Merge branch 'vp-csp-auto2' of https://github.com/vinaypamnani-msft/windows-docs-pr into vp-csp-auto2

windows/client-management/mdm/firewall-csp.md

@@ -52,6 +52,11 @@ Firewall
 ------------DisableStealthMode
 ------------Shielded
 ------------DisableUnicastResponsesToMulticastBroadcast
+------------EnableLogDroppedPackets
+------------EnableLogSuccessConnections
+------------EnableLogIgnoredRules
+------------LogMaxFileSize
+------------LogFilePath
 ------------DisableInboundNotifications
 ------------AuthAppsAllowUserPrefMerge
 ------------GlobalPortsAllowUserPrefMerge
@@ -65,6 +70,11 @@ Firewall
 ------------DisableStealthMode
 ------------Shielded
 ------------DisableUnicastResponsesToMulticastBroadcast
+------------EnableLogDroppedPackets
+------------EnableLogSuccessConnections
+------------EnableLogIgnoredRules
+------------LogMaxFileSize
+------------LogFilePath
 ------------DisableInboundNotifications
 ------------AuthAppsAllowUserPrefMerge
 ------------GlobalPortsAllowUserPrefMerge
@@ -78,6 +88,11 @@ Firewall
 ------------DisableStealthMode
 ------------Shielded
 ------------DisableUnicastResponsesToMulticastBroadcast
+------------EnableLogDroppedPackets
+------------EnableLogSuccessConnections
+------------EnableLogIgnoredRules
+------------LogMaxFileSize
+------------LogFilePath
 ------------DisableInboundNotifications
 ------------AuthAppsAllowUserPrefMerge
 ------------GlobalPortsAllowUserPrefMerge
@@ -223,6 +238,25 @@ Boolean value. If it's true, unicast responses to multicast broadcast traffic ar
 Default value is false.
 Value type is bool. Supported operations are Add, Get and Replace.
 
+<a href="" id="enablelogdroppedpackets"></a>**/EnableLogDroppedPackets**
+Boolean value. If this value is true, firewall will log all dropped packets. The merge law for this option is to let "on" values win.
+Default value is false. Supported operations are Get and Replace.
+
+<a href="" id="enablelogsuccessconnections"></a>**/EnableLogSuccessConnections**
+Boolean value. If this value is true, firewall will log all successful inbound connections. The merge law for this option is to let "on" values win.
+Default value is false. Supported operations are Get and Replace.
+
+<a href="" id="enablelogignoredrules"></a>**/EnableLogIgnoredRules**
+Boolean value. If this value is true, firewall will log ignored firewall rules. The merge law for this option is to let "on" values win.
+Default value is false. Supported operations are Get and Replace.
+
+<a href="" id="logmaxfilesize"></a>**/LogMaxFileSize**
+Integer value that specifies the size, in kilobytes, of the log file where dropped packets, successful connections and ignored rules are logged. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used.
+Default value is 1024. Supported operations are Get and Replace
+
+<a href="" id="logfilepath"></a>**/LogFilePath**
+String value that represents the file path to the log where firewall logs dropped packets, successful connections and ignored rules. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it is configured, otherwise the MdmStore value wins if it is configured, otherwise the local store value is used. Default value is "%systemroot%\system32\LogFiles\Firewall\pfirewall.log". Supported operations are Get and Replace
+
 <a href="" id="disableinboundnotifications"></a>**/DisableInboundNotifications**
 Boolean value. If this value is false, the firewall MAY display a notification to the user when an application is blocked from listening on a port.  If this value is on, the firewall MUST NOT display such a notification. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used.
 Default value is false.
@@ -349,7 +383,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
 
 <a href="" id="icmptypesandcodes"></a>**FirewallRules/_FirewallRuleName_/IcmpTypesAndCodes**
-ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
+Comma separated list of ICMP types and codes applicable to the firewall rule. To specify all ICMP types and codes, use the “\*” character. For specific ICMP types and codes, use the “:” character to separate the type and code, for example, 3:4, 1:\*. The “\*” character can be used to represent any code. The “\*” character cannot be used to specify any type; examples such as “\*:4” or “\*:\*” are invalid.
 If not specified, the default is All.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 
@@ -431,6 +465,7 @@ Comma separated list of interface types. Valid values:
 - RemoteAccess
 - Wireless
 - Lan
+- MBB (i.e. Mobile Broadband)
 
