Merged PR 3528: Adding scope info, linked policy lists, and additional formatting.

2025-05-12 13:27:23 +00:00 · 2017-10-02 19:13:23 +00:00 · 2017-10-02 19:13:23 +00:00 · 4eb941a4aa
commit 4eb941a4aa
parent 758b6f8ae3
70 changed files with 11441 additions and 143 deletions
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/25/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP
@ -22,6 +22,26 @@ The Policy configuration service provider has the following sub-categories:
 -   Policy/Config/*AreaName* – Handles the policy configuration request from the server.
 -   Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device.
 <a href="" id="policy-scope"></a>
 > [!Important]
 > Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. 
 >
 > The allowed scope of a specific policy is represented below its table of supported Windows editions.  To configure a policy under a specific scope (user vs. device), please use the following paths:
 >
 > User scope:
 > -   **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > -   **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 >
 > Device scope:
 > -   **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > -   **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 >
 > For device wide configuration the **_Device/_**  portion may be omitted from the path, deeming the following paths respectively equivalent:
 >
 > - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
 ![policy csp diagram](images/provisioning-csp-policy.png)
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - AboveLock
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## AboveLock policies  
 <dl>
  <dd>
    <a href="#abovelock-allowactioncenternotifications">AboveLock/AllowActionCenterNotifications</a>
  </dd>
  <dd>
    <a href="#abovelock-allowcortanaabovelock">AboveLock/AllowCortanaAboveLock</a>
  </dd>
  <dd>
    <a href="#abovelock-allowtoasts">AboveLock/AllowToasts</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="abovelock-allowactioncenternotifications"></a>**AboveLock/AllowActionCenterNotifications**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -60,6 +82,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="abovelock-allowcortanaabovelock"></a>**AboveLock/AllowCortanaAboveLock**  
@ -86,6 +109,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.
@ -96,6 +128,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="abovelock-allowtoasts"></a>**AboveLock/AllowToasts**  
@ -122,6 +155,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow toast notifications above the device lock screen.
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Accounts
@ -14,11 +14,27 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Accounts policies  
 <dl>
  <dd>
    <a href="#accounts-allowaddingnonmicrosoftaccountsmanually">Accounts/AllowAddingNonMicrosoftAccountsManually</a>
  </dd>
  <dd>
    <a href="#accounts-allowmicrosoftaccountconnection">Accounts/AllowMicrosoftAccountConnection</a>
  </dd>
  <dd>
    <a href="#accounts-allowmicrosoftaccountsigninassistant">Accounts/AllowMicrosoftAccountSignInAssistant</a>
  </dd>
  <dd>
    <a href="#accounts-domainnamesforemailsync">Accounts/DomainNamesForEmailSync</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-allowaddingnonmicrosoftaccountsmanually"></a>**Accounts/AllowAddingNonMicrosoftAccountsManually**  
@ -45,6 +61,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether user is allowed to add non-MSA email accounts.
@ -60,6 +85,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-allowmicrosoftaccountconnection"></a>**Accounts/AllowMicrosoftAccountConnection**  
@ -86,6 +112,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
@ -98,6 +133,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-allowmicrosoftaccountsigninassistant"></a>**Accounts/AllowMicrosoftAccountSignInAssistant**  
@ -124,6 +160,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
@ -134,6 +179,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-domainnamesforemailsync"></a>**Accounts/DomainNamesForEmailSync**  
@ -160,6 +206,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies a list of the domains that are allowed to sync email on the device.
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ActiveXControls
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ActiveXControls policies  
 <dl>
  <dd>
    <a href="#activexcontrols-approvedinstallationsites">ActiveXControls/ApprovedInstallationSites</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="activexcontrols-approvedinstallationsites"></a>**ActiveXControls/ApprovedInstallationSites**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ApplicationDefaults
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ApplicationDefaults policies  
 <dl>
  <dd>
    <a href="#applicationdefaults-defaultassociationsconfiguration">ApplicationDefaults/DefaultAssociationsConfiguration</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationdefaults-defaultassociationsconfiguration"></a>**ApplicationDefaults/DefaultAssociationsConfiguration**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be  base64 encoded before being added to SyncML.
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ApplicationManagement
@ -14,11 +14,48 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ApplicationManagement policies  
 <dl>
  <dd>
    <a href="#applicationmanagement-allowalltrustedapps">ApplicationManagement/AllowAllTrustedApps</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowappstoreautoupdate">ApplicationManagement/AllowAppStoreAutoUpdate</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowdeveloperunlock">ApplicationManagement/AllowDeveloperUnlock</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowgamedvr">ApplicationManagement/AllowGameDVR</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowstore">ApplicationManagement/AllowStore</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-applicationrestrictions">ApplicationManagement/ApplicationRestrictions</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-requireprivatestoreonly">ApplicationManagement/RequirePrivateStoreOnly</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-restrictappdatatosystemvolume">ApplicationManagement/RestrictAppDataToSystemVolume</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-restrictapptosystemvolume">ApplicationManagement/RestrictAppToSystemVolume</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowalltrustedapps"></a>**ApplicationManagement/AllowAllTrustedApps**  
@ -45,6 +82,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether non Windows Store apps are allowed.
@ -58,6 +104,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowappstoreautoupdate"></a>**ApplicationManagement/AllowAppStoreAutoUpdate**  
@ -84,6 +131,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether automatic update of apps from Windows Store are allowed.
@ -96,6 +152,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowdeveloperunlock"></a>**ApplicationManagement/AllowDeveloperUnlock**  
@ -122,6 +179,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether developer unlock is allowed.
@ -135,6 +201,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowgamedvr"></a>**ApplicationManagement/AllowGameDVR**  
@ -161,6 +228,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -176,6 +252,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowshareduserappdata"></a>**ApplicationManagement/AllowSharedUserAppData**  
@ -202,6 +279,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether multiple users of the same app can share data.
@ -214,6 +300,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowstore"></a>**ApplicationManagement/AllowStore**  
@ -240,6 +327,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether app store is allowed at the device.
@ -252,6 +348,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-applicationrestrictions"></a>**ApplicationManagement/ApplicationRestrictions**  
@ -278,6 +375,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
@ -305,6 +411,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-disablestoreoriginatedapps"></a>**ApplicationManagement/DisableStoreOriginatedApps**  
@ -331,6 +438,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Windows Store that came pre-installed or were downloaded.
@ -341,6 +457,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-requireprivatestoreonly"></a>**ApplicationManagement/RequirePrivateStoreOnly**  
@ -367,6 +484,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows disabling of the retail catalog and only enables the Private store.
@ -388,6 +514,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-restrictappdatatosystemvolume"></a>**ApplicationManagement/RestrictAppDataToSystemVolume**  
@ -414,6 +541,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether application data is restricted to the system drive.
@ -426,6 +562,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-restrictapptosystemvolume"></a>**ApplicationManagement/RestrictAppToSystemVolume**  
@ -452,6 +589,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether the installation of applications is restricted to the system drive.
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - AppVirtualization
@ -14,11 +14,99 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## AppVirtualization policies  
 <dl>
  <dd>
    <a href="#appvirtualization-allowappvclient">AppVirtualization/AllowAppVClient</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowdynamicvirtualization">AppVirtualization/AllowDynamicVirtualization</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowpackagecleanup">AppVirtualization/AllowPackageCleanup</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowpackagescripts">AppVirtualization/AllowPackageScripts</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowpublishingrefreshux">AppVirtualization/AllowPublishingRefreshUX</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowreportingserver">AppVirtualization/AllowReportingServer</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowroamingfileexclusions">AppVirtualization/AllowRoamingFileExclusions</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowroamingregistryexclusions">AppVirtualization/AllowRoamingRegistryExclusions</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowstreamingautoload">AppVirtualization/AllowStreamingAutoload</a>
  </dd>
  <dd>
    <a href="#appvirtualization-clientcoexistenceallowmigrationmode">AppVirtualization/ClientCoexistenceAllowMigrationmode</a>
  </dd>
  <dd>
    <a href="#appvirtualization-integrationallowrootglobal">AppVirtualization/IntegrationAllowRootGlobal</a>
  </dd>
  <dd>
    <a href="#appvirtualization-integrationallowrootuser">AppVirtualization/IntegrationAllowRootUser</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver1">AppVirtualization/PublishingAllowServer1</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver2">AppVirtualization/PublishingAllowServer2</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver3">AppVirtualization/PublishingAllowServer3</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver4">AppVirtualization/PublishingAllowServer4</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver5">AppVirtualization/PublishingAllowServer5</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowcertificatefilterforclient-ssl">AppVirtualization/StreamingAllowCertificateFilterForClient_SSL</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowhighcostlaunch">AppVirtualization/StreamingAllowHighCostLaunch</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowlocationprovider">AppVirtualization/StreamingAllowLocationProvider</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowpackageinstallationroot">AppVirtualization/StreamingAllowPackageInstallationRoot</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowpackagesourceroot">AppVirtualization/StreamingAllowPackageSourceRoot</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowreestablishmentinterval">AppVirtualization/StreamingAllowReestablishmentInterval</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowreestablishmentretries">AppVirtualization/StreamingAllowReestablishmentRetries</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingsharedcontentstoremode">AppVirtualization/StreamingSharedContentStoreMode</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingsupportbranchcache">AppVirtualization/StreamingSupportBranchCache</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingverifycertificaterevocationlist">AppVirtualization/StreamingVerifyCertificateRevocationList</a>
  </dd>
  <dd>
    <a href="#appvirtualization-virtualcomponentsallowlist">AppVirtualization/VirtualComponentsAllowList</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowappvclient"></a>**AppVirtualization/AllowAppVClient**  
@ -45,6 +133,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
@ -65,6 +162,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowdynamicvirtualization"></a>**AppVirtualization/AllowDynamicVirtualization**  
@ -91,6 +189,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
@ -111,6 +218,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowpackagecleanup"></a>**AppVirtualization/AllowPackageCleanup**  
@ -137,6 +245,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
@ -157,6 +274,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowpackagescripts"></a>**AppVirtualization/AllowPackageScripts**  
@ -183,6 +301,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables scripts defined in the package manifest of configuration files that should run.
@ -203,6 +330,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowpublishingrefreshux"></a>**AppVirtualization/AllowPublishingRefreshUX**  
@ -229,6 +357,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables a UX to display to the user when a publishing refresh is performed on the client.
@ -249,6 +386,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowreportingserver"></a>**AppVirtualization/AllowReportingServer**  
@ -275,6 +413,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Reporting Server URL: Displays the URL of reporting server.
@ -305,6 +452,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowroamingfileexclusions"></a>**AppVirtualization/AllowRoamingFileExclusions**  
@ -331,6 +479,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
@ -351,6 +508,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowroamingregistryexclusions"></a>**AppVirtualization/AllowRoamingRegistryExclusions**  
@ -377,6 +535,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
@ -397,6 +564,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowstreamingautoload"></a>**AppVirtualization/AllowStreamingAutoload**  
@ -423,6 +591,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies how new packages should be loaded automatically by App-V on a specific computer.
@ -443,6 +620,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-clientcoexistenceallowmigrationmode"></a>**AppVirtualization/ClientCoexistenceAllowMigrationmode**  
@ -469,6 +647,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
@ -489,6 +676,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-integrationallowrootglobal"></a>**AppVirtualization/IntegrationAllowRootGlobal**  
@ -515,6 +703,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
@ -535,6 +732,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-integrationallowrootuser"></a>**AppVirtualization/IntegrationAllowRootUser**  
@ -561,6 +759,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
@ -581,6 +788,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver1"></a>**AppVirtualization/PublishingAllowServer1**  
@ -607,6 +815,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -645,6 +862,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver2"></a>**AppVirtualization/PublishingAllowServer2**  
@ -671,6 +889,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -709,6 +936,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver3"></a>**AppVirtualization/PublishingAllowServer3**  
@ -735,6 +963,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -773,6 +1010,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver4"></a>**AppVirtualization/PublishingAllowServer4**  
@ -799,6 +1037,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -837,6 +1084,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver5"></a>**AppVirtualization/PublishingAllowServer5**  
@ -863,6 +1111,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -901,6 +1158,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowcertificatefilterforclient-ssl"></a>**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL**  
@ -927,6 +1185,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the path to a valid certificate in the certificate store.
@ -947,6 +1214,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowhighcostlaunch"></a>**AppVirtualization/StreamingAllowHighCostLaunch**  
@ -973,6 +1241,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).
@ -993,6 +1270,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowlocationprovider"></a>**AppVirtualization/StreamingAllowLocationProvider**  
@ -1019,6 +1297,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
@ -1039,6 +1326,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowpackageinstallationroot"></a>**AppVirtualization/StreamingAllowPackageInstallationRoot**  
@ -1065,6 +1353,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies directory where all new applications and updates will be installed.
@ -1085,6 +1382,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowpackagesourceroot"></a>**AppVirtualization/StreamingAllowPackageSourceRoot**  
@ -1111,6 +1409,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Overrides source location for downloading package content.
@ -1131,6 +1438,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowreestablishmentinterval"></a>**AppVirtualization/StreamingAllowReestablishmentInterval**  
@ -1157,6 +1465,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the number of seconds between attempts to reestablish a dropped session.
@ -1177,6 +1494,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowreestablishmentretries"></a>**AppVirtualization/StreamingAllowReestablishmentRetries**  
@ -1203,6 +1521,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the number of times to retry a dropped session.
@ -1223,6 +1550,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingsharedcontentstoremode"></a>**AppVirtualization/StreamingSharedContentStoreMode**  
@ -1249,6 +1577,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies that streamed package contents will be not be saved to the local hard disk.
@ -1269,6 +1606,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingsupportbranchcache"></a>**AppVirtualization/StreamingSupportBranchCache**  
@ -1295,6 +1633,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache
@ -1315,6 +1662,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingverifycertificaterevocationlist"></a>**AppVirtualization/StreamingVerifyCertificateRevocationList**  
@ -1341,6 +1689,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Verifies Server certificate revocation status before streaming using HTTPS.
@ -1361,6 +1718,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-virtualcomponentsallowlist"></a>**AppVirtualization/VirtualComponentsAllowList**  
@ -1387,6 +1745,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components.
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - AttachmentManager
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## AttachmentManager policies  
 <dl>
  <dd>
    <a href="#attachmentmanager-donotpreservezoneinformation">AttachmentManager/DoNotPreserveZoneInformation</a>
  </dd>
  <dd>
    <a href="#attachmentmanager-hidezoneinfomechanism">AttachmentManager/HideZoneInfoMechanism</a>
  </dd>
  <dd>
    <a href="#attachmentmanager-notifyantivirusprograms">AttachmentManager/NotifyAntivirusPrograms</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="attachmentmanager-donotpreservezoneinformation"></a>**AttachmentManager/DoNotPreserveZoneInformation**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
@ -71,6 +93,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="attachmentmanager-hidezoneinfomechanism"></a>**AttachmentManager/HideZoneInfoMechanism**  
@ -97,6 +120,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.
