--   GP name: *EncryptProtocol*
+-   GP name: *Pol_EncryptProtocol*
 -   GP path: *System/File Share Shadow Copy Provider*
 -   GP ADMX file name: *FileServerVSSProvider.admx*
 

windows/client-management/mdm/policy-csp-admx-filesys.md

@@ -106,7 +106,7 @@ Available in Windows 10 Insider Preview Build 20185. Compression can add to the
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow compression on all NTFS volumes*
--   GP name: *NtfsDisableCompression*
+-   GP name: *DisableCompression*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
 
@@ -237,7 +237,7 @@ Available in Windows 10 Insider Preview Build 20185. Encryption can add to the p
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not allow encryption on all NTFS volumes*
--   GP name: *NtfsDisableEncryption*
+-   GP name: *DisableEncryption*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
 
@@ -300,7 +300,7 @@ Available in Windows 10 Insider Preview Build 20185. Encrypting the page file pr
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable NTFS pagefile encryption*
--   GP name: *NtfsEncryptPagingFile*
+-   GP name: *EnablePagefileEncryption*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
 
@@ -428,7 +428,7 @@ If you enable short names on all volumes then short names will always be generat
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Short name creation options*
--   GP name: *NtfsDisable8dot3NameCreation*
+-   GP name: *ShortNameCreationSettings*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
 
@@ -502,7 +502,7 @@ For more information, refer to the Windows Help section.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Selectively allow the evaluation of a symbolic link*
--   GP name: *SymlinkLocalToLocalEvaluation*
+-   GP name: *SymlinkEvaluation*
 -   GP path: *System/Filesystem*
 -   GP ADMX file name: *FileSys.admx*
 
@@ -565,7 +565,7 @@ Available in Windows 10 Insider Preview Build 20185. TXF deprecated features inc
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable / disable TXF deprecated features*
--   GP name: *NtfsEnableTxfDeprecatedFunctionality*
+-   GP name: *TxfDeprecatedFunctionality*
 -   GP path: *System/Filesystem/NTFS*
 -   GP ADMX file name: *FileSys.admx*
 

windows/client-management/mdm/policy-csp-admx-folderredirection.md

@@ -329,7 +329,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
--   GP name: *LocalizeXPRelativePaths*
+-   GP name: *LocalizeXPRelativePaths_1*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
 
@@ -401,7 +401,7 @@ If you disable or not configure this policy setting, Windows Vista, Windows 7, W
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use localized subfolder names when redirecting Start Menu and My Documents*
--   GP name: *LocalizeXPRelativePaths*
+-   GP name: *LocalizeXPRelativePaths_2*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
 
@@ -474,7 +474,7 @@ If you disable or do not configure this policy setting and the user has redirect
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Redirect folders on primary computers only*
--   GP name: *PrimaryComputerEnabledFR*
+-   GP name: *PrimaryComputer_FR_1*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
 
@@ -547,7 +547,7 @@ If you disable or do not configure this policy setting and the user has redirect
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Redirect folders on primary computers only*
--   GP name: *PrimaryComputerEnabledFR*
+-   GP name: *PrimaryComputer_FR_2*
 -   GP path: *System/Folder Redirection*
 -   GP ADMX file name: *FolderRedirection.admx*
 

windows/client-management/mdm/policy-csp-admx-help.md

@@ -185,7 +185,7 @@ For additional options, see the "Restrict these programs from being launched fro
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict potentially unsafe HTML Help functions to specified folders*
--   GP name: *HelpQualifiedRootDir*
+-   GP name: *HelpQualifiedRootDir_Comp*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
 
@@ -259,7 +259,7 @@ If you disable or do not configure this policy setting, users can run all applic
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict these programs from being launched from Help*
--   GP name: *DisableInHelp*
+-   GP name: *RestrictRunFromHelp*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
 
@@ -332,7 +332,7 @@ If you disable or do not configure this policy setting, users can run all applic
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict these programs from being launched from Help*
--   GP name: *DisableInHelp*
+-   GP name: *RestrictRunFromHelp_Comp*
 -   GP path: *System*
 -   GP ADMX file name: *Help.admx*
 

windows/client-management/mdm/policy-csp-admx-helpandsupport.md

@@ -100,7 +100,7 @@ If you disable or do not configure this policy setting, the default behavior app
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Active Help*
--   GP name: *NoActiveHelp*
+-   GP name: *ActiveHelp*
 -   GP path: *Windows Components/Online Assistance*
 -   GP ADMX file name: *HelpAndSupport.admx*
 
@@ -171,7 +171,7 @@ Users can use the control to provide feedback on the quality and usefulness of t
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Help Ratings*
--   GP name: *NoExplicitFeedback*
+-   GP name: *HPExplicitFeedback*
 -   GP path: *System/Internet Communication Management/Internet Communication settings*
 -   GP ADMX file name: *HelpAndSupport.admx*
 
@@ -239,7 +239,7 @@ If you disable or do not configure this policy setting, users can turn on the He
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Help Experience Improvement Program*
--   GP name: *NoImplicitFeedback*
+-   GP name: *HPImplicitFeedback*
 -   GP path: *System/Internet Communication Management/Internet Communication settings*
 -   GP ADMX file name: *HelpAndSupport.admx*
 
@@ -308,7 +308,7 @@ If you disable or do not configure this policy setting, users can access online
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off Windows Online*
--   GP name: *NoOnlineAssist*
+-   GP name: *HPOnlineAssistance*
 -   GP path: *System/Internet Communication Management/Internet Communication settings*
 -   GP ADMX file name: *HelpAndSupport.admx*
 

windows/client-management/mdm/policy-csp-admx-kdc.md

@@ -133,7 +133,7 @@ Impact on domain controller performance when this policy setting is enabled:
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *KDC support for claims, compound authentication and Kerberos armoring*
--   GP name: *EnableCbacAndArmor*
+-   GP name: *CbacAndArmor*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
 
@@ -204,7 +204,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use forest search order*
--   GP name: *UseForestSearch*
+-   GP name: *ForestSearch*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
 
@@ -420,7 +420,7 @@ If you disable or do not configure this policy setting, the threshold value defa
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Warning for large Kerberos tickets*
--   GP name: *EnableTicketSizeThreshold*
+-   GP name: *TicketSizeThreshold*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
 
@@ -494,7 +494,7 @@ If you disable or do not configure this policy setting, the domain controller do
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Provide information about previous logons to client computers*
--   GP name: *EmitLILI*
+-   GP name: *emitlili*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
 

windows/client-management/mdm/policy-csp-admx-lanmanserver.md

@@ -116,7 +116,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Cipher suite order*
--   GP name: *CipherSuiteOrder*
+-   GP name: *Pol_CipherSuiteOrder*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
 
@@ -199,7 +199,7 @@ In circumstances where this policy setting is enabled, you can also select the f
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Hash Publication for BranchCache*
--   GP name: *HashPublicationForPeerCaching*
+-   GP name: *Pol_HashPublication*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
 
@@ -286,7 +286,7 @@ Hash version supported:
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Hash Version support for BranchCache*
--   GP name: *HashSupportVersion*
+-   GP name: *Pol_HashSupportVersion*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
 
@@ -358,7 +358,7 @@ If you disable or do not configure this policy setting, the SMB server will sele
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Honor cipher suite order*
--   GP name: *HonorCipherSuiteOrder*
+-   GP name: *Pol_HonorCipherSuiteOrder*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
 

windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md

@@ -96,7 +96,7 @@ If you disable or do not configure this policy setting, the default behavior of
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Mapper I/O (LLTDIO) driver*
--   GP name: *EnableLLTDIO*
+-   GP name: *LLTD_EnableLLTDIO*
 -   GP path: *Network/Link-Layer Topology Discovery*
 -   GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
 
@@ -167,7 +167,7 @@ If you disable or do not configure this policy setting, the default behavior for
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Responder (RSPNDR) driver*
--   GP name: *EnableRspndr*
+-   GP name: *LLTD_EnableRspndr*
 -   GP path: *Network/Link-Layer Topology Discovery*
 -   GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
 

windows/client-management/mdm/policy-csp-admx-mmc.md

@@ -113,7 +113,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *ActiveX Control*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ActiveXControl*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMC.admx*
 
@@ -192,7 +192,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Extended View (Web View)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ExtendView*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMC.admx*
 
@@ -271,7 +271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Link to Web Address*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_LinkToWeb*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMC.admx*
 
@@ -344,7 +344,7 @@ If you disable this setting or do not configure it, users can enter author mode
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict the user from entering author mode*
--   GP name: *RestrictAuthorMode*
+-   GP name: *MMC_Restrict_Author*
 -   GP path: *Windows Components\Microsoft Management Console*
 -   GP ADMX file name: *MMC.admx*
 
@@ -422,7 +422,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Restrict users to the explicitly permitted list of snap-ins*
--   GP name: *RestrictToPermittedSnapins*
+-   GP name: *MMC_Restrict_To_Permitted_Snapins*
 -   GP path: *Windows Components\Microsoft Management Console*
 -   GP ADMX file name: *MMC.admx*
 

windows/client-management/mdm/policy-csp-admx-mmcsnapins.md

@@ -408,7 +408,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Administrative Templates (Computers)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ADMComputers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -485,7 +485,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Administrative Templates (Computers)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ADMComputers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -563,7 +563,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Administrative Templates (Users)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ADMUsers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -641,7 +641,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Administrative Templates (Users)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ADMUsers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -719,7 +719,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *ADSI Edit*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ADSI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -797,7 +797,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Active Directory Domains and Trusts*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ActiveDirDomTrusts*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -875,7 +875,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Active Directory Sites and Services*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ActiveDirSitesServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -953,7 +953,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Active Directory Users and Computers*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ActiveDirUsersComp*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1031,7 +1031,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *AppleTalk Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_AppleTalkRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1109,7 +1109,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Authorization Manager*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_AuthMan*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1187,7 +1187,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Certification Authority*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_CertAuth*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1264,7 +1264,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Certification Authority Policy Settings*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_CertAuthPolSet*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1341,7 +1341,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Certificates*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_Certs*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1418,7 +1418,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Certificate Templates*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_CertsTemplate*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1495,7 +1495,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Component Services*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ComponentServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1572,7 +1572,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Computer Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ComputerManagement*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1649,7 +1649,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Connection Sharing (NAT)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ConnectionSharingNAT*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1726,7 +1726,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *DCOM Configuration Extension*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DCOMCFG*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1803,7 +1803,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Distributed File System*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DFS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1880,7 +1880,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *DHCP Relay Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DHCPRelayMgmt*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -1957,7 +1957,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Device Manager*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DeviceManager_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2034,7 +2034,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Device Manager*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DeviceManager_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2111,7 +2111,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disk Defragmenter*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DiskDefrag*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2188,7 +2188,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Disk Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_DiskMgmt*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2265,7 +2265,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enterprise PKI*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_EnterprisePKI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2342,7 +2342,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event Viewer*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_EventViewer_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2419,7 +2419,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event Viewer (Windows Vista)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_EventViewer_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2496,7 +2496,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event Viewer*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_EventViewer_3*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2573,7 +2573,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event Viewer (Windows Vista)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_EventViewer_4*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2651,7 +2651,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event Viewer (Windows Vista)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_EventViewer_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2728,7 +2728,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *FAX Service*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_FAXService*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2805,7 +2805,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Failover Clusters Manager*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_FailoverClusters*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2882,7 +2882,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Folder Redirection*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_FolderRedirection_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -2959,7 +2959,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Folder Redirection*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_FolderRedirection_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3036,7 +3036,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *FrontPage Server Extensions*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_FrontPageExt*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3113,7 +3113,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Group Policy Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_GroupPolicyManagementSnapIn*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3190,7 +3190,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Group Policy Object Editor*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_GroupPolicySnapIn*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3269,7 +3269,7 @@ When the Group Policy tab is inaccessible, it does not appear in the site, domai
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Group Policy tab for Active Directory Tools*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_GroupPolicyTab*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3346,7 +3346,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Health Registration Authority (HRA)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_HRA*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3423,7 +3423,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Authentication Service (IAS)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IAS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3500,7 +3500,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IAS Logging*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IASLogging*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3577,7 +3577,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Explorer Maintenance*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IEMaintenance_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3654,7 +3654,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Explorer Maintenance*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IEMaintenance_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3731,7 +3731,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IGMP Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IGMPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3808,7 +3808,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Internet Information Services*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IIS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3885,7 +3885,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IP Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -3962,7 +3962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IP Security Policy Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IPSecManage_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4039,7 +4039,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IPX RIP Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IPXRIPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4116,7 +4116,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IPX Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IPXRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4193,7 +4193,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IPX SAP Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IPXSAPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4270,7 +4270,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Indexing Service*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IndexingService*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4347,7 +4347,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IP Security Policy Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IpSecManage*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4424,7 +4424,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IP Security Monitor*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_IpSecMonitor*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4501,7 +4501,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Local Users and Groups*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_LocalUsersGroups*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4578,7 +4578,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Logical and Mapped Drives*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_LogicalMappedDrives*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4655,7 +4655,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Network Policy Server (NPS)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_NPSUI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4732,7 +4732,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *NAP Client Configuration*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_NapSnap*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4809,7 +4809,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *NAP Client Configuration*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_NapSnap_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4886,7 +4886,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *.Net Framework Configuration*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_Net_Framework*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -4963,7 +4963,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Online Responder*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_OCSP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5040,7 +5040,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *OSPF Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_OSPFRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5117,7 +5117,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Performance Logs and Alerts*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_PerfLogsAlerts*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5194,7 +5194,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Public Key Policies*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_PublicKey*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5271,7 +5271,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *QoS Admission Control*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_QoSAdmission*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5348,7 +5348,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *RAS Dialin - User Node*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RAS_DialinUser*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5425,7 +5425,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *RIP Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RIPRouting*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5502,7 +5502,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remote Installation Services*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RIS*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5579,7 +5579,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Routing and Remote Access*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RRA*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5656,7 +5656,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Removable Storage Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RSM*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5733,7 +5733,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Removable Storage*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RemStore*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5810,7 +5810,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remote Access*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RemoteAccess*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5887,7 +5887,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remote Desktops*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_RemoteDesktop*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -5964,7 +5964,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Resultant Set of Policy snap-in*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ResultantSetOfPolicySnapIn*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6041,7 +6041,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Routing*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_Routing*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6118,7 +6118,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Configuration and Analysis*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SCA*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6195,7 +6195,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *SMTP Protocol*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SMTPProtocol*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6272,7 +6272,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *SNMP*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SNMP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6349,7 +6349,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Scripts (Startup/Shutdown)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ScriptsMachine_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6426,7 +6426,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Scripts (Startup/Shutdown)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ScriptsMachine_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6503,7 +6503,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Scripts (Logon/Logoff)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ScriptsUser_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6580,7 +6580,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Scripts (Logon/Logoff)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ScriptsUser_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6657,7 +6657,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Settings*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SecuritySettings_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6734,7 +6734,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Settings*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SecuritySettings_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6811,7 +6811,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Security Templates*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SecurityTemplates*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6888,7 +6888,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Send Console Message*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SendConsoleMessage*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -6965,7 +6965,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Server Manager*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ServerManager*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7042,7 +7042,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Service Dependencies*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_ServiceDependencies*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7119,7 +7119,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Services*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_Services*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7196,7 +7196,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Shared Folders*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SharedFolders*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7273,7 +7273,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Shared Folders Ext*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SharedFolders_Ext*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7350,7 +7350,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Software Installation (Computers)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SoftwareInstalationComputers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7427,7 +7427,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Software Installation (Computers)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SoftwareInstalationComputers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7504,7 +7504,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Software Installation (Users)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SoftwareInstallationUsers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7581,7 +7581,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Software Installation (Users)*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SoftwareInstallationUsers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7658,7 +7658,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *System Information*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SysInfo*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7735,7 +7735,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *System Properties*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_SysProp*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7812,7 +7812,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *TPM Management*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_TPMManagement*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7889,7 +7889,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Telephony*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_Telephony*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -7966,7 +7966,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remote Desktop Services Configuration*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_TerminalServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -8043,7 +8043,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *WMI Control*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_WMI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -8120,7 +8120,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Windows Firewall with Advanced Security*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_WindowsFirewall*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -8197,7 +8197,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Windows Firewall with Advanced Security*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_WindowsFirewall_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -8274,7 +8274,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Wired Network (IEEE 802.3) Policies*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_WiredNetworkPolicy*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -8351,7 +8351,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Wireless Monitor*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_WirelessMon*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
 