 If not specified, the default is All.
 Value type is string. Supported operations are Get and Replace.

windows/client-management/mdm/policy-csp-kioskbrowser.md

@@ -1,313 +1,381 @@
 ---
-title: Policy CSP - KioskBrowser
+title: KioskBrowser Policy CSP
-description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
+description: Learn more about the KioskBrowser Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 01/03/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- KioskBrowser-Begin -->
 # Policy CSP - KioskBrowser
 
-These policies currently only apply to Kiosk Browser app. Kiosk Browser is a Microsoft Store app, added in Windows 10 version 1803, that provides IT a way to customize the end user's browsing experience to fulfill kiosk, signage, and shared device scenarios. Application developers can also create their own kiosk browser and read these policies using [NamedPolicy.GetPolicyFromPath(String, String) Method](/uwp/api/windows.management.policies.namedpolicy.getpolicyfrompath#Windows_Management_Policies_NamedPolicy_GetPolicyFromPath_System_String_System_String_).
+<!-- KioskBrowser-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- KioskBrowser-Editable-End -->
 
+<!-- BlockedUrlExceptions-Begin -->
+## BlockedUrlExceptions
 
-<hr/>
+<!-- BlockedUrlExceptions-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- BlockedUrlExceptions-Applicability-End -->
 
-<!--Policies-->
+<!-- BlockedUrlExceptions-OmaUri-Begin -->
-## KioskBrowser policies
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/BlockedUrlExceptions
+```
 
-<dl>
+```Device
-  <dd>
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/BlockedUrlExceptions
-    <a href="#kioskbrowser-blockedurlexceptions">KioskBrowser/BlockedUrlExceptions</a>
+```
-  </dd>
+<!-- BlockedUrlExceptions-OmaUri-End -->
-  <dd>
-    <a href="#kioskbrowser-blockedurls">KioskBrowser/BlockedUrls</a>
-  </dd>
-  <dd>
-    <a href="#kioskbrowser-defaulturl">KioskBrowser/DefaultURL</a>
-  </dd>
-  <dd>
-    <a href="#kioskbrowser-enableendsessionbutton">KioskBrowser/EnableEndSessionButton</a>
-  </dd>
-  <dd>
-    <a href="#kioskbrowser-enablehomebutton">KioskBrowser/EnableHomeButton</a>
-  </dd>
-  <dd>
-    <a href="#kioskbrowser-enablenavigationbuttons">KioskBrowser/EnableNavigationButtons</a>
-  </dd>
-  <dd>
-    <a href="#kioskbrowser-restartonidletime">KioskBrowser/RestartOnIdleTime</a>
-  </dd>
-</dl>
 
+<!-- BlockedUrlExceptions-Description-Begin -->
+<!-- Description-Source-DDF -->
+List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
+<!-- BlockedUrlExceptions-Description-End -->
 
-<hr/>
+<!-- BlockedUrlExceptions-Editable-Begin -->
-
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!--Policy-->
-<a href="" id="kioskbrowser-blockedurlexceptions"></a>**KioskBrowser/BlockedUrlExceptions**
-
-<!--SupportedSKUs-->
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-List of exceptions to the blocked website URLs (with wildcard support). This policy is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
-
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
+<!-- BlockedUrlExceptions-Editable-End -->
 
-<!--/Description-->
+<!-- BlockedUrlExceptions-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `0xF000`) |
+<!-- BlockedUrlExceptions-DFProperties-End -->
 
-<!--Policy-->
+<!-- BlockedUrlExceptions-Examples-Begin -->
-<a href="" id="kioskbrowser-blockedurls"></a>**KioskBrowser/BlockedUrls**
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- BlockedUrlExceptions-Examples-End -->
 