@ -123,6 +155,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="attachmentmanager-notifyantivirusprograms"></a>**AttachmentManager/NotifyAntivirusPrograms**  
@ -149,6 +182,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/06/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Authentication
@ -14,11 +14,27 @@ ms.date: 09/06/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Authentication policies  
 <dl>
  <dd>
    <a href="#authentication-allowaadpasswordreset">Authentication/AllowAadPasswordReset</a>
  </dd>
  <dd>
    <a href="#authentication-alloweapcertsso">Authentication/AllowEAPCertSSO</a>
  </dd>
  <dd>
    <a href="#authentication-allowfastreconnect">Authentication/AllowFastReconnect</a>
  </dd>
  <dd>
    <a href="#authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-allowaadpasswordreset"></a>**Authentication/AllowAadPasswordReset**  
@ -45,6 +61,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. 
@ -55,6 +80,7 @@ ms.date: 09/06/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**  
@ -81,6 +107,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
@ -98,6 +133,7 @@ ms.date: 09/06/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-allowfastreconnect"></a>**Authentication/AllowFastReconnect**  
@ -124,6 +160,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows EAP Fast Reconnect from being attempted for EAP Method TLS.
@ -136,6 +181,7 @@ ms.date: 09/06/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-allowsecondaryauthenticationdevice"></a>**Authentication/AllowSecondaryAuthenticationDevice**  
@ -162,6 +208,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Autoplay
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Autoplay policies  
 <dl>
  <dd>
    <a href="#autoplay-disallowautoplayfornonvolumedevices">Autoplay/DisallowAutoplayForNonVolumeDevices</a>
  </dd>
  <dd>
    <a href="#autoplay-setdefaultautorunbehavior">Autoplay/SetDefaultAutoRunBehavior</a>
  </dd>
  <dd>
    <a href="#autoplay-turnoffautoplay">Autoplay/TurnOffAutoPlay</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="autoplay-disallowautoplayfornonvolumedevices"></a>**Autoplay/DisallowAutoplayForNonVolumeDevices**  
@ -45,6 +58,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting disallows AutoPlay for MTP devices like cameras or phones.
@ -69,6 +92,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="autoplay-setdefaultautorunbehavior"></a>**Autoplay/SetDefaultAutoRunBehavior**  
@ -95,6 +119,16 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting sets the default behavior for Autorun commands.
@ -128,6 +162,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="autoplay-turnoffautoplay"></a>**Autoplay/TurnOffAutoPlay**  
@ -154,6 +189,16 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn off the Autoplay feature.
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Bitlocker
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Bitlocker policies  
 <dl>
  <dd>
    <a href="#bitlocker-encryptionmethod">Bitlocker/EncryptionMethod</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bitlocker-encryptionmethod"></a>**Bitlocker/EncryptionMethod**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the BitLocker Drive Encryption method and cipher strength.
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Bluetooth
@ -14,11 +14,30 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Bluetooth policies  
 <dl>
  <dd>
    <a href="#bluetooth-allowadvertising">Bluetooth/AllowAdvertising</a>
  </dd>
  <dd>
    <a href="#bluetooth-allowdiscoverablemode">Bluetooth/AllowDiscoverableMode</a>
  </dd>
  <dd>
    <a href="#bluetooth-allowprepairing">Bluetooth/AllowPrepairing</a>
  </dd>
  <dd>
    <a href="#bluetooth-localdevicename">Bluetooth/LocalDeviceName</a>
  </dd>
  <dd>
    <a href="#bluetooth-servicesallowedlist">Bluetooth/ServicesAllowedList</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-allowadvertising"></a>**Bluetooth/AllowAdvertising**  
@ -45,6 +64,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether the device can send out Bluetooth advertisements.
@ -59,6 +87,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-allowdiscoverablemode"></a>**Bluetooth/AllowDiscoverableMode**  
@ -85,6 +114,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether other Bluetooth-enabled devices can discover the device.
@ -99,6 +137,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-allowprepairing"></a>**Bluetooth/AllowPrepairing**  
@ -125,6 +164,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
@ -135,6 +183,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-localdevicename"></a>**Bluetooth/LocalDeviceName**  
@ -161,6 +210,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Sets the local Bluetooth device name.
@ -170,6 +228,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-servicesallowedlist"></a>**Bluetooth/ServicesAllowedList**  
@ -196,6 +255,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Browser
@ -14,11 +14,123 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Browser policies  
 <dl>
  <dd>
    <a href="#browser-allowaddressbardropdown">Browser/AllowAddressBarDropdown</a>
  </dd>
  <dd>
    <a href="#browser-allowautofill">Browser/AllowAutofill</a>
  </dd>
  <dd>
    <a href="#browser-allowbrowser">Browser/AllowBrowser</a>
  </dd>
  <dd>
    <a href="#browser-allowcookies">Browser/AllowCookies</a>
  </dd>
  <dd>
    <a href="#browser-allowdevelopertools">Browser/AllowDeveloperTools</a>
  </dd>
  <dd>
    <a href="#browser-allowdonottrack">Browser/AllowDoNotTrack</a>
  </dd>
  <dd>
    <a href="#browser-allowextensions">Browser/AllowExtensions</a>
  </dd>
  <dd>
    <a href="#browser-allowflash">Browser/AllowFlash</a>
  </dd>
  <dd>
    <a href="#browser-allowflashclicktorun">Browser/AllowFlashClickToRun</a>
  </dd>
  <dd>
    <a href="#browser-allowinprivate">Browser/AllowInPrivate</a>
  </dd>
  <dd>
    <a href="#browser-allowmicrosoftcompatibilitylist">Browser/AllowMicrosoftCompatibilityList</a>
  </dd>
  <dd>
    <a href="#browser-allowpasswordmanager">Browser/AllowPasswordManager</a>
  </dd>
  <dd>
    <a href="#browser-allowpopups">Browser/AllowPopups</a>
  </dd>
  <dd>
    <a href="#browser-allowsearchenginecustomization">Browser/AllowSearchEngineCustomization</a>
  </dd>
  <dd>
    <a href="#browser-allowsearchsuggestionsinaddressbar">Browser/AllowSearchSuggestionsinAddressBar</a>
  </dd>
  <dd>
    <a href="#browser-allowsmartscreen">Browser/AllowSmartScreen</a>
  </dd>
  <dd>
    <a href="#browser-alwaysenablebookslibrary">Browser/AlwaysEnableBooksLibrary</a>
  </dd>
  <dd>
    <a href="#browser-clearbrowsingdataonexit">Browser/ClearBrowsingDataOnExit</a>
  </dd>
  <dd>
    <a href="#browser-configureadditionalsearchengines">Browser/ConfigureAdditionalSearchEngines</a>
  </dd>
  <dd>
    <a href="#browser-disablelockdownofstartpages">Browser/DisableLockdownOfStartPages</a>
  </dd>
  <dd>
    <a href="#browser-enterprisemodesitelist">Browser/EnterpriseModeSiteList</a>
  </dd>
  <dd>
    <a href="#browser-enterprisesitelistserviceurl">Browser/EnterpriseSiteListServiceUrl</a>
  </dd>
  <dd>
    <a href="#browser-firstrunurl">Browser/FirstRunURL</a>
  </dd>
  <dd>
    <a href="#browser-homepages">Browser/HomePages</a>
  </dd>
  <dd>
    <a href="#browser-lockdownfavorites">Browser/LockdownFavorites</a>
  </dd>
  <dd>
    <a href="#browser-preventaccesstoaboutflagsinmicrosoftedge">Browser/PreventAccessToAboutFlagsInMicrosoftEdge</a>
  </dd>
  <dd>
    <a href="#browser-preventfirstrunpage">Browser/PreventFirstRunPage</a>
  </dd>
  <dd>
    <a href="#browser-preventlivetiledatacollection">Browser/PreventLiveTileDataCollection</a>
  </dd>
  <dd>
    <a href="#browser-preventsmartscreenpromptoverride">Browser/PreventSmartScreenPromptOverride</a>
  </dd>
  <dd>
    <a href="#browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
  </dd>
  <dd>
    <a href="#browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
  </dd>
  <dd>
    <a href="#browser-provisionfavorites">Browser/ProvisionFavorites</a>
  </dd>
  <dd>
    <a href="#browser-sendintranettraffictointernetexplorer">Browser/SendIntranetTraffictoInternetExplorer</a>
  </dd>
  <dd>
    <a href="#browser-setdefaultsearchengine">Browser/SetDefaultSearchEngine</a>
  </dd>
  <dd>
    <a href="#browser-showmessagewhenopeningsitesininternetexplorer">Browser/ShowMessageWhenOpeningSitesInInternetExplorer</a>
  </dd>
  <dd>
    <a href="#browser-syncfavoritesbetweenieandmicrosoftedge">Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowaddressbardropdown"></a>**Browser/AllowAddressBarDropdown**  
@ -45,6 +157,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. 
@ -60,6 +182,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowautofill"></a>**Browser/AllowAutofill**  
@ -86,6 +209,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether autofill on websites is allowed.
@ -105,6 +238,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowbrowser"></a>**Browser/AllowBrowser**  
@ -131,6 +265,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
@ -149,6 +293,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowcookies"></a>**Browser/AllowCookies**  
@ -175,6 +320,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether cookies are allowed.
@ -194,6 +349,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowdevelopertools"></a>**Browser/AllowDeveloperTools**  
@ -220,6 +376,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -236,6 +402,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowdonottrack"></a>**Browser/AllowDoNotTrack**  
@ -262,6 +429,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether Do Not Track headers are allowed.
@ -281,6 +458,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowextensions"></a>**Browser/AllowExtensions**  
@ -307,6 +485,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed.
@ -317,6 +505,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowflash"></a>**Browser/AllowFlash**  
@ -343,6 +532,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge.
@ -353,6 +552,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowflashclicktorun"></a>**Browser/AllowFlashClickToRun**  
@ -379,6 +579,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.
@ -389,6 +599,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowinprivate"></a>**Browser/AllowInPrivate**  
@ -415,6 +626,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether InPrivate browsing is allowed on corporate networks.
@ -427,6 +648,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowmicrosoftcompatibilitylist"></a>**Browser/AllowMicrosoftCompatibilityList**  
@ -453,6 +675,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. 
 By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". 
@ -468,6 +700,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowpasswordmanager"></a>**Browser/AllowPasswordManager**  
@ -494,6 +727,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether saving and managing passwords locally on the device is allowed.
@ -513,6 +756,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowpopups"></a>**Browser/AllowPopups**  
@ -539,6 +783,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether pop-up blocker is allowed or enabled.
@ -558,6 +812,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowsearchenginecustomization"></a>**Browser/AllowSearchEngineCustomization**  
@ -584,6 +839,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine. 
@ -598,6 +863,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowsearchsuggestionsinaddressbar"></a>**Browser/AllowSearchSuggestionsinAddressBar**  
@ -624,6 +890,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether search suggestions are allowed in the address bar.
@ -636,6 +912,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowsmartscreen"></a>**Browser/AllowSmartScreen**  
@ -662,6 +939,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether Windows Defender SmartScreen is allowed.
@ -681,9 +968,20 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-alwaysenablebookslibrary"></a>**Browser/AlwaysEnableBooksLibrary**  
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">
@ -691,6 +989,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-clearbrowsingdataonexit"></a>**Browser/ClearBrowsingDataOnExit**  
@ -717,6 +1016,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge.
@ -735,6 +1044,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-configureadditionalsearchengines"></a>**Browser/ConfigureAdditionalSearchEngines**  
@ -761,6 +1071,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices. 
@ -781,6 +1101,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-disablelockdownofstartpages"></a>**Browser/DisableLockdownOfStartPages**  
@ -807,6 +1128,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect. 
@ -825,6 +1156,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-enterprisemodesitelist"></a>**Browser/EnterpriseModeSiteList**  
@ -851,6 +1183,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -865,6 +1207,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-enterprisesitelistserviceurl"></a>**Browser/EnterpriseSiteListServiceUrl**  
@ -891,12 +1234,23 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
 > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist).
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-firstrunurl"></a>**Browser/FirstRunURL**  
@ -923,6 +1277,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -936,6 +1300,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-homepages"></a>**Browser/HomePages**  
@ -962,6 +1327,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -977,6 +1352,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-lockdownfavorites"></a>**Browser/LockdownFavorites**  
@ -1003,6 +1379,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
@ -1022,6 +1408,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventaccesstoaboutflagsinmicrosoftedge"></a>**Browser/PreventAccessToAboutFlagsInMicrosoftEdge**  
@ -1048,6 +1435,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features.
@ -1058,6 +1455,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventfirstrunpage"></a>**Browser/PreventFirstRunPage**  
@ -1084,6 +1482,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening.
@ -1096,6 +1504,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventlivetiledatacollection"></a>**Browser/PreventLiveTileDataCollection**  
@ -1122,6 +1531,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge.
@ -1134,6 +1553,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventsmartscreenpromptoverride"></a>**Browser/PreventSmartScreenPromptOverride**  
@ -1160,6 +1580,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites.
@ -1172,6 +1602,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventsmartscreenpromptoverrideforfiles"></a>**Browser/PreventSmartScreenPromptOverrideForFiles**  
@ -1198,6 +1629,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process.
@ -1208,6 +1649,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
@ -1234,6 +1676,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -1248,6 +1700,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-provisionfavorites"></a>**Browser/ProvisionFavorites**  
@ -1274,6 +1727,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines. 
@ -1292,6 +1755,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-sendintranettraffictointernetexplorer"></a>**Browser/SendIntranetTraffictoInternetExplorer**  
@ -1318,6 +1782,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -1334,6 +1808,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-setdefaultsearchengine"></a>**Browser/SetDefaultSearchEngine**  
@ -1360,6 +1835,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy.
@ -1379,6 +1864,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-showmessagewhenopeningsitesininternetexplorer"></a>**Browser/ShowMessageWhenOpeningSitesInInternetExplorer**  
@ -1405,6 +1891,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -1421,6 +1917,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-syncfavoritesbetweenieandmicrosoftedge"></a>**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**  
@ -1447,6 +1944,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Camera
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Camera policies  
 <dl>
  <dd>
    <a href="#camera-allowcamera">Camera/AllowCamera</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="camera-allowcamera"></a>**Camera/AllowCamera**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Disables or enables the camera.