@@ -8428,7 +8428,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Wireless Network (IEEE 802.11) Policies*
--   GP name: *Restrict_Run*
+-   GP name: *MMC_WirelessNetworkPolicy*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
 

windows/client-management/mdm/policy-csp-admx-msapolicy.md

@@ -93,7 +93,7 @@ By default, this setting is Disabled. This setting does not affect whether users
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Block all consumer Microsoft account user authentication*
--   GP name: *DisableUserAuth*
+-   GP name: *MicrosoftAccount_DisableUserAuth*
 -   GP path: *Windows Components\Microsoft account*
 -   GP ADMX file name: *MSAPolicy.admx*
 

windows/client-management/mdm/policy-csp-admx-nca.md

@@ -122,7 +122,7 @@ You must configure this setting to have complete NCA functionality.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Corporate Resources*
--   GP name: *Probe*
+-   GP name: *CorporateResources*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
 
@@ -187,7 +187,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting specifi
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Custom Commands*
--   GP name: *CustomCommand*
+-   GP name: *CustomCommands*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
 
@@ -258,7 +258,7 @@ You must configure this setting to have complete NCA functionality.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *IPsec Tunnel Endpoints*
--   GP name: *DTE*
+-   GP name: *DTEs*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
 
@@ -401,7 +401,7 @@ If this setting is not configured, users do not have Connect or Disconnect optio
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prefer Local Names Allowed*
--   GP name: *NamePreferenceAllowed*
+-   GP name: *LocalNamesOn*
 -   GP path: *Network\DirectAccess Client Experience Settings*
 -   GP ADMX file name: *nca.admx*
 

windows/client-management/mdm/policy-csp-admx-ncsi.md

@@ -105,7 +105,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting  enable
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify corporate DNS probe host address*
--   GP name: *DnsProbeContent*
+-   GP name: *NCSI_CorpDnsProbeContent*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 
@@ -170,7 +170,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify corporate DNS probe host name*
--   GP name: *DnsProbeHost*
+-   GP name: *NCSI_CorpDnsProbeHost*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 
@@ -235,7 +235,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify corporate site prefix list*
--   GP name: *SitePrefixes*
+-   GP name: *NCSI_CorpSitePrefixes*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 
@@ -300,7 +300,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify corporate Website probe URL*
--   GP name: *WebProbeUrl*
+-   GP name: *NCSI_CorpWebProbeUrl*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 
@@ -368,7 +368,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify domain location determination URL*
--   GP name: *DomainLocationDeterminationUrl*
+-   GP name: *NCSI_DomainLocationDeterminationUrl*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 
@@ -433,7 +433,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting enables
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify global DNS*
--   GP name: *UseGlobalDns*
+-   GP name: *NCSI_GlobalDns*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 
@@ -498,7 +498,7 @@ Available in Windows 10 Insider Preview Build 20185. This Policy setting enables
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify passive polling*
--   GP name: *DisablePassivePolling*
+-   GP name: *NCSI_PassivePolling*
 -   GP path: *Network\Network Connectivity Status Indicator*
 -   GP ADMX file name: *NCSI.admx*
 

windows/client-management/mdm/policy-csp-admx-netlogon.md

@@ -201,7 +201,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify address lookup behavior for DC locator ping*
--   GP name: *AddressLookupOnPingBehavior*
+-   GP name: *Netlogon_AddressLookupOnPingBehavior*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -274,7 +274,7 @@ If you do not configure this policy setting, DC Locator APIs can return IPv4/IPv
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Return domain controller address type*
--   GP name: *AddressTypeReturned*
+-   GP name: *Netlogon_AddressTypeReturned*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -347,7 +347,7 @@ If you disable this policy setting, when the AllowSingleLabelDnsDomain policy is
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use DNS name resolution when a single-label domain name is used, by appending different registered DNS suffixes, if the AllowSingleLabelDnsDomain setting is not enabled.*
--   GP name: *AllowDnsSuffixSearch*
+-   GP name: *Netlogon_AllowDnsSuffixSearch*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -422,7 +422,7 @@ If you do not configure this policy setting, Net Logon will not allow the negoti
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow cryptography algorithms compatible with Windows NT 4.0*
--   GP name: *AllowNT4Crypto*
+-   GP name: *Netlogon_AllowNT4Crypto*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -497,7 +497,7 @@ If you do not configure this policy setting, it is not applied to any computers,
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC*
--   GP name: *AllowSingleLabelDnsDomain*
+-   GP name: *Netlogon_AllowSingleLabelDnsDomain*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -570,7 +570,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use automated site coverage by the DC Locator DNS SRV Records*
--   GP name: *AutoSiteCoverage*
+-   GP name: *Netlogon_AutoSiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -646,7 +646,7 @@ If you disable this policy setting, the DC location algorithm can use NetBIOS-ba
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails*
--   GP name: *AvoidFallbackNetbiosDiscovery*
+-   GP name: *Netlogon_AvoidFallbackNetbiosDiscovery*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -721,7 +721,7 @@ If you do not configure this policy setting, it is not applied to any DCs.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Contact PDC on logon failure*
--   GP name: *AvoidPdcOnWan*
+-   GP name: *Netlogon_AvoidPdcOnWan*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -799,7 +799,7 @@ If the value of this setting is less than the value specified in the NegativeCac
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use initial DC discovery retry setting for background callers*
--   GP name: *BackgroundRetryInitialPeriod*
+-   GP name: *Netlogon_BackgroundRetryInitialPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -879,7 +879,7 @@ If the value for this setting is too small and the DC is not available, the freq
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use maximum DC discovery retry interval setting for background callers*
--   GP name: *BackgroundRetryMaximumPeriod*
+-   GP name: *Netlogon_BackgroundRetryMaximumPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -951,7 +951,7 @@ The default value for this setting is to not quit retrying (0). The maximum valu
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use final DC discovery retry setting for background callers*
--   GP name: *BackgroundRetryQuitTime*
+-   GP name: *Netlogon_BackgroundRetryQuitTime*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1018,7 +1018,7 @@ Available in Windows 10 Insider Preview Build 20185. This policy setting determi
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use positive periodic DC cache refresh for background callers*
--   GP name: *BackgroundSuccessfulRefreshPeriod*
+-   GP name: *Netlogon_BackgroundSuccessfulRefreshPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1093,7 +1093,7 @@ If you disable this policy setting or do not configure it, the default behavior
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify log file debug output level*
--   GP name: *dbFlag*
+-   GP name: *Netlogon_DebugFlag*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1192,7 +1192,7 @@ If you do not configure this policy setting, DCs use their local configuration.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify DC Locator DNS records not registered by the DCs*
--   GP name: *DnsAvoidRegisterRecords*
+-   GP name: *Netlogon_DnsAvoidRegisterRecords*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1268,7 +1268,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify Refresh Interval of the DC Locator DNS records*
--   GP name: *DnsRefreshInterval*
+-   GP name: *Netlogon_DnsRefreshInterval*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1344,7 +1344,7 @@ A reboot is not required for changes to this setting to take effect.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use lowercase DNS host names when registering domain controller SRV records*
--   GP name: *DnsSrvRecordUseLowerCaseHostNames*
+-   GP name: *Netlogon_DnsSrvRecordUseLowerCaseHostNames*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1414,7 +1414,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set TTL in the DC Locator DNS Records*
--   GP name: *DnsTtl*
+-   GP name: *Netlogon_DnsTtl*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1485,7 +1485,7 @@ If you do not configure this policy setting, it is not applied to any computers,
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify expected dial-up delay on logon*
--   GP name: *ExpectedDialupDelay*
+-   GP name: *Netlogon_ExpectedDialupDelay*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1560,7 +1560,7 @@ If you do not configure this policy setting, Force Rediscovery will be used by d
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Force Rediscovery Interval*
--   GP name: *ForceRediscoveryInterval*
+-   GP name: *Netlogon_ForceRediscoveryInterval*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1633,7 +1633,7 @@ If you do not configure this policy setting, it is not applied to any GCs, and G
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify sites covered by the GC Locator DNS SRV Records*
--   GP name: *GcSiteCoverage*
+-   GP name: *Netlogon_GcSiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1709,7 +1709,7 @@ If you disable or do not configure this policy setting, this DC processes incomi
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names*
--   GP name: *IgnoreIncomingMailslotMessages*
+-   GP name: *Netlogon_IgnoreIncomingMailslotMessages*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1782,7 +1782,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set Priority in the DC Locator DNS SRV records*
--   GP name: *LdapSrvPriority*
+-   GP name: *Netlogon_LdapSrvPriority*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1855,7 +1855,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set Weight in the DC Locator DNS SRV records*
--   GP name: *LdapSrvWeight*
+-   GP name: *Netlogon_LdapSrvWeight*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1926,7 +1926,7 @@ If you disable or do not configure this policy setting, the default behavior occ
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify maximum log file size*
--   GP name: *MaximumLogFileSize*
+-   GP name: *Netlogon_MaximumLogFileSize*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -1999,7 +1999,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify sites covered by the application directory partition DC Locator DNS SRV records*
--   GP name: *NdncSiteCoverage*
+-   GP name: *Netlogon_NdncSiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2071,7 +2071,7 @@ The default value for this setting is 45 seconds. The maximum value for this set
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify negative DC Discovery cache setting*
--   GP name: *NegativeCachePeriod*
+-   GP name: *Netlogon_NegativeCachePeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2149,7 +2149,7 @@ If you enable this policy setting, domain administrators should ensure that the
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set Netlogon share compatibility*
--   GP name: *AllowExclusiveScriptsShareAccess*
+-   GP name: *Netlogon_NetlogonShareCompatibilityMode*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2218,7 +2218,7 @@ The default value for this setting is 30 minutes (1800). The maximum value for t
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify positive periodic DC Cache refresh for non-background callers*
--   GP name: *NonBackgroundSuccessfulRefreshPeriod*
+-   GP name: *Netlogon_NonBackgroundSuccessfulRefreshPeriod*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2296,7 +2296,7 @@ If you do not configure this policy setting, it is not applied to any computers,
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Use urgent mode when pinging domain controllers*
--   GP name: *PingUrgencyMode*
+-   GP name: *Netlogon_PingUrgencyMode*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2373,7 +2373,7 @@ To enable the setting, click Enabled, and then specify the interval in seconds.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set scavenge interval*
--   GP name: *ScavengeInterval*
+-   GP name: *Netlogon_ScavengeInterval*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2446,7 +2446,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify sites covered by the DC Locator DNS SRV records*
--   GP name: *SiteCoverage*
+-   GP name: *Netlogon_SiteCoverage*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2519,7 +2519,7 @@ If you do not configure this policy setting, it is not applied to any computers,
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify site name*
--   GP name: *SiteName*
+-   GP name: *Netlogon_SiteName*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2597,7 +2597,7 @@ If you enable this policy setting, domain administrators should ensure that the
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set SYSVOL share compatibility*
--   GP name: *AllowExclusiveSysvolShareAccess*
+-   GP name: *Netlogon_SysvolShareCompatibilityMode*
 -   GP path: *System\Net Logon*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2672,7 +2672,7 @@ If you do not configure this policy setting, Try Next Closest Site DC Location w
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Try Next Closest Site*
--   GP name: *TryNextClosestSite*
+-   GP name: *Netlogon_TryNextClosestSite*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 
@@ -2745,7 +2745,7 @@ If you do not configure this policy setting, it is not applied to any DCs, and D
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify dynamic registration of the DC Locator DNS Records*
--   GP name: *UseDynamicDns*
+-   GP name: *Netlogon_UseDynamicDns*
 -   GP path: *System\Net Logon\DC Locator DNS Records*
 -   GP ADMX file name: *Netlogon.admx*
 