-<!--SupportedSKUs-->
+<!-- BlockedUrlExceptions-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- BlockedUrls-Begin -->
-|--- |--- |--- |
+## BlockedUrls
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- BlockedUrls-Applicability-Begin -->
-<hr/>
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- BlockedUrls-Applicability-End -->
 
-<!--Scope-->
+<!-- BlockedUrls-OmaUri-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/BlockedUrls
+```
 
-> [!div class = "checklist"]
+```Device
-> * Device
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/BlockedUrls
+```
+<!-- BlockedUrls-OmaUri-End -->
 
-<hr/>
+<!-- BlockedUrls-Description-Begin -->
-
+<!-- Description-Source-DDF -->
-<!--/Scope-->
+List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers can not navigate to.
-<!--Description-->
+<!-- BlockedUrls-Description-End -->
-List of blocked website URLs (with wildcard support). This policy is used to configure blocked URLs kiosk browsers can't navigate to. The delimiter for the URLs is "\uF000" character.
 
+<!-- BlockedUrls-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
+<!-- BlockedUrls-Editable-End -->
 
-<!--/Description-->
+<!-- BlockedUrls-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | List (Delimiter: `0xF000`) |
+<!-- BlockedUrls-DFProperties-End -->
 
-<!--Policy-->
+<!-- BlockedUrls-Examples-Begin -->
-<a href="" id="kioskbrowser-defaulturl"></a>**KioskBrowser/DefaultURL**
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- BlockedUrls-Examples-End -->
 
-<!--SupportedSKUs-->
+<!-- BlockedUrls-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- DefaultURL-Begin -->
-|--- |--- |--- |
+## DefaultURL
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- DefaultURL-Applicability-Begin -->
-<hr/>
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- DefaultURL-Applicability-End -->
 
-<!--Scope-->
+<!-- DefaultURL-OmaUri-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/DefaultURL
+```
 
-> [!div class = "checklist"]
+```Device
-> * Device
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/DefaultURL
+```
+<!-- DefaultURL-OmaUri-End -->
 
-<hr/>
+<!-- DefaultURL-Description-Begin -->
-
+<!-- Description-Source-DDF -->
-<!--/Scope-->
-<!--Description-->
 Configures the default URL kiosk browsers to navigate on launch and restart.
+<!-- DefaultURL-Description-End -->
 
+<!-- DefaultURL-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
+<!-- DefaultURL-Editable-End -->
 
-<!--/Description-->
+<!-- DefaultURL-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- DefaultURL-DFProperties-End -->
 
-<!--Policy-->
+<!-- DefaultURL-Examples-Begin -->
-<a href="" id="kioskbrowser-enableendsessionbutton"></a>**KioskBrowser/EnableEndSessionButton**
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- DefaultURL-Examples-End -->
 
-<!--SupportedSKUs-->
+<!-- DefaultURL-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- EnableEndSessionButton-Begin -->
-|--- |--- |--- |
+## EnableEndSessionButton
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- EnableEndSessionButton-Applicability-Begin -->
-<hr/>
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- EnableEndSessionButton-Applicability-End -->
 
-<!--Scope-->
+<!-- EnableEndSessionButton-OmaUri-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
+```
 
-> [!div class = "checklist"]
+```Device
-> * Device
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
+```
+<!-- EnableEndSessionButton-OmaUri-End -->
 
-<hr/>
+<!-- EnableEndSessionButton-Description-Begin -->
+<!-- Description-Source-DDF -->
+Enable/disable kiosk browser's end session button.
+<!-- EnableEndSessionButton-Description-End -->
 
-<!--/Scope-->
+<!-- EnableEndSessionButton-Editable-Begin -->
-<!--Description-->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-Shows the Kiosk Browser's end session button. When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user selects the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk browser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
+When the policy is enabled, the Kiosk Browser app shows a button to reset the browser. When the user selects the button, the app will prompt the user for confirmation to end the session. When the user confirms, the Kiosk browser will clear all browsing data (cache, cookies, etc.) and navigate back to the default URL.
+<!-- EnableEndSessionButton-Editable-End -->
 