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Cellular
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Cellular policies  
 <dl>
  <dd>
    <a href="#cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="cellular-showappcellularaccessui"></a>**Cellular/ShowAppCellularAccessUI**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Connectivity
@ -14,11 +14,54 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Connectivity policies  
 <dl>
  <dd>
    <a href="#connectivity-allowbluetooth">Connectivity/AllowBluetooth</a>
  </dd>
  <dd>
    <a href="#connectivity-allowcellulardata">Connectivity/AllowCellularData</a>
  </dd>
  <dd>
    <a href="#connectivity-allowcellulardataroaming">Connectivity/AllowCellularDataRoaming</a>
  </dd>
  <dd>
    <a href="#connectivity-allowconnecteddevices">Connectivity/AllowConnectedDevices</a>
  </dd>
  <dd>
    <a href="#connectivity-allownfc">Connectivity/AllowNFC</a>
  </dd>
  <dd>
    <a href="#connectivity-allowusbconnection">Connectivity/AllowUSBConnection</a>
  </dd>
  <dd>
    <a href="#connectivity-allowvpnovercellular">Connectivity/AllowVPNOverCellular</a>
  </dd>
  <dd>
    <a href="#connectivity-allowvpnroamingovercellular">Connectivity/AllowVPNRoamingOverCellular</a>
  </dd>
  <dd>
    <a href="#connectivity-diableprintingoverhttp">Connectivity/DiablePrintingOverHTTP</a>
  </dd>
  <dd>
    <a href="#connectivity-disabledownloadingofprintdriversoverhttp">Connectivity/DisableDownloadingOfPrintDriversOverHTTP</a>
  </dd>
  <dd>
    <a href="#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards">Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards</a>
  </dd>
  <dd>
    <a href="#connectivity-hardeneduncpaths">Connectivity/HardenedUNCPaths</a>
  </dd>
  <dd>
    <a href="#connectivity-prohibitinstallationandconfigurationofnetworkbridge">Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowbluetooth"></a>**Connectivity/AllowBluetooth**  
@ -45,6 +88,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to enable Bluetooth or restrict access.
@ -64,6 +116,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowcellulardata"></a>**Connectivity/AllowCellularData**  
@ -90,6 +143,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the cellular data channel on the device. Device reboot is not required to enforce the policy.
@ -101,6 +163,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowcellulardataroaming"></a>**Connectivity/AllowCellularDataRoaming**  
@ -127,6 +190,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy.
@ -148,6 +220,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowconnecteddevices"></a>**Connectivity/AllowConnectedDevices**  
@ -174,6 +247,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -187,6 +269,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allownfc"></a>**Connectivity/AllowNFC**  
@ -213,6 +296,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -229,6 +321,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowusbconnection"></a>**Connectivity/AllowUSBConnection**  
@ -255,6 +348,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -273,6 +375,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowvpnovercellular"></a>**Connectivity/AllowVPNOverCellular**  
@ -299,6 +402,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies what type of underlying connections VPN is allowed to use.
@ -311,6 +423,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowvpnroamingovercellular"></a>**Connectivity/AllowVPNRoamingOverCellular**  
@ -337,6 +450,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Prevents the device from connecting to VPN when the device roams over cellular networks.
@ -349,6 +471,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-diableprintingoverhttp"></a>**Connectivity/DiablePrintingOverHTTP**  
@ -375,6 +498,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -393,6 +525,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-disabledownloadingofprintdriversoverhttp"></a>**Connectivity/DisableDownloadingOfPrintDriversOverHTTP**  
@ -419,6 +552,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -437,6 +579,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards"></a>**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**  
@ -463,6 +606,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -481,6 +633,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-hardeneduncpaths"></a>**Connectivity/HardenedUNCPaths**  
@ -507,6 +660,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures secure access to UNC paths.
@ -529,6 +691,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-prohibitinstallationandconfigurationofnetworkbridge"></a>**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**  
@ -555,6 +718,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - CredentialProviders
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## CredentialProviders policies  
 <dl>
  <dd>
    <a href="#credentialproviders-allowpinlogon">CredentialProviders/AllowPINLogon</a>
  </dd>
  <dd>
    <a href="#credentialproviders-blockpicturepassword">CredentialProviders/BlockPicturePassword</a>
  </dd>
  <dd>
    <a href="#credentialproviders-disableautomaticredeploymentcredentials">CredentialProviders/DisableAutomaticReDeploymentCredentials</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialproviders-allowpinlogon"></a>**CredentialProviders/AllowPINLogon**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to control whether a domain user can sign in using a convenience PIN.
@ -73,6 +95,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialproviders-blockpicturepassword"></a>**CredentialProviders/BlockPicturePassword**  
@ -99,6 +122,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to control whether a domain user can sign in using a picture password.
@ -125,6 +157,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialproviders-disableautomaticredeploymentcredentials"></a>**CredentialProviders/DisableAutomaticReDeploymentCredentials**  
@ -151,6 +184,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - CredentialsUI
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## CredentialsUI policies  
 <dl>
  <dd>
    <a href="#credentialsui-disablepasswordreveal">CredentialsUI/DisablePasswordReveal</a>
  </dd>
  <dd>
    <a href="#credentialsui-enumerateadministrators">CredentialsUI/EnumerateAdministrators</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialsui-disablepasswordreveal"></a>**CredentialsUI/DisablePasswordReveal**  
@ -45,6 +55,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to configure the display of the password reveal button in password entry user experiences.
@ -73,6 +93,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialsui-enumerateadministrators"></a>**CredentialsUI/EnumerateAdministrators**  
@ -99,6 +120,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Cryptography
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Cryptography policies  
 <dl>
  <dd>
    <a href="#cryptography-allowfipsalgorithmpolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
  </dd>
  <dd>
    <a href="#cryptography-tlsciphersuites">Cryptography/TLSCipherSuites</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="cryptography-allowfipsalgorithmpolicy"></a>**Cryptography/AllowFipsAlgorithmPolicy**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows the Federal Information Processing Standard (FIPS) policy.
@ -55,6 +74,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="cryptography-tlsciphersuites"></a>**Cryptography/TLSCipherSuites**  
@ -81,6 +101,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DataProtection
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DataProtection policies  
 <dl>
  <dd>
    <a href="#dataprotection-allowdirectmemoryaccess">DataProtection/AllowDirectMemoryAccess</a>
  </dd>
  <dd>
    <a href="#dataprotection-legacyselectivewipeid">DataProtection/LegacySelectiveWipeID</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="dataprotection-allowdirectmemoryaccess"></a>**DataProtection/AllowDirectMemoryAccess**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled.
@ -57,6 +76,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="dataprotection-legacyselectivewipeid"></a>**DataProtection/LegacySelectiveWipeID**  
@ -83,6 +103,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
 > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time.
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DataUsage
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DataUsage policies  
 <dl>
  <dd>
    <a href="#datausage-setcost3g">DataUsage/SetCost3G</a>
  </dd>
  <dd>
    <a href="#datausage-setcost4g">DataUsage/SetCost4G</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="datausage-setcost3g"></a>**DataUsage/SetCost3G**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures the cost of 3G connections on the local machine.
@ -75,6 +94,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="datausage-setcost4g"></a>**DataUsage/SetCost4G**  
@ -101,6 +121,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures the cost of 4G connections on the local machine.
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Defender
@ -14,11 +14,120 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Defender policies  
 <dl>
  <dd>
    <a href="#defender-allowarchivescanning">Defender/AllowArchiveScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowbehaviormonitoring">Defender/AllowBehaviorMonitoring</a>
  </dd>
  <dd>
    <a href="#defender-allowcloudprotection">Defender/AllowCloudProtection</a>
  </dd>
  <dd>
    <a href="#defender-allowemailscanning">Defender/AllowEmailScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowfullscanonmappednetworkdrives">Defender/AllowFullScanOnMappedNetworkDrives</a>
  </dd>
  <dd>
    <a href="#defender-allowfullscanremovabledrivescanning">Defender/AllowFullScanRemovableDriveScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowioavprotection">Defender/AllowIOAVProtection</a>
  </dd>
  <dd>
    <a href="#defender-allowintrusionpreventionsystem">Defender/AllowIntrusionPreventionSystem</a>
  </dd>
  <dd>
    <a href="#defender-allowonaccessprotection">Defender/AllowOnAccessProtection</a>
  </dd>
  <dd>
    <a href="#defender-allowrealtimemonitoring">Defender/AllowRealtimeMonitoring</a>
  </dd>
  <dd>
    <a href="#defender-allowscanningnetworkfiles">Defender/AllowScanningNetworkFiles</a>
  </dd>
  <dd>
    <a href="#defender-allowscriptscanning">Defender/AllowScriptScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowuseruiaccess">Defender/AllowUserUIAccess</a>
  </dd>
  <dd>
    <a href="#defender-attacksurfacereductiononlyexclusions">Defender/AttackSurfaceReductionOnlyExclusions</a>
  </dd>
  <dd>
    <a href="#defender-attacksurfacereductionrules">Defender/AttackSurfaceReductionRules</a>
  </dd>
  <dd>
    <a href="#defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
  </dd>
  <dd>
    <a href="#defender-cloudblocklevel">Defender/CloudBlockLevel</a>
  </dd>
  <dd>
    <a href="#defender-cloudextendedtimeout">Defender/CloudExtendedTimeout</a>
  </dd>
  <dd>
    <a href="#defender-controlledfolderaccessallowedapplications">Defender/ControlledFolderAccessAllowedApplications</a>
  </dd>
  <dd>
    <a href="#defender-controlledfolderaccessprotectedfolders">Defender/ControlledFolderAccessProtectedFolders</a>
  </dd>
  <dd>
    <a href="#defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
  </dd>
  <dd>
    <a href="#defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
  </dd>
  <dd>
    <a href="#defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
  </dd>
  <dd>
    <a href="#defender-excludedextensions">Defender/ExcludedExtensions</a>
  </dd>
  <dd>
    <a href="#defender-excludedpaths">Defender/ExcludedPaths</a>
  </dd>
  <dd>
    <a href="#defender-excludedprocesses">Defender/ExcludedProcesses</a>
  </dd>
  <dd>
    <a href="#defender-puaprotection">Defender/PUAProtection</a>
  </dd>
  <dd>
    <a href="#defender-realtimescandirection">Defender/RealTimeScanDirection</a>
  </dd>
  <dd>
    <a href="#defender-scanparameter">Defender/ScanParameter</a>
  </dd>
  <dd>
    <a href="#defender-schedulequickscantime">Defender/ScheduleQuickScanTime</a>
  </dd>
  <dd>
    <a href="#defender-schedulescanday">Defender/ScheduleScanDay</a>
  </dd>
  <dd>
    <a href="#defender-schedulescantime">Defender/ScheduleScanTime</a>
  </dd>
  <dd>
    <a href="#defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
  </dd>
  <dd>
    <a href="#defender-submitsamplesconsent">Defender/SubmitSamplesConsent</a>
  </dd>
  <dd>
    <a href="#defender-threatseveritydefaultaction">Defender/ThreatSeverityDefaultAction</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowarchivescanning"></a>**Defender/AllowArchiveScanning**  
@ -45,6 +154,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -59,6 +177,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowbehaviormonitoring"></a>**Defender/AllowBehaviorMonitoring**  
@ -85,6 +204,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -99,6 +227,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowcloudprotection"></a>**Defender/AllowCloudProtection**  
@ -125,6 +254,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -139,6 +277,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowemailscanning"></a>**Defender/AllowEmailScanning**  
@ -165,6 +304,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -179,6 +327,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowfullscanonmappednetworkdrives"></a>**Defender/AllowFullScanOnMappedNetworkDrives**  
@ -205,6 +354,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -219,6 +377,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowfullscanremovabledrivescanning"></a>**Defender/AllowFullScanRemovableDriveScanning**  
@ -245,6 +404,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -259,6 +427,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowioavprotection"></a>**Defender/AllowIOAVProtection**  
@ -285,6 +454,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -299,6 +477,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowintrusionpreventionsystem"></a>**Defender/AllowIntrusionPreventionSystem**  
@ -325,6 +504,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -339,6 +527,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowonaccessprotection"></a>**Defender/AllowOnAccessProtection**  
@ -365,6 +554,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -379,6 +577,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowrealtimemonitoring"></a>**Defender/AllowRealtimeMonitoring**  
@ -405,6 +604,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -419,6 +627,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowscanningnetworkfiles"></a>**Defender/AllowScanningNetworkFiles**  
@ -445,6 +654,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -459,6 +677,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowscriptscanning"></a>**Defender/AllowScriptScanning**  
@ -485,6 +704,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -499,6 +727,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowuseruiaccess"></a>**Defender/AllowUserUIAccess**  
@ -525,6 +754,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -539,6 +777,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-attacksurfacereductiononlyexclusions"></a>**Defender/AttackSurfaceReductionOnlyExclusions**  
@ -565,6 +804,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -576,6 +824,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-attacksurfacereductionrules"></a>**Defender/AttackSurfaceReductionRules**  
@ -602,6 +851,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -615,6 +873,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-avgcpuloadfactor"></a>**Defender/AvgCPULoadFactor**  
@ -641,6 +900,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -654,6 +922,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**  
@ -680,6 +949,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -703,6 +981,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-cloudextendedtimeout"></a>**Defender/CloudExtendedTimeout**  
@ -729,6 +1008,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -744,6 +1032,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-controlledfolderaccessallowedapplications"></a>**Defender/ControlledFolderAccessAllowedApplications**  
@ -770,6 +1059,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
@ -778,6 +1076,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-controlledfolderaccessprotectedfolders"></a>**Defender/ControlledFolderAccessProtectedFolders**  
@ -804,6 +1103,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
@ -812,6 +1120,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-daystoretaincleanedmalware"></a>**Defender/DaysToRetainCleanedMalware**  
@ -838,6 +1147,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -851,6 +1169,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**  
@ -877,6 +1196,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders  and changed to EnableControlledFolderAccess.