windows/client-management/mdm/policy-csp-admx-offlinefiles.md

@@ -228,7 +228,7 @@ If you disable this setting or do not configure it, the system asks users whethe
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Subfolders always available offline*
--   GP name: *AlwaysPinSubFolders*
+-   GP name: *Pol_AlwaysPinSubFolders*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -302,7 +302,7 @@ If you do not configure this policy setting, no files or folders are made availa
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify administratively assigned Offline Files*
--   GP name: *AssignedOfflineFolders*
+-   GP name: *Pol_AssignedOfflineFiles_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -376,7 +376,7 @@ If you do not configure this policy setting, no files or folders are made availa
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify administratively assigned Offline Files*
--   GP name: *AssignedOfflineFolders*
+-   GP name: *Pol_AssignedOfflineFiles_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -447,7 +447,7 @@ If you disable or do not configure this policy setting, Windows performs a backg
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Background Sync*
--   GP name: *BackgroundSyncEnabled*
+-   GP name: *Pol_BackgroundSyncSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -528,7 +528,7 @@ This setting replaces the Default Cache Size setting used by pre-Windows Vista s
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Limit disk space used by Offline Files*
--   GP name: *CacheQuotaLimitUnpinned*
+-   GP name: *Pol_CacheSize*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -612,7 +612,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Action on server disconnect*
--   GP name: *GoOfflineAction*
+-   GP name: *Pol_CustomGoOfflineActions_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -696,7 +696,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Action on server disconnect*
--   GP name: *GoOfflineAction*
+-   GP name: *Pol_CustomGoOfflineActions_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -776,7 +776,7 @@ If you do not configure this setting, disk space for automatically cached files
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Default cache size*
--   GP name: *DefCacheSize*
+-   GP name: *Pol_DefCacheSize*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -850,7 +850,7 @@ If you do not configure this policy setting, Offline Files is enabled on Windows
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow or Disallow use of the Offline Files feature*
--   GP name: *Enabled*
+-   GP name: *Pol_Enabled*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -927,7 +927,7 @@ This setting is applied at user logon. If this setting is changed after user log
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Encrypt the Offline Files cache*
--   GP name: *EncryptCache*
+-   GP name: *Pol_EncryptOfflineFiles*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1007,7 +1007,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event logging level*
--   GP name: *EventLoggingLevel*
+-   GP name: *Pol_EventLoggingLevel_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1087,7 +1087,7 @@ To use this setting, in the "Enter" box, select the number corresponding to the
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Event logging level*
--   GP name: *EventLoggingLevel*
+-   GP name: *Pol_EventLoggingLevel_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1156,7 +1156,7 @@ If you disable or do not configure this policy setting, a user can create a file
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable file screens*
--   GP name: *ExcludedFileTypes*
+-   GP name: *Pol_ExclusionListSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1230,7 +1230,7 @@ To use this setting, type the file name extension in the "Extensions" box. To ty
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Files not cached*
--   GP name: *ExcludeExtensions*
+-   GP name: *Pol_ExtExclusionList*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1314,7 +1314,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Action on server disconnect*
--   GP name: *GoOfflineAction*
+-   GP name: *Pol_GoOfflineAction_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1398,7 +1398,7 @@ Also, see the "Non-default server disconnect actions" setting.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Action on server disconnect*
--   GP name: *GoOfflineAction*
+-   GP name: *Pol_GoOfflineAction_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1472,7 +1472,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent use of Offline Files folder*
--   GP name: *NoCacheViewer*
+-   GP name: *Pol_NoCacheViewer_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1546,7 +1546,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent use of Offline Files folder*
--   GP name: *NoCacheViewer*
+-   GP name: *Pol_NoCacheViewer_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1620,7 +1620,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prohibit user configuration of Offline Files*
--   GP name: *NoConfigCache*
+-   GP name: *Pol_NoConfigCache_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1694,7 +1694,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prohibit user configuration of Offline Files*
--   GP name: *NoConfigCache*
+-   GP name: *Pol_NoConfigCache_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1767,7 +1767,7 @@ If you disable or do not configure this policy setting, users can manually speci
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Make Available Offline" command*
--   GP name: *NoMakeAvailableOffline*
+-   GP name: *Pol_NoMakeAvailableOffline_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1840,7 +1840,7 @@ If you disable or do not configure this policy setting, users can manually speci
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Make Available Offline" command*
--   GP name: *NoMakeAvailableOffline*
+-   GP name: *Pol_NoMakeAvailableOffline_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1917,7 +1917,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Make Available Offline" for these files and folders*
--   GP name: *NoMakeAvailableOfflineList*
+-   GP name: *Pol_NoPinFiles_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -1994,7 +1994,7 @@ If you do not configure this policy setting, the "Make Available Offline" comman
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Make Available Offline" for these files and folders*
--   GP name: *NoMakeAvailableOfflineList*
+-   GP name: *Pol_NoPinFiles_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2074,7 +2074,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off reminder balloons*
--   GP name: *NoReminders*
+-   GP name: *Pol_NoReminders_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2154,7 +2154,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn off reminder balloons*
--   GP name: *NoReminders*
+-   GP name: *Pol_NoReminders_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2227,7 +2227,7 @@ If you disable or do not configure this policy setting, remote files will be not
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Transparent Caching*
--   GP name: *OnlineCachingLatencyThreshold*
+-   GP name: *Pol_OnlineCachingSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2298,7 +2298,7 @@ If you disable this setting or do not configure it, the system asks users whethe
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Subfolders always available offline*
--   GP name: *AlwaysPinSubFolders*
+-   GP name: *Pol_AlwaysPinSubFolders*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2370,7 +2370,7 @@ If you disable this setting or do not configure it, automatically and manually c
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *At logoff, delete local copy of user’s offline files*
--   GP name: *PurgeOnlyAutoCacheAtLogoff*
+-   GP name: *Pol_PurgeAtLogoff*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2439,7 +2439,7 @@ If you disable this policy setting, all administratively assigned folders are sy
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on economical application of administratively assigned Offline Files*
--   GP name: *EconomicalAdminPinning*
+-   GP name: *Pol_QuickAdimPin*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2513,7 +2513,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reminder balloon frequency*
--   GP name: *ReminderFreqMinutes*
+-   GP name: *Pol_ReminderFreq_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2587,7 +2587,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reminder balloon frequency*
--   GP name: *ReminderFreqMinutes*
+-   GP name: *Pol_ReminderFreq_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2656,7 +2656,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initial reminder balloon lifetime*
--   GP name: *InitialBalloonTimeoutSeconds*
+-   GP name: *Pol_ReminderInitTimeout_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2725,7 +2725,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Initial reminder balloon lifetime*
--   GP name: *InitialBalloonTimeoutSeconds*
+-   GP name: *Pol_ReminderInitTimeout_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2794,7 +2794,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reminder balloon lifetime*
--   GP name: *ReminderBalloonTimeoutSeconds*
+-   GP name: *Pol_ReminderTimeout_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2863,7 +2863,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Reminder balloon lifetime*
--   GP name: *ReminderBalloonTimeoutSeconds*
+-   GP name: *Pol_ReminderTimeout_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -2942,7 +2942,7 @@ If you disable this policy setting, computers will not use the slow-link mode.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure slow-link mode*
--   GP name: *SlowLinkEnabled*
+-   GP name: *Pol_SlowLinkSettings*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3016,7 +3016,7 @@ If this setting is disabled or not configured, the default threshold value of 64
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Slow link speed*
--   GP name: *SlowLinkSpeed*
+-   GP name: *Pol_SlowLinkSpeed*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3094,7 +3094,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Synchronize all offline files before logging off*
--   GP name: *SyncAtLogoff*
+-   GP name: *Pol_SyncAtLogoff_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3172,7 +3172,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Synchronize all offline files before logging off*
--   GP name: *SyncAtLogoff*
+-   GP name: *Pol_SyncAtLogoff_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3250,7 +3250,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Synchronize all offline files when logging on*
--   GP name: *SyncAtLogon*
+-   GP name: *Pol_SyncAtLogon_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3330,7 +3330,7 @@ This setting appears in the Computer Configuration and User Configuration folder
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Synchronize all offline files when logging on*
--   GP name: *SyncAtLogon*
+-   GP name: *Pol_SyncAtLogon_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3402,7 +3402,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Synchronize offline files before suspend*
--   GP name: *SyncAtSuspend*
+-   GP name: *Pol_SyncAtSuspend_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3474,7 +3474,7 @@ If you disable or do not configuring this setting, files are not synchronized wh
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Synchronize offline files before suspend*
--   GP name: *SyncAtSuspend*
+-   GP name: *Pol_SyncAtSuspend_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3543,7 +3543,7 @@ If this setting is disabled or not configured, synchronization will not run in t
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable file synchronization on costed networks*
--   GP name: *SyncEnabledForCostedNetwork*
+-   GP name: *Pol_SyncOnCostedNetwork*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3612,7 +3612,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Work offline" command*
--   GP name: *WorkOfflineDisabled*
+-   GP name: *Pol_WorkOfflineDisabled_1*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 
@@ -3681,7 +3681,7 @@ If you disable or do not configure this policy setting, the "Work offline" comma
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Remove "Work offline" command*
--   GP name: *WorkOfflineDisabled*
+-   GP name: *Pol_WorkOfflineDisabled_2*
 -   GP path: *Network\Offline Files*
 -   GP ADMX file name: *OfflineFiles.admx*
 

windows/client-management/mdm/policy-csp-admx-peertopeercaching.md

@@ -125,7 +125,7 @@ Select one of the following:
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on BranchCache*
--   GP name: *Enable*
+-   GP name: *EnableWindowsBranchCache*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -203,7 +203,7 @@ Select one of the following:
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set BranchCache Distributed Cache mode*
--   GP name: *Enable*
+-   GP name: *EnableWindowsBranchCache_Distributed*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -287,7 +287,7 @@ Hosted cache clients must trust the server certificate that is issued to the hos
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set BranchCache Hosted Cache mode*
--   GP name: *Location*
+-   GP name: *EnableWindowsBranchCache_Hosted*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -374,7 +374,7 @@ Select one of the following:
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Automatic Hosted Cache Discovery by Service Connection Point*
--   GP name: *SCPDiscoveryEnabled*
+-   GP name: *EnableWindowsBranchCache_HostedCacheDiscovery*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -457,7 +457,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Hosted Cache Servers*
--   GP name: *MultipleServers*
+-   GP name: *EnableWindowsBranchCache_HostedMultipleServers*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -534,7 +534,7 @@ In circumstances where this policy setting is enabled, you can also select and c
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure BranchCache for network files*
--   GP name: *PeerCachingLatencyThreshold*
+-   GP name: *EnableWindowsBranchCache_SMB*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -618,7 +618,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set percentage of disk space used for client computer cache*
--   GP name: *SizePercent*
+-   GP name: *SetCachePercent*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -699,7 +699,7 @@ In circumstances where this setting is enabled, you can also select and configur
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Set age for segments in the data cache*
--   GP name: *SegmentTTL*
+-   GP name: *SetDataCacheEntryMaxAge*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 
@@ -783,7 +783,7 @@ Select from the following versions
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Client BranchCache Version Support*
--   GP name: *PreferredContentInformationVersion*
+-   GP name: *SetDowngrading*
 -   GP path: *Network\BranchCache*
 -   GP ADMX file name: *PeerToPeerCaching.admx*
 

windows/client-management/mdm/policy-csp-admx-performancediagnostics.md

@@ -108,7 +108,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Scenario Execution Level*
--   GP name: *ScenarioExecutionEnabled*
+-   GP name: *WdiScenarioExecutionPolicy_1*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows Boot Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
 
@@ -185,7 +185,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Scenario Execution Level*
--   GP name: *ScenarioExecutionEnabled*
+-   GP name: *WdiScenarioExecutionPolicy_2*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows System Responsiveness Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
 
@@ -262,7 +262,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Scenario Execution Level*
--   GP name: *ScenarioExecutionEnabled*
+-   GP name: *WdiScenarioExecutionPolicy_3*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows Shutdown Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
 
@@ -339,7 +339,7 @@ This policy setting will only take effect when the Diagnostic Policy Service is
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Scenario Execution Level*
--   GP name: *ScenarioExecutionEnabled*
+-   GP name: *WdiScenarioExecutionPolicy_4*
 -   GP path: *System\Troubleshooting and Diagnostics\Windows Standby/Resume Performance Diagnostics*
 -   GP ADMX file name: *PerformanceDiagnostics.admx*
 

windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md

@@ -0,0 +1,351 @@
+---
+title: Policy CSP - ADMX_PowerShellExecutionPolicy
+description: Policy CSP - ADMX_PowerShellExecutionPolicy
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_PowerShellExecutionPolicy
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_PowerShellExecutionPolicy policies  
+
+<dl>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enablemodulelogging">ADMX_PowerShellExecutionPolicy/EnableModuleLogging</a>
+  </dd>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enablescripts">ADMX_PowerShellExecutionPolicy/EnableScripts</a>
+  </dd>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enabletranscripting">ADMX_PowerShellExecutionPolicy/EnableTranscripting</a>
+  </dd>
+  <dd>
+    <a href="#admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath">ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enablemodulelogging"></a>**ADMX_PowerShellExecutionPolicy/EnableModuleLogging**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to turn on logging for Windows PowerShell modules.
+
+If you enable this policy setting, pipeline execution events for members of the specified modules are recorded in the Windows PowerShell log in Event Viewer. Enabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to True.
+
+If you disable this policy setting, logging of execution events is disabled for all Windows PowerShell modules. Disabling this policy setting for a module is equivalent to setting the LogPipelineExecutionDetails property of the module to False.  If this policy setting is not configured, the LogPipelineExecutionDetails property of a module or snap-in determines whether the execution events of a module or snap-in are logged. By default, the LogPipelineExecutionDetails property of all modules and snap-ins is set to False.
+
+To add modules and snap-ins to the policy setting list, click Show, and then type the module names in the list. The modules and snap-ins in the list must be installed on the computer.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on Module Logging*
+-   GP name: *EnableModuleLogging*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enablescripts"></a>**ADMX_PowerShellExecutionPolicy/EnableScripts**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you configure the script execution policy, controlling which scripts are allowed to run.
+
+If you enable this policy setting, the scripts selected in the drop-down list are allowed to run.  The "Allow only signed scripts" policy setting allows scripts to execute only if they are signed by a trusted publisher.
+
+The "Allow local scripts and remote signed scripts" policy setting allows any local scripts to run; scripts that originate from the Internet must be signed by a trusted publisher.  The "Allow all scripts" policy setting allows all scripts to run.
+
+If you disable this policy setting, no scripts are allowed to run.
+
+> [!NOTE]
+> This policy setting exists under both "Computer Configuration" and "User Configuration" in the Local Group Policy Editor. The "Computer Configuration" has precedence over "User Configuration."  If you disable or do not configure this policy setting, it reverts to a per-machine preference setting; the default if that is not configured is "No scripts allowed."
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on Script Execution*
+-   GP name: *EnableScripts*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enabletranscripting"></a>**ADMX_PowerShellExecutionPolicy/EnableTranscripting**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting lets you capture the input and output of Windows PowerShell commands into text-based transcripts.
+
+If you enable this policy setting, Windows PowerShell will enable transcripting for Windows PowerShell, the Windows PowerShell ISE, and any other  applications that leverage the Windows PowerShell engine. By default, Windows PowerShell will record transcript output to each users' My Documents directory, with a file name that includes 'PowerShell_transcript', along with the computer name and time started. Enabling this policy is equivalent  to calling the Start-Transcript cmdlet on each Windows PowerShell session.
+
+If you disable this policy setting, transcripting of PowerShell-based applications is disabled by default, although transcripting can still be enabled  through the Start-Transcript cmdlet.
+
+If you use the OutputDirectory setting to enable transcript logging to a shared location, be sure to limit access to that directory to prevent users  from viewing the transcripts of other users or computers.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on PowerShell Transcription*
+-   GP name: *EnableTranscripting*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-powershellexecutionpolicy-enableupdatehelpdefaultsourcepath"></a>**ADMX_PowerShellExecutionPolicy/EnableUpdateHelpDefaultSourcePath**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to set the default value of the SourcePath parameter on the Update-Help cmdlet.
+
+If you enable this policy setting, the Update-Help cmdlet will use the specified value as the default value for the SourcePath parameter. This default value can be overridden by specifying a different value with the SourcePath parameter on the Update-Help cmdlet.
+
+If this policy setting is disabled or not configured, this policy setting does not set a default value for the SourcePath parameter of the Update-Help cmdlet.
+
+> [!NOTE]
+> This policy setting exists under both Computer Configuration and User Configuration in the Group Policy Editor. The Computer Configuration policy setting takes precedence over the User Configuration policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set the default source path for Update-Help*
+-   GP name: *EnableUpdateHelpDefaultSourcePath*
+-   GP path: *Windows Components\Windows PowerShell*
+-   GP ADMX file name: *PowerShellExecutionPolicy.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-admx-reliability.md