-<!--/Description-->
+<!-- EnableEndSessionButton-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableEndSessionButton-DFProperties-End -->
 
-<!--Policy-->
+<!-- EnableEndSessionButton-AllowedValues-Begin -->
-<a href="" id="kioskbrowser-enablehomebutton"></a>**KioskBrowser/EnableHomeButton**
+**Allowed values**:
 
-<!--SupportedSKUs-->
+| Value | Description |
+|:--|:--|
+| 1 | Enable |
+| 0 (Default) | Disable |
+<!-- EnableEndSessionButton-AllowedValues-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- EnableEndSessionButton-Examples-Begin -->
-|--- |--- |--- |
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-|Home|No|No|
+<!-- EnableEndSessionButton-Examples-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- EnableEndSessionButton-End -->
-<hr/>
 
-<!--Scope-->
+<!-- EnableHomeButton-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+## EnableHomeButton
 
-> [!div class = "checklist"]
+<!-- EnableHomeButton-Applicability-Begin -->
-> * Device
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- EnableHomeButton-Applicability-End -->
 
-<hr/>
+<!-- EnableHomeButton-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/EnableHomeButton
+```
 
-<!--/Scope-->
+```Device
-<!--Description-->
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/EnableHomeButton
+```
+<!-- EnableHomeButton-OmaUri-End -->
+
+<!-- EnableHomeButton-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enable/disable kiosk browser's home button.
+<!-- EnableHomeButton-Description-End -->
 
+<!-- EnableHomeButton-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
+<!-- EnableHomeButton-Editable-End -->
 
-<!--/Description-->
+<!-- EnableHomeButton-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableHomeButton-DFProperties-End -->
 
-<!--Policy-->
+<!-- EnableHomeButton-AllowedValues-Begin -->
-<a href="" id="kioskbrowser-enablenavigationbuttons"></a>**KioskBrowser/EnableNavigationButtons**
+**Allowed values**:
 
-<!--SupportedSKUs-->
+| Value | Description |
+|:--|:--|
+| 1 | Enable |
+| 0 (Default) | Disable |
+<!-- EnableHomeButton-AllowedValues-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- EnableHomeButton-Examples-Begin -->
-|--- |--- |--- |
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-|Home|No|No|
+<!-- EnableHomeButton-Examples-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- EnableHomeButton-End -->
-<hr/>
 
-<!--Scope-->
+<!-- EnableNavigationButtons-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+## EnableNavigationButtons
 
-> [!div class = "checklist"]
+<!-- EnableNavigationButtons-Applicability-Begin -->
-> * Device
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- EnableNavigationButtons-Applicability-End -->
 
-<hr/>
+<!-- EnableNavigationButtons-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/EnableNavigationButtons
+```
 
-<!--/Scope-->
+```Device
-<!--Description-->
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/EnableNavigationButtons
+```
+<!-- EnableNavigationButtons-OmaUri-End -->
+
+<!-- EnableNavigationButtons-Description-Begin -->
+<!-- Description-Source-DDF -->
 Enable/disable kiosk browser's navigation buttons (forward/back).
+<!-- EnableNavigationButtons-Description-End -->
 
+<!-- EnableNavigationButtons-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
+<!-- EnableNavigationButtons-Editable-End -->
 
-<!--/Description-->
+<!-- EnableNavigationButtons-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableNavigationButtons-DFProperties-End -->
 
-<!--Policy-->
+<!-- EnableNavigationButtons-AllowedValues-Begin -->
-<a href="" id="kioskbrowser-restartonidletime"></a>**KioskBrowser/RestartOnIdleTime**
+**Allowed values**:
 
-<!--SupportedSKUs-->
+| Value | Description |
+|:--|:--|
+| 1 | Enable |
+| 0 (Default) | Disable |
+<!-- EnableNavigationButtons-AllowedValues-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- EnableNavigationButtons-Examples-Begin -->
-|--- |--- |--- |
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-|Home|No|No|
+<!-- EnableNavigationButtons-Examples-End -->
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+<!-- EnableNavigationButtons-End -->
-<hr/>
 