@ -889,6 +1217,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**  
@ -915,6 +1244,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -935,6 +1273,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-excludedextensions"></a>**Defender/ExcludedExtensions**  
@ -961,6 +1300,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -970,6 +1318,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-excludedpaths"></a>**Defender/ExcludedPaths**  
@ -996,6 +1345,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1005,6 +1363,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-excludedprocesses"></a>**Defender/ExcludedProcesses**  
@ -1031,6 +1390,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1046,6 +1414,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-puaprotection"></a>**Defender/PUAProtection**  
@ -1072,6 +1441,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1087,6 +1465,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-realtimescandirection"></a>**Defender/RealTimeScanDirection**  
@ -1113,6 +1492,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1132,6 +1520,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-scanparameter"></a>**Defender/ScanParameter**  
@ -1158,6 +1547,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1172,6 +1570,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-schedulequickscantime"></a>**Defender/ScheduleQuickScanTime**  
@ -1198,6 +1597,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1217,6 +1625,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-schedulescanday"></a>**Defender/ScheduleScanDay**  
@ -1243,6 +1652,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1268,6 +1686,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-schedulescantime"></a>**Defender/ScheduleScanTime**  
@ -1294,6 +1713,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1313,6 +1741,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**  
@ -1339,6 +1768,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1354,6 +1792,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-submitsamplesconsent"></a>**Defender/SubmitSamplesConsent**  
@ -1380,6 +1819,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1396,6 +1844,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-threatseveritydefaultaction"></a>**Defender/ThreatSeverityDefaultAction**  
@ -1422,6 +1871,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeliveryOptimization
@ -14,11 +14,63 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeliveryOptimization policies  
 <dl>
  <dd>
    <a href="#deliveryoptimization-doabsolutemaxcachesize">DeliveryOptimization/DOAbsoluteMaxCacheSize</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-doallowvpnpeercaching">DeliveryOptimization/DOAllowVPNPeerCaching</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dodownloadmode">DeliveryOptimization/DODownloadMode</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dogroupid">DeliveryOptimization/DOGroupId</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxcacheage">DeliveryOptimization/DOMaxCacheAge</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxcachesize">DeliveryOptimization/DOMaxCacheSize</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxdownloadbandwidth">DeliveryOptimization/DOMaxDownloadBandwidth</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxuploadbandwidth">DeliveryOptimization/DOMaxUploadBandwidth</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominbackgroundqos">DeliveryOptimization/DOMinBackgroundQos</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominbatterypercentageallowedtoupload">DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domindisksizeallowedtopeer">DeliveryOptimization/DOMinDiskSizeAllowedToPeer</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominfilesizetocache">DeliveryOptimization/DOMinFileSizeToCache</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominramallowedtopeer">DeliveryOptimization/DOMinRAMAllowedToPeer</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domodifycachedrive">DeliveryOptimization/DOModifyCacheDrive</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domonthlyuploaddatacap">DeliveryOptimization/DOMonthlyUploadDataCap</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dopercentagemaxdownloadbandwidth">DeliveryOptimization/DOPercentageMaxDownloadBandwidth</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-doabsolutemaxcachesize"></a>**DeliveryOptimization/DOAbsoluteMaxCacheSize**  
@ -45,6 +97,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -56,6 +117,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-doallowvpnpeercaching"></a>**DeliveryOptimization/DOAllowVPNPeerCaching**  
@ -82,6 +144,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -93,6 +164,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dodownloadmode"></a>**DeliveryOptimization/DODownloadMode**  
@ -119,6 +191,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -137,6 +218,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dogroupid"></a>**DeliveryOptimization/DOGroupId**  
@ -163,6 +245,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -175,6 +266,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxcacheage"></a>**DeliveryOptimization/DOMaxCacheAge**  
@ -201,6 +293,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -212,6 +313,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxcachesize"></a>**DeliveryOptimization/DOMaxCacheSize**  
@ -238,6 +340,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -249,6 +360,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxdownloadbandwidth"></a>**DeliveryOptimization/DOMaxDownloadBandwidth**  
@ -275,6 +387,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -286,6 +407,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxuploadbandwidth"></a>**DeliveryOptimization/DOMaxUploadBandwidth**  
@ -312,6 +434,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -323,6 +454,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominbackgroundqos"></a>**DeliveryOptimization/DOMinBackgroundQos**  
@ -349,6 +481,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -360,6 +501,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominbatterypercentageallowedtoupload"></a>**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload**  
@ -386,6 +528,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -396,6 +547,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domindisksizeallowedtopeer"></a>**DeliveryOptimization/DOMinDiskSizeAllowedToPeer**  
@ -422,6 +574,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -436,6 +597,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominfilesizetocache"></a>**DeliveryOptimization/DOMinFileSizeToCache**  
@ -462,6 +624,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -473,6 +644,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominramallowedtopeer"></a>**DeliveryOptimization/DOMinRAMAllowedToPeer**  
@ -499,6 +671,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -510,6 +691,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domodifycachedrive"></a>**DeliveryOptimization/DOModifyCacheDrive**  
@ -536,6 +718,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -547,6 +738,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domonthlyuploaddatacap"></a>**DeliveryOptimization/DOMonthlyUploadDataCap**  
@ -573,6 +765,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -586,6 +787,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
@ -612,6 +814,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Desktop
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Desktop policies  
 <dl>
  <dd>
    <a href="#desktop-preventuserredirectionofprofilefolders">Desktop/PreventUserRedirectionOfProfileFolders</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="desktop-preventuserredirectionofprofilefolders"></a>**Desktop/PreventUserRedirectionOfProfileFolders**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Prevents users from changing the path to their profile folders.
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeviceGuard
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeviceGuard policies  
 <dl>
  <dd>
    <a href="#deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
  </dd>
  <dd>
    <a href="#deviceguard-lsacfgflags">DeviceGuard/LsaCfgFlags</a>
  </dd>
  <dd>
    <a href="#deviceguard-requireplatformsecurityfeatures">DeviceGuard/RequirePlatformSecurityFeatures</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceguard-enablevirtualizationbasedsecurity"></a>**DeviceGuard/EnableVirtualizationBasedSecurity**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. Supported values:
@ -55,6 +77,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceguard-lsacfgflags"></a>**DeviceGuard/LsaCfgFlags**  
@ -81,6 +104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. Supported values:
@ -93,6 +125,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceguard-requireplatformsecurityfeatures"></a>**DeviceGuard/RequirePlatformSecurityFeatures**  
@ -119,6 +152,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. Supported values:
 <ul>
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeviceInstallation
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeviceInstallation policies  
 <dl>
  <dd>
    <a href="#deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
  </dd>
  <dd>
    <a href="#deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceinstallation-preventinstallationofmatchingdeviceids"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceIDs**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
@ -69,6 +88,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**  
@ -95,6 +115,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeviceLock
@ -14,11 +14,63 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeviceLock policies  
 <dl>
  <dd>
    <a href="#devicelock-allowidlereturnwithoutpassword">DeviceLock/AllowIdleReturnWithoutPassword</a>
  </dd>
  <dd>
    <a href="#devicelock-allowscreentimeoutwhilelockeduserconfig">DeviceLock/AllowScreenTimeoutWhileLockedUserConfig</a>
  </dd>
  <dd>
    <a href="#devicelock-allowsimpledevicepassword">DeviceLock/AllowSimpleDevicePassword</a>
  </dd>
  <dd>
    <a href="#devicelock-alphanumericdevicepasswordrequired">DeviceLock/AlphanumericDevicePasswordRequired</a>
  </dd>
  <dd>
    <a href="#devicelock-devicepasswordenabled">DeviceLock/DevicePasswordEnabled</a>
  </dd>
  <dd>
    <a href="#devicelock-devicepasswordexpiration">DeviceLock/DevicePasswordExpiration</a>
  </dd>
  <dd>
    <a href="#devicelock-devicepasswordhistory">DeviceLock/DevicePasswordHistory</a>
  </dd>
  <dd>
    <a href="#devicelock-enforcelockscreenandlogonimage">DeviceLock/EnforceLockScreenAndLogonImage</a>
  </dd>
  <dd>
    <a href="#devicelock-enforcelockscreenprovider">DeviceLock/EnforceLockScreenProvider</a>
  </dd>
  <dd>
    <a href="#devicelock-maxdevicepasswordfailedattempts">DeviceLock/MaxDevicePasswordFailedAttempts</a>
  </dd>
  <dd>
    <a href="#devicelock-maxinactivitytimedevicelock">DeviceLock/MaxInactivityTimeDeviceLock</a>
  </dd>
  <dd>
    <a href="#devicelock-maxinactivitytimedevicelockwithexternaldisplay">DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay</a>
  </dd>
  <dd>
    <a href="#devicelock-mindevicepasswordcomplexcharacters">DeviceLock/MinDevicePasswordComplexCharacters</a>
  </dd>
  <dd>
    <a href="#devicelock-mindevicepasswordlength">DeviceLock/MinDevicePasswordLength</a>
  </dd>
  <dd>
    <a href="#devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
  </dd>
  <dd>
    <a href="#devicelock-screentimeoutwhilelocked">DeviceLock/ScreenTimeoutWhileLocked</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-allowidlereturnwithoutpassword"></a>**DeviceLock/AllowIdleReturnWithoutPassword**  
@ -45,6 +97,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -63,6 +124,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-allowscreentimeoutwhilelockeduserconfig"></a>**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**  
@ -89,6 +151,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -110,6 +181,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-allowsimpledevicepassword"></a>**DeviceLock/AllowSimpleDevicePassword**  
@ -136,6 +208,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords.
@ -152,6 +233,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-alphanumericdevicepasswordrequired"></a>**DeviceLock/AlphanumericDevicePasswordRequired**  
@ -178,6 +260,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required).
@ -202,6 +293,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-devicepasswordenabled"></a>**DeviceLock/DevicePasswordEnabled**  
@ -228,6 +320,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether device lock is enabled.
@ -278,6 +379,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-devicepasswordexpiration"></a>**DeviceLock/DevicePasswordExpiration**  
@ -304,6 +406,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies when the password expires (in days).
@ -322,6 +433,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-devicepasswordhistory"></a>**DeviceLock/DevicePasswordHistory**  
@ -348,6 +460,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies how many passwords can be stored in the history that can’t be used.
@ -368,6 +489,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-enforcelockscreenandlogonimage"></a>**DeviceLock/EnforceLockScreenAndLogonImage**  
@ -394,6 +516,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
@ -405,6 +536,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-enforcelockscreenprovider"></a>**DeviceLock/EnforceLockScreenProvider**  
@ -431,6 +563,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider.
@ -442,6 +583,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-maxdevicepasswordfailedattempts"></a>**DeviceLock/MaxDevicePasswordFailedAttempts**  
@ -468,6 +610,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
@ -493,6 +644,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-maxinactivitytimedevicelock"></a>**DeviceLock/MaxInactivityTimeDeviceLock**  
@ -519,6 +671,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
@ -535,6 +696,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay"></a>**DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay**  
@ -561,6 +723,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display.
@ -575,6 +746,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-mindevicepasswordcomplexcharacters"></a>**DeviceLock/MinDevicePasswordComplexCharacters**  
@ -601,6 +773,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
@ -677,6 +858,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-mindevicepasswordlength"></a>**DeviceLock/MinDevicePasswordLength**  
@ -703,6 +885,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the minimum number or characters required in the PIN or password.
@ -724,6 +915,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**  
@ -750,6 +942,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.
@ -774,6 +975,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-screentimeoutwhilelocked"></a>**DeviceLock/ScreenTimeoutWhileLocked**  
@ -800,6 +1002,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Display
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Display policies  
 <dl>
  <dd>
    <a href="#display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
  </dd>
  <dd>
    <a href="#display-turnongdidpiscalingforapps">Display/TurnOnGdiDPIScalingForApps</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="display-turnoffgdidpiscalingforapps"></a>**Display/TurnOffGdiDPIScalingForApps**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
@ -63,6 +82,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="display-turnongdidpiscalingforapps"></a>**Display/TurnOnGdiDPIScalingForApps**  
@ -89,6 +109,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Education
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Education policies  
 <dl>
  <dd>
    <a href="#education-defaultprintername">Education/DefaultPrinterName</a>
  </dd>
  <dd>
    <a href="#education-preventaddingnewprinters">Education/PreventAddingNewPrinters</a>
  </dd>
  <dd>
    <a href="#education-printernames">Education/PrinterNames</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="education-defaultprintername"></a>**Education/DefaultPrinterName**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. 
@ -52,6 +74,7 @@ The policy value is expected to be the name (network host name) of an installed
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="education-preventaddingnewprinters"></a>**Education/PreventAddingNewPrinters**  
@ -78,6 +101,15 @@ The policy value is expected to be the name (network host name) of an installed
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
@ -88,6 +120,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="education-printernames"></a>**Education/PrinterNames**  
@ -114,6 +147,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names).
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - EnterpriseCloudPrint
@ -14,11 +14,33 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## EnterpriseCloudPrint policies  
 <dl>
  <dd>
    <a href="#enterprisecloudprint-cloudprintoauthauthority">EnterpriseCloudPrint/CloudPrintOAuthAuthority</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-cloudprintoauthclientid">EnterpriseCloudPrint/CloudPrintOAuthClientId</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-cloudprintresourceid">EnterpriseCloudPrint/CloudPrintResourceId</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-cloudprinterdiscoveryendpoint">EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-discoverymaxprinterlimit">EnterpriseCloudPrint/DiscoveryMaxPrinterLimit</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-mopriadiscoveryresourceid">EnterpriseCloudPrint/MopriaDiscoveryResourceId</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprintoauthauthority"></a>**EnterpriseCloudPrint/CloudPrintOAuthAuthority**  
@ -45,6 +67,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens.  This policy must target ./User, otherwise it fails.
@ -54,6 +85,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprintoauthclientid"></a>**EnterpriseCloudPrint/CloudPrintOAuthClientId**  
@ -80,6 +112,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
@ -89,6 +130,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprintresourceid"></a>**EnterpriseCloudPrint/CloudPrintResourceId**  
@ -115,6 +157,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
@ -124,6 +175,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprinterdiscoveryendpoint"></a>**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint**  
@ -150,6 +202,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
@ -159,6 +220,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-discoverymaxprinterlimit"></a>**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit**  
@ -185,6 +247,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
@ -194,6 +265,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-mopriadiscoveryresourceid"></a>**EnterpriseCloudPrint/MopriaDiscoveryResourceId**  
@ -220,6 +292,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ErrorReporting
@ -14,11 +14,30 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ErrorReporting policies  
 <dl>
  <dd>
    <a href="#errorreporting-customizeconsentsettings">ErrorReporting/CustomizeConsentSettings</a>
  </dd>
  <dd>
    <a href="#errorreporting-disablewindowserrorreporting">ErrorReporting/DisableWindowsErrorReporting</a>
  </dd>
  <dd>
    <a href="#errorreporting-displayerrornotification">ErrorReporting/DisplayErrorNotification</a>
  </dd>
  <dd>
    <a href="#errorreporting-donotsendadditionaldata">ErrorReporting/DoNotSendAdditionalData</a>
  </dd>
  <dd>
    <a href="#errorreporting-preventcriticalerrordisplay">ErrorReporting/PreventCriticalErrorDisplay</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-customizeconsentsettings"></a>**ErrorReporting/CustomizeConsentSettings**  
@ -45,6 +64,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
@ -79,6 +107,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-disablewindowserrorreporting"></a>**ErrorReporting/DisableWindowsErrorReporting**  
@ -105,6 +134,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
@ -129,6 +167,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-displayerrornotification"></a>**ErrorReporting/DisplayErrorNotification**  
@ -155,6 +194,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether users are shown an error dialog box that lets them report an error.
@ -183,6 +231,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-donotsendadditionaldata"></a>**ErrorReporting/DoNotSendAdditionalData**  
@ -209,6 +258,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
@ -233,6 +291,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-preventcriticalerrordisplay"></a>**ErrorReporting/PreventCriticalErrorDisplay**  
@ -259,6 +318,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting prevents the display of the user interface for critical errors.