@@ -105,7 +105,7 @@ If you do not configure this policy setting, the Persistent System Timestamp is
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Enable Persistent Time Stamp*
--   GP name: *TimeStampEnabled*
+-   GP name: *EE_EnablePersistentTimeStamp*
 -   GP path: *System*
 -   GP ADMX file name: *Reliability.admx*
 
@@ -180,7 +180,7 @@ Also see the "Configure Error Reporting" policy setting.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Report unplanned shutdown events*
--   GP name: *IncludeShutdownErrs*
+-   GP name: *PCH_ReportShutdownEvents*
 -   GP path: *Windows Components\Windows Error Reporting\Advanced Error Reporting Settings*
 -   GP ADMX file name: *Reliability.admx*
 
@@ -258,7 +258,7 @@ If you do not configure this policy setting, the default behavior for the System
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Activate Shutdown Event Tracker System State Data feature*
--   GP name: *SnapShot*
+-   GP name: *ShutdownEventTrackerStateFile*
 -   GP path: *System*
 -   GP ADMX file name: *Reliability.admx*
 
@@ -338,7 +338,7 @@ If you do not configure this policy setting, the default behavior for the Shutdo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Display Shutdown Event Tracker*
--   GP name: *ShutdownReasonOn*
+-   GP name: *ShutdownReason*
 -   GP path: *System*
 -   GP ADMX file name: *Reliability.admx*
 

windows/client-management/mdm/policy-csp-admx-scripts.md

@@ -124,7 +124,7 @@ If you disable or do not configure this policy setting, user account cross-fores
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Allow logon scripts when NetBIOS or WINS is disabled*
--   GP name: *Allow-LogonScript-NetbiosDisabled*
+-   GP name: *Allow_Logon_Script_NetbiosDisabled*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -199,7 +199,7 @@ If you disable or do not configure this setting the system lets the combined set
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify maximum wait time for Group Policy scripts*
--   GP name: *MaxGPOScriptWait*
+-   GP name: *MaxGPOScriptWaitPolicy*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -291,7 +291,7 @@ Within GPO C: C.cmd, C.ps1
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run Windows PowerShell scripts first at computer startup, shutdown*
--   GP name: *RunComputerPSScriptsFirst*
+-   GP name: *Run_Computer_PS_Scripts_First*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -364,7 +364,7 @@ Also, see the "Run Logon Scripts Visible" setting.
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run legacy logon scripts hidden*
--   GP name: *HideLegacyLogonScripts*
+-   GP name: *Run_Legacy_Logon_Script_Hidden*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -435,7 +435,7 @@ If you disable or do not configure this policy setting, the instructions are sup
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Display instructions in logoff scripts as they run*
--   GP name: *HideLogoffScripts*
+-   GP name: *Run_Logoff_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -506,7 +506,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run logon scripts synchronously*
--   GP name: *RunLogonScriptSync*
+-   GP name: *Run_Logon_Script_Sync_1*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -577,7 +577,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run logon scripts synchronously*
--   GP name: *RunLogonScriptSync*
+-   GP name: *Run_Logon_Script_Sync_2*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -648,7 +648,7 @@ If you disable or do not configure this policy setting, the instructions are sup
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Display instructions in logon scripts as they run*
--   GP name: *HideLogonScripts*
+-   GP name: *Run_Logon_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -719,7 +719,7 @@ If you disable or do not configure this policy setting, the instructions are sup
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Display instructions in shutdown scripts as they run*
--   GP name: *HideShutdownScripts*
+-   GP name: *Run_Shutdown_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -793,7 +793,7 @@ If you disable or do not configure this policy setting, a startup cannot run unt
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run startup scripts asynchronously*
--   GP name: *RunStartupScriptSync*
+-   GP name: *Run_Startup_Script_Sync*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -867,7 +867,7 @@ If you disable or do not configure this policy setting, the instructions are sup
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Display instructions in startup scripts as they run*
--   GP name: *HideStartupScripts*
+-   GP name: *Run_Startup_Script_Visible*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 
@@ -962,7 +962,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run Windows PowerShell scripts first at user logon, logoff*
--   GP name: *RunUserPSScriptsFirst*
+-   GP name: *Run_User_PS_Scripts_First*
 -   GP path: *System\Scripts*
 -   GP ADMX file name: *Scripts.admx*
 

windows/client-management/mdm/policy-csp-admx-sdiageng.md

@@ -97,7 +97,7 @@ If you disable this policy setting, users can only access and search troubleshoo
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS)*
--   GP name: *EnableQueryRemoteServer*
+-   GP name: *BetterWhenConnected*
 -   GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
 -   GP ADMX file name: *sdiageng.admx*
 
@@ -168,7 +168,7 @@ Note that this setting also controls a user's ability to launch standalone troub
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Troubleshooting: Allow users to access and run Troubleshooting Wizards*
--   GP name: *EnableDiagnostics*
+-   GP name: *ScriptedDiagnosticsExecutionPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
 -   GP ADMX file name: *sdiageng.admx*
 
@@ -237,7 +237,7 @@ If you disable or do not configure this policy setting, the scripted diagnostics
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Configure Security Policy for Scripted Diagnostics*
--   GP name: *ValidateTrust*
+-   GP name: *ScriptedDiagnosticsSecurityPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Scripted Diagnostics*
 -   GP ADMX file name: *sdiageng.admx*
 

windows/client-management/mdm/policy-csp-admx-securitycenter.md

@@ -103,7 +103,7 @@ In Windows Vista, this policy setting monitors essential security settings to in
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Turn on Security Center (Domain PCs only)*
--   GP name: *SecurityCenterInDomain*
+-   GP name: *SecurityCenter_SecurityCenterInDomain*
 -   GP path: *Windows Components\Security Center*
 -   GP ADMX file name: *Securitycenter.admx*
 

windows/client-management/mdm/policy-csp-admx-sensors.md

@@ -0,0 +1,401 @@
+---
+title: Policy CSP - ADMX_Sensors
+description: Policy CSP - ADMX_Sensors
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Sensors
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Sensors policies  
+
+<dl>
+  <dd>
+    <a href="#admx-sensors-disablelocationscripting-1">ADMX_Sensors/DisableLocationScripting_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablelocationscripting-2">ADMX_Sensors/DisableLocationScripting_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablelocation-1">ADMX_Sensors/DisableLocation_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablesensors-1">ADMX_Sensors/DisableSensors_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-sensors-disablesensors-2">ADMX_Sensors/DisableSensors_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablelocationscripting-1"></a>**ADMX_Sensors/DisableLocationScripting_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablelocationscripting-2"></a>**ADMX_Sensors/DisableLocationScripting_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off scripting for the location feature.
+
+If you enable this policy setting, scripts for the location feature will not run.
+
+If you disable or do not configure this policy setting, all location scripts will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off location scripting*
+-   GP name: *DisableLocationScripting_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablelocation-1"></a>**ADMX_Sensors/DisableLocation_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the location feature for this computer.
+
+If you enable this policy setting, the location feature is turned off, and all programs on this computer are prevented from using location information from the location feature.
+
+If you disable or do not configure this policy setting, all programs on this computer will not be prevented from using location information from the location feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off location*
+-   GP name: *DisableLocation_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablesensors-1"></a>**ADMX_Sensors/DisableSensors_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_1*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-sensors-disablesensors-2"></a>**ADMX_Sensors/DisableSensors_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting turns off the sensor feature for this computer.
+
+If you enable this policy setting, the sensor feature is turned off, and all programs on this computer cannot use the sensor feature.
+
+If you disable or do not configure this policy setting, all programs on this computer can use the sensor feature.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off sensors*
+-   GP name: *DisableSensors_2*
+-   GP path: *Windows Components\Location and Sensors*
+-   GP ADMX file name: *Sensors.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-admx-servicing.md

@@ -93,7 +93,7 @@ If you disable or do not configure this policy setting, or if the required files
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Specify settings for optional component installation and component repair*
--   GP name: *RepairContentServerSource*
+-   GP name: *Servicing*
 -   GP path: *System*
 -   GP ADMX file name: *Servicing.admx*
 

windows/client-management/mdm/policy-csp-admx-sharing.md

@@ -22,9 +22,6 @@ manager: dansimp
 ## ADMX_Sharing policies  
 
 <dl>
-  <dd>
-    <a href="#admx-sharing-disablehomegroup">ADMX_Sharing/DisableHomeGroup</a>
-  </dd>
   <dd>
     <a href="#admx-sharing-noinplacesharing">ADMX_Sharing/NoInplaceSharing</a>
   </dd>
@@ -32,80 +29,6 @@ manager: dansimp
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="admx-sharing-disablehomegroup"></a>**ADMX_Sharing/DisableHomeGroup**  
-
-<!--SupportedSKUs-->
-<table>
-<tr>
-    <th>Windows Edition</th>
-    <th>Supported?</th>
-</tr>
-<tr>
-    <td>Home</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Pro</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Business</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-<tr>
-    <td>Enterprise</td>
-    <td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-<tr>
-    <td>Education</td>
-    <td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether users can add computers to a homegroup. By default, users can add their computer to a homegroup on a private network.
-
-If you enable this policy setting, users cannot add computers to a homegroup. This policy setting does not affect other network sharing features.
-
-If you disable or do not configure this policy setting, users can add computers to a homegroup. However, data on a domain-joined computer is not shared with the homegroup.
-
-This policy setting is not configured by default.
-
-You must restart the computer for this policy setting to take effect.
-
-<!--/Description-->
-> [!TIP]
-> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
-> 
-> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
-> 
-> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP English name: *Prevent the computer from joining a homegroup*
--   GP name: *DisableHomeGroup*
--   GP path: *Windows Components\HomeGroup*
--   GP ADMX file name: *Sharing.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
 <!--Policy-->
 <a href="" id="admx-sharing-noinplacesharing"></a>**ADMX_Sharing/NoInplaceSharing**  
 

windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md

@@ -174,7 +174,7 @@ To prevent users from using other administrative tools, use the "Run only specif
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Prevent access to registry editing tools*
--   GP name: *DisableRegistryTools*
+-   GP name: *DisableRegedit*
 -   GP path: *System*
 -   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
 
@@ -250,7 +250,7 @@ This policy setting only prevents users from running programs that are started b
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Don't run specified Windows applications*
--   GP name: *DisallowRun*
+-   GP name: *DisallowApps*
 -   GP path: *System*
 -   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
 
@@ -325,7 +325,7 @@ This policy setting only prevents users from running programs that are started b
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP English name: *Run only specified Windows applications*
--   GP name: *RestrictRun*
+-   GP name: *RestrictApps*
 -   GP path: *System*
 -   GP ADMX file name: *Shell-CommandPrompt-RegEditTools.admx*
 

windows/client-management/mdm/policy-csp-admx-snmp.md

@@ -0,0 +1,290 @@
+---
+title: Policy CSP - ADMX_Snmp
+description: Policy CSP - ADMX_Snmp
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/24/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Snmp
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Snmp policies  
+
+<dl>
+  <dd>
+    <a href="#admx-snmp-snmp-communities">ADMX_Snmp/SNMP_Communities</a>
+  </dd>
+  <dd>
+    <a href="#admx-snmp-snmp-permittedmanagers">ADMX_Snmp/SNMP_PermittedManagers</a>
+  </dd>
+  <dd>
+    <a href="#admx-snmp-snmp-traps-public">ADMX_Snmp/SNMP_Traps_Public</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-communities"></a>**ADMX_Snmp/SNMP_Communities**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures a list of the communities defined to the Simple Network Management Protocol (SNMP) service.
+
+SNMP is a protocol designed to give a user the capability to remotely manage a computer network, by polling and setting terminal values and monitoring network events.
+
+A valid community is a community recognized by the SNMP service, while a community is a group of hosts (servers, workstations, hubs, and routers) that are administered together by SNMP. The SNMP service is a managed network node that receives SNMP packets from the network.
+
+If you enable this policy setting, the SNMP agent only accepts requests from management systems within the communities it recognizes, and only SNMP Read operation is allowed for the community.
+
+If you disable or do not configure this policy setting, the SNMP service takes the Valid Communities configured on the local computer instead.
+
+Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\ValidCommunities key to allow only the local admin group full control.
+
+> [!NOTE]
+> - It is good practice to use a cryptic community name.
+> - This policy setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP settings: "Specify permitted managers" and "Specify trap configuration".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify communities*
+-   GP name: *SNMP_Communities*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-permittedmanagers"></a>**ADMX_Snmp/SNMP_PermittedManagers**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting determines the permitted list of hosts that can submit a query to the Simple Network Management (SNMP) agent running on the client computer.
+
+Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
+
+The manager is located on the host computer on the network. The manager's role is to poll the agents for certain requested information.
+
+If you enable this policy setting, the SNMP agent only accepts requests from the list of permitted managers that you configure using this setting.
+
+If you disable or do not configure this policy setting, SNMP service takes the permitted managers configured on the local computer instead.
+
+Best practice: For security purposes, it is recommended to restrict the HKLM\SOFTWARE\Policies\SNMP\Parameters\PermittedManagers key to allow only the local admin group full control.
+
+> [!NOTE]
+> This policy setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP policy settings: "Specify trap configuration" and "Specify Community Name".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify permitted managers*
+-   GP name: *SNMP_PermittedManagers*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-snmp-snmp-traps-public"></a>**ADMX_Snmp/SNMP_Traps_Public**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows trap configuration for the Simple Network Management Protocol (SNMP) agent.
+
+Simple Network Management Protocol is a protocol designed to give a user the capability to remotely manage a computer network by polling and setting terminal values and monitoring network events.
+
+This policy setting allows you to configure the name of the hosts that receive trap messages for the community sent by the SNMP service. A trap message is an alert or significant event that allows the SNMP agent to notify management systems asynchronously.
+
+If you enable this policy setting, the SNMP service sends trap messages to the hosts within the "public" community.
+
+If you disable or do not configure this policy setting, the SNMP service takes the trap configuration configured on the local computer instead.
+
+> [!NOTE]
+> This setting has no effect if the SNMP agent is not installed on the client computer.
+
+Also, see the other two SNMP settings: "Specify permitted managers" and "Specify Community Name".
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Specify traps for public community*
+-   GP name: *SNMP_Traps_Public*
+-   GP path: *Network\SNMP*
+-   GP ADMX file name: *Snmp.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-thumbnails.md

