Added new policies

windows/client-management/mdm/TOC.md

@@ -185,6 +185,8 @@
 #### [ADMX_ControlPanel](policy-csp-admx-controlpanel.md)
 #### [ADMX_ControlPanelDisplay](policy-csp-admx-controlpaneldisplay.md)
 #### [ADMX_Cpls](policy-csp-admx-cpls.md)
+#### [ADMX_CredentialProviders](policy-csp-admx-credentialproviders.md)
+#### [ADMX_CredUI](policy-csp-admx-credui.md)
 #### [ADMX_CtrlAltDel](policy-csp-admx-ctrlaltdel.md)
 #### [ADMX_DigitalLocker](policy-csp-admx-digitallocker.md)
 #### [ADMX_DnsClient](policy-csp-admx-dnsclient.md)
@@ -227,6 +229,7 @@
 #### [ADMX_Thumbnails](policy-csp-admx-thumbnails.md)
 #### [ADMX_TPM](policy-csp-admx-tpm.md)
 #### [ADMX_UserExperienceVirtualization](policy-csp-admx-userexperiencevirtualization.md)
+#### [ADMX_UserProfiles](policy-csp-admx-userprofiles.md)
 #### [ADMX_W32Time](policy-csp-admx-w32time.md)
 #### [ADMX_WCM](policy-csp-admx-wcm.md)
 #### [ADMX_WinCal](policy-csp-admx-wincal.md)

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -100,6 +100,13 @@ ms.date: 10/08/2020
 - [ADMX_ControlPanelDisplay/CPL_Personalization_SetVisualStyle](./policy-csp-admx-controlpaneldisplay.md#admx-controlpaneldisplay-cpl-personalization-setvisualstyle)
 - [ADMX_ControlPanelDisplay/CPL_Personalization_StartBackground](./policy-csp-admx-controlpaneldisplay.md#admx-controlpaneldisplay-cpl-personalization-startbackground)
 - [ADMX_Cpls/UseDefaultTile](./policy-csp-admx-cpls.md#admx-cpls-usedefaulttile)
+- [ADMX_CredentialProviders/AllowDomainDelayLock](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-allowdomaindelaylock)
+- [ADMX_CredentialProviders/AllowSecurityKeySignIn](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-allowsecuritykeysignin)
+- [ADMX_CredentialProviders/DefaultCredentialProvider](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-defaultcredentialprovider)
+- [ADMX_CredentialProviders/DefaultLogonDomain](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-defaultlogondomain)
+- [ADMX_CredentialProviders/ExcludedCredentialProviders](./policy-csp-admx-credentialproviders.md#admx-credentialproviders-excludedcredentialproviders)
+- [ADMX_CredUI/EnableSecureCredentialPrompting](./policy-csp-admx-credui.md#admx-credui-enablesecurecredentialprompting)
+- [ADMX_CredUI/NoLocalPasswordResetQuestions](./policy-csp-admx-credui.md#admx-credui-nolocalpasswordresetquestions)
 - [ADMX_CtrlAltDel/DisableChangePassword](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablechangepassword)
 - [ADMX_CtrlAltDel/DisableLockComputer](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disablelockcomputer)
 - [ADMX_CtrlAltDel/DisableTaskMgr](./policy-csp-admx-ctrlaltdel.md#admx-ctrlaltdel-disabletaskmgr)
@@ -716,6 +723,31 @@ ms.date: 10/08/2020
 - [ADMX_UserExperienceVirtualization/Video](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-video)
 - [ADMX_UserExperienceVirtualization/Weather](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-weather)
 - [ADMX_UserExperienceVirtualization/Wordpad](./policy-csp-admx-userexperiencevirtualization.md#admx-userexperiencevirtualization-wordpad)
+- [ADMX_UserProfiles/AddAdminGroupToRUP](./policy-csp-admx-userprofiles.md#admx-userprofiles-addadmingrouptorup)
+- [ADMX_UserProfiles/CleanupProfiles](./policy-csp-admx-userprofiles.md#admx-userprofiles-cleanupprofiles)
+- [ADMX_UserProfiles/CompatibleRUPSecurity](./policy-csp-admx-userprofiles.md#admx-userprofiles-compatiblerupsecurity)
+- [ADMX_UserProfiles/Connect_HomeDir_ToRoot](./policy-csp-admx-userprofiles.md#admx-userprofiles-connect-homedir-toroot)
+- [ADMX_UserProfiles/CscSuspendDirectories](./policy-csp-admx-userprofiles.md#admx-userprofiles-cscsuspenddirectories)
+- [ADMX_UserProfiles/DeleteRoamingCachedProfiles](./policy-csp-admx-userprofiles.md#admx-userprofiles-deleteroamingcachedprofiles)
+- [ADMX_UserProfiles/DontForceUnloadHive](./policy-csp-admx-userprofiles.md#admx-userprofiles-dontforceunloadhive)
+- [ADMX_UserProfiles/EnableSlowLinkDetect](./policy-csp-admx-userprofiles.md#admx-userprofiles-enableslowlinkdetect)
+- [ADMX_UserProfiles/EnableSlowLinkUI](./policy-csp-admx-userprofiles.md#admx-userprofiles-enableslowlinkui)
+- [ADMX_UserProfiles/ExcludeDirectories](./policy-csp-admx-userprofiles.md#admx-userprofiles-excludedirectories)
+- [ADMX_UserProfiles/LeaveAppMgmtData](./policy-csp-admx-userprofiles.md#admx-userprofiles-leaveappmgmtdata)
+- [ADMX_UserProfiles/LimitSize](./policy-csp-admx-userprofiles.md#admx-userprofiles-limitsize)
+- [ADMX_UserProfiles/LocalProfile](./policy-csp-admx-userprofiles.md#admx-userprofiles-localprofile)
+- [ADMX_UserProfiles/MachineProfilePath](./policy-csp-admx-userprofiles.md#admx-userprofiles-machineprofilepath)
+- [ADMX_UserProfiles/PrimaryComputer_RUP](./policy-csp-admx-userprofiles.md#admx-userprofiles-primarycomputer-rup)
+- [ADMX_UserProfiles/ProfileDlgTimeOut](./policy-csp-admx-userprofiles.md#admx-userprofiles-profiledlgtimeout)
+- [ADMX_UserProfiles/ProfileErrorAction](./policy-csp-admx-userprofiles.md#admx-userprofiles-profileerroraction)
+- [ADMX_UserProfiles/ProfileUnloadTimeout](./policy-csp-admx-userprofiles.md#admx-userprofiles-profileunloadtimeout)
+- [ADMX_UserProfiles/Readonlyuserprofile](./policy-csp-admx-userprofiles.md#admx-userprofiles-readonlyuserprofile)
+- [ADMX_UserProfiles/SlowLinkDefault](./policy-csp-admx-userprofiles.md#admx-userprofiles-slowlinkdefault)
+- [ADMX_UserProfiles/SlowLinkTimeOut](./policy-csp-admx-userprofiles.md#admx-userprofiles-slowlinktimeout)
+- [ADMX_UserProfiles/USER_HOME](./policy-csp-admx-userprofiles.md#admx-userprofiles-user-home)
+- [ADMX_UserProfiles/UploadHive](./policy-csp-admx-userprofiles.md#admx-userprofiles-uploadhive)
+- [ADMX_UserProfiles/UserInfoAccessAction](./policy-csp-admx-userprofiles.md#admx-userprofiles-userinfoaccessaction)
+- [ADMX_UserProfiles/WaitForNetwork](./policy-csp-admx-userprofiles.md#admx-userprofiles-waitfornetwork)
 - [ADMX_W32Time/W32TIME_POLICY_CONFIG](./policy-csp-admx-w32time.md#admx-w32time-policy-config)
 - [ADMX_W32Time/W32TIME_POLICY_CONFIGURE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-configure-ntpclient)
 - [ADMX_W32Time/W32TIME_POLICY_ENABLE_NTPCLIENT](./policy-csp-admx-w32time.md#admx-w32time-policy-enable-ntpclient)

windows/client-management/mdm/policy-configuration-service-provider.md

@@ -479,6 +479,37 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_CredentialProviders policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-credentialproviders.md#admx-credentialproviders-allowdomaindelaylock" id="admx-credentialproviders-allowdomaindelaylock">ADMX_CredentialProviders/AllowDomainDelayLock</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-credentialproviders.md#admx-credentialproviders-allowsecuritykeysignin" id="admx-credentialproviders-allowsecuritykeysignin">ADMX_CredentialProviders/AllowSecurityKeySignIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-credentialproviders.md#admx-credentialproviders-defaultcredentialprovider" id="admx-credentialproviders-defaultcredentialprovider">ADMX_CredentialProviders/DefaultCredentialProvider</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-credentialproviders.md#admx-credentialproviders-defaultlogondomain" id="admx-credentialproviders-defaultlogondomain">ADMX_CredentialProviders/DefaultLogonDomain</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-credentialproviders.md#admx-credentialproviders-excludedcredentialproviders" id="admx-credentialproviders-excludedcredentialproviders">ADMX_CredentialProviders/ExcludedCredentialProviders</a>
+  </dd>
+</dl>
+
+### ADMX_CredUI policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-credui.md#admx-credui-enablesecurecredentialprompting" id="admx-credui-enablesecurecredentialprompting">ADMX_CredUI/EnableSecureCredentialPrompting</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-credui.md#admx-credui-nolocalpasswordresetquestions" id="admx-credui-nolocalpasswordresetquestions">ADMX_CredUI/NoLocalPasswordResetQuestions</a>
+  </dd>
+</dl>
+
 ###  ADMX_CtrlAltDel policies  
 <dl>
   <dd>
@@ -2512,6 +2543,86 @@ The following diagram shows the Policy configuration service provider in tree fo
   </dd>
 </dl>
 
+### ADMX_UserProfiles policies  
+
+<dl>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-addadmingrouptorup" id="admx-userprofiles-addadmingrouptorup">ADMX_UserProfiles/AddAdminGroupToRUP</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-cleanupprofiles" id="admx-userprofiles-cleanupprofiles">ADMX_UserProfiles/CleanupProfiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-compatiblerupsecurity" id="admx-userprofiles-compatiblerupsecurity">ADMX_UserProfiles/CompatibleRUPSecurity</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-connect-homedir-toroot" id="admx-userprofiles-connect-homedir-toroot">ADMX_UserProfiles/Connect_HomeDir_ToRoot</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-cscsuspenddirectories" id="admx-userprofiles-cscsuspenddirectories">ADMX_UserProfiles/CscSuspendDirectories</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-deleteroamingcachedprofiles" id="admx-userprofiles-deleteroamingcachedprofiles">ADMX_UserProfiles/DeleteRoamingCachedProfiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-dontforceunloadhive" id="admx-userprofiles-dontforceunloadhive">ADMX_UserProfiles/DontForceUnloadHive</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-enableslowlinkdetect" id="admx-userprofiles-enableslowlinkdetect">ADMX_UserProfiles/EnableSlowLinkDetect</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-enableslowlinkui" id="admx-userprofiles-enableslowlinkui">ADMX_UserProfiles/EnableSlowLinkUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-excludedirectories" id="admx-userprofiles-excludedirectories">ADMX_UserProfiles/ExcludeDirectories</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-leaveappmgmtdata" id="admx-userprofiles-leaveappmgmtdata">ADMX_UserProfiles/LeaveAppMgmtData</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-limitsize" id="admx-userprofiles-limitsize">ADMX_UserProfiles/LimitSize</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-localprofile" id="admx-userprofiles-localprofile">ADMX_UserProfiles/LocalProfile</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-machineprofilepath" id="admx-userprofiles-machineprofilepath">ADMX_UserProfiles/MachineProfilePath</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-primarycomputer-rup" id="admx-userprofiles-primarycomputer-rup">ADMX_UserProfiles/PrimaryComputer_RUP</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-profiledlgtimeout" id="admx-userprofiles-profiledlgtimeout">ADMX_UserProfiles/ProfileDlgTimeOut</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-profileerroraction" id="admx-userprofiles-profileerroraction">ADMX_UserProfiles/ProfileErrorAction</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-profileunloadtimeout" id="admx-userprofiles-profileunloadtimeout">ADMX_UserProfiles/ProfileUnloadTimeout</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-readonlyuserprofile" id="admx-userprofiles-readonlyuserprofile">ADMX_UserProfiles/Readonlyuserprofile</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-slowlinkdefault" id="admx-userprofiles-slowlinkdefault">ADMX_UserProfiles/SlowLinkDefault</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-slowlinktimeout" id="admx-userprofiles-slowlinktimeout">ADMX_UserProfiles/SlowLinkTimeOut</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-user-home" id="admx-userprofiles-user-home">ADMX_UserProfiles/USER_HOME</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-uploadhive" id="admx-userprofiles-uploadhive">ADMX_UserProfiles/UploadHive</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-userinfoaccessaction" id="admx-userprofiles-userinfoaccessaction">ADMX_UserProfiles/UserInfoAccessAction</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-admx-userprofiles.md#admx-userprofiles-waitfornetwork" id="admx-userprofiles-waitfornetwork">ADMX_UserProfiles/WaitForNetwork</a>
+  </dd>
+</dl>
+
 ### ADMX_W32Time policies  
 
 <dl>

windows/client-management/mdm/policy-csp-admx-credentialproviders.md

@@ -0,0 +1,412 @@
+---
+title: Policy CSP - ADMX_CredentialProviders
+description: Policy CSP - ADMX_CredentialProviders
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 11/11/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_CredentialProviders
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_CredentialProviders policies  
+
+<dl>
+  <dd>
+    <a href="#admx-credentialproviders-allowdomaindelaylock">ADMX_CredentialProviders/AllowDomainDelayLock</a>
+  </dd>
+  <dd>
+    <a href="#admx-credentialproviders-allowsecuritykeysignin">ADMX_CredentialProviders/AllowSecurityKeySignIn</a>
+  </dd>
+  <dd>
+    <a href="#admx-credentialproviders-defaultcredentialprovider">ADMX_CredentialProviders/DefaultCredentialProvider</a>
+  </dd>
+  <dd>
+    <a href="#admx-credentialproviders-defaultlogondomain">ADMX_CredentialProviders/DefaultLogonDomain</a>
+  </dd>
+  <dd>
+    <a href="#admx-credentialproviders-excludedcredentialproviders">ADMX_CredentialProviders/ExcludedCredentialProviders</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credentialproviders-allowdomaindelaylock"></a>**ADMX_CredentialProviders/AllowDomainDelayLock**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether a user can change the time before a password is required when a Connected Standby device screen turns off.
+
+If you enable this policy setting, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
+
+If you disable this policy setting, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off.
+
+If you don't configure this policy setting on a domain-joined device, a user cannot change the amount of time after the device's screen turns off before a password is required when waking the device. Instead, a password is required immediately after the screen turns off.
+
+If you don't configure this policy setting on a workgroup device, a user on a Connected Standby device can change the amount of time after the device's screen turns off before a password is required when waking the device. The time is limited by any EAS settings or Group Policies that affect the maximum idle time before a device locks. Additionally, if a password is required when a screensaver turns on, the screensaver timeout will limit the options the user may choose.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Allow users to select when a password is required when resuming from connected standby*
+-   GP name: *AllowDomainDelayLock*
+-   GP path: *System\Logon*
+-   GP ADMX file name: *CredentialProviders.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credentialproviders-allowsecuritykeysignin"></a>**ADMX_CredentialProviders/AllowSecurityKeySignIn**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows you to control whether users can sign in using external security keys.
+
+If you enable this policy setting, users can sign in with external security keys.
+
+If you disable or don't configure this policy setting, users can't sign in with external security keys.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Turn on security key sign-in*
+-   GP name: *AllowSecurityKeySignIn*
+-   GP path: *System\Logon*
+-   GP ADMX file name: *CredentialProviders.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credentialproviders-defaultcredentialprovider"></a>**ADMX_CredentialProviders/DefaultCredentialProvider**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to assign a specified credential provider as the default credential provider.
+
+If you enable this policy setting, the specified credential provider is selected on other user tile.
+
+If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.
+
+> [!NOTE]
+> A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Assign a default credential provider*
+-   GP name: *DefaultCredentialProvider*
+-   GP path: *System\Logon*
+-   GP ADMX file name: *CredentialProviders.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credentialproviders-defaultlogondomain"></a>**ADMX_CredentialProviders/DefaultLogonDomain**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting specifies a default logon domain, which might be a different domain than the domain to which the computer is joined. Without this policy setting, at logon, if a user does not specify a domain for logon, the domain to which the computer belongs is assumed as the default domain. For example if the computer belongs to the Fabrikam domain, the default domain for user logon is Fabrikam.
+
+If you enable this policy setting, the default logon domain is set to the specified domain, which might be different than the domain to which the computer is joined.
+
+If you disable or do not configure  this policy setting, the default logon domain is always set to the  domain to which the computer is joined.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Assign a default domain for logon*
+-   GP name: *DefaultLogonDomain*
+-   GP path: *System\Logon*
+-   GP ADMX file name: *CredentialProviders.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credentialproviders-excludedcredentialproviders"></a>**ADMX_CredentialProviders/ExcludedCredentialProviders**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting allows the administrator to exclude the specified credential providers from use during authentication.  
+
+> [!NOTE]
+> Credential providers are used to process and validate user credentials during logon or when authentication is required. Windows Vista provides two default credential providers: Password and Smart Card. An administrator can install additional credential providers for different sets of credentials (for example, to support biometric authentication).
+
+If you enable this policy, an administrator can specify the CLSIDs of the credential providers to exclude from the set of installed credential providers available for authentication purposes.
+
+If you disable or do not configure this policy, all installed and otherwise enabled credential providers are available for authentication purposes.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Exclude credential providers*
+-   GP name: *ExcludedCredentialProviders*
+-   GP path: *System\Logon*
+-   GP ADMX file name: *CredentialProviders.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+

windows/client-management/mdm/policy-csp-admx-credui.md

@@ -0,0 +1,185 @@
+---
+title: Policy CSP - ADMX_CredUI
+description: Policy CSP - ADMX_CredUI
+ms.author: dansimp
+ms.localizationpriority: medium
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: manikadhiman
+ms.date: 11/09/2020
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - ADMX_CredUI
+> [!WARNING]
+> Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
+
+<hr/>
+
+<!--Policies-->
+## ADMX_CredUI policies  
+
+<dl>
+  <dd>
+    <a href="#admx-credui-enablesecurecredentialprompting">ADMX_CredUI/EnableSecureCredentialPrompting</a>
+  </dd>
+  <dd>
+    <a href="#admx-credui-nolocalpasswordresetquestions">ADMX_CredUI/NoLocalPasswordResetQuestions</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credui-enablesecurecredentialprompting"></a>**ADMX_CredUI/EnableSecureCredentialPrompting**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
+
+> [!NOTE]
+> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
+
+If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop by means of the trusted path mechanism.
+
+If you disable or do not configure this policy setting, users will enter Windows credentials within the user’s desktop session, potentially allowing malicious code access to the user’s Windows credentials.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Require trusted path for credential entry*
+-   GP name: *EnableSecureCredentialPrompting*
+-   GP path: *Windows Components\Credential User Interface*
+-   GP ADMX file name: *CredUI.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+<!--Policy-->
+<a href="" id="admx-credui-nolocalpasswordresetquestions"></a>**ADMX_CredUI/NoLocalPasswordResetQuestions**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Windows Edition</th>
+    <th>Supported?</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+Available in the latest Windows 10 Insider Preview Build. If you turn this policy setting on, local users won’t be able to set up and use security questions to reset their passwords.
+
+<!--/Description-->
+> [!TIP]
+> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
+> 
+> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
+> 
+> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
+
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP English name: *Prevent the use of security questions for local accounts*
+-   GP name: *NoLocalPasswordResetQuestions*
+-   GP path: *Windows Components\Credential User Interface*
+-   GP ADMX file name: *CredUI.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+<hr/>
+
+Footnotes:
+
+- 1 - Available in Windows 10, version 1607.
+- 2 - Available in Windows 10, version 1703.
+- 3 - Available in Windows 10, version 1709.
+- 4 - Available in Windows 10, version 1803.
+- 5 - Available in Windows 10, version 1809.
+- 6 - Available in Windows 10, version 1903.
+- 7 - Available in Windows 10, version 1909.
+- 8 - Available in Windows 10, version 2004.
+
+<!--/Policies-->
+