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - EventLogService
@ -14,11 +14,27 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## EventLogService policies  
 <dl>
  <dd>
    <a href="#eventlogservice-controleventlogbehavior">EventLogService/ControlEventLogBehavior</a>
  </dd>
  <dd>
    <a href="#eventlogservice-specifymaximumfilesizeapplicationlog">EventLogService/SpecifyMaximumFileSizeApplicationLog</a>
  </dd>
  <dd>
    <a href="#eventlogservice-specifymaximumfilesizesecuritylog">EventLogService/SpecifyMaximumFileSizeSecurityLog</a>
  </dd>
  <dd>
    <a href="#eventlogservice-specifymaximumfilesizesystemlog">EventLogService/SpecifyMaximumFileSizeSystemLog</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-controleventlogbehavior"></a>**EventLogService/ControlEventLogBehavior**  
@ -45,6 +61,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls Event Log behavior when the log file reaches its maximum size.
@ -71,6 +96,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-specifymaximumfilesizeapplicationlog"></a>**EventLogService/SpecifyMaximumFileSizeApplicationLog**  
@ -97,6 +123,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies the maximum size of the log file in kilobytes.
@ -121,6 +156,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-specifymaximumfilesizesecuritylog"></a>**EventLogService/SpecifyMaximumFileSizeSecurityLog**  
@ -147,6 +183,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies the maximum size of the log file in kilobytes.
@ -171,6 +216,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-specifymaximumfilesizesystemlog"></a>**EventLogService/SpecifyMaximumFileSizeSystemLog**  
@ -197,6 +243,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies the maximum size of the log file in kilobytes.
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Experience
@ -14,11 +14,72 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Experience policies  
 <dl>
  <dd>
    <a href="#experience-allowcopypaste">Experience/AllowCopyPaste</a>
  </dd>
  <dd>
    <a href="#experience-allowcortana">Experience/AllowCortana</a>
  </dd>
  <dd>
    <a href="#experience-allowdevicediscovery">Experience/AllowDeviceDiscovery</a>
  </dd>
  <dd>
    <a href="#experience-allowfindmydevice">Experience/AllowFindMyDevice</a>
  </dd>
  <dd>
    <a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
  </dd>
  <dd>
    <a href="#experience-allowsimerrordialogpromptwhennosim">Experience/AllowSIMErrorDialogPromptWhenNoSIM</a>
  </dd>
  <dd>
    <a href="#experience-allowscreencapture">Experience/AllowScreenCapture</a>
  </dd>
  <dd>
    <a href="#experience-allowsyncmysettings">Experience/AllowSyncMySettings</a>
  </dd>
  <dd>
    <a href="#experience-allowtailoredexperienceswithdiagnosticdata">Experience/AllowTailoredExperiencesWithDiagnosticData</a>
  </dd>
  <dd>
    <a href="#experience-allowtaskswitcher">Experience/AllowTaskSwitcher</a>
  </dd>
  <dd>
    <a href="#experience-allowthirdpartysuggestionsinwindowsspotlight">Experience/AllowThirdPartySuggestionsInWindowsSpotlight</a>
  </dd>
  <dd>
    <a href="#experience-allowvoicerecording">Experience/AllowVoiceRecording</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsconsumerfeatures">Experience/AllowWindowsConsumerFeatures</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsspotlight">Experience/AllowWindowsSpotlight</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsspotlightonactioncenter">Experience/AllowWindowsSpotlightOnActionCenter</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsspotlightwindowswelcomeexperience">Experience/AllowWindowsSpotlightWindowsWelcomeExperience</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowstips">Experience/AllowWindowsTips</a>
  </dd>
  <dd>
    <a href="#experience-configurewindowsspotlightonlockscreen">Experience/ConfigureWindowsSpotlightOnLockScreen</a>
  </dd>
  <dd>
    <a href="#experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowcopypaste"></a>**Experience/AllowCopyPaste**  
@ -45,6 +106,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -60,6 +130,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowcortana"></a>**Experience/AllowCortana**  
@ -86,6 +157,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device.
@ -106,6 +186,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowdevicediscovery"></a>**Experience/AllowDeviceDiscovery**  
@ -132,6 +213,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows users to turn on/off device discovery UX.
@ -146,6 +236,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowfindmydevice"></a>**Experience/AllowFindMyDevice**  
@ -172,6 +263,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy turns on Find My Device.
@ -186,6 +286,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowmanualmdmunenrollment"></a>**Experience/AllowManualMDMUnenrollment**  
@ -212,6 +313,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the user to delete the workplace account using the workplace control panel.
@ -228,6 +338,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowsimerrordialogpromptwhennosim"></a>**Experience/AllowSIMErrorDialogPromptWhenNoSIM**  
@ -254,6 +365,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -268,6 +388,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowscreencapture"></a>**Experience/AllowScreenCapture**  
@ -294,6 +415,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -310,6 +440,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowsyncmysettings"></a>**Experience/AllowSyncMySettings**  
@ -336,6 +467,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
@ -346,6 +486,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowtailoredexperienceswithdiagnosticdata"></a>**Experience/AllowTailoredExperiencesWithDiagnosticData**  
@ -372,6 +513,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -391,6 +541,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowtaskswitcher"></a>**Experience/AllowTaskSwitcher**  
@ -417,6 +568,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -431,6 +591,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowthirdpartysuggestionsinwindowsspotlight"></a>**Experience/AllowThirdPartySuggestionsInWindowsSpotlight**  
@ -457,6 +618,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
@ -471,6 +641,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowvoicerecording"></a>**Experience/AllowVoiceRecording**  
@ -497,6 +668,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -513,6 +693,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsconsumerfeatures"></a>**Experience/AllowWindowsConsumerFeatures**  
@ -539,6 +720,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -562,6 +752,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsspotlight"></a>**Experience/AllowWindowsSpotlight**  
@ -588,6 +779,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 Enterprise and Windows 10 Education.
@ -604,6 +804,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsspotlightonactioncenter"></a>**Experience/AllowWindowsSpotlightOnActionCenter**  
@ -630,6 +831,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -645,6 +855,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsspotlightwindowswelcomeexperience"></a>**Experience/AllowWindowsSpotlightWindowsWelcomeExperience**  
@ -671,6 +882,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -687,6 +907,7 @@ The Windows welcome experience feature introduces onboard users to Windows; for
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowstips"></a>**Experience/AllowWindowsTips**  
@ -713,6 +934,15 @@ The Windows welcome experience feature introduces onboard users to Windows; for
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables or disables Windows Tips / soft landing.
@ -723,6 +953,7 @@ Enables or disables Windows Tips / soft landing.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-configurewindowsspotlightonlockscreen"></a>**Experience/ConfigureWindowsSpotlightOnLockScreen**  
@ -749,6 +980,15 @@ Enables or disables Windows Tips / soft landing.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 Enterprise and Windows 10 Education.
@ -764,6 +1004,7 @@ Enables or disables Windows Tips / soft landing.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-donotshowfeedbacknotifications"></a>**Experience/DoNotShowFeedbackNotifications**  
@ -790,6 +1031,15 @@ Enables or disables Windows Tips / soft landing.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Prevents devices from showing feedback questions from Microsoft.
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ExploitGuard
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ExploitGuard policies  
 <dl>
  <dd>
    <a href="#exploitguard-exploitprotectionsettings">ExploitGuard/ExploitProtectionSettings</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="exploitguard-exploitprotectionsettings"></a>**ExploitGuard/ExploitProtectionSettings**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/31/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Games
@ -14,11 +14,18 @@ ms.date: 08/31/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Games policies  
 <dl>
  <dd>
    <a href="#games-allowadvancedgamingservices">Games/AllowAdvancedGamingServices</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="games-allowadvancedgamingservices"></a>**Games/AllowAdvancedGamingServices**  
@ -45,6 +52,15 @@ ms.date: 08/31/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer.
@ -52,6 +68,7 @@ ms.date: 08/31/2017
 - 1 (default) - Allowed
 <p style="margin-left: 20px">This policy can only be turned off in Windows 10 Education and Enterprise editions.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/07/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Handwriting
@ -14,11 +14,18 @@ ms.date: 09/07/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
-##  Handwriting policies  
+<!--StartPolicies-->
 ## Handwriting policies  
 <dl>
  <dd>
    <a href="#handwriting-paneldefaultmodedocked">Handwriting/PanelDefaultModeDocked</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="handwriting-paneldefaultmodedocked"></a>**Handwriting/PanelDefaultModeDocked**  
@ -45,6 +52,15 @@ ms.date: 09/07/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
@ -70,3 +86,4 @@ Footnote:
 -   3 - Added in Windows 10, version 1709.
 <!--EndPolicies-->
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Kerberos
@ -14,11 +14,30 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Kerberos policies  
 <dl>
  <dd>
    <a href="#kerberos-allowforestsearchorder">Kerberos/AllowForestSearchOrder</a>
  </dd>
  <dd>
    <a href="#kerberos-kerberosclientsupportsclaimscompoundarmor">Kerberos/KerberosClientSupportsClaimsCompoundArmor</a>
  </dd>
  <dd>
    <a href="#kerberos-requirekerberosarmoring">Kerberos/RequireKerberosArmoring</a>
  </dd>
  <dd>
    <a href="#kerberos-requirestrictkdcvalidation">Kerberos/RequireStrictKDCValidation</a>
  </dd>
  <dd>
    <a href="#kerberos-setmaximumcontexttokensize">Kerberos/SetMaximumContextTokenSize</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-allowforestsearchorder"></a>**Kerberos/AllowForestSearchOrder**  
@ -45,6 +64,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
@ -69,6 +97,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-kerberosclientsupportsclaimscompoundarmor"></a>**Kerberos/KerberosClientSupportsClaimsCompoundArmor**  
@ -95,6 +124,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
 If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
@ -118,6 +156,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**  
@ -144,6 +183,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
@ -172,6 +220,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-requirestrictkdcvalidation"></a>**Kerberos/RequireStrictKDCValidation**  
@ -198,6 +247,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.
@ -222,6 +280,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-setmaximumcontexttokensize"></a>**Kerberos/SetMaximumContextTokenSize**  
@ -248,6 +307,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Licensing
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Licensing policies  
 <dl>
  <dd>
    <a href="#licensing-allowwindowsentitlementreactivation">Licensing/AllowWindowsEntitlementReactivation</a>
  </dd>
  <dd>
    <a href="#licensing-disallowkmsclientonlineavsvalidation">Licensing/DisallowKMSClientOnlineAVSValidation</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="licensing-allowwindowsentitlementreactivation"></a>**Licensing/AllowWindowsEntitlementReactivation**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
@ -55,6 +74,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="licensing-disallowkmsclientonlineavsvalidation"></a>**Licensing/DisallowKMSClientOnlineAVSValidation**  
@ -81,6 +101,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - LocalPoliciesSecurityOptions
@ -14,11 +14,87 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## LocalPoliciesSecurityOptions policies  
 <dl>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts">LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-renameadministratoraccount">LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-renameguestaccount">LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin">LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin">LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel">LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit">LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode">LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation">LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations">LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-blockmicrosoftaccounts"></a>**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**  
@ -45,6 +121,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting prevents users from adding new Microsoft accounts on this computer.
@ -61,6 +146,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-enableadministratoraccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**  
@ -87,6 +173,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This security setting determines whether the local Administrator account is enabled or disabled.
@ -104,6 +199,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**  
@ -130,6 +226,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This security setting determines if the Guest account is enabled or disabled.
@ -144,6 +249,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly"></a>**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**  
@ -170,6 +276,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Accounts: Limit local account use of blank passwords to console logon only
@ -192,6 +307,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-renameadministratoraccount"></a>**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount**  
@ -218,6 +334,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Accounts: Rename administrator account
@ -229,6 +354,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-renameguestaccount"></a>**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount**  
@ -255,6 +381,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Accounts: Rename guest account
@ -266,6 +401,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**  
@ -292,6 +428,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive Logon:Display user information when the session is locked  
@ -304,6 +449,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn**  
@ -330,6 +476,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Don't display last signed-in
@ -347,6 +502,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn**  
@ -373,6 +529,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Don't display username at sign-in
@ -391,6 +556,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL**  
@ -417,6 +583,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Do not require CTRL+ALT+DEL
@ -436,6 +611,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-machineinactivitylimit"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit**  
@ -462,6 +638,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Machine inactivity limit.
@ -476,6 +661,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn**  
@ -502,6 +688,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Message text for users attempting to log on
@ -515,6 +710,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn**  
@ -541,6 +737,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Message title for users attempting to log on
@ -552,6 +757,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**  
@ -578,6 +784,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Network security: Allow PKU2U authentication requests to this computer to use online identities.
@ -591,6 +806,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon"></a>**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**  
@ -631,6 +847,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon"></a>**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**  
@ -657,6 +874,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Shutdown: Allow system to be shut down without having to log on
@ -676,6 +902,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**  
@ -702,6 +929,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
@ -720,6 +956,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators"></a>**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators**  
@ -746,6 +983,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
@ -769,6 +1015,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers"></a>**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers**  
@ -795,6 +1042,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Behavior of the elevation prompt for standard users
 This policy setting controls the behavior of the elevation prompt for standard users.
@ -811,6 +1067,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated"></a>**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated**  
@ -837,6 +1094,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Only elevate executable files that are signed and validated
@ -850,6 +1116,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations"></a>**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations**  
@ -876,6 +1143,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Only elevate UIAccess applications that are installed in secure locations
@ -895,6 +1171,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode"></a>**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode**  
@ -921,6 +1198,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Turn on Admin Approval Mode
@ -935,6 +1221,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation**  
@ -961,6 +1248,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Switch to the secure desktop when prompting for elevation
@ -974,6 +1270,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations"></a>**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations**  
@ -1000,6 +1297,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Virtualize file and registry write failures to per-user locations
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Location
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Location policies  
 <dl>
  <dd>
    <a href="#location-enablelocation">Location/EnableLocation</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="location-enablelocation"></a>**Location/EnableLocation**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page.
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - LockDown
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## LockDown policies  
 <dl>
  <dd>
    <a href="#lockdown-allowedgeswipe">LockDown/AllowEdgeSwipe</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="lockdown-allowedgeswipe"></a>**LockDown/AllowEdgeSwipe**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Maps
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Maps policies  
 <dl>
  <dd>
    <a href="#maps-allowofflinemapsdownloadovermeteredconnection">Maps/AllowOfflineMapsDownloadOverMeteredConnection</a>
  </dd>
  <dd>
    <a href="#maps-enableofflinemapsautoupdate">Maps/EnableOfflineMapsAutoUpdate</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="maps-allowofflinemapsdownloadovermeteredconnection"></a>**Maps/AllowOfflineMapsDownloadOverMeteredConnection**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the download and update of map data over metered connections.