@@ -0,0 +1,264 @@
+---
+title: Policy CSP - ADMX_Thumbnails
+description: Policy CSP - ADMX_Thumbnails
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/25/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_Thumbnails
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_Thumbnails policies  
+
+<dl>
+  <dd>
+    <a href="#admx-thumbnails-disablethumbnails">ADMX_Thumbnails/DisableThumbnails</a>
+  </dd>  
+  <dd>
+    <a href="#admx-thumbnails-disablethumbnailsonnetworkfolders">ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders</a>
+  </dd>
+  <dd>
+    <a href="#admx-thumbnails-disablethumbsdbonnetworkfolders">ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders</a>
+  </dd>
+</dl>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbnails"></a>**ADMX_Thumbnails/DisableThumbnails**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on the local computer.
+
+File Explorer displays thumbnail images by default. 
+
+If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images.
+
+If you disable or do not configure this policy setting, File Explorer displays only thumbnail images.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the display of thumbnails and only display icons.*
+-   GP name: *DisableThumbnails*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbnailsonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbnailsOnNetworkFolders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
+
+File Explorer displays thumbnail images on network folders by default.
+
+If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
+
+If you disable or do not configure this policy setting, File Explorer displays only thumbnail images on network folders.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the display of thumbnails and only display icons on network folders*
+-   GP name: *DisableThumbnailsOnNetworkFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-thumbnails-disablethumbsdbonnetworkfolders"></a>**ADMX_Thumbnails/DisableThumbsDBOnNetworkFolders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Turns off the caching of thumbnails in hidden thumbs.db files.
+
+This policy setting allows you to configure File Explorer to cache thumbnails of items residing in network folders in hidden thumbs.db files.
+
+If you enable this policy setting, File Explorer does not create, read from, or write to thumbs.db files.
+
+If you disable or do not configure this policy setting, File Explorer creates, reads from, and writes to thumbs.db files.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the caching of thumbnails in hidden thumbs.db files*
+-   GP name: *DisableThumbsDBOnNetworkFolders*
+-   GP path: *Windows Components\File Explorer*
+-   GP ADMX file name: *Thumbnails.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-tpm.md

@@ -0,0 +1,803 @@
+---
+title: Policy CSP - ADMX_TPM
+description: Policy CSP - ADMX_TPM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/25/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_TPM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_TPM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-tpm-blockedcommandslist-name">ADMX_TPM/BlockedCommandsList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-cleartpmifnotready-name">ADMX_TPM/ClearTPMIfNotReady_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-ignoredefaultlist-name">ADMX_TPM/IgnoreDefaultList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-ignorelocallist-name">ADMX_TPM/IgnoreLocalList_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-osmanagedauth-name">ADMX_TPM/OSManagedAuth_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-optintodsha-name">ADMX_TPM/OptIntoDSHA_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailureduration-name">ADMX_TPM/StandardUserAuthorizationFailureDuration_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailureindividualthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-standarduserauthorizationfailuretotalthreshold-name">ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name</a>
+  </dd>
+  <dd>
+    <a href="#admx-tpm-uselegacydap-name">ADMX_TPM/UseLegacyDAP_Name</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-blockedcommandslist-name"></a>**ADMX_TPM/BlockedCommandsList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands blocked by Windows.
+
+If you enable this policy setting, Windows will block the specified commands from being sent to the TPM on the computer. TPM commands are referenced by a command number. For example, command number 129 is TPM_OwnerReadInternalPub, and command number 170 is TPM_FieldUpgrade. To find the command number associated with each TPM command with TPM 1.2, run "tpm.msc" and navigate to the "Command Management" section.
+
+If you disable or do not configure this policy setting, only those TPM commands specified through the default or local lists may be blocked by Windows. The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See related policy settings to enforce or ignore the default and local lists of blocked TPM commands.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the list of blocked TPM commands*
+-   GP name: *BlockedCommandsList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-cleartpmifnotready-name"></a>**ADMX_TPM/ClearTPMIfNotReady_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the system to prompt the user to clear the TPM if the TPM is detected to be in any state other than Ready. This policy will take effect only if the system’s TPM is in a state other than Ready, including if the TPM is “Ready, with reduced functionality”. The prompt to clear the TPM will start occurring after the next reboot, upon user login only if the logged in user is part of the Administrators group for the system. The prompt can be dismissed, but will reappear after every reboot and login until the policy is disabled or until the TPM is in a Ready state.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP name: *ClearTPMIfNotReady_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-ignoredefaultlist-name"></a>**ADMX_TPM/IgnoreDefaultList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's default list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows will ignore the computer's default list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the local list.
+
+The default list of blocked TPM commands is pre-configured by Windows. You can view the default list by running "tpm.msc", navigating to the "Command Management" section, and making visible the "On Default Block List" column. The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or do not configure this policy setting, Windows will block the TPM commands in the default list, in addition to commands in the Group Policy and local lists of blocked TPM commands. 
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Ignore the default list of blocked TPM commands*
+-   GP name: *IgnoreDefaultList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-ignorelocallist-name"></a>**ADMX_TPM/IgnoreLocalList_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to enforce or ignore the computer's local list of blocked Trusted Platform Module (TPM) commands.
+
+If you enable this policy setting, Windows will ignore the computer's local list of blocked TPM commands and will only block those TPM commands specified by Group Policy or the default list.
+
+The local list of blocked TPM commands is configured outside of Group Policy by running "tpm.msc" or through scripting against the Win32_Tpm interface. The default list of blocked TPM commands is pre-configured by Windows. See the related policy setting to configure the Group Policy list of blocked TPM commands.
+
+If you disable or do not configure this policy setting, Windows will block the TPM commands found in the local list, in addition to commands in the Group Policy and default lists of blocked TPM commands.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Ignore the local list of blocked TPM commands*
+-   GP name: *IgnoreLocalList_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-osmanagedauth-name"></a>**ADMX_TPM/OSManagedAuth_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures how much of the TPM owner authorization information is stored in the registry of the local computer. Depending on the amount of TPM owner authorization information stored locally, the operating system and TPM-based applications can perform certain TPM actions which require TPM owner authorization without requiring the user to enter the TPM owner password.
+
+You can choose to have the operating system store either the full TPM owner authorization value, the TPM administrative delegation blob plus the TPM user delegation blob, or none.
+
+If you enable this policy setting, Windows will store the TPM owner authorization in the registry of the local computer according to the operating system managed TPM authentication setting you choose.
+
+Choose the operating system managed TPM authentication setting of "Full" to store the full TPM owner authorization, the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting allows use of the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios which do not depend on preventing reset of the TPM anti-hammering logic or changing the TPM owner authorization value. Some TPM-based applications may require this setting be changed before features which depend on the TPM anti-hammering logic can be used.
+
+Choose the operating system managed TPM authentication setting of "Delegated" to store only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM anti-hammering logic.
+
+Choose the operating system managed TPM authentication setting of "None" for compatibility with previous operating systems and applications or for use with scenarios that require TPM owner authorization not be stored locally. Using this setting might cause issues with some TPM-based applications.
+
+> [!NOTE]
+> If the operating system managed TPM authentication setting is changed from "Full" to "Delegated", the full TPM owner authorization value will be regenerated and any copies of the original TPM owner authorization value will be invalid.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the level of TPM owner authorization information available to the operating system*
+-   GP name: *OSManagedAuth_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-optintodsha-name"></a>**ADMX_TPM/OptIntoDSHA_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This group policy enables Device Health Attestation reporting (DHA-report) on supported devices. It enables supported devices to send Device Health Attestation related information (device boot logs, PCR values, TPM certificate, etc.) to Device Health Attestation Service (DHA-Service) every time a device starts. Device Health Attestation Service validates the security state and health of the devices, and makes the findings accessible to enterprise administrators via a cloud based reporting portal. This policy is independent of DHA reports that are initiated by device manageability solutions (like MDM or SCCM), and will not interfere with their workflows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Device Health Attestation Monitoring and Reporting*
+-   GP name: *OptIntoDSHA_Name*
+-   GP path: *System\Device Health Attestation Service*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailureduration-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureDuration_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the duration in minutes for counting standard user authorization failures for Trusted Platform Module (TPM) commands requiring authorization. If the number of TPM commands with an authorization failure within the duration equals a threshold, a standard user is prevented from sending commands requiring authorization to the TPM.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than this duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+The Standard User Lockout Threshold Individual value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 480 minutes (8 hours) is used.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Lockout Duration*
+-   GP name: *StandardUserAuthorizationFailureDuration_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailureindividualthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureIndividualThreshold_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for each standard user for the Trusted Platform Module (TPM). If the number of authorization failures for the user within the duration for Standard User Lockout Duration equals this value, the standard user is prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+This value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+The Standard User Lockout Total Threshold value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 4 is used.
+
+A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Individual Lockout Threshold*
+-   GP name: *StandardUserAuthorizationFailureIndividualThreshold_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-standarduserauthorizationfailuretotalthreshold-name"></a>**ADMX_TPM/StandardUserAuthorizationFailureTotalThreshold_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to manage the maximum number of authorization failures for all standard users for the Trusted Platform Module (TPM). If the total number of authorization failures for all standard users within the duration for Standard User Lockout Duration equals this value, all standard users are prevented from sending commands to the Trusted Platform Module (TPM) that require authorization.
+
+This setting helps administrators prevent the TPM hardware from entering a lockout mode because it slows the speed standard users can send commands requiring authorization to the TPM.
+
+An authorization failure occurs each time a standard user sends a command to the TPM and receives an error response indicating an authorization failure occurred. Authorization failures older than the duration are ignored.
+
+For each standard user two thresholds apply. Exceeding either threshold will prevent the standard user from sending a command to the TPM that requires authorization.
+
+The Standard User Individual Lockout value is the maximum number of authorization failures each standard user may have before the user is not allowed to send commands requiring authorization to the TPM.
+
+This value is the maximum total number of authorization failures all standard users may have before all standard users are not allowed to send commands requiring authorization to the TPM.
+
+The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode it is global for all users including administrators and Windows features like BitLocker Drive Encryption. The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
+
+An administrator with the TPM owner password may fully reset the TPM's hardware lockout logic using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic all prior standard user TPM authorization failures are ignored; allowing standard users to use the TPM normally again immediately.
+
+If this value is not configured, a default value of 9 is used.
+
+A value of zero means the OS will not allow standard users to send commands to the TPM which may cause an authorization failure.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Standard User Total Lockout Threshold*
+-   GP name: *StandardUserAuthorizationFailureTotalThreshold_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-tpm-uselegacydap-name"></a>**ADMX_TPM/UseLegacyDAP_Name**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the TPM to use the Dictionary Attack Prevention Parameters (lockout threshold and recovery time) to the values that were used for Windows 10 Version 1607 and below. Setting this policy will take effect only if a) the TPM was originally prepared using a version of Windows after Windows 10 Version 1607 and b) the System has a TPM 2.0. Note that enabling this policy will only take effect after the TPM maintenance task runs (which typically happens after a system restart). Once this policy has been enabled on a system and has taken effect (after a system restart), disabling it will have no impact and the system's TPM will remain configured using the legacy Dictionary Attack Prevention parameters, regardless of the value of this group policy. The only way for the disabled setting of this policy to take effect on a system where it was once enabled is to a) disable it from group policy and b)clear the TPM on the system.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the system to use legacy Dictionary Attack Prevention Parameters setting for TPM 2.0.*
+-   GP name: *UseLegacyDAP_Name*
+-   GP path: *System\Trusted Platform Module Services*
+-   GP ADMX file name: *TPM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-w32time.md