-<!--Scope-->
+<!-- RestartOnIdleTime-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+## RestartOnIdleTime
 
-> [!div class = "checklist"]
+<!-- RestartOnIdleTime-Applicability-Begin -->
-> * Device
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :heavy_check_mark: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
+<!-- RestartOnIdleTime-Applicability-End -->
 
-<hr/>
+<!-- RestartOnIdleTime-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/Policy/Config/KioskBrowser/RestartOnIdleTime
+```
 
-<!--/Scope-->
+```Device
-<!--Description-->
+./Device/Vendor/MSFT/Policy/Config/KioskBrowser/RestartOnIdleTime
-Amount of time in minutes, the session is idle until the kiosk browser restarts in a fresh state.
+```
+<!-- RestartOnIdleTime-OmaUri-End -->
 
+<!-- RestartOnIdleTime-Description-Begin -->
+<!-- Description-Source-DDF -->
+Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state.
+<!-- RestartOnIdleTime-Description-End -->
+
+<!-- RestartOnIdleTime-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser.
 
 > [!NOTE]
 > This policy only applies to the Kiosk Browser app in Microsoft Store.
+<!-- RestartOnIdleTime-Editable-End -->
 
-<!--/Description-->
+<!-- RestartOnIdleTime-DFProperties-Begin -->
-<!--/Policy-->
+**Description framework properties**:
-<hr/>
 
-<!--/Policies-->
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Allowed Values | Range: `[1-1440]` |
+| Default Value  | 0 |
+<!-- RestartOnIdleTime-DFProperties-End -->
 
-## Related topics
+<!-- RestartOnIdleTime-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- RestartOnIdleTime-Examples-End -->
+
+<!-- RestartOnIdleTime-End -->
+
+<!-- KioskBrowser-CspMoreInfo-Begin -->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- KioskBrowser-CspMoreInfo-End -->
+
+<!-- KioskBrowser-End -->
+
+## Related articles
 
 [Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-lanmanworkstation.md

@@ -1,85 +1,100 @@
 ---
-title: Policy CSP - LanmanWorkstation
+title: LanmanWorkstation Policy CSP
-description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest sign ins to an SMB server.
+description: Learn more about the LanmanWorkstation Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 01/03/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- LanmanWorkstation-Begin -->
 # Policy CSP - LanmanWorkstation
 
-<hr/>
+<!-- LanmanWorkstation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- LanmanWorkstation-Editable-End -->
 
-<!--Policies-->
+<!-- EnableInsecureGuestLogons-Begin -->
-## LanmanWorkstation policies
+## EnableInsecureGuestLogons
 
-<dl>
+<!-- EnableInsecureGuestLogons-Applicability-Begin -->
-  <dd>
+| Scope | Editions | Applicable OS |
-    <a href="#lanmanworkstation-enableinsecureguestlogons">LanmanWorkstation/EnableInsecureGuestLogons</a>
+|:--|:--|:--|
-  </dd>
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1803 [10.0.17134] and later |
-</dl>
+<!-- EnableInsecureGuestLogons-Applicability-End -->
 
-<hr/>
+<!-- EnableInsecureGuestLogons-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/LanmanWorkstation/EnableInsecureGuestLogons
+```
+<!-- EnableInsecureGuestLogons-OmaUri-End -->
 
-<!--Policy-->
+<!-- EnableInsecureGuestLogons-Description-Begin -->
-<a href="" id="lanmanworkstation-enableinsecureguestlogons"></a>**LanmanWorkstation/EnableInsecureGuestLogons**
+<!-- Description-Source-ADMX -->
+This policy setting determines if the SMB client will allow insecure guest logons to an SMB server.
 
-<!--SupportedSKUs-->
+If you enable this policy setting or if you do not configure this policy setting, the SMB client will allow insecure guest logons.
 