@ -58,6 +77,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="maps-enableofflinemapsautoupdate"></a>**Maps/EnableOfflineMapsAutoUpdate**  
@ -84,6 +104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Disables the automatic download and update of map data.
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Messaging
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Messaging policies  
 <dl>
  <dd>
    <a href="#messaging-allowmms">Messaging/AllowMMS</a>
  </dd>
  <dd>
    <a href="#messaging-allowmessagesync">Messaging/AllowMessageSync</a>
  </dd>
  <dd>
    <a href="#messaging-allowrcs">Messaging/AllowRCS</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="messaging-allowmms"></a>**Messaging/AllowMMS**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -58,6 +80,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="messaging-allowmessagesync"></a>**Messaging/AllowMessageSync**  
@ -84,6 +107,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
@ -94,6 +126,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="messaging-allowrcs"></a>**Messaging/AllowRCS**  
@ -120,6 +153,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - NetworkIsolation
@ -14,11 +14,39 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## NetworkIsolation policies  
 <dl>
  <dd>
    <a href="#networkisolation-enterprisecloudresources">NetworkIsolation/EnterpriseCloudResources</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseiprange">NetworkIsolation/EnterpriseIPRange</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseiprangesareauthoritative">NetworkIsolation/EnterpriseIPRangesAreAuthoritative</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseinternalproxyservers">NetworkIsolation/EnterpriseInternalProxyServers</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterprisenetworkdomainnames">NetworkIsolation/EnterpriseNetworkDomainNames</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseproxyservers">NetworkIsolation/EnterpriseProxyServers</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseproxyserversareauthoritative">NetworkIsolation/EnterpriseProxyServersAreAuthoritative</a>
  </dd>
  <dd>
    <a href="#networkisolation-neutralresources">NetworkIsolation/NeutralResources</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterprisecloudresources"></a>**NetworkIsolation/EnterpriseCloudResources**  
@ -45,11 +73,21 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|**.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseiprange"></a>**NetworkIsolation/EnterpriseIPRange**  
@ -76,6 +114,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. For example:
@ -90,6 +137,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseiprangesareauthoritative"></a>**NetworkIsolation/EnterpriseIPRangesAreAuthoritative**  
@ -116,11 +164,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseinternalproxyservers"></a>**NetworkIsolation/EnterpriseInternalProxyServers**  
@ -147,11 +205,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterprisenetworkdomainnames"></a>**NetworkIsolation/EnterpriseNetworkDomainNames**  
@ -178,6 +246,15 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
@ -193,6 +270,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseproxyservers"></a>**NetworkIsolation/EnterpriseProxyServers**  
@ -219,11 +297,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseproxyserversareauthoritative"></a>**NetworkIsolation/EnterpriseProxyServersAreAuthoritative**  
@ -250,11 +338,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-neutralresources"></a>**NetworkIsolation/NeutralResources**  
@ -281,6 +379,15 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">List of domain names that can used for work or personal resource.
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Notifications
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Notifications policies  
 <dl>
  <dd>
    <a href="#notifications-disallownotificationmirroring">Notifications/DisallowNotificationMirroring</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="notifications-disallownotificationmirroring"></a>**Notifications/DisallowNotificationMirroring**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Power
@ -14,11 +14,42 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Power policies  
 <dl>
  <dd>
    <a href="#power-allowstandbywhensleepingpluggedin">Power/AllowStandbyWhenSleepingPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-displayofftimeoutonbattery">Power/DisplayOffTimeoutOnBattery</a>
  </dd>
  <dd>
    <a href="#power-displayofftimeoutpluggedin">Power/DisplayOffTimeoutPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-hibernatetimeoutonbattery">Power/HibernateTimeoutOnBattery</a>
  </dd>
  <dd>
    <a href="#power-hibernatetimeoutpluggedin">Power/HibernateTimeoutPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-requirepasswordwhencomputerwakesonbattery">Power/RequirePasswordWhenComputerWakesOnBattery</a>
  </dd>
  <dd>
    <a href="#power-requirepasswordwhencomputerwakespluggedin">Power/RequirePasswordWhenComputerWakesPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-standbytimeoutonbattery">Power/StandbyTimeoutOnBattery</a>
  </dd>
  <dd>
    <a href="#power-standbytimeoutpluggedin">Power/StandbyTimeoutPluggedIn</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-allowstandbywhensleepingpluggedin"></a>**Power/AllowStandbyWhenSleepingPluggedIn**  
@ -45,6 +76,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
@ -69,6 +109,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-displayofftimeoutonbattery"></a>**Power/DisplayOffTimeoutOnBattery**  
@ -95,6 +136,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
@ -121,6 +171,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-displayofftimeoutpluggedin"></a>**Power/DisplayOffTimeoutPluggedIn**  
@ -147,6 +198,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
@ -173,6 +233,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-hibernatetimeoutonbattery"></a>**Power/HibernateTimeoutOnBattery**  
@ -199,6 +260,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
@ -226,6 +296,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-hibernatetimeoutpluggedin"></a>**Power/HibernateTimeoutPluggedIn**  
@ -252,6 +323,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
@ -278,6 +358,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-requirepasswordwhencomputerwakesonbattery"></a>**Power/RequirePasswordWhenComputerWakesOnBattery**  
@ -304,6 +385,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
@ -328,6 +418,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-requirepasswordwhencomputerwakespluggedin"></a>**Power/RequirePasswordWhenComputerWakesPluggedIn**  
@ -354,6 +445,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
@ -378,6 +478,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-standbytimeoutonbattery"></a>**Power/StandbyTimeoutOnBattery**  
@ -404,6 +505,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
@ -430,6 +540,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-standbytimeoutpluggedin"></a>**Power/StandbyTimeoutPluggedIn**  
@ -456,6 +567,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Printers
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Printers policies  
 <dl>
  <dd>
    <a href="#printers-pointandprintrestrictions">Printers/PointAndPrintRestrictions</a>
  </dd>
  <dd>
    <a href="#printers-pointandprintrestrictions-user">Printers/PointAndPrintRestrictions_User</a>
  </dd>
  <dd>
    <a href="#printers-publishprinters">Printers/PublishPrinters</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="printers-pointandprintrestrictions"></a>**Printers/PointAndPrintRestrictions**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
@ -82,6 +104,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="printers-pointandprintrestrictions-user"></a>**Printers/PointAndPrintRestrictions_User**  
@ -108,6 +131,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
@ -145,6 +177,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="printers-publishprinters"></a>**Printers/PublishPrinters**  
@ -171,6 +204,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Determines whether the computer's shared printers can be published in Active Directory.
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteAssistance
@ -14,11 +14,27 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteAssistance policies  
 <dl>
  <dd>
    <a href="#remoteassistance-customizewarningmessages">RemoteAssistance/CustomizeWarningMessages</a>
  </dd>
  <dd>
    <a href="#remoteassistance-sessionlogging">RemoteAssistance/SessionLogging</a>
  </dd>
  <dd>
    <a href="#remoteassistance-solicitedremoteassistance">RemoteAssistance/SolicitedRemoteAssistance</a>
  </dd>
  <dd>
    <a href="#remoteassistance-unsolicitedremoteassistance">RemoteAssistance/UnsolicitedRemoteAssistance</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-customizewarningmessages"></a>**RemoteAssistance/CustomizeWarningMessages**  
@ -45,6 +61,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting lets you customize warning messages.
@ -75,6 +100,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-sessionlogging"></a>**RemoteAssistance/SessionLogging**  
@ -101,6 +127,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.
@ -127,6 +162,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-solicitedremoteassistance"></a>**RemoteAssistance/SolicitedRemoteAssistance**  
@ -153,6 +189,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
@ -187,6 +232,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-unsolicitedremoteassistance"></a>**RemoteAssistance/UnsolicitedRemoteAssistance**  
@ -213,6 +259,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteDesktopServices
@ -14,11 +14,33 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteDesktopServices policies  
 <dl>
  <dd>
    <a href="#remotedesktopservices-allowuserstoconnectremotely">RemoteDesktopServices/AllowUsersToConnectRemotely</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-clientconnectionencryptionlevel">RemoteDesktopServices/ClientConnectionEncryptionLevel</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-donotallowdriveredirection">RemoteDesktopServices/DoNotAllowDriveRedirection</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-donotallowpasswordsaving">RemoteDesktopServices/DoNotAllowPasswordSaving</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-promptforpassworduponconnection">RemoteDesktopServices/PromptForPasswordUponConnection</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-requiresecurerpccommunication">RemoteDesktopServices/RequireSecureRPCCommunication</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-allowuserstoconnectremotely"></a>**RemoteDesktopServices/AllowUsersToConnectRemotely**  
@ -45,6 +67,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to configure remote access to computers by using Remote Desktop Services.
@ -75,6 +106,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-clientconnectionencryptionlevel"></a>**RemoteDesktopServices/ClientConnectionEncryptionLevel**  
@ -101,6 +133,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
@ -135,6 +176,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-donotallowdriveredirection"></a>**RemoteDesktopServices/DoNotAllowDriveRedirection**  
@ -161,6 +203,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).
@ -189,6 +240,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-donotallowpasswordsaving"></a>**RemoteDesktopServices/DoNotAllowPasswordSaving**  
@ -215,6 +267,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Controls whether passwords can be saved on this computer from Remote Desktop Connection.
@ -239,6 +300,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-promptforpassworduponconnection"></a>**RemoteDesktopServices/PromptForPasswordUponConnection**  
@ -265,6 +327,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.
@ -295,6 +366,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-requiresecurerpccommunication"></a>**RemoteDesktopServices/RequireSecureRPCCommunication**  
@ -321,6 +393,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteManagement
@ -14,11 +14,60 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteManagement policies  
 <dl>
  <dd>
    <a href="#remotemanagement-allowbasicauthentication-client">RemoteManagement/AllowBasicAuthentication_Client</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowbasicauthentication-service">RemoteManagement/AllowBasicAuthentication_Service</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowcredsspauthenticationclient">RemoteManagement/AllowCredSSPAuthenticationClient</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowcredsspauthenticationservice">RemoteManagement/AllowCredSSPAuthenticationService</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowremoteservermanagement">RemoteManagement/AllowRemoteServerManagement</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowunencryptedtraffic-client">RemoteManagement/AllowUnencryptedTraffic_Client</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowunencryptedtraffic-service">RemoteManagement/AllowUnencryptedTraffic_Service</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallowdigestauthentication">RemoteManagement/DisallowDigestAuthentication</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallownegotiateauthenticationclient">RemoteManagement/DisallowNegotiateAuthenticationClient</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallownegotiateauthenticationservice">RemoteManagement/DisallowNegotiateAuthenticationService</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallowstoringofrunascredentials">RemoteManagement/DisallowStoringOfRunAsCredentials</a>
  </dd>
  <dd>
    <a href="#remotemanagement-specifychannelbindingtokenhardeninglevel">RemoteManagement/SpecifyChannelBindingTokenHardeningLevel</a>
  </dd>
  <dd>
    <a href="#remotemanagement-trustedhosts">RemoteManagement/TrustedHosts</a>
  </dd>
  <dd>
    <a href="#remotemanagement-turnoncompatibilityhttplistener">RemoteManagement/TurnOnCompatibilityHTTPListener</a>
  </dd>
  <dd>
    <a href="#remotemanagement-turnoncompatibilityhttpslistener">RemoteManagement/TurnOnCompatibilityHTTPSListener</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowbasicauthentication-client"></a>**RemoteManagement/AllowBasicAuthentication_Client**  
@ -45,6 +94,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -63,6 +121,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowbasicauthentication-service"></a>**RemoteManagement/AllowBasicAuthentication_Service**  
@ -89,6 +148,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -107,6 +175,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowcredsspauthenticationclient"></a>**RemoteManagement/AllowCredSSPAuthenticationClient**  
@ -133,6 +202,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -151,6 +229,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowcredsspauthenticationservice"></a>**RemoteManagement/AllowCredSSPAuthenticationService**  
@ -177,6 +256,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -195,6 +283,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowremoteservermanagement"></a>**RemoteManagement/AllowRemoteServerManagement**  
@ -221,6 +310,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -239,6 +337,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowunencryptedtraffic-client"></a>**RemoteManagement/AllowUnencryptedTraffic_Client**  
@ -265,6 +364,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -283,6 +391,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowunencryptedtraffic-service"></a>**RemoteManagement/AllowUnencryptedTraffic_Service**  
@ -309,6 +418,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -327,6 +445,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallowdigestauthentication"></a>**RemoteManagement/DisallowDigestAuthentication**  
@ -353,6 +472,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -371,6 +499,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallownegotiateauthenticationclient"></a>**RemoteManagement/DisallowNegotiateAuthenticationClient**  
@ -397,6 +526,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -415,6 +553,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallownegotiateauthenticationservice"></a>**RemoteManagement/DisallowNegotiateAuthenticationService**  
@ -441,6 +580,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -459,6 +607,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallowstoringofrunascredentials"></a>**RemoteManagement/DisallowStoringOfRunAsCredentials**  
@ -485,6 +634,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -503,6 +661,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-specifychannelbindingtokenhardeninglevel"></a>**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel**  
@ -529,6 +688,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -547,6 +715,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-trustedhosts"></a>**RemoteManagement/TrustedHosts**  
@ -573,6 +742,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -591,6 +769,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-turnoncompatibilityhttplistener"></a>**RemoteManagement/TurnOnCompatibilityHTTPListener**  
@ -617,6 +796,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -635,6 +823,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-turnoncompatibilityhttpslistener"></a>**RemoteManagement/TurnOnCompatibilityHTTPSListener**  
@ -661,6 +850,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteProcedureCall
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteProcedureCall policies  
 <dl>
  <dd>
    <a href="#remoteprocedurecall-rpcendpointmapperclientauthentication">RemoteProcedureCall/RPCEndpointMapperClientAuthentication</a>
  </dd>
  <dd>
    <a href="#remoteprocedurecall-restrictunauthenticatedrpcclients">RemoteProcedureCall/RestrictUnauthenticatedRPCClients</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteprocedurecall-rpcendpointmapperclientauthentication"></a>**RemoteProcedureCall/RPCEndpointMapperClientAuthentication**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.