@@ -0,0 +1,429 @@
+---
+title: Policy CSP - ADMX_W32Time
+description: Policy CSP - ADMX_W32Time
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_W32Time
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_W32Time policies  
+
+<dl>
+  <dd>
+    <a href="#admx-w32time-policy-config">ADMX_W32Time/W32TIME_POLICY_CONFIG</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-configure-ntpclient">ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-enable-ntpclient">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT</a>
+  </dd>
+  <dd>
+    <a href="#admx-w32time-policy-enable-ntpserver">ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-config"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIG**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify Clock discipline and General values for the Windows Time service (W32time) for domain controllers including RODCs.
+
+If this policy setting is enabled, W32time Service on target machines use the settings provided here. Otherwise, the service on target machines use locally configured settings values.
+
+For more details on individual parameters, combinations of parameter values as well as definitions of flags, see https://go.microsoft.com/fwlink/?linkid=847809.
+
+**FrequencyCorrectRate**
+This parameter controls the rate at which the W32time corrects the local clock's frequency. Lower values cause slower corrections; larger values cause more frequent corrections. Default: 4 (scalar).
+
+**HoldPeriod**
+This parameter indicates how many consistent time samples the client computer must receive in a series before subsequent time samples are evaluated as potential spikes. Default: 5
+
+**LargePhaseOffset**
+If a time sample differs from the client computer's local clock by more than LargePhaseOffset, the local clock is deemed to have drifted considerably, or in other words, spiked. Default: 50,000,000 100-nanosecond units (ns) or 5 seconds.
+
+**MaxAllowedPhaseOffset**
+If a response is received that has a time variation that is larger than this parameter value, W32time sets the client computer's local clock immediately to the time that is accepted as accurate from the Network Time Protocol (NTP) server. If the time variation is less than this value, the client computer's local clock is corrected gradually. Default: 300 seconds.
+
+**MaxNegPhaseCorrection**
+If a time sample is received that indicates a time in the past (as compared to the client computer's local clock) that has a time difference that is greater than the MaxNegPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
+
+**MaxPosPhaseCorrection**
+If a time sample is received that indicates a time in the future (as compared to the client computer's local clock) that has a time difference greater than the MaxPosPhaseCorrection value, the time sample is discarded. Default: 172,800 seconds.
+
+**PhaseCorrectRate**
+This parameter controls how quickly W32time corrects the client computer's local clock difference to match time samples that are accepted as accurate from the NTP server. Lower values cause the clock to correct more slowly; larger values cause the clock to correct more quickly. Default: 7 (scalar).
+
+**PollAdjustFactor**
+This parameter controls how quickly W32time changes polling intervals. When responses are considered to be accurate, the polling interval lengthens automatically. When responses are considered to be inaccurate, the polling interval shortens automatically. Default: 5 (scalar).
+
+**SpikeWatchPeriod**
+This parameter specifies the amount of time that samples with time offset larger than LargePhaseOffset are received before these samples are accepted as accurate. SpikeWatchPeriod is used in conjunction with HoldPeriod to help eliminate sporadic, inaccurate time samples that are returned from a peer. Default: 900 seconds.
+
+**UpdateInterval**
+This parameter specifies the amount of time that W32time waits between corrections when the clock is being corrected gradually. When it makes a gradual correction, the service adjusts the clock slightly, waits this amount of time, and then checks to see if another adjustment is needed, until the correction is finished. Default: 100 1/100th second units, or 1 second.
+
+General parameters:
+
+**AnnounceFlags**
+This parameter is a bitmask value that controls how time service availability is advertised through NetLogon. Default: 0x0a hexadecimal
+
+**EventLogFlags**
+This parameter controls special events that may be logged to the Event Viewer System log. Default: 0x02 hexadecimal bitmask.
+
+**LocalClockDispersion**
+This parameter indicates the maximum error in seconds that is reported by the NTP server to clients that are requesting a time sample. (Applies only when the NTP server is using the time of the local CMOS clock.) Default: 10 seconds.
+
+**MaxPollInterval**
+This parameter controls the maximum polling interval, which defines the maximum amount of time between polls of a peer. Default: 10 in log base-2, or 1024 seconds. (Should not be set higher than 15.)
+
+**MinPollInterval**
+This parameter controls the minimum polling interval that defines the minimum amount of time between polls of a peer. Default: 6 in log base-2, or 64 seconds.
+
+**ClockHoldoverPeriod**
+This parameter indicates the maximum number of seconds a system clock can nominally hold its accuracy without synchronizing with a time source. If this period of time passes without W32time obtaining new samples from any of its input providers, W32time initiates a rediscovery of time sources. Default: 7800 seconds.
+
+**RequireSecureTimeSyncRequests**
+This parameter controls whether or not the DC will respond to time sync requests that use older authentication protocols. If enabled (set to 1), the DC will not respond to requests using such protocols. Default: 0 Boolean.
+
+**UtilizeSslTimeData**
+This parameter controls whether W32time will use time data computed from SSL traffic on the machine as an additional input for correcting the local clock.  Default: 1 (enabled) Boolean
+
+**ClockAdjustmentAuditLimit**
+This parameter specifies the smallest local clock adjustments that may be logged to the W32time service event log on the target machine. Default: 800 Parts per million (PPM).
+
+RODC parameters:
+
+**ChainEntryTimeout**
+This parameter specifies the maximum amount of time that an entry can remain in the chaining table before the entry is considered to be expired. Expired entries may be removed when the next request or response is processed. Default: 16 seconds.
+
+**ChainMaxEntries**
+This parameter controls the maximum number of entries that are allowed in the chaining table. If the chaining table is full and no expired entries can be removed, any incoming requests are discarded. Default: 128 entries.
+
+**ChainMaxHostEntries**
+This parameter controls the maximum number of entries that are allowed in the chaining table for a particular host. Default: 4 entries.
+
+**ChainDisable**
+This parameter controls whether or not the chaining mechanism is disabled. If chaining is disabled (set to 0), the RODC can synchronize with any domain controller, but hosts that do not have their passwords cached on the RODC will not be able to synchronize with the RODC. Default: 0 Boolean.
+
+**ChainLoggingRate**
+This parameter controls the frequency at which an event that indicates the number of successful and unsuccessful chaining attempts is logged to the System log in Event Viewer. Default: 30 minutes.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Global Configuration Settings*
+-   GP name: *W32TIME_POLICY_CONFIG*
+-   GP path: *System\Windows Time Service*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-configure-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies a set of parameters for controlling the Windows NTP Client.
+
+If you enable this policy setting, you can specify the following parameters for the Windows NTP Client.
+
+If you disable or do not configure this policy setting, the Windows NTP Client uses the defaults of each of the following parameters.
+
+**NtpServer**
+The Domain Name System (DNS) name or IP address of an NTP time source. This value is in the form of ""dnsName,flags"" where ""flags"" is a hexadecimal bitmask of the flags for that host. For more information, see the NTP Client Group Policy Settings Associated with Windows Time section of the Windows Time Service Group Policy Settings.  The default value is ""time.windows.com,0x09"". 
+
+**Type**
+This value controls the authentication that W32time uses. The default value is NT5DS.
+
+**CrossSiteSyncFlags**
+This value, expressed as a bitmask, controls how W32time chooses time sources outside its own site. The possible values are 0, 1, and 2. Setting this value to 0 (None) indicates that the time client should not attempt to synchronize time outside its site. Setting this value to 1 (PdcOnly) indicates that only the computers that function as primary domain controller (PDC) emulator operations masters in other domains can be used as synchronization partners when the client has to synchronize time with a partner outside its own site. Setting a value of 2 (All) indicates that any synchronization partner can be used. This value is ignored if the NT5DS value is not set. The default value is 2 decimal (0x02 hexadecimal).
+
+**ResolvePeerBackoffMinutes**
+This value, expressed in minutes, controls how long W32time waits before it attempts to resolve a DNS name when a previous attempt failed. The default value is 15 minutes.
+
+**ResolvePeerBackoffMaxTimes**
+This value controls how many times W32time attempts to resolve a DNS name before the discovery process is restarted. Each time DNS name resolution fails, the amount of time to wait before the next attempt will be twice the previous amount. The default value is seven attempts.
+
+**SpecialPollInterval**
+This NTP client value, expressed in seconds, controls how often a manually configured time source is polled when the time source is configured to use a special polling interval. If the SpecialInterval flag is enabled on the NTPServer setting, the client uses the value that is set as the SpecialPollInterval, instead of a variable interval between MinPollInterval and MaxPollInterval values, to determine how frequently to poll the time source. SpecialPollInterval must be in the range of [MinPollInterval, MaxPollInterval], else the nearest value of the range is picked. Default: 1024 seconds.
+
+**EventLogFlags**
+This value is a bitmask that controls events that may be logged to the System log in Event Viewer. Setting this value to 0x1 indicates that W32time will create an event whenever a time jump is detected. Setting this value to 0x2 indicates that W32time will create an event whenever a time source change is made. Because it is a bitmask value, setting 0x3 (the addition of 0x1 and 0x2) indicates that both time jumps and time source changes will be logged.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure Windows NTP Client*
+-   GP name: *W32TIME_POLICY_CONFIGURE_NTPCLIENT*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-enable-ntpclient"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting specifies whether the Windows NTP Client is enabled.
+
+Enabling the Windows NTP Client allows your computer to synchronize its computer clock with other NTP servers. You might want to disable this service if you decide to use a third-party time provider.
+
+If you enable this policy setting, you can set the local computer clock to synchronize time with NTP servers.
+
+If you disable or do not configure this policy setting, the local computer clock does not synchronize time with NTP servers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows NTP Client*
+-   GP name: *W32TIME_POLICY_ENABLE_NTPCLIENT*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-w32time-policy-enable-ntpserver"></a>**ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPSERVER**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows you to specify whether the Windows NTP Server is enabled.
+
+If you enable this policy setting for the Windows NTP Server, your computer can service NTP requests from other computers.
+
+If you disable or do not configure this policy setting, your computer cannot service NTP requests from other computers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows NTP Server*
+-   GP name: *W32TIME_POLICY_ENABLE_NTPSERVER*
+-   GP path: *System\Windows Time Service\Time Providers*
+-   GP ADMX file name: *W32Time.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wcm.md

@@ -0,0 +1,272 @@
+---
+title: Policy CSP - ADMX_WCM
+description: Policy CSP - ADMX_WCM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/22/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WCM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WCM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wcm-wcm-disablepowermanagement">ADMX_WCM/WCM_DisablePowerManagement</a>
+  </dd>
+  <dd>
+    <a href="#admx-wcm-wcm-enablesoftdisconnect">ADMX_WCM/WCM_EnableSoftDisconnect</a>
+  </dd>
+  <dd>
+    <a href="#admx-wcm-wcm-minimizeconnections">ADMX_WCM/WCM_MinimizeConnections</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wcm-wcm-disablepowermanagement"></a>**ADMX_WCM/WCM_DisablePowerManagement**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies that power management is disabled when the machine enters connected standby mode.
+
+If this policy setting is enabled, Windows Connection Manager does not manage adapter radios to reduce power consumption when the machine enters connected standby mode.
+
+If this policy setting is not configured or is disabled, power management is enabled when the machine enters connected standby mode.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Disable power management in connected standby mode*
+-   GP name: *WCM_DisablePowerManagement*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wcm-wcm-enablesoftdisconnect"></a>**ADMX_WCM/WCM_EnableSoftDisconnect**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines whether Windows will soft-disconnect a computer from a network.
+
+If this policy setting is enabled or not configured, Windows will soft-disconnect a computer from a network when it determines that the computer should no longer be connected to a network.
+
+If this policy setting is disabled, Windows will disconnect a computer from a network immediately when it determines that the computer should no longer be connected to a network.
+
+When soft disconnect is enabled:
+
+- When Windows decides that the computer should no longer be connected to a network, it waits for traffic to settle on that network. The existing TCP session will continue uninterrupted.
+- Windows then checks the traffic level on the network periodically. If the traffic level is above a certain threshold, no further action is taken. The computer stays connected to the network and continues to use it. For example, if the network connection is currently being used to download files from the Internet, the files will continue to be downloaded using that network connection.
+- When the network traffic drops below this threshold, the computer will be disconnected from the network. Apps that keep a network connection active even when they’re not actively using it (for example, email apps) might lose their connection. If this happens, these apps should re-establish their connection over a different network.
+
+This policy setting depends on other group policy settings. For example, if 'Minimize the number of simultaneous connections to the Internet or a Windows Domain' is disabled, Windows will not disconnect from any networks.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Enable Windows to soft-disconnect a computer from a network*
+-   GP name: *WCM_EnableSoftDisconnect*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wcm-wcm-minimizeconnections"></a>**ADMX_WCM/WCM_MinimizeConnections**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting determines if a computer can have multiple connections to the internet or to a Windows domain. If multiple connections are allowed, it then determines how network traffic will be routed.
+
+If this policy setting is set to 0, a computer can have simultaneous connections to the internet, to a Windows domain, or to both. Internet traffic can be routed over any connection - including a cellular connection and any metered network. This was previously the Disabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 1, any new automatic internet connection is blocked when the computer has at least one active internet connection to a preferred type of network. Here's the order of preference (from most preferred to least preferred): Ethernet, WLAN, then cellular. Ethernet is always preferred when connected. Users can still manually connect to any network. This was previously the Enabled state for this policy setting. This option was first available in Windows 8.
+
+If this policy setting is set to 2, the behavior is similar to 1. However, if a cellular data connection is available, it will always stay connected for services that require a cellular connection. When the user is connected to a WLAN or Ethernet connection, no internet traffic will be routed over the cellular connection. This option was first available in Windows 10 (Version 1703).
+
+If this policy setting is set to 3, the behavior is similar to 2. However, if there's an Ethernet connection, Windows won't allow users to connect to a WLAN manually. A WLAN can only be connected (automatically or manually) when there's no Ethernet connection.
+
+This policy setting is related to the "Enable Windows to soft-disconnect a computer from a network" policy setting.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Minimize the number of simultaneous connections to the Internet or a Windows Domain*
+-   GP name: *WCM_MinimizeConnections*
+-   GP path: *Network\Windows Connection Manager*
+-   GP ADMX file name: *WCM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wincal.md

@@ -0,0 +1,192 @@
+---
+title: Policy CSP - ADMX_WinCal
+description: Policy CSP - ADMX_WinCal
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WinCal
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WinCal policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wincal-turnoffwincal-1">ADMX_WinCal/TurnOffWinCal_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-wincal-turnoffwincal-2">ADMX_WinCal/TurnOffWinCal_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wincal-turnoffwincal-1"></a>**ADMX_WinCal/TurnOffWinCal_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+
+If you enable this setting, Windows Calendar will be turned off.
+
+If you disable or do not configure this setting, Windows Calendar will be turned on.
+
+The default is for Windows Calendar to be turned on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Calendar*
+-   GP name: *TurnOffWinCal_1*
+-   GP path: *Windows Components\Windows Calendar*
+-   GP ADMX file name: *WinCal.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wincal-turnoffwincal-2"></a>**ADMX_WinCal/TurnOffWinCal_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. Windows Calendar is a feature that allows users to manage appointments and tasks by creating personal calendars, publishing them, and subscribing to other users calendars.
+
+If you enable this setting, Windows Calendar will be turned off.
+
+If you disable or do not configure this setting, Windows Calendar will be turned on.
+
+The default is for Windows Calendar to be turned on.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Windows Calendar*
+-   GP name: *TurnOffWinCal_2*
+-   GP path: *Windows Components\Windows Calendar*
+-   GP ADMX file name: *WinCal.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsanytimeupgrade.md

@@ -0,0 +1,115 @@
+---
+title: Policy CSP - ADMX_WindowsAnytimeUpgrade
+description: Policy CSP - ADMX_WindowsAnytimeUpgrade
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsAnytimeUpgrade
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsAnytimeUpgrade policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsanytimeupgrade-disabled">ADMX_WindowsAnytimeUpgrade/Disabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsanytimeupgrade-disabled"></a>**ADMX_WindowsAnytimeUpgrade/Disabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. By default, Add features to Windows 10 is available for all administrators. 
+
+If you enable this policy setting, the wizard will not run.
+
+If you disable this policy setting or set it to Not Configured, the wizard will run.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent the wizard from running.*
+-   GP name: *Disabled*
+-   GP path: *Windows Components\Add features to Windows 10*
+-   GP ADMX file name: *WindowsAnytimeUpgrade.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md

@@ -0,0 +1,264 @@
+---
+title: Policy CSP - ADMX_WindowsConnectNow
+description: Policy CSP - ADMX_WindowsConnectNow
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/28/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsConnectNow
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsConnectNow policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-disablewcnui-1">ADMX_WindowsConnectNow/WCN_DisableWcnUi_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-disablewcnui-2">ADMX_WindowsConnectNow/WCN_DisableWcnUi_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsconnectnow-wcn-enableregistrar">ADMX_WindowsConnectNow/WCN_EnableRegistrar</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-1"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+
+If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP name: *WCN_DisableWcnUi_1*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-disablewcnui-2"></a>**ADMX_WindowsConnectNow/WCN_DisableWcnUi_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prohibits access to Windows Connect Now (WCN) wizards. 
+
+If you enable this policy setting, the wizards are turned off and users have no access to any of the wizard tasks. All the configuration related tasks, including "Set up a wireless router or access point" and "Add a wireless device" are disabled. 
+
+If you disable or do not configure this policy setting, users can access the wizard tasks, including "Set up a wireless router or access point" and "Add a wireless device." The default for this policy setting allows users to access all WCN wizards.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prohibit access of the Windows Connect Now wizards*
+-   GP name: *WCN_DisableWcnUi_2*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsconnectnow-wcn-enableregistrar"></a>**ADMX_WindowsConnectNow/WCN_EnableRegistrar**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting allows the configuration of wireless settings using Windows Connect Now (WCN). The WCN Registrar enables the discovery and configuration of devices over Ethernet (UPnP), over In-band 802.11 WLAN, through the Windows Portable Device API (WPD), and via USB Flash drives.
+
+Additional options are available to allow discovery and configuration over a specific medium. 
+
+If you enable this policy setting, additional choices are available to turn off the operations over a specific medium. 
+
+If you disable this policy setting, operations are disabled over all media. 
+
+If you do not configure this policy setting, operations are enabled over all media. 
+
+The default for this policy setting allows operations over all media.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configuration of wireless settings using Windows Connect Now*
+-   GP name: *WCN_EnableRegistrar*
+-   GP path: *Network\Windows Connect Now*
+-   GP ADMX file name: *WindowsConnectNow.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md

@@ -0,0 +1,116 @@
+---
+title: Policy CSP - ADMX_WindowsMediaDRM
+description: Policy CSP - ADMX_WindowsMediaDRM
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 08/13/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsMediaDRM
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsMediaDRM policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsmediadrm-disableonline">ADMX_WindowsMediaDRM/DisableOnline</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsmediadrm-disableonline"></a>**ADMX_WindowsMediaDRM/DisableOnline**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet).
+
+When enabled, Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades.
+
+When this policy is enabled, programs are not able to acquire licenses for secure content, upgrade Windows Media DRM security components, or restore backed up content licenses.  Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer, since the license is generated locally in this scenario.
+
+When this policy is either disabled or not configured, Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses, download security upgrades, and perform license restoration.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent Windows Media DRM Internet Access*
+-   GP name: *DisableOnline*
+-   GP path: *Windows Components\Windows Media Digital Rights Management*
+-   GP ADMX file name: *WindowsMediaDRM.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-windowsstore.md

@@ -0,0 +1,409 @@
+---
+title: Policy CSP - ADMX_WindowsStore
+description: Policy CSP - ADMX_WindowsStore
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/26/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WindowsStore
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WindowsStore policies  
+
+<dl>
+  <dd>
+    <a href="#admx-windowsstore-disableautodownloadwin8">ADMX_WindowsStore/DisableAutoDownloadWin8</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-disableosupgrade-1">ADMX_WindowsStore/DisableOSUpgrade_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-disableosupgrade-2">ADMX_WindowsStore/DisableOSUpgrade_2</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-removewindowsstore-1">ADMX_WindowsStore/RemoveWindowsStore_1</a>
+  </dd>
+  <dd>
+    <a href="#admx-windowsstore-removewindowsstore-2">ADMX_WindowsStore/RemoveWindowsStore_2</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-disableautodownloadwin8"></a>**ADMX_WindowsStore/DisableAutoDownloadWin8**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the automatic download of app updates on PCs running Windows 8.
+
+If you enable this setting, the automatic download of app updates is turned off.  If you disable this setting, the automatic download of app updates is turned on.
+
+If you don't configure this setting, the automatic download of app updates is determined by a registry setting that the user can change using Settings in the Windows Store.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off Automatic Download of updates on Win8 machines*
+-   GP name: *DisableAutoDownloadWin8*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-disableosupgrade-1"></a>**ADMX_WindowsStore/DisableOSUpgrade_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-disableosupgrade-2"></a>**ADMX_WindowsStore/DisableOSUpgrade_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting enables or disables the Store offer to update to the latest version of Windows.
+
+If you enable this setting, the Store application will not offer updates to the latest version of Windows.
+
+If you disable or do not configure this setting the Store application will offer updates to the latest version of Windows.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the offer to update to the latest version of Windows*
+-   GP name: *DisableOSUpgrade_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-removewindowsstore-1"></a>**ADMX_WindowsStore/RemoveWindowsStore_1**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_1*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-windowsstore-removewindowsstore-2"></a>**ADMX_WindowsStore/RemoveWindowsStore_2**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting denies or allows access to the Store application.
+
+If you enable this setting, access to the Store application is denied. Access to the Store is required for installing app updates.
+
+If you disable or don't configure this setting, access to the Store application is allowed.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off the Store application*
+-   GP name: *RemoveWindowsStore_2*
+-   GP path: *Windows Components\Store*
+-   GP ADMX file name: *WindowsStore.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-admx-wininit.md

@@ -0,0 +1,258 @@
+---
+title: Policy CSP - ADMX_WinInit
+description: Policy CSP - ADMX_WinInit
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 09/29/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_WinInit
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_WinInit policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wininit-disablenamedpipeshutdownpolicydescription">ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription</a>
+  </dd>
+  <dd>
+    <a href="#admx-wininit-hiberboot">ADMX_WinInit/Hiberboot</a>
+  </dd>
+  <dd>
+    <a href="#admx-wininit-shutdowntimeouthungsessionsdescription">ADMX_WinInit/ShutdownTimeoutHungSessionsDescription</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-disablenamedpipeshutdownpolicydescription"></a>**ADMX_WinInit/DisableNamedPipeShutdownPolicyDescription**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the legacy remote shutdown interface (named pipe). The named pipe remote shutdown interface is needed in order to shutdown this system from a remote Windows XP or Windows Server 2003 system.
+
+If you enable this policy setting, the system does not create the named pipe remote shutdown interface.
+
+If you disable or do not configure this policy setting, the system creates the named pipe remote shutdown interface.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn off legacy remote shutdown interface*
+-   GP name: *DisableNamedPipeShutdownPolicyDescription*
+-   GP path: *Windows Components\Shutdown Options*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-hiberboot"></a>**ADMX_WinInit/Hiberboot**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting controls the use of fast startup.  
+
+If you enable this policy setting, the system requires hibernate to be enabled.
+
+If you disable or do not configure this policy setting, the local setting is used.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Require use of fast startup*
+-   GP name: *Hiberboot*
+-   GP path: *System\Shutdown*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wininit-shutdowntimeouthungsessionsdescription"></a>**ADMX_WinInit/ShutdownTimeoutHungSessionsDescription**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10 Insider Preview Build 20185. This policy setting configures the number of minutes the system waits for the hung logon sessions before proceeding with the system shutdown.
+
+If you enable this policy setting, the system waits for the hung logon sessions for the number of minutes specified.
+
+If you disable or do not configure this policy setting, the default timeout value is 3 minutes for workstations and 15 minutes for servers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Timeout for hung logon sessions during shutdown*
+-   GP name: *ShutdownTimeoutHungSessionsDescription*
+-   GP path: *Windows Components\Shutdown Options*
+-   GP ADMX file name: *WinInit.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-wlansvc.md

@@ -0,0 +1,260 @@
+---
+title: Policy CSP - ADMX_wlansvc
+description: Policy CSP - ADMX_wlansvc
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/27/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_wlansvc
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_wlansvc policies  
+
+<dl>
+  <dd>
+    <a href="#admx-wlansvc-setcost">ADMX_wlansvc/SetCost</a>
+  </dd>
+  <dd>
+    <a href="#admx-wlansvc-setpinenforced">ADMX_wlansvc/SetPINEnforced</a>
+  </dd>
+  <dd>
+    <a href="#admx-wlansvc-setpinpreferred">ADMX_wlansvc/SetPINPreferred</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wlansvc-setcost"></a>**ADMX_wlansvc/SetCost**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting configures the cost of Wireless LAN (WLAN) connections on the local machine.
+
+If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all WLAN connections on the local machine:
+
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.  
+- Variable: This connection is costed on a per byte basis.  If this policy setting is disabled or is not configured, the cost of Wireless LAN connections is Unrestricted by default.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Set Cost*
+-   GP name: *IncludeCmdLine*
+-   GP path: *Network\WLAN Service\WLAN Media Cost*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wlansvc-setpinenforced"></a>**ADMX_wlansvc/SetPINEnforced**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy means that the use of a PIN for pairing to Wireless Display devices is required rather than optional.
+
+Conversely it means that Push Button is NOT allowed.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is allowed (but not necessarily preferred).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Require PIN pairing*
+-   GP name: *SetPINEnforced*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-wlansvc-setpinpreferred"></a>**ADMX_wlansvc/SetPINPreferred**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy applies to Wireless Display connections. This policy changes the preference order of the pairing methods.
+
+When enabled, it makes the connections to prefer a PIN for pairing to Wireless Display devices over the Push Button pairing method.
+
+If this policy setting is disabled or is not configured, by default Push Button pairing is preferred (if allowed by other policies).
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prefer PIN pairing*
+-   GP name: *SetPINPreferred*
+-   GP path: *Network\Wireless Display*
+-   GP ADMX file name: *wlansvc.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-controlpolicyconflict.md

@@ -100,7 +100,7 @@ The [Policy DDF](policy-ddf-file.md) contains the following tags to identify the
 -  \<MSFT:GPRegistryMappedName\>    
 -  \<MSFT:GPDBMappedName\>  
 
-For the list MDM-GP mapping list, see [Policy CSPs supported by Group Policy
+For the list MDM-GP mapping list, see [Policies in Policy CSP supported by Group Policy
 ](policy-csps-supported-by-group-policy.md).
 
 The MDM Diagnostic report shows the applied configurations states of a device including policies, certificates, configuration sources, and resource information. The report includes a list of blocked GP settings because MDM equivalent is configured, if any. To get the diagnostic report, go to **Settings** > **Accounts** > **Access work or school** > and then click the desired work or school account. Scroll to the bottom of the page to **Advanced Diagnostic Report** and then click **Create Report**.

windows/client-management/mdm/policy-csp-experience.md

@@ -7,7 +7,7 @@ ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 09/27/2019
+ms.date: 11/02/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -73,6 +73,9 @@ manager: dansimp
   <dd>
     <a href="#experience-configurewindowsspotlightonlockscreen">Experience/ConfigureWindowsSpotlightOnLockScreen</a>
   </dd>
+  <dd>
+    <a href="#experience-disablecloudoptimizedcontent">Experience/DisableCloudOptimizedContent</a>
+  </dd>
   <dd>
     <a href="#experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
   </dd>
@@ -413,7 +416,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g. auto-enrolled), then disabling the MDM unenrollment has no effect.
+Specifies whether to allow the user to delete the workplace account using the workplace control panel. If the device is Azure Active Directory joined and MDM enrolled (e.g., auto-enrolled), then disabling the MDM unenrollment has no effect.
 
 > [!NOTE]
 > The MDM server can always remotely delete the account.
@@ -507,7 +510,7 @@ Allows or disallows all Windows sync settings on the device. For information abo
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 – Sync settings is not allowed.
+-   0 – Sync settings are not allowed.
 -   1 (default) – Sync settings allowed.
 
 <!--/SupportedValues-->
@@ -566,7 +569,8 @@ Added in Windows 10, version 1703. This policy allows you to prevent Windows fro
 
 Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
 
-> **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
+> [!NOTE]
+> This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
 
 Most restricted value is 0.
 
@@ -1153,6 +1157,144 @@ The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 
+<!--Policy-->
+<a href="" id="experience-disablecloudoptimizedcontent"></a>**Experience/DisableCloudOptimizedContent**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you turn off cloud optimized content in all Windows experiences.
+
+If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+
+If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off cloud optimized content*
+-   GP name: *DisableCloudOptimizedContent*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="experience-disablecloudoptimizedcontent"></a>**Experience/DisableCloudOptimizedContent**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets you turn off cloud optimized content in all Windows experiences.
+
+If you enable this policy setting, Windows experiences that use the cloud optimized content client component will present the default fallback content.
+
+If you disable or do not configure this policy setting, Windows experiences will be able to use cloud optimized content.
+
+<!--/Description-->
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP English name: *Turn off cloud optimized content*
+-   GP name: *DisableCloudOptimizedContent*
+-   GP path: *Windows Components/Cloud Content*
+-   GP ADMX file name: *CloudContent.admx*
+
+<!--/ADMXMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
@@ -1500,6 +1642,7 @@ Footnotes:
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
 