-|Edition|Windows 10|Windows 11|
+If you disable this policy setting, the SMB client will reject insecure guest logons.
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and do not use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access."
-<hr/>
+<!-- EnableInsecureGuestLogons-Description-End -->
 
-<!--Scope-->
+<!-- EnableInsecureGuestLogons-Editable-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- EnableInsecureGuestLogons-Editable-End -->
 
-> [!div class = "checklist"]
+<!-- EnableInsecureGuestLogons-DFProperties-Begin -->
-> * Device
+**Description framework properties**:
 
-<hr/>
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- EnableInsecureGuestLogons-DFProperties-End -->
 
-<!--/Scope-->
+<!-- EnableInsecureGuestLogons-AllowedValues-Begin -->
-<!--Description-->
+**Allowed values**:
-This policy setting determines, if the SMB client will allow insecure guest sign in to an SMB server.
 
-If you enable this policy setting or if you don't configure this policy setting, the SMB client will allow insecure guest sign in.
+| Value | Description |
+|:--|:--|
+| 0 (Default) | Disabled |
+| 1 | Enabled |
+<!-- EnableInsecureGuestLogons-AllowedValues-End -->
 
-If you disable this policy setting, the SMB client will reject insecure guest sign in.
+<!-- EnableInsecureGuestLogons-GpMapping-Begin -->
+**Group policy mapping**:
 
-Insecure guest sign in are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest sign in are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication, and don't use insecure guest sign in by default. Since insecure guest sign in are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest sign in are vulnerable to various man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest sign in is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest sign in and configuring file servers to require authenticated access.
+| Name | Value |
+|:--|:--|
+| Name | Pol_EnableInsecureGuestLogons |
+| Friendly Name | Enable insecure guest logons |
+| Location | Computer Configuration |
+| Path | Network > Lanman Workstation |
+| Registry Key Name | Software\Policies\Microsoft\Windows\LanmanWorkstation |
+| Registry Value Name | AllowInsecureGuestAuth |
+| ADMX File Name | LanmanWorkstation.admx |
+<!-- EnableInsecureGuestLogons-GpMapping-End -->
 
-<!--/Description-->
+<!-- EnableInsecureGuestLogons-Examples-Begin -->
-<!--ADMXMapped-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-ADMX Info:
+<!-- EnableInsecureGuestLogons-Examples-End -->
--   GP Friendly name: *Enable insecure guest logons*
--   GP name: *Pol_EnableInsecureGuestLogons*
--   GP path: *Network/Lanman Workstation*
--   GP ADMX file name: *LanmanWorkstation.admx*
 
-<!--/ADMXMapped-->
+<!-- EnableInsecureGuestLogons-End -->
-<!--SupportedValues-->
-This setting supports a range of values between 0 and 1.
 
-<!--/SupportedValues-->
+<!-- LanmanWorkstation-CspMoreInfo-Begin -->
-<!--/Policy-->
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
-<hr/>
+<!-- LanmanWorkstation-CspMoreInfo-End -->
 
-<!--/Policies-->
+<!-- LanmanWorkstation-End -->
 
-## Related topics
+## Related articles
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-licensing.md

@@ -1,135 +1,166 @@
 ---
-title: Policy CSP - Licensing
+title: Licensing Policy CSP
-description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices.
+description: Learn more about the Licensing Area in Policy CSP
+author: vinaypamnani-msft
+manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 01/03/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.localizationpriority: medium
-ms.date: 09/27/2019
-ms.reviewer: 
-manager: aaroncz
 ---
 
+<!-- Auto-Generated CSP Document -->
+
+<!-- Licensing-Begin -->
 # Policy CSP - Licensing
 
-<hr/>
+<!-- Licensing-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Licensing-Editable-End -->
 
-<!--Policies-->
+<!-- AllowWindowsEntitlementReactivation-Begin -->
-## Licensing policies
+## AllowWindowsEntitlementReactivation
 
-<dl>
+<!-- AllowWindowsEntitlementReactivation-Applicability-Begin -->
-  <dd>
+| Scope | Editions | Applicable OS |
-    <a href="#licensing-allowwindowsentitlementreactivation">Licensing/AllowWindowsEntitlementReactivation</a>
+|:--|:--|:--|
-  </dd>
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
-  <dd>
+<!-- AllowWindowsEntitlementReactivation-Applicability-End -->
-    <a href="#licensing-disallowkmsclientonlineavsvalidation">Licensing/DisallowKMSClientOnlineAVSValidation</a>
-  </dd>
-</dl>
 
-<hr/>
+<!-- AllowWindowsEntitlementReactivation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Licensing/AllowWindowsEntitlementReactivation
+```
+<!-- AllowWindowsEntitlementReactivation-OmaUri-End -->
 
-<!--Policy-->
+<!-- AllowWindowsEntitlementReactivation-Description-Begin -->
-<a href="" id="licensing-allowwindowsentitlementreactivation"></a>**Licensing/AllowWindowsEntitlementReactivation**
+<!-- Description-Source-ADMX -->
+This policy setting controls whether OS Reactivation is blocked on a device.
+Policy Options:
+- Not Configured (default -- Windows registration and reactivation is allowed)
+- Disabled (Windows registration and reactivation is not allowed)
+- Enabled (Windows registration is allowed)
+<!-- AllowWindowsEntitlementReactivation-Description-End -->
 
-<!--SupportedSKUs-->
+<!-- AllowWindowsEntitlementReactivation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- AllowWindowsEntitlementReactivation-Editable-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- AllowWindowsEntitlementReactivation-DFProperties-Begin -->
-|--- |--- |--- |
+**Description framework properties**:
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+| Property name | Property value |
-<hr/>
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 1 |
+<!-- AllowWindowsEntitlementReactivation-DFProperties-End -->
 
-<!--Scope-->
+<!-- AllowWindowsEntitlementReactivation-AllowedValues-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+**Allowed values**:
 
-> [!div class = "checklist"]
+| Value | Description |
-> * Device
+|:--|:--|
+| 0 | Disable Windows license reactivation on managed devices. |
+| 1 (Default) | Enable Windows license reactivation on managed devices. |
+<!-- AllowWindowsEntitlementReactivation-AllowedValues-End -->
 
-<hr/>
+<!-- AllowWindowsEntitlementReactivation-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/Scope-->
+| Name | Value |
-<!--Description-->
+|:--|:--|
-Enables or Disable Windows license reactivation on managed devices.
+| Name | AllowWindowsEntitlementReactivation |
+| Friendly Name | Control Device Reactivation for Retail devices |
+| Location | Computer Configuration |
+| Path | Windows Components > Software Protection Platform |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform |
+| Registry Value Name | AllowWindowsEntitlementReactivation |
+| ADMX File Name | AVSValidationGP.admx |
+<!-- AllowWindowsEntitlementReactivation-GpMapping-End -->
 
-<!--/Description-->
+<!-- AllowWindowsEntitlementReactivation-Examples-Begin -->
-<!--ADMXMapped-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-ADMX Info:
+<!-- AllowWindowsEntitlementReactivation-Examples-End -->
--   GP Friendly name: *Control Device Reactivation for Retail devices*
--   GP name: *AllowWindowsEntitlementReactivation*
--   GP path: *Windows Components/Software Protection Platform*
--   GP ADMX file name: *AVSValidationGP.admx*
 
-<!--/ADMXMapped-->
+<!-- AllowWindowsEntitlementReactivation-End -->
-<!--SupportedValues-->
-The following list shows the supported values:
 
--   0 – Disable Windows license reactivation on managed devices.
+<!-- DisallowKMSClientOnlineAVSValidation-Begin -->
--   1 (default) – Enable Windows license reactivation on managed devices.
+## DisallowKMSClientOnlineAVSValidation
 
-<!--/SupportedValues-->
+<!-- DisallowKMSClientOnlineAVSValidation-Applicability-Begin -->
-<!--/Policy-->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1607 [10.0.14393] and later |
+<!-- DisallowKMSClientOnlineAVSValidation-Applicability-End -->
 
-<hr/>
+<!-- DisallowKMSClientOnlineAVSValidation-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Policy/Config/Licensing/DisallowKMSClientOnlineAVSValidation
+```
+<!-- DisallowKMSClientOnlineAVSValidation-OmaUri-End -->
 
-<!--Policy-->
+<!-- DisallowKMSClientOnlineAVSValidation-Description-Begin -->
-<a href="" id="licensing-disallowkmsclientonlineavsvalidation"></a>**Licensing/DisallowKMSClientOnlineAVSValidation**
+<!-- Description-Source-ADMX -->
+This policy setting lets you opt-out of sending KMS client activation data to Microsoft automatically. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
+If you disable or do not configure this policy setting, KMS client activation data will be sent to Microsoft services when this device activates.
+Policy Options:
+- Not Configured (default -- data will be automatically sent to Microsoft)
+- Disabled (data will be automatically sent to Microsoft)
+- Enabled (data will not be sent to Microsoft)
+<!-- DisallowKMSClientOnlineAVSValidation-Description-End -->
 
-<!--SupportedSKUs-->
+<!-- DisallowKMSClientOnlineAVSValidation-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- DisallowKMSClientOnlineAVSValidation-Editable-End -->
 
-|Edition|Windows 10|Windows 11|
+<!-- DisallowKMSClientOnlineAVSValidation-DFProperties-Begin -->
-|--- |--- |--- |
+**Description framework properties**:
-|Home|No|No|
-|Pro|Yes|Yes|
-|Windows SE|No|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
 
-<!--/SupportedSKUs-->
+| Property name | Property value |
-<hr/>
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- DisallowKMSClientOnlineAVSValidation-DFProperties-End -->
 
-<!--Scope-->
+<!-- DisallowKMSClientOnlineAVSValidation-AllowedValues-Begin -->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
+**Allowed values**:
 
-> [!div class = "checklist"]
+| Value | Description |
-> * Device
+|:--|:--|
+| 0 (Default) | Disabled. |
+| 1 | Enabled. |
+<!-- DisallowKMSClientOnlineAVSValidation-AllowedValues-End -->
 
-<hr/>
+<!-- DisallowKMSClientOnlineAVSValidation-GpMapping-Begin -->
+**Group policy mapping**:
 
-<!--/Scope-->
+| Name | Value |
-<!--Description-->
+|:--|:--|
-Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
+| Name | NoAcquireGT |
+| Friendly Name | Turn off KMS Client Online AVS Validation |
+| Location | Computer Configuration |
+| Path | Windows Components > Software Protection Platform |
+| Registry Key Name | Software\Policies\Microsoft\Windows NT\CurrentVersion\Software Protection Platform |
+| Registry Value Name | NoGenTicket |
+| ADMX File Name | AVSValidationGP.admx |
+<!-- DisallowKMSClientOnlineAVSValidation-GpMapping-End -->
 
-<!--/Description-->
+<!-- DisallowKMSClientOnlineAVSValidation-Examples-Begin -->
-<!--ADMXMapped-->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-ADMX Info:
+<!-- DisallowKMSClientOnlineAVSValidation-Examples-End -->
--   GP Friendly name: *Turn off KMS Client Online AVS Validation*
--   GP name: *NoAcquireGT*
--   GP path: *Windows Components/Software Protection Platform*
--   GP ADMX file name: *AVSValidationGP.admx*
 
-<!--/ADMXMapped-->
+<!-- DisallowKMSClientOnlineAVSValidation-End -->
-<!--SupportedValues-->
-The following list shows the supported values:
 
--   0 (default) – Disabled
+<!-- Licensing-CspMoreInfo-Begin -->
--   1 – Enabled
+<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
+<!-- Licensing-CspMoreInfo-End -->
 
-<!--/SupportedValues-->
+<!-- Licensing-End -->
-<!--/Policy-->
-<hr/>
 
+## Related articles
 
-<!--/Policies-->
+[Policy configuration service provider](policy-configuration-service-provider.md)
-
-## Related topics
-
-[Policy configuration service provider](policy-configuration-service-provider.md)