@ -73,6 +92,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteprocedurecall-restrictunauthenticatedrpcclients"></a>**RemoteProcedureCall/RestrictUnauthenticatedRPCClients**  
@ -99,6 +119,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteShell
@ -14,11 +14,36 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteShell policies  
 <dl>
  <dd>
    <a href="#remoteshell-allowremoteshellaccess">RemoteShell/AllowRemoteShellAccess</a>
  </dd>
  <dd>
    <a href="#remoteshell-maxconcurrentusers">RemoteShell/MaxConcurrentUsers</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifyidletimeout">RemoteShell/SpecifyIdleTimeout</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifymaxmemory">RemoteShell/SpecifyMaxMemory</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifymaxprocesses">RemoteShell/SpecifyMaxProcesses</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifymaxremoteshells">RemoteShell/SpecifyMaxRemoteShells</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifyshelltimeout">RemoteShell/SpecifyShellTimeout</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-allowremoteshellaccess"></a>**RemoteShell/AllowRemoteShellAccess**  
@ -45,6 +70,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -63,6 +97,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-maxconcurrentusers"></a>**RemoteShell/MaxConcurrentUsers**  
@ -89,6 +124,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -107,6 +151,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifyidletimeout"></a>**RemoteShell/SpecifyIdleTimeout**  
@ -133,6 +178,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -151,6 +205,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifymaxmemory"></a>**RemoteShell/SpecifyMaxMemory**  
@ -177,6 +232,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -195,6 +259,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifymaxprocesses"></a>**RemoteShell/SpecifyMaxProcesses**  
@ -221,6 +286,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -239,6 +313,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifymaxremoteshells"></a>**RemoteShell/SpecifyMaxRemoteShells**  
@ -265,6 +340,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -283,6 +367,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifyshelltimeout"></a>**RemoteShell/SpecifyShellTimeout**  
@ -309,6 +394,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Search
@ -14,11 +14,45 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Search policies  
 <dl>
  <dd>
    <a href="#search-allowcloudsearch">Search/AllowCloudSearch</a>
  </dd>
  <dd>
    <a href="#search-allowindexingencryptedstoresoritems">Search/AllowIndexingEncryptedStoresOrItems</a>
  </dd>
  <dd>
    <a href="#search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a>
  </dd>
  <dd>
    <a href="#search-allowusingdiacritics">Search/AllowUsingDiacritics</a>
  </dd>
  <dd>
    <a href="#search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a>
  </dd>
  <dd>
    <a href="#search-disablebackoff">Search/DisableBackoff</a>
  </dd>
  <dd>
    <a href="#search-disableremovabledriveindexing">Search/DisableRemovableDriveIndexing</a>
  </dd>
  <dd>
    <a href="#search-preventindexinglowdiskspacemb">Search/PreventIndexingLowDiskSpaceMB</a>
  </dd>
  <dd>
    <a href="#search-preventremotequeries">Search/PreventRemoteQueries</a>
  </dd>
  <dd>
    <a href="#search-safesearchpermissions">Search/SafeSearchPermissions</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowcloudsearch"></a>**Search/AllowCloudSearch**  
@ -45,6 +79,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
@ -55,6 +98,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**  
@ -81,6 +125,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
@ -97,6 +150,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**  
@ -123,6 +177,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether search can leverage location information.
@ -135,6 +198,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**  
@ -161,6 +225,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the use of diacritics.
@ -173,6 +246,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**  
@ -199,6 +273,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to always use automatic language detection when indexing content and properties.
@ -211,6 +294,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**  
@ -237,6 +321,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.
@ -247,6 +340,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**  
@ -273,6 +367,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy setting configures whether or not locations on removable drives can be added to libraries.
@ -287,6 +390,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**  
@ -313,6 +417,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
@ -327,6 +440,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**  
@ -353,6 +467,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
@ -363,6 +486,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-safesearchpermissions"></a>**Search/SafeSearchPermissions**  
@ -389,6 +513,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Security
@ -14,11 +14,45 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Security policies  
 <dl>
  <dd>
    <a href="#security-allowaddprovisioningpackage">Security/AllowAddProvisioningPackage</a>
  </dd>
  <dd>
    <a href="#security-allowautomaticdeviceencryptionforazureadjoineddevices">Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
  </dd>
  <dd>
    <a href="#security-allowmanualrootcertificateinstallation">Security/AllowManualRootCertificateInstallation</a>
  </dd>
  <dd>
    <a href="#security-allowremoveprovisioningpackage">Security/AllowRemoveProvisioningPackage</a>
  </dd>
  <dd>
    <a href="#security-antitheftmode">Security/AntiTheftMode</a>
  </dd>
  <dd>
    <a href="#security-cleartpmifnotready">Security/ClearTPMIfNotReady</a>
  </dd>
  <dd>
    <a href="#security-preventautomaticdeviceencryptionforazureadjoineddevices">Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
  </dd>
  <dd>
    <a href="#security-requiredeviceencryption">Security/RequireDeviceEncryption</a>
  </dd>
  <dd>
    <a href="#security-requireprovisioningpackagesignature">Security/RequireProvisioningPackageSignature</a>
  </dd>
  <dd>
    <a href="#security-requireretrievehealthcertificateonboot">Security/RequireRetrieveHealthCertificateOnBoot</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowaddprovisioningpackage"></a>**Security/AllowAddProvisioningPackage**  
@ -45,6 +79,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to install provisioning packages.
@ -55,6 +98,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**  
@ -100,6 +144,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowmanualrootcertificateinstallation"></a>**Security/AllowManualRootCertificateInstallation**  
@ -126,6 +171,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -142,6 +196,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowremoveprovisioningpackage"></a>**Security/AllowRemoveProvisioningPackage**  
@ -168,6 +223,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to remove provisioning packages.
@ -178,6 +242,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-antitheftmode"></a>**Security/AntiTheftMode**  
@ -204,6 +269,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -218,6 +292,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-cleartpmifnotready"></a>**Security/ClearTPMIfNotReady**  
@ -244,6 +319,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -257,6 +341,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-preventautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**  
@ -283,6 +368,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -299,6 +393,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-requiredeviceencryption"></a>**Security/RequireDeviceEncryption**  
@ -325,6 +420,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**.
@ -343,6 +447,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-requireprovisioningpackagesignature"></a>**Security/RequireProvisioningPackageSignature**  
@ -369,6 +474,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether provisioning packages must have a certificate signed by a device trusted authority.
@ -379,6 +493,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-requireretrievehealthcertificateonboot"></a>**Security/RequireRetrieveHealthCertificateOnBoot**  
@ -405,6 +520,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Settings
@ -14,11 +14,54 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Settings policies  
 <dl>
  <dd>
    <a href="#settings-allowautoplay">Settings/AllowAutoPlay</a>
  </dd>
  <dd>
    <a href="#settings-allowdatasense">Settings/AllowDataSense</a>
  </dd>
  <dd>
    <a href="#settings-allowdatetime">Settings/AllowDateTime</a>
  </dd>
  <dd>
    <a href="#settings-alloweditdevicename">Settings/AllowEditDeviceName</a>
  </dd>
  <dd>
    <a href="#settings-allowlanguage">Settings/AllowLanguage</a>
  </dd>
  <dd>
    <a href="#settings-allowpowersleep">Settings/AllowPowerSleep</a>
  </dd>
  <dd>
    <a href="#settings-allowregion">Settings/AllowRegion</a>
  </dd>
  <dd>
    <a href="#settings-allowsigninoptions">Settings/AllowSignInOptions</a>
  </dd>
  <dd>
    <a href="#settings-allowvpn">Settings/AllowVPN</a>
  </dd>
  <dd>
    <a href="#settings-allowworkplace">Settings/AllowWorkplace</a>
  </dd>
  <dd>
    <a href="#settings-allowyouraccount">Settings/AllowYourAccount</a>
  </dd>
  <dd>
    <a href="#settings-configuretaskbarcalendar">Settings/ConfigureTaskbarCalendar</a>
  </dd>
  <dd>
    <a href="#settings-pagevisibilitylist">Settings/PageVisibilityList</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowautoplay"></a>**Settings/AllowAutoPlay**  
@ -45,6 +88,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -62,6 +114,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowdatasense"></a>**Settings/AllowDataSense**  
@ -88,6 +141,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to change Data Sense settings.
@ -98,6 +160,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowdatetime"></a>**Settings/AllowDateTime**  
@ -124,6 +187,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to change date and time settings.
@ -134,6 +206,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-alloweditdevicename"></a>**Settings/AllowEditDeviceName**  
@ -160,6 +233,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows editing of the device name.
@ -170,6 +252,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowlanguage"></a>**Settings/AllowLanguage**  
@ -196,6 +279,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -210,6 +302,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowpowersleep"></a>**Settings/AllowPowerSleep**  
@ -236,6 +329,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -250,6 +352,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowregion"></a>**Settings/AllowRegion**  
@ -276,6 +379,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -290,6 +402,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowsigninoptions"></a>**Settings/AllowSignInOptions**  
@ -316,6 +429,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -330,6 +452,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowvpn"></a>**Settings/AllowVPN**  
@ -356,6 +479,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to change VPN settings.
@ -366,6 +498,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowworkplace"></a>**Settings/AllowWorkplace**  
@ -392,6 +525,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -406,6 +548,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowyouraccount"></a>**Settings/AllowYourAccount**  
@ -432,6 +575,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows user to change account settings.
@ -442,6 +594,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-configuretaskbarcalendar"></a>**Settings/ConfigureTaskbarCalendar**  
@ -468,6 +621,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout.  In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
@ -480,6 +642,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-pagevisibilitylist"></a>**Settings/PageVisibilityList**  
@ -506,6 +669,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo".  Multiple page identifiers are separated by semicolons.
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - SmartScreen
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## SmartScreen policies  
 <dl>
  <dd>
    <a href="#smartscreen-enableappinstallcontrol">SmartScreen/EnableAppInstallControl</a>
  </dd>
  <dd>
    <a href="#smartscreen-enablesmartscreeninshell">SmartScreen/EnableSmartScreenInShell</a>
  </dd>
  <dd>
    <a href="#smartscreen-preventoverrideforfilesinshell">SmartScreen/PreventOverrideForFilesInShell</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="smartscreen-enableappinstallcontrol"></a>**SmartScreen/EnableAppInstallControl**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
@ -55,6 +77,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="smartscreen-enablesmartscreeninshell"></a>**SmartScreen/EnableSmartScreenInShell**  
@ -81,6 +104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
@ -91,6 +123,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="smartscreen-preventoverrideforfilesinshell"></a>**SmartScreen/PreventOverrideForFilesInShell**  
@ -117,6 +150,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Speech
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Speech policies  
 <dl>
  <dd>
    <a href="#speech-allowspeechmodelupdate">Speech/AllowSpeechModelUpdate</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="speech-allowspeechmodelupdate"></a>**Speech/AllowSpeechModelUpdate**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Start
@ -14,11 +14,99 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Start policies  
 <dl>
  <dd>
    <a href="#start-allowpinnedfolderdocuments">Start/AllowPinnedFolderDocuments</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderdownloads">Start/AllowPinnedFolderDownloads</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderfileexplorer">Start/AllowPinnedFolderFileExplorer</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderhomegroup">Start/AllowPinnedFolderHomeGroup</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldermusic">Start/AllowPinnedFolderMusic</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldernetwork">Start/AllowPinnedFolderNetwork</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderpersonalfolder">Start/AllowPinnedFolderPersonalFolder</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderpictures">Start/AllowPinnedFolderPictures</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldersettings">Start/AllowPinnedFolderSettings</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldervideos">Start/AllowPinnedFolderVideos</a>
  </dd>
  <dd>
    <a href="#start-forcestartsize">Start/ForceStartSize</a>
  </dd>
  <dd>
    <a href="#start-hideapplist">Start/HideAppList</a>
  </dd>
  <dd>
    <a href="#start-hidechangeaccountsettings">Start/HideChangeAccountSettings</a>
  </dd>
  <dd>
    <a href="#start-hidefrequentlyusedapps">Start/HideFrequentlyUsedApps</a>
  </dd>
  <dd>
    <a href="#start-hidehibernate">Start/HideHibernate</a>
  </dd>
  <dd>
    <a href="#start-hidelock">Start/HideLock</a>
  </dd>
  <dd>
    <a href="#start-hidepowerbutton">Start/HidePowerButton</a>
  </dd>
  <dd>
    <a href="#start-hiderecentjumplists">Start/HideRecentJumplists</a>
  </dd>
  <dd>
    <a href="#start-hiderecentlyaddedapps">Start/HideRecentlyAddedApps</a>
  </dd>
  <dd>
    <a href="#start-hiderestart">Start/HideRestart</a>
  </dd>
  <dd>
    <a href="#start-hideshutdown">Start/HideShutDown</a>
  </dd>
  <dd>
    <a href="#start-hidesignout">Start/HideSignOut</a>
  </dd>
  <dd>
    <a href="#start-hidesleep">Start/HideSleep</a>
  </dd>
  <dd>
    <a href="#start-hideswitchaccount">Start/HideSwitchAccount</a>
  </dd>
  <dd>
    <a href="#start-hideusertile">Start/HideUserTile</a>
  </dd>
  <dd>
    <a href="#start-importedgeassets">Start/ImportEdgeAssets</a>
  </dd>
  <dd>
    <a href="#start-nopinningtotaskbar">Start/NoPinningToTaskbar</a>
  </dd>
  <dd>
    <a href="#start-startlayout">Start/StartLayout</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderdocuments"></a>**Start/AllowPinnedFolderDocuments**  
@ -45,6 +133,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.
@ -56,6 +153,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderdownloads"></a>**Start/AllowPinnedFolderDownloads**  
@ -82,6 +180,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.
@ -93,6 +200,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderfileexplorer"></a>**Start/AllowPinnedFolderFileExplorer**  
@ -119,6 +227,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.
@ -130,6 +247,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderhomegroup"></a>**Start/AllowPinnedFolderHomeGroup**  
@ -156,6 +274,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.
@ -167,6 +294,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldermusic"></a>**Start/AllowPinnedFolderMusic**  
@ -193,6 +321,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.
@ -204,6 +341,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldernetwork"></a>**Start/AllowPinnedFolderNetwork**  
@ -230,6 +368,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.
@ -241,6 +388,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderpersonalfolder"></a>**Start/AllowPinnedFolderPersonalFolder**  
@ -267,6 +415,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
@ -278,6 +435,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderpictures"></a>**Start/AllowPinnedFolderPictures**  
@ -304,6 +462,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.
@ -315,6 +482,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldersettings"></a>**Start/AllowPinnedFolderSettings**  
@ -341,6 +509,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.
@ -352,6 +529,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldervideos"></a>**Start/AllowPinnedFolderVideos**  
@ -378,6 +556,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.