 <!--/Policies-->
 

windows/client-management/mdm/policy-csp-localusersandgroups.md

@@ -0,0 +1,232 @@
+---
+title: Policy CSP - LocalUsersAndGroups
+description: Policy CSP - LocalUsersAndGroups
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/14/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - LocalUsersAndGroups
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## LocalUsersAndGroups policies  
+
+<dl>
+  <dd>
+    <a href="#localusersandgroups-configure">LocalUsersAndGroups/Configure</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="localusersandgroups-configure"></a>**LocalUsersAndGroups/Configure**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in Windows 10, version 20H2. This policy setting allows IT admins to add, remove, or replace members of local groups on a managed device.
+
+> [!NOTE]
+> The [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting also allows you to configure members (users or AAD groups) to a Windows 10 local group. However, it allows only for a full replace of the existing groups with the new members and does not allow selective add or remove.
+>
+> Starting from Windows 10, version 20H2, it is recommended to use the LocalUsersandGroups policy instead of the RestrictedGroups policy. Applying both the policies to the same device is unsupported and may yield unpredictable results. 
+
+Here's an example of the policy definition XML for group configuration:
+
+```xml
+<GroupConfiguration>
+    <accessgroup desc = "">
+        <group action = ""/> 
+            <add member = ""/>
+            <remove member = ""/>
+    </accessgroup>
+</GroupConfiguration>
+```
+
+where:
+
+- `<accessgroup desc>`: Specifies the name or SID of the local group to configure. If you specify a SID, the [LookupAccountSid](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API is used to translate the SID to a valid group name. If you specify a name, the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API is used to lookup the group and validate the name. If name/SID lookup fails, the group is skipped and the next group in the XML file is processed. If there are multiple errors, the last error is returned at the end of the policy processing. 
+- `<group action>`: Specifies the action to take on the local group, which can be Update and Restrict, represented by U and R: 
+    - Update. This action must be used to keep the current group membership intact and add or remove members of the specific group.
+    - Restrict. This action must be used to replace current membership with the newly specified groups. This action provides the same functionality as the [RestrictedGroups/ConfigureGroupMembership](./policy-csp-restrictedgroups.md#restrictedgroups-configuregroupmembership) policy setting.
+- `<add member>`: Specifies the SID or name of the member to configure.
+- `<remove member>`: Specifies the SID or name of the member to remove from the specified group.
+
+    > [!NOTE]
+    > When specifying member names of domain accounts, use fully qualified account names where possible (for example, domain_name\user_name) instead of isolated names (for example, group_name). This way, you can avoid getting ambiguous results when users or groups with the same name exist in multiple domains and locally. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. 
+
+See [Use custom settings for Windows 10 devices in Intune](https://docs.microsoft.com/mem/intune/configuration/custom-settings-windows-10) for information on how to create custom profiles.
+
+> [!IMPORTANT]
+> - `<add member>` and `<remove member>` can use an Azure AD SID or the user's name. For adding or removing Azure AD groups using this policy, you must use the group's SID. Azure AD group SIDs can be obtained using [Graph](https://docs.microsoft.com/graph/api/resources/group?view=graph-rest-1.0#json-representation) API for Groups. The SID is present in the `securityIdentifier` attribute. 
+> - When specifying a SID in the `<add member>` or `<remove member>`, member SIDs are added without attempting to resolve them. Therefore, be very careful when specifying a SID to ensure it is correct.
+> - `<remove member>` is not valid for the R (Restrict) action and will be ignored if present.
+> - The list in the XML is processed in the given order except for the R actions, which get processed last to ensure they win. It also means that if a group is present multiple times with different add/remove values, all of them will be processed in the order they are present.
+
+<!--/Description-->
+<!--SupportedValues-->
+<!--/SupportedValues-->
+<!--Example-->
+
+**Examples**
+
+Example 1: Update action for adding and removing group members.
+
+The following example shows how you can update a local group (**Backup Operators**)—add a domain group as a member using its name (**Contoso\ITAdmins**), add the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids), add a AAD group by its SID (**S-1-12-1-111111111-22222222222-3333333333-4444444444**), and remove a local account (**Guest**). 
+
+```xml
+<GroupConfiguration> 
+    <accessgroup desc = "Backup Operators"> 
+        <group action = "U" /> 
+        <add member = "Contoso\ITAdmins"/>
+        <add member = "S-1-5-32-544"/>
+        <add member = "S-1-12-1-111111111-22222222222-3333333333-4444444444"/>
+        <remove member = "Guest"/> 
+    </accessgroup> 
+</GroupConfiguration>
+```
+
+Example 2: Restrict action for replacing the group membership.
+
+The following example shows how you can restrict a local group (**Backup Operators**)—replace its membership with the built-in Administrators group using its [well known SID](https://docs.microsoft.com/windows/win32/secauthz/well-known-sids) and add a local account (**Guest**).
+
+```xml
+<GroupConfiguration>
+    <accessgroup desc = "Backup Operators">
+        <group action = "R" />
+        <add member = "S-1-5-32-544"/>
+        <add member = "Guest"/>
+    </accessgroup>
+</GroupConfiguration>
+```
+<!--/Example-->
+<!--Validation-->
+
+<!--/Validation-->
+<!--/Policy-->
+<hr/>
+
+## FAQs
+
+This section provides answers to some common questions you might have about the LocalUsersAndGroups policy CSP. 
+
+### What happens if I accidentally remove the built-in Administrator SID from the Administrators group?
+
+Removing the built-in Administrator account from the built-in Administrators group is blocked at SAM/OS level for security reasons. Attempting to do so will result in failure with the following error: 
+ 
+| Error Code  | Symbolic Name | Error Description | Header |
+|----------|----------|----------|----------|
+|  0x55b (Hex)  <br>  1371 (Dec)  |ERROR_SPECIAL_ACCOUNT|Cannot perform this operation on built-in accounts.|  winerror.h  |
+
+When configuring the built-in Administrators group with the R (Restrict) action, specify the built-in Administrator account SID/Name in `<add member>` to avoid this error.
+
+### Can I add a member that already exists?
+
+Yes, you can add a member that is already a member of a group. This will result in no changes to the group and no error.
+
+### Can I remove a member if it isn't a member of the group?
+
+Yes, you can remove a member even if it isn't a member of the group. This will result in no changes to the group and no error.
+
+### How can I add a domain group as a member to a local group?
+
+To add a domain group as a member to a local group, specify the domain group in `<add member>` of the local group. Use fully qualified account names (for example, domain_name\group_name) instead of isolated names (for example, group_name) for the best results. See [LookupAccountNameA function](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea#remarks) for more information. 
+
+### Can I apply more than one LocalUserAndGroups policy/XML to the same device?
+
+No, this is not allowed. Attempting to do so will result in a conflict in Intune.
+
+### What happens if I specify a group name that doesn't exist?
+
+Invalid group names or SIDs will be skipped. Valid parts of the policy will apply, and error will be returned at the end of the processing. This behavior aligns with the on-prem AD GPP (Group Policy Preferences) LocalUsersAndGroups policy. Similarly, invalid member names will be skipped, and error will be returned at the end to notify that not all settings were applied successfully. 
+
+### What happens if I specify R and U in the same XML?
+
+If you specify both R and U in the same XML, the R (Restrict) action takes precedence over U (Update). Therefore, if a group appears twice in the XML, once with U and again with R, the R action wins.
+
+### How do I check the result of a policy that is applied on the client device?
+
+After a policy is applied on the client device, you can investigate the event log to review the result: 
+
+1. Open Event Viewer (**eventvwr.exe**).
+2. Navigate to **Applications and Services Logs** > **Microsoft** > **Windows** > **DeviceManagement-Enterprise-
+Diagnostics-Provider** > **Admin**.
+3. Search for the `LocalUsersAndGroups` string to review the relevant details.
+
+### How can I troubleshoot Name/SID lookup APIs?
+
+To troubleshoot Name/SID lookup APIs:
+
+1. Enable **lsp.log** on the client device by running the following commands:
+
+    ```cmd
+    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x800 -Type dword -Force
+
+    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgTraceOptions -Value 0x1 -Type dword -Force
+    ```
+
+    The **lsp.log** file (**C:\windows\debug\lsp.log**) will be displayed. This log file tracks the SID-Name resolution.
+
+2. Turn the logging off by running the following command:
+
+    ```cmd
+    Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Lsa" -Name LspDbgInfoLevel -Value 0x0 -Type dword -Force
+    ```
+
+
+Footnotes:
+
+- 9 - Available in Windows 10, version 20H2.
+
+<!--/Policies-->

windows/client-management/mdm/policy-csp-mixedreality.md

@@ -0,0 +1,314 @@
+---
+title: Policy CSP - MixedReality
+description: Policy CSP - MixedReality
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 10/06/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - MixedReality
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+
+<hr/>
+
+<!--Policies-->
+## MixedReality policies  
+
+<dl>
+  <dd>
+    <a href="#mixedreality-aadgroupmembershipcachevalidityindays">MixedReality/AADGroupMembershipCacheValidityInDays</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
+  </dd>
+  <dd>
+    <a href="#mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-aadgroupmembershipcachevalidityindays"></a>**MixedReality/AADGroupMembershipCacheValidityInDays**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls for how many days Azure AD group membership cache is allowed to be used for Assigned Access configurations targeting Azure AD groups for signed in user. Once this policy setting is set only then cache is used otherwise not. In order for this policy setting to take effect, user must sign out and sign in with Internet available at least once before the cache can be used for subsequent "disconnected" sessions.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+Supported values are 0-60. The default value is 0 (day) and maximum value is 60 (days).
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-brightnessbuttondisabled"></a>**MixedReality/BrightnessButtonDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls if pressing the brightness button changes the brightness or not. It only impacts brightness on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls when and if diagnostic logs can be collected using specific button combination on HoloLens.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - Disabled
+- 1 - Enabled for device owners
+- 2 - Enabled for all (Default)
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls whether microphone on HoloLens 2 is disabled or not.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="mixedreality-volumebuttondisabled"></a>**MixedReality/VolumeButtonDisabled**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Development Edition</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens (1st gen) Commercial Suite</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>HoloLens 2</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting controls if pressing the volume button changes the volume or not. It only impacts volume on HoloLens and not the functionality of the button when it is used with other buttons as combination for other purposes.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - False (Default)
+- 1 - True
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 9 - Available in Windows 10, version 20H2.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-multitasking.md

@@ -0,0 +1,131 @@
+---
+title: Policy CSP - Multitasking
+description: Policy CSP - Multitasking
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.localizationpriority: medium
+ms.date: 10/30/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - Multitasking
+
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## Multitasking policies  
+
+<dl>
+  <dd>
+    <a href="#multitasking-browseralttabblowout">Multitasking/BrowserAltTabBlowout</a>
+  </dd>
+ </dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="multitasking-browseralttabblowout"></a>**Multitasking/BrowserAltTabBlowout**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/checkmark.png" alt="check mark" /><sup>9</sup></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+> [!Warning]
+> This policy is currently in preview mode only and will be supported in future releases. It may be used for testing purposes, but should not be used in a production environment at this time.
+
+This policy controls the inclusion of Edge tabs into Alt+Tab.
+
+Enabling this policy restricts the number of Edge tabs that are allowed to appear in the Alt+Tab switcher. Alt+Tab can be configured to show all open Edge tabs, only the 5 most recent tabs, only the 3 most recent tabs, or no tabs. Setting the policy to no tabs configures the Alt+Tab switcher to show app windows only, which is the classic Alt+Tab behavior. 
+
+This policy only applies to the Alt+Tab switcher. When the policy is not enabled, the feature respects the user's setting in the Settings app.
+<!--/Description-->
+
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable.  For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it.  For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Configure the inclusion of Edge tabs into Alt-Tab*
+-   GP name: *BrowserAltTabBlowout*
+-   GP path: *Windows Components/Multitasking*
+-   GP ADMX file name: *Multitasking.admx*
+
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 1 - Open windows and all tabs in Edge.
+- 2 - Open windows and 5 most recent tabs in Edge.
+- 3 - Open windows and 3 most recent tabs in Edge.
+- 4 - Open windows only.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+- 9 - Available in Windows 10, version 20H2.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-restrictedgroups.md

@@ -14,6 +14,9 @@ manager: dansimp
 
 # Policy CSP - RestrictedGroups
 
+> [!IMPORTANT]
+> Starting from Windows 10, version 20H2, it is recommended to use the [LocalUsersandGroups](policy-csp-localusersandgroups.md) policy instead of the RestrictedGroups policy to configure members (users or AAD groups) to a Windows 10 local group. Applying both the policies to the same device is unsupported and may yield unpredictable results. 
+
 
 <hr/>
 
@@ -142,8 +145,8 @@ Here's an example:
 </groupmembership>
 ```
 where:
-- `<accessgroup desc>` contains the local group SID or group name to configure. If an SID is specified here, the policy uses the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API to get the local group name. For best results, use names for `<accessgroup desc>`.
+- `<accessgroup desc>` contains the local group SID or group name to configure. If a SID is specified here, the policy uses the [LookupAccountName](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountnamea) API to get the local group name. For best results, use names for `<accessgroup desc>`.
-- `<member name>` contains the members to add to the group in `<accessgroup desc>`. If a name is specified here, the policy will try to get the corresponding SID using the [LookupAccountSID](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API. For best results, use SID for `<member name>`. The member SID can be a user account or a group in AD, Azure AD, or on the local machine. Membership is configured using the [NetLocalGroupSetMembers](https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API.
+- `<member name>` contains the members to add to the group in `<accessgroup desc>`. A member can be specified as a name or as a SID. For best results, use a SID for `<member name>`. The member SID can be a user account or a group in AD, Azure AD, or on the local machine. If a name is specified here, the policy will try to get the corresponding SID using the [LookupAccountSID](https://docs.microsoft.com/windows/win32/api/winbase/nf-winbase-lookupaccountsida) API. Name can be used for a user account or a group in AD or on the local machine. Membership is configured using the [NetLocalGroupSetMembers](https://docs.microsoft.com/windows/win32/api/lmaccess/nf-lmaccess-netlocalgroupsetmembers) API.
 - In this example, `Group1` and `Group2` are local groups on the device being configured, and `Group3` is a domain group.
 
 > [!NOTE]

windows/client-management/mdm/policy-csp-servicecontrolmanager.md

@@ -78,6 +78,9 @@ If you enable this policy setting, built-in system services hosted in svchost.ex
 
 This includes a policy requiring all binaries loaded in these processes to be signed by Microsoft, as well as a policy disallowing dynamically-generated code.  
 
+> [!IMPORTANT]
+> Enabling this policy could cause compatibility issues with third-party software that uses svchost.exe processes (for example, third-party antivirus software).
+
 If you disable or do not configure this policy setting, the stricter security settings will not be applied.
 
 <!--/Description-->
@@ -122,4 +125,3 @@ Footnotes:
 - 8 - Available in Windows 10, version 2004.
 
 <!--/Policies-->
-

windows/client-management/mdm/policy-csp-system.md

@@ -1,13 +1,13 @@
 ---
 title: Policy CSP - System
-description: Learn policy settings that determines whether users can access the Insider build controls in the advanced options for Windows Update.
+description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
 ms.localizationpriority: medium
-ms.date: 08/12/2020
+ms.date: 10/14/2020
 ms.reviewer: 
 manager: dansimp
 ---
@@ -212,14 +212,13 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting controls whether Microsoft is a processor or controller for Windows diagnostic data collected from devices. 
+This policy setting opts the device into the Windows enterprise data pipeline. 
 
-If you enable this policy and enroll your devices in your Azure AD tenant, your organization becomes the controller and Microsoft is the processor of this data.
+If you enable this setting, data collected from the device will be opted into the Windows enterprise data pipeline.
 
-If you disable or don't configure this policy setting, Microsoft will be the controller for Windows diagnostic data collected from the device.
+If you disable or don't configure this setting, all data from the device will be collected and processed in accordance with our policies for the Windows standard data pipeline.
 
->[!Note]
+Configuring this setting does not change the telemetry collection level or the ability of the user to change the level. This setting only applies to the Windows operating system and apps included with Windows, not third-party apps or services running on Windows 10.
-> This policy setting only controls if Microsoft is a processor for Windows diagnostic data from this device. Use the [System/AllowTelemetry](#system-allowtelemetry) policy setting to limit the diagnostic data that can be collected from the device.
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -234,8 +233,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 (default) - Do not use the Windows Commercial Data Pipeline
+-   0 (default) - Disabled.
--   1 - Use the Windows Commercial Data Pipeline
+-   1 - Enabled.
 
 <!--/SupportedValues-->
 <!--Example-->
@@ -245,7 +244,9 @@ The following list shows the supported values:
 
 <!--/Validation-->
 <!--/Policy-->
+
 <hr/>
+
 <!--Policy-->
 <a href="" id="system-allowdevicenameindiagnosticdata"></a>**System/AllowDeviceNameInDiagnosticData**  
 
@@ -488,7 +489,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
+Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally installed fonts.
 
 This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
 
@@ -509,7 +510,7 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
--   0 - false - No traffic to fs.microsoft.com and only locally-installed fonts are available.
+-   0 - false - No traffic to fs.microsoft.com and only locally installed fonts are available.
 -   1 - true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
 
 <!--/SupportedValues-->
@@ -1605,7 +1606,7 @@ The following list shows the supported values:
 This policy setting, in combination with the System/AllowTelemetry 
  policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
  
-To enable this behavior you must complete two steps:
+To enable this behavior, you must complete two steps:
 <ul>
 <li>Enable this policy setting</li>
 <li>Set Allow Telemetry to level 2 (Enhanced)</li>