@ -389,6 +576,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-forcestartsize"></a>**Start/ForceStartSize**  
@ -415,6 +603,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -432,6 +629,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideapplist"></a>**Start/HideAppList**  
@ -458,6 +656,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -483,6 +690,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidechangeaccountsettings"></a>**Start/HideChangeAccountSettings**  
@ -509,6 +717,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
@ -524,6 +741,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidefrequentlyusedapps"></a>**Start/HideFrequentlyUsedApps**  
@ -550,6 +768,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -572,6 +799,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidehibernate"></a>**Start/HideHibernate**  
@ -598,6 +826,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
@ -616,6 +853,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidelock"></a>**Start/HideLock**  
@ -642,6 +880,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
@ -657,6 +904,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidepowerbutton"></a>**Start/HidePowerButton**  
@ -683,6 +931,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -701,6 +958,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hiderecentjumplists"></a>**Start/HideRecentJumplists**  
@ -727,6 +985,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -752,6 +1019,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hiderecentlyaddedapps"></a>**Start/HideRecentlyAddedApps**  
@ -778,6 +1046,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -800,6 +1077,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hiderestart"></a>**Start/HideRestart**  
@ -826,6 +1104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
@ -841,6 +1128,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideshutdown"></a>**Start/HideShutDown**  
@ -867,6 +1155,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
@ -882,6 +1179,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidesignout"></a>**Start/HideSignOut**  
@ -908,6 +1206,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
@ -923,6 +1230,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidesleep"></a>**Start/HideSleep**  
@ -949,6 +1257,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
@ -964,6 +1281,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideswitchaccount"></a>**Start/HideSwitchAccount**  
@ -990,6 +1308,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
@ -1005,6 +1332,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideusertile"></a>**Start/HideUserTile**  
@ -1031,6 +1359,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -1050,6 +1387,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-importedgeassets"></a>**Start/ImportEdgeAssets**  
@ -1076,6 +1414,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -1096,6 +1443,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-nopinningtotaskbar"></a>**Start/NoPinningToTaskbar**  
@ -1122,6 +1470,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
@ -1140,6 +1497,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-startlayout"></a>**Start/StartLayout**  
@ -1166,6 +1524,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
 > This node is set on a per-user basis and must be accessed using the following paths:
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Storage
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Storage policies  
 <dl>
  <dd>
    <a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures whether or not Windows will activate an Enhanced Storage device.
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/20/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - System
@ -14,11 +14,54 @@ ms.date: 09/20/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## System policies  
 <dl>
  <dd>
    <a href="#system-allowbuildpreview">System/AllowBuildPreview</a>
  </dd>
  <dd>
    <a href="#system-allowembeddedmode">System/AllowEmbeddedMode</a>
  </dd>
  <dd>
    <a href="#system-allowexperimentation">System/AllowExperimentation</a>
  </dd>
  <dd>
    <a href="#system-allowfontproviders">System/AllowFontProviders</a>
  </dd>
  <dd>
    <a href="#system-allowlocation">System/AllowLocation</a>
  </dd>
  <dd>
    <a href="#system-allowstoragecard">System/AllowStorageCard</a>
  </dd>
  <dd>
    <a href="#system-allowtelemetry">System/AllowTelemetry</a>
  </dd>
  <dd>
    <a href="#system-allowusertoresetphone">System/AllowUserToResetPhone</a>
  </dd>
  <dd>
    <a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
  </dd>
  <dd>
    <a href="#system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
  </dd>
  <dd>
    <a href="#system-disablesystemrestore">System/DisableSystemRestore</a>
  </dd>
  <dd>
    <a href="#system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
  </dd>
  <dd>
    <a href="#system-telemetryproxy">System/TelemetryProxy</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowbuildpreview"></a>**System/AllowBuildPreview**  
@ -45,6 +88,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise.
@ -62,6 +114,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowembeddedmode"></a>**System/AllowEmbeddedMode**  
@ -88,6 +141,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether set general purpose device to be in embedded mode.
@ -100,6 +162,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowexperimentation"></a>**System/AllowExperimentation**  
@ -126,6 +189,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is not supported in Windows 10, version 1607.
@ -142,6 +214,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowfontproviders"></a>**System/AllowFontProviders**  
@ -168,6 +241,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
@ -189,6 +271,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowlocation"></a>**System/AllowLocation**  
@ -215,6 +298,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow app access to the Location service.
@ -234,6 +326,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**  
@ -260,6 +353,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card.
@ -272,6 +374,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowtelemetry"></a>**System/AllowTelemetry**  
@ -298,6 +401,16 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow the device to send diagnostic and usage telemetry data, such as Watson.
@ -378,6 +491,7 @@ Windows 10 Values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**  
@ -404,6 +518,15 @@ Windows 10 Values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination.
@ -416,6 +539,7 @@ Windows 10 Values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**  
@ -442,6 +566,15 @@ Windows 10 Values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 N/A
@ -460,6 +593,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**  
@ -486,6 +620,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
@ -510,6 +653,7 @@ ADMX Info:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-disablesystemrestore"></a>**System/DisableSystemRestore**  
@ -536,6 +680,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Allows you to disable System Restore.
@ -566,6 +719,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**  
@ -592,6 +746,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy setting, in combination with the System/AllowTelemetry 
 policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
@ -608,9 +771,9 @@ ADMX Info:
 <p style="margin-left: 20px">If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**  
@ -637,6 +800,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *&lt;server&gt;:&lt;port&gt;*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - TextInput
@ -14,11 +14,54 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## TextInput policies  
 <dl>
  <dd>
    <a href="#textinput-allowimelogging">TextInput/AllowIMELogging</a>
  </dd>
  <dd>
    <a href="#textinput-allowimenetworkaccess">TextInput/AllowIMENetworkAccess</a>
  </dd>
  <dd>
    <a href="#textinput-allowinputpanel">TextInput/AllowInputPanel</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapaneseimesurrogatepaircharacters">TextInput/AllowJapaneseIMESurrogatePairCharacters</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapaneseivscharacters">TextInput/AllowJapaneseIVSCharacters</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapanesenonpublishingstandardglyph">TextInput/AllowJapaneseNonPublishingStandardGlyph</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapaneseuserdictionary">TextInput/AllowJapaneseUserDictionary</a>
  </dd>
  <dd>
    <a href="#textinput-allowkeyboardtextsuggestions">TextInput/AllowKeyboardTextSuggestions</a>
  </dd>
  <dd>
    <a href="#textinput-allowkoreanextendedhanja">TextInput/AllowKoreanExtendedHanja</a>
  </dd>
  <dd>
    <a href="#textinput-allowlanguagefeaturesuninstall">TextInput/AllowLanguageFeaturesUninstall</a>
  </dd>
  <dd>
    <a href="#textinput-excludejapaneseimeexceptjis0208">TextInput/ExcludeJapaneseIMEExceptJIS0208</a>
  </dd>
  <dd>
    <a href="#textinput-excludejapaneseimeexceptjis0208andeudc">TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC</a>
  </dd>
  <dd>
    <a href="#textinput-excludejapaneseimeexceptshiftjis">TextInput/ExcludeJapaneseIMEExceptShiftJIS</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowimelogging"></a>**TextInput/AllowIMELogging**  
@ -45,6 +88,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -61,6 +113,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowimenetworkaccess"></a>**TextInput/AllowIMENetworkAccess**  
@ -87,6 +140,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -103,6 +165,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowinputpanel"></a>**TextInput/AllowInputPanel**  
@ -129,6 +192,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -145,6 +217,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapaneseimesurrogatepaircharacters"></a>**TextInput/AllowJapaneseIMESurrogatePairCharacters**  
@ -171,6 +244,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -187,6 +269,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapaneseivscharacters"></a>**TextInput/AllowJapaneseIVSCharacters**  
@ -213,6 +296,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -229,6 +321,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapanesenonpublishingstandardglyph"></a>**TextInput/AllowJapaneseNonPublishingStandardGlyph**  
@ -255,6 +348,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -271,6 +373,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapaneseuserdictionary"></a>**TextInput/AllowJapaneseUserDictionary**  
@ -297,6 +400,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -313,6 +425,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowkeyboardtextsuggestions"></a>**TextInput/AllowKeyboardTextSuggestions**  
@ -339,6 +452,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -360,6 +482,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**  
@ -368,6 +491,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowlanguagefeaturesuninstall"></a>**TextInput/AllowLanguageFeaturesUninstall**  
@ -394,6 +518,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -410,6 +543,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-excludejapaneseimeexceptjis0208"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208**  
@ -436,6 +570,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -450,6 +593,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-excludejapaneseimeexceptjis0208andeudc"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**  
@ -476,6 +620,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -490,6 +643,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-excludejapaneseimeexceptshiftjis"></a>**TextInput/ExcludeJapaneseIMEExceptShiftJIS**  
@ -516,6 +670,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - TimeLanguageSettings
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## TimeLanguageSettings policies  
 <dl>
  <dd>
    <a href="#timelanguagesettings-allowset24hourclock">TimeLanguageSettings/AllowSet24HourClock</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="timelanguagesettings-allowset24hourclock"></a>**TimeLanguageSettings/AllowSet24HourClock**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting.
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Wifi
@ -14,11 +14,36 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Wifi policies  
 <dl>
  <dd>
    <a href="#wifi-allowwifihotspotreporting">WiFi/AllowWiFiHotSpotReporting</a>
  </dd>
  <dd>
    <a href="#wifi-allowautoconnecttowifisensehotspots">Wifi/AllowAutoConnectToWiFiSenseHotspots</a>
  </dd>
  <dd>
    <a href="#wifi-allowinternetsharing">Wifi/AllowInternetSharing</a>
  </dd>
  <dd>
    <a href="#wifi-allowmanualwificonfiguration">Wifi/AllowManualWiFiConfiguration</a>
  </dd>
  <dd>
    <a href="#wifi-allowwifi">Wifi/AllowWiFi</a>
  </dd>
  <dd>
    <a href="#wifi-allowwifidirect">Wifi/AllowWiFiDirect</a>
  </dd>
  <dd>
    <a href="#wifi-wlanscanmode">Wifi/WLANScanMode</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**  
@ -27,6 +52,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowautoconnecttowifisensehotspots"></a>**Wifi/AllowAutoConnectToWiFiSenseHotspots**  
@ -53,6 +79,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow the device to automatically connect to Wi-Fi hotspots.
@ -65,6 +100,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowinternetsharing"></a>**Wifi/AllowInternetSharing**  
@ -91,6 +127,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow internet sharing.
@ -103,6 +148,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowmanualwificonfiguration"></a>**Wifi/AllowManualWiFiConfiguration**  
@ -129,6 +175,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
@ -144,6 +199,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifi"></a>**Wifi/AllowWiFi**  
@ -170,6 +226,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow WiFi connection.
@ -182,6 +247,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifidirect"></a>**Wifi/AllowWiFiDirect**  
@ -208,6 +274,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allow WiFi Direct connection..
@ -216,6 +291,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-wlanscanmode"></a>**Wifi/WLANScanMode**  
@ -242,6 +318,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected.
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WindowsDefenderSecurityCenter
@ -14,11 +14,57 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WindowsDefenderSecurityCenter policies  
 <dl>
  <dd>
    <a href="#windowsdefendersecuritycenter-companyname">WindowsDefenderSecurityCenter/CompanyName</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disableenhancednotifications">WindowsDefenderSecurityCenter/DisableEnhancedNotifications</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablefamilyui">WindowsDefenderSecurityCenter/DisableFamilyUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablehealthui">WindowsDefenderSecurityCenter/DisableHealthUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablenetworkui">WindowsDefenderSecurityCenter/DisableNetworkUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablenotifications">WindowsDefenderSecurityCenter/DisableNotifications</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablevirusui">WindowsDefenderSecurityCenter/DisableVirusUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disallowexploitprotectionoverride">WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-email">WindowsDefenderSecurityCenter/Email</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-enablecustomizedtoasts">WindowsDefenderSecurityCenter/EnableCustomizedToasts</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-enableinappcustomization">WindowsDefenderSecurityCenter/EnableInAppCustomization</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-url">WindowsDefenderSecurityCenter/URL</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-companyname"></a>**WindowsDefenderSecurityCenter/CompanyName**  
@ -45,6 +91,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
@ -52,6 +107,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disableappbrowserui"></a>**WindowsDefenderSecurityCenter/DisableAppBrowserUI**  
@ -78,6 +134,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -88,6 +153,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disableenhancednotifications"></a>**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**  
@ -114,6 +180,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
@ -127,6 +202,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablefamilyui"></a>**WindowsDefenderSecurityCenter/DisableFamilyUI**  
@ -153,6 +229,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -163,6 +248,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablehealthui"></a>**WindowsDefenderSecurityCenter/DisableHealthUI**  
@ -189,6 +275,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -199,6 +294,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablenetworkui"></a>**WindowsDefenderSecurityCenter/DisableNetworkUI**  
@ -225,6 +321,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -235,6 +340,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablenotifications"></a>**WindowsDefenderSecurityCenter/DisableNotifications**  
@ -261,6 +367,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
@ -271,6 +386,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablevirusui"></a>**WindowsDefenderSecurityCenter/DisableVirusUI**  
@ -297,6 +413,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -307,6 +432,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disallowexploitprotectionoverride"></a>**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**  
@ -333,6 +459,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
@ -343,6 +478,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-email"></a>**WindowsDefenderSecurityCenter/Email**  
@ -369,6 +505,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
@ -376,6 +521,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-enablecustomizedtoasts"></a>**WindowsDefenderSecurityCenter/EnableCustomizedToasts**  
@ -402,6 +548,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
@ -412,6 +567,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-enableinappcustomization"></a>**WindowsDefenderSecurityCenter/EnableInAppCustomization**  
@ -438,6 +594,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709.Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
@ -448,6 +613,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**  
@ -474,6 +640,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
@ -481,6 +656,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-url"></a>**WindowsDefenderSecurityCenter/URL**  
@ -507,6 +683,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WindowsInkWorkspace
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WindowsInkWorkspace policies  
 <dl>
  <dd>
    <a href="#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace">WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</a>
  </dd>
  <dd>
    <a href="#windowsinkworkspace-allowwindowsinkworkspace">WindowsInkWorkspace/AllowWindowsInkWorkspace</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
@ -55,6 +74,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**  
@ -81,6 +101,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WindowsLogon
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WindowsLogon policies  
 <dl>
  <dd>
    <a href="#windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
  </dd>
  <dd>
    <a href="#windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
  </dd>
  <dd>
    <a href="#windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to prevent app notifications from appearing on the lock screen.
@ -69,6 +91,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**  
@ -95,6 +118,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
@ -119,6 +151,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**  
@ -145,6 +178,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WirelessDisplay
@ -14,11 +14,33 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WirelessDisplay policies  
 <dl>
  <dd>
    <a href="#wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowprojectionfrompcoverinfrastructure">WirelessDisplay/AllowProjectionFromPCOverInfrastructure</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowprojectiontopc">WirelessDisplay/AllowProjectionToPC</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowprojectiontopcoverinfrastructure">WirelessDisplay/AllowProjectionToPCOverInfrastructure</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver">WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-requirepinforpairing">WirelessDisplay/RequirePinForPairing</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**  
@ -45,6 +67,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC.  
@ -53,6 +84,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**  
@ -79,6 +111,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure.  
@ -87,6 +128,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**  
@ -113,6 +155,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC.
@ -125,6 +176,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**  
@ -151,6 +203,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure.  
@ -159,14 +220,25 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**  
@ -193,6 +265,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing.