Merge pull request #10268 from MicrosoftDocs/main

Publish main to live, 09/30, 11:00 AM IST
2025-05-12 13:27:23 +00:00 · 2024-09-30 11:00:30 +05:30 · 2024-09-30 11:00:30 +05:30 · 604ed06e47
commit 604ed06e47
parent 1533b1881b 4d8123f0b8
61 changed files with 1001 additions and 1042 deletions
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: CloudDesktop DDF file
 description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
        <MSFT:CspVersion>2.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -139,7 +139,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.22621.3374</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@ -1,7 +1,7 @@
 ---
 title: Defender CSP
 description: Learn more about the Defender CSP.
-ms.date: 06/21/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1289,7 +1289,7 @@ Define data duplication remote location for Device Control. When configuring thi
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-Begin -->
 <!-- Description-Source-DDF -->
-Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.
+Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 30 days when enabled.
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Description-End -->
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Editable-Begin -->
@ -1304,7 +1304,7 @@ Configure how many days can pass before an aggressive quick scan is triggered. T
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[7-60]` |
-| Default Value  | 25 |
+| Default Value  | 30 |
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-DFProperties-End -->
 <!-- Device-Configuration-DaysUntilAggressiveCatchupQuickScan-Examples-Begin -->
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@ -1,7 +1,7 @@
 ---
 title: Defender DDF file
 description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider.
-ms.date: 06/28/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -2373,8 +2373,8 @@ The following XML file contains the device description framework (DDF) for the D
            <Get />
            <Replace />
          </AccessType>
-          <DefaultValue>25</DefaultValue>
+          <DefaultValue>30</DefaultValue>
-          <Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 25 days when enabled.</Description>
+          <Description>Configure how many days can pass before an aggressive quick scan is triggered. The valid interval is [7-60] days. If not configured, aggressive quick scans will be disabled. By default, the value is set to 30 days when enabled.</Description>
          <DFFormat>
            <int />
          </DFFormat>
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@ -1,7 +1,7 @@
 ---
 title: Firewall CSP
 description: Learn more about the Firewall CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -2221,7 +2221,7 @@ Specifies the friendly name of the firewall rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Description-Begin -->
 <!-- Description-Source-DDF -->
-Specifies one WDAC tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule.
+Specifies one App Control tag. This is a string that can contain any alphanumeric character and any of the characters ":", "/", ""., and "_". A PolicyAppId and ServiceName can't be specified in the same rule.
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Description-End -->
 <!-- Device-MdmStore-FirewallRules-{FirewallRuleName}-PolicyAppId-Editable-Begin -->
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@ -1,7 +1,7 @@
 ---
 title: LAPS CSP
 description: Learn more about the LAPS CSP.
-ms.date: 06/21/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 06/21/2024
 <!-- LAPS-Begin -->
 # LAPS CSP
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- LAPS-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Local Administrator Password Solution (LAPS) configuration service provider (CSP) is used by the enterprise to manage back up of local administrator account passwords. Windows supports a LAPS Group Policy Object that is entirely separate from the LAPS CSP. Many of the various settings are common across both the LAPS GPO and CSP (GPO does not support any of the Action-related settings). As long as at least one LAPS setting is configured via CSP, any GPO-configured settings will be ignored. Also see [Configure policy settings for Windows LAPS](/windows-server/identity/laps/laps-management-policy-settings).
@ -432,7 +430,7 @@ If the specified user or group account is invalid the device will fallback to us
 <!-- Device-Policies-AutomaticAccountManagementEnableAccount-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Device-Policies-AutomaticAccountManagementEnableAccount-Applicability-End -->
 <!-- Device-Policies-AutomaticAccountManagementEnableAccount-OmaUri-Begin -->
@ -488,7 +486,7 @@ If not specified, this setting defaults to False.
 <!-- Device-Policies-AutomaticAccountManagementEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Device-Policies-AutomaticAccountManagementEnabled-Applicability-End -->
 <!-- Device-Policies-AutomaticAccountManagementEnabled-OmaUri-Begin -->
@ -543,7 +541,7 @@ If not specified, this setting defaults to False.
 <!-- Device-Policies-AutomaticAccountManagementNameOrPrefix-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Device-Policies-AutomaticAccountManagementNameOrPrefix-Applicability-End -->
 <!-- Device-Policies-AutomaticAccountManagementNameOrPrefix-OmaUri-Begin -->
@ -587,7 +585,7 @@ If not specified, this setting will default to "WLapsAdmin".
 <!-- Device-Policies-AutomaticAccountManagementRandomizeName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Device-Policies-AutomaticAccountManagementRandomizeName-Applicability-End -->
 <!-- Device-Policies-AutomaticAccountManagementRandomizeName-OmaUri-Begin -->
@ -643,7 +641,7 @@ If not specified, this setting defaults to False.
 <!-- Device-Policies-AutomaticAccountManagementTarget-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Device-Policies-AutomaticAccountManagementTarget-Applicability-End -->
 <!-- Device-Policies-AutomaticAccountManagementTarget-OmaUri-Begin -->
@ -759,7 +757,7 @@ If not specified, this setting will default to 0.
 <!-- Device-Policies-PassphraseLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Device-Policies-PassphraseLength-Applicability-End -->
 <!-- Device-Policies-PassphraseLength-OmaUri-Begin -->
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: LAPS DDF file
 description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 06/28/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -327,7 +327,7 @@ This setting has a maximum allowed value of 10 words.</Description>
            <MIME />
          </DFType>
          <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.26100</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.1</MSFT:CspVersion>
          </MSFT:Applicability>
          <MSFT:AllowedValues ValueType="Range">
@ -690,7 +690,7 @@ If not specified, this setting defaults to False.</Description>
            <MIME />
          </DFType>
          <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.26100</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.1</MSFT:CspVersion>
          </MSFT:Applicability>
          <MSFT:AllowedValues ValueType="ENUM">
@ -736,7 +736,7 @@ If not specified, this setting will default to 1.</Description>
            <MIME />
          </DFType>
          <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.26100</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.1</MSFT:CspVersion>
          </MSFT:Applicability>
          <MSFT:AllowedValues ValueType="ENUM">
@ -791,7 +791,7 @@ If not specified, this setting will default to "WLapsAdmin".</Description>
            <MIME />
          </DFType>
          <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.26100</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.1</MSFT:CspVersion>
          </MSFT:Applicability>
          <MSFT:DependencyBehavior>
@ -839,7 +839,7 @@ If not specified, this setting defaults to False.</Description>
            <MIME />
          </DFType>
          <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.26100</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.1</MSFT:CspVersion>
          </MSFT:Applicability>
          <MSFT:AllowedValues ValueType="ENUM">
@ -897,7 +897,7 @@ If not specified, this setting defaults to False.</Description>
            <MIME />
          </DFType>
          <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.26100</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.1</MSFT:CspVersion>
          </MSFT:Applicability>
          <MSFT:AllowedValues ValueType="ENUM">
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@ -1,7 +1,7 @@
 ---
 title: Personalization DDF file
 description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@ -137,7 +137,6 @@ ms.date: 02/03/2023
 - [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#configuredeadlineforfeatureupdates) <sup>11</sup>
 - [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#configuredeadlineforqualityupdates) <sup>11</sup>
 - [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#configuredeadlinegraceperiod) <sup>11</sup>
 - [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#configuredeadlinenoautoreboot) <sup>11</sup>
 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#deferfeatureupdatesperiodindays)
 - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#deferqualityupdatesperiodindays)
 - [Update/ManagePreviewBuilds](policy-csp-update.md#managepreviewbuilds)
--- a/windows/client-management/mdm/policies-in-preview.md
+++ b/windows/client-management/mdm/policies-in-preview.md
@ -1,7 +1,7 @@
 ---
 title: Configuration service provider preview policies
 description: Learn more about configuration service provider (CSP) policies that are available for Windows Insider Preview.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -17,6 +17,7 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [TurnOffInstallTracing](policy-csp-appdeviceinventory.md#turnoffinstalltracing)
 - [TurnOffAPISamping](policy-csp-appdeviceinventory.md#turnoffapisamping)
 - [TurnOffApplicationFootprint](policy-csp-appdeviceinventory.md#turnoffapplicationfootprint)
 - [TurnOffWin32AppBackup](policy-csp-appdeviceinventory.md#turnoffwin32appbackup)
 ## ClientCertificateInstall CSP
@ -28,15 +29,6 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [EnablePhysicalDeviceAccessOnErrorScreens](clouddesktop-csp.md#userenablephysicaldeviceaccessonerrorscreens)
 - [EnableBootToCloudSharedPCMode](clouddesktop-csp.md#deviceenableboottocloudsharedpcmode)
 ## Cryptography
 - [ConfigureEllipticCurveCryptography](policy-csp-cryptography.md#configureellipticcurvecryptography)
 - [ConfigureSystemCryptographyForceStrongKeyProtection](policy-csp-cryptography.md#configuresystemcryptographyforcestrongkeyprotection)
 - [OverrideMinimumEnabledTLSVersionClient](policy-csp-cryptography.md#overrideminimumenabledtlsversionclient)
 - [OverrideMinimumEnabledTLSVersionServer](policy-csp-cryptography.md#overrideminimumenabledtlsversionserver)
 - [OverrideMinimumEnabledDTLSVersionClient](policy-csp-cryptography.md#overrideminimumenableddtlsversionclient)
 - [OverrideMinimumEnabledDTLSVersionServer](policy-csp-cryptography.md#overrideminimumenableddtlsversionserver)
 ## DeclaredConfiguration CSP
 - [Document](declaredconfiguration-csp.md#hostcompletedocumentsdociddocument)
@ -47,23 +39,6 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn)
 - [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords)
 ## DesktopAppInstaller
 - [EnableWindowsPackageManagerCommandLineInterfaces](policy-csp-desktopappinstaller.md#enablewindowspackagemanagercommandlineinterfaces)
 - [EnableWindowsPackageManagerConfiguration](policy-csp-desktopappinstaller.md#enablewindowspackagemanagerconfiguration)
 ## DeviceLock
 - [MaximumPasswordAge](policy-csp-devicelock.md#maximumpasswordage)
 - [ClearTextPassword](policy-csp-devicelock.md#cleartextpassword)
 - [PasswordComplexity](policy-csp-devicelock.md#passwordcomplexity)
 - [PasswordHistorySize](policy-csp-devicelock.md#passwordhistorysize)
 - [AccountLockoutPolicy](policy-csp-devicelock.md#accountlockoutpolicy)
 - [AllowAdministratorLockout](policy-csp-devicelock.md#allowadministratorlockout)
 - [MinimumPasswordLength](policy-csp-devicelock.md#minimumpasswordlength)
 - [MinimumPasswordLengthAudit](policy-csp-devicelock.md#minimumpasswordlengthaudit)
 - [RelaxMinimumPasswordLengthLimits](policy-csp-devicelock.md#relaxminimumpasswordlengthlimits)
 ## DevicePreparation CSP
 - [PageEnabled](devicepreparation-csp.md#pageenabled)
@ -84,12 +59,6 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [Cadence](dmclient-csp.md#deviceproviderprovideridconfigrefreshcadence)
 - [PausePeriod](dmclient-csp.md#deviceproviderprovideridconfigrefreshpauseperiod)
 ## Experience
 - [AllowScreenRecorder](policy-csp-experience.md#allowscreenrecorder)
 - [EnableOrganizationalMessages](policy-csp-experience.md#enableorganizationalmessages)
 - [DisableTextTranslation](policy-csp-experience.md#disabletexttranslation)
 ## FileSystem
 - [EnableDevDrive](policy-csp-filesystem.md#enabledevdrive)
@ -99,13 +68,6 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [AttestErrorMessage](healthattestation-csp.md#attesterrormessage)
 ## HumanPresence
 - [ForceDisableWakeWhenBatterySaverOn](policy-csp-humanpresence.md#forcedisablewakewhenbatterysaveron)
 - [ForceAllowWakeWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowwakewhenexternaldisplayconnected)
 - [ForceAllowLockWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowlockwhenexternaldisplayconnected)
 - [ForceAllowDimWhenExternalDisplayConnected](policy-csp-humanpresence.md#forceallowdimwhenexternaldisplayconnected)
 ## InternetExplorer
 - [AllowLegacyURLFields](policy-csp-internetexplorer.md#allowlegacyurlfields)
@ -121,49 +83,8 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [StartInstallation](language-pack-management-csp.md#installlanguage-idstartinstallation)
 - [SystemPreferredUILanguages](language-pack-management-csp.md#languagesettingssystempreferreduilanguages)
 ## LAPS CSP
 - [PassphraseLength](laps-csp.md#policiespassphraselength)
 - [AutomaticAccountManagementEnabled](laps-csp.md#policiesautomaticaccountmanagementenabled)
 - [AutomaticAccountManagementTarget](laps-csp.md#policiesautomaticaccountmanagementtarget)
 - [AutomaticAccountManagementNameOrPrefix](laps-csp.md#policiesautomaticaccountmanagementnameorprefix)
 - [AutomaticAccountManagementEnableAccount](laps-csp.md#policiesautomaticaccountmanagementenableaccount)
 - [AutomaticAccountManagementRandomizeName](laps-csp.md#policiesautomaticaccountmanagementrandomizename)
 ## LocalPoliciesSecurityOptions
 - [Audit_AuditTheUseOfBackupAndRestoreprivilege](policy-csp-localpoliciessecurityoptions.md#audit_audittheuseofbackupandrestoreprivilege)
 - [Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings](policy-csp-localpoliciessecurityoptions.md#audit_forceauditpolicysubcategorysettingstooverrideauditpolicycategorysettings)
 - [Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits](policy-csp-localpoliciessecurityoptions.md#audit_shutdownsystemimmediatelyifunabletologsecurityaudits)
 - [Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly](policy-csp-localpoliciessecurityoptions.md#devices_restrictfloppyaccesstolocallyloggedonuseronly)
 - [DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptorsignsecurechanneldataalways)
 - [DomainMember_DigitallyEncryptSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallyencryptsecurechanneldatawhenpossible)
 - [DomainMember_DigitallySignSecureChannelDataWhenPossible](policy-csp-localpoliciessecurityoptions.md#domainmember_digitallysignsecurechanneldatawhenpossible)
 - [DomainMember_DisableMachineAccountPasswordChanges](policy-csp-localpoliciessecurityoptions.md#domainmember_disablemachineaccountpasswordchanges)
 - [DomainMember_MaximumMachineAccountPasswordAge](policy-csp-localpoliciessecurityoptions.md#domainmember_maximummachineaccountpasswordage)
 - [DomainMember_RequireStrongSessionKey](policy-csp-localpoliciessecurityoptions.md#domainmember_requirestrongsessionkey)
 - [InteractiveLogon_MachineAccountLockoutThreshold](policy-csp-localpoliciessecurityoptions.md#interactivelogon_machineaccountlockoutthreshold)
 - [InteractiveLogon_NumberOfPreviousLogonsToCache](policy-csp-localpoliciessecurityoptions.md#interactivelogon_numberofpreviouslogonstocache)
 - [InteractiveLogon_PromptUserToChangePasswordBeforeExpiration](policy-csp-localpoliciessecurityoptions.md#interactivelogon_promptusertochangepasswordbeforeexpiration)
 - [MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_amountofidletimerequiredbeforesuspendingsession)
 - [MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_disconnectclientswhenlogonhoursexpire)
 - [MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel](policy-csp-localpoliciessecurityoptions.md#microsoftnetworkserver_serverspntargetnamevalidationlevel)
 - [NetworkAccess_AllowAnonymousSIDOrNameTranslation](policy-csp-localpoliciessecurityoptions.md#networkaccess_allowanonymoussidornametranslation)
 - [NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication](policy-csp-localpoliciessecurityoptions.md#networkaccess_donotallowstorageofpasswordsandcredentialsfornetworkauthentication)
 - [NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers](policy-csp-localpoliciessecurityoptions.md#networkaccess_leteveryonepermissionsapplytoanonymoususers)
 - [NetworkAccess_NamedPipesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_namedpipesthatcanbeaccessedanonymously)
 - [NetworkAccess_RemotelyAccessibleRegistryPaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypaths)
 - [NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths](policy-csp-localpoliciessecurityoptions.md#networkaccess_remotelyaccessibleregistrypathsandsubpaths)
 - [NetworkAccess_SharesThatCanBeAccessedAnonymously](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharesthatcanbeaccessedanonymously)
 - [NetworkAccess_SharingAndSecurityModelForLocalAccounts](policy-csp-localpoliciessecurityoptions.md#networkaccess_sharingandsecuritymodelforlocalaccounts)
 - [NetworkSecurity_AllowLocalSystemNULLSessionFallback](policy-csp-localpoliciessecurityoptions.md#networksecurity_allowlocalsystemnullsessionfallback)
 - [NetworkSecurity_ForceLogoffWhenLogonHoursExpire](policy-csp-localpoliciessecurityoptions.md#networksecurity_forcelogoffwhenlogonhoursexpire)
 - [NetworkSecurity_LDAPClientSigningRequirements](policy-csp-localpoliciessecurityoptions.md#networksecurity_ldapclientsigningrequirements)
 - [RecoveryConsole_AllowAutomaticAdministrativeLogon](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowautomaticadministrativelogon)
 - [RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders](policy-csp-localpoliciessecurityoptions.md#recoveryconsole_allowfloppycopyandaccesstoalldrivesandallfolders)
 - [SystemCryptography_ForceStrongKeyProtection](policy-csp-localpoliciessecurityoptions.md#systemcryptography_forcestrongkeyprotection)
 - [SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems](policy-csp-localpoliciessecurityoptions.md#systemobjects_requirecaseinsensitivityfornonwindowssubsystems)
 - [SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects](policy-csp-localpoliciessecurityoptions.md#systemobjects_strengthendefaultpermissionsofinternalsystemobjects)
 - [UserAccountControl_BehaviorOfTheElevationPromptForAdministratorProtection](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_behavioroftheelevationpromptforadministratorprotection)
 - [UserAccountControl_TypeOfAdminApprovalMode](policy-csp-localpoliciessecurityoptions.md#useraccountcontrol_typeofadminapprovalmode)
@ -174,23 +95,6 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [ConfigureDeviceStandbyAction](policy-csp-mixedreality.md#configuredevicestandbyaction)
 - [ConfigureDeviceStandbyActionTimeout](policy-csp-mixedreality.md#configuredevicestandbyactiontimeout)
 ## MSSecurityGuide
 - [NetBTNodeTypeConfiguration](policy-csp-mssecurityguide.md#netbtnodetypeconfiguration)
 ## NetworkListManager
 - [AllNetworks_NetworkIcon](policy-csp-networklistmanager.md#allnetworks_networkicon)
 - [AllNetworks_NetworkLocation](policy-csp-networklistmanager.md#allnetworks_networklocation)
 - [AllNetworks_NetworkName](policy-csp-networklistmanager.md#allnetworks_networkname)
 - [IdentifyingNetworks_LocationType](policy-csp-networklistmanager.md#identifyingnetworks_locationtype)
 - [UnidentifiedNetworks_LocationType](policy-csp-networklistmanager.md#unidentifiednetworks_locationtype)
 - [UnidentifiedNetworks_UserPermissions](policy-csp-networklistmanager.md#unidentifiednetworks_userpermissions)
 ## Notifications
 - [DisableAccountNotifications](policy-csp-notifications.md#disableaccountnotifications)
 ## PassportForWork CSP
 - [EnableWindowsHelloProvisioningForSecurityKeys](passportforwork-csp.md#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
@ -202,77 +106,15 @@ This article lists the policies that are applicable for Windows Insider Preview
 ## RemoteDesktopServices
 - [LimitServerToClientClipboardRedirection](policy-csp-remotedesktopservices.md#limitservertoclientclipboardredirection)
 - [LimitClientToServerClipboardRedirection](policy-csp-remotedesktopservices.md#limitclienttoserverclipboardredirection)
 - [DisconnectOnLockLegacyAuthn](policy-csp-remotedesktopservices.md#disconnectonlocklegacyauthn)
 - [DisconnectOnLockMicrosoftIdentityAuthn](policy-csp-remotedesktopservices.md#disconnectonlockmicrosoftidentityauthn)
 - [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-remotedesktopservices.md#ts_server_remoteapp_use_shellappruntime)
 ## Search
 - [ConfigureSearchOnTaskbarMode](policy-csp-search.md#configuresearchontaskbarmode)
 ## SettingsSync
 - [DisableAccessibilitySettingSync](policy-csp-settingssync.md#disableaccessibilitysettingsync)
 - [DisableLanguageSettingSync](policy-csp-settingssync.md#disablelanguagesettingsync)
 ## Sudo
 - [EnableSudo](policy-csp-sudo.md#enablesudo)
 ## SurfaceHub CSP
 - [ExchangeModernAuthEnabled](surfacehub-csp.md#deviceaccountexchangemodernauthenabled)
 ## System
 - [HideUnsupportedHardwareNotifications](policy-csp-system.md#hideunsupportedhardwarenotifications)
 ## SystemServices
 - [ConfigureComputerBrowserServiceStartupMode](policy-csp-systemservices.md#configurecomputerbrowserservicestartupmode)
 - [ConfigureIISAdminServiceStartupMode](policy-csp-systemservices.md#configureiisadminservicestartupmode)
 - [ConfigureInfraredMonitorServiceStartupMode](policy-csp-systemservices.md#configureinfraredmonitorservicestartupmode)
 - [ConfigureInternetConnectionSharingServiceStartupMode](policy-csp-systemservices.md#configureinternetconnectionsharingservicestartupmode)
 - [ConfigureLxssManagerServiceStartupMode](policy-csp-systemservices.md#configurelxssmanagerservicestartupmode)
 - [ConfigureMicrosoftFTPServiceStartupMode](policy-csp-systemservices.md#configuremicrosoftftpservicestartupmode)
 - [ConfigureRemoteProcedureCallLocatorServiceStartupMode](policy-csp-systemservices.md#configureremoteprocedurecalllocatorservicestartupmode)
 - [ConfigureRoutingAndRemoteAccessServiceStartupMode](policy-csp-systemservices.md#configureroutingandremoteaccessservicestartupmode)
 - [ConfigureSimpleTCPIPServicesStartupMode](policy-csp-systemservices.md#configuresimpletcpipservicesstartupmode)
 - [ConfigureSpecialAdministrationConsoleHelperServiceStartupMode](policy-csp-systemservices.md#configurespecialadministrationconsolehelperservicestartupmode)
 - [ConfigureSSDPDiscoveryServiceStartupMode](policy-csp-systemservices.md#configuressdpdiscoveryservicestartupmode)
 - [ConfigureUPnPDeviceHostServiceStartupMode](policy-csp-systemservices.md#configureupnpdevicehostservicestartupmode)
 - [ConfigureWebManagementServiceStartupMode](policy-csp-systemservices.md#configurewebmanagementservicestartupmode)
 - [ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode](policy-csp-systemservices.md#configurewindowsmediaplayernetworksharingservicestartupmode)
 - [ConfigureWindowsMobileHotspotServiceStartupMode](policy-csp-systemservices.md#configurewindowsmobilehotspotservicestartupmode)
 - [ConfigureWorldWideWebPublishingServiceStartupMode](policy-csp-systemservices.md#configureworldwidewebpublishingservicestartupmode)
 ## Update
 - [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
 - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md#configuredeadlinenoautorebootforfeatureupdates)
 - [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md#configuredeadlinenoautorebootforqualityupdates)
 - [AlwaysAutoRebootAtScheduledTimeMinutes](policy-csp-update.md#alwaysautorebootatscheduledtimeminutes)
 ## UserRights
 - [BypassTraverseChecking](policy-csp-userrights.md#bypasstraversechecking)
 - [ReplaceProcessLevelToken](policy-csp-userrights.md#replaceprocessleveltoken)
 - [ChangeTimeZone](policy-csp-userrights.md#changetimezone)
 - [ShutDownTheSystem](policy-csp-userrights.md#shutdownthesystem)
 - [LogOnAsBatchJob](policy-csp-userrights.md#logonasbatchjob)
 - [ProfileSystemPerformance](policy-csp-userrights.md#profilesystemperformance)
 - [DenyLogOnAsBatchJob](policy-csp-userrights.md#denylogonasbatchjob)
 - [LogOnAsService](policy-csp-userrights.md#logonasservice)
 - [IncreaseProcessWorkingSet](policy-csp-userrights.md#increaseprocessworkingset)
 - [DenyLogOnAsService](policy-csp-userrights.md#denylogonasservice)
 - [AdjustMemoryQuotasForProcess](policy-csp-userrights.md#adjustmemoryquotasforprocess)
 - [AllowLogOnThroughRemoteDesktop](policy-csp-userrights.md#allowlogonthroughremotedesktop)
 ## WebThreatDefense
 - [AutomaticDataCollection](policy-csp-webthreatdefense.md#automaticdatacollection)
 ## Wifi
@ -281,7 +123,7 @@ This article lists the policies that are applicable for Windows Insider Preview
 ## WindowsAI
- [DisableAIDataAnalysis](policy-csp-windowsai.md#disableaidataanalysis)
+- [SetCopilotHardwareKey](policy-csp-windowsai.md#setcopilothardwarekey)
 - [DisableImageCreator](policy-csp-windowsai.md#disableimagecreator)
 - [DisableCocreator](policy-csp-windowsai.md#disablecocreator)
@ -294,11 +136,6 @@ This article lists the policies that are applicable for Windows Insider Preview
 - [DisableSubscription](windowslicensing-csp.md#subscriptionsdisablesubscription)
 - [RemoveSubscription](windowslicensing-csp.md#subscriptionsremovesubscription)
 ## WindowsSandbox
 - [AllowMappedFolders](policy-csp-windowssandbox.md#allowmappedfolders)
 - [AllowWriteToMappedFolders](policy-csp-windowssandbox.md#allowwritetomappedfolders)
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -1,7 +1,7 @@
 ---
 title: Policy CSP
 description: Learn more about the Policy CSP.
-ms.date: 08/07/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1152,6 +1152,7 @@ Specifies the name/value pair used in the policy. See the individual Area DDFs f
 - [Settings](policy-csp-settings.md)
 - [SettingsSync](policy-csp-settingssync.md)
 - [SmartScreen](policy-csp-smartscreen.md)
 - [SpeakForMe](policy-csp-speakforme.md)
 - [Speech](policy-csp-speech.md)
 - [Start](policy-csp-start.md)
 - [Stickers](policy-csp-stickers.md)
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_AppxPackageManager Policy CSP
 description: Learn more about the ADMX_AppxPackageManager Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -32,7 +32,7 @@ ms.date: 08/06/2024
 <!-- AllowDeploymentInSpecialProfiles-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to manage the deployment of Windows Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off:
+This policy setting allows you to manage the deployment of packaged Microsoft Store apps when the user is signed in using a special profile. Special profiles are the following user profiles, where changes are discarded after the user signs off:
 Roaming user profiles to which the "Delete cached copies of roaming profiles" Group Policy setting applies.
@ -42,9 +42,9 @@ Temporary user profiles, which are created when an error prevents the correct pr
 User profiles for the Guest account and members of the Guests group.
- If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of Windows Store apps when using a special profile.
+- If you enable this policy setting, Group Policy allows deployment operations (adding, registering, staging, updating, or removing an app package) of packaged Microsoft Store apps when using a special profile.
- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of Windows Store apps when using a special profile.
+- If you disable or don't configure this policy setting, Group Policy blocks deployment operations of packaged Microsoft Store apps when using a special profile.
 <!-- AllowDeploymentInSpecialProfiles-Description-End -->
 <!-- AllowDeploymentInSpecialProfiles-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_AppXRuntime Policy CSP
 description: Learn more about the ADMX_AppXRuntime Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -32,11 +32,11 @@ ms.date: 08/06/2024
 <!-- AppxRuntimeApplicationContentUriRules-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all Windows Store apps that use the enterpriseAuthentication capability on a computer.
+This policy setting lets you turn on Content URI Rules to supplement the static Content URI Rules that were defined as part of the app manifest and apply to all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer.
- If you enable this policy setting, you can define additional Content URI Rules that all Windows Store apps that use the enterpriseAuthentication capability on a computer can use.
+- If you enable this policy setting, you can define additional Content URI Rules that all packaged Microsoft Store apps that use the enterpriseAuthentication capability on a computer can use.
- If you disable or don't set this policy setting, Windows Store apps will only use the static Content URI Rules.
+- If you disable or don't set this policy setting, packaged Microsoft Store apps will only use the static Content URI Rules.
 <!-- AppxRuntimeApplicationContentUriRules-Description-End -->
 <!-- AppxRuntimeApplicationContentUriRules-Editable-Begin -->
@ -60,7 +60,7 @@ This policy setting lets you turn on Content URI Rules to supplement the static
 | Name | Value |
 |:--|:--|
 | Name | AppxRuntimeApplicationContentUriRules |
-| Friendly Name | Turn on dynamic Content URI Rules for Windows store apps |
+| Friendly Name | Turn on dynamic Content URI Rules for packaged Microsoft Store apps |
 | Location | Computer Configuration |
 | Path | Windows Components > App runtime |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Packages\Applications |
@ -95,11 +95,11 @@ This policy setting lets you turn on Content URI Rules to supplement the static
 <!-- AppxRuntimeBlockFileElevation-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting lets you control whether Windows Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a Windows Store app might compromise the system by opening a file in the default desktop app for a file type.
+This policy setting lets you control whether packaged Microsoft Store apps can open files using the default desktop app for a file type. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a packaged Microsoft Store app might compromise the system by opening a file in the default desktop app for a file type.
- If you enable this policy setting, Windows Store apps can't open files in the default desktop app for a file type; they can open files only in other Windows Store apps.
+- If you enable this policy setting, packaged Microsoft Store apps can't open files in the default desktop app for a file type; they can open files only in other packaged Microsoft Store apps.
- If you disable or don't configure this policy setting, Windows Store apps can open files in the default desktop app for a file type.
+- If you disable or don't configure this policy setting, packaged Microsoft Store apps can open files in the default desktop app for a file type.
 <!-- AppxRuntimeBlockFileElevation-Description-End -->
 <!-- AppxRuntimeBlockFileElevation-Editable-Begin -->
@ -219,14 +219,14 @@ This policy shouldn't be enabled unless recommended by Microsoft as a security r
 <!-- AppxRuntimeBlockProtocolElevation-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting lets you control whether Windows Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than Windows Store apps, there is a risk that a URI scheme launched by a Windows Store app might compromise the system by launching a desktop app.
+This policy setting lets you control whether packaged Microsoft Store apps can open URIs using the default desktop app for a URI scheme. Because desktop apps run at a higher integrity level than packaged Microsoft Store apps, there is a risk that a URI scheme launched by a packaged Microsoft Store app might compromise the system by launching a desktop app.
- If you enable this policy setting, Windows Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other Windows Store apps.
+- If you enable this policy setting, packaged Microsoft Store apps can't open URIs in the default desktop app for a URI scheme; they can open URIs only in other packaged Microsoft Store apps.
- If you disable or don't configure this policy setting, Windows Store apps can open URIs in the default desktop app for a URI scheme.
+- If you disable or don't configure this policy setting, packaged Microsoft Store apps can open URIs in the default desktop app for a URI scheme.
 > [!NOTE]
-> Enabling this policy setting doesn't block Windows Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
+> Enabling this policy setting doesn't block packaged Microsoft Store apps from opening the default desktop app for the http, https, and mailto URI schemes. The handlers for these URI schemes are hardened against URI-based vulnerabilities from untrusted sources, reducing the associated risk.
 <!-- AppxRuntimeBlockProtocolElevation-Description-End -->
 <!-- AppxRuntimeBlockProtocolElevation-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_ControlPanelDisplay Policy CSP
 description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1351,7 +1351,7 @@ Specifies which theme file is applied to the computer the first time a user logs
 |:--|:--|
 | Name | CPL_Personalization_SetTheme |
 | Friendly Name | Load a specific theme |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
 | Path | Control Panel > Personalization |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Personalization |
 | ADMX File Name | ControlPanelDisplay.admx |
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_DeviceGuard Policy CSP
 description: Learn more about the ADMX_DeviceGuard Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -34,7 +34,7 @@ ms.date: 08/06/2024
 <!-- ConfigCIPolicy-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Deploy Windows Defender Application Control.
+Deploy App Control for Business.
 This policy setting lets you deploy a Code Integrity Policy to a machine to control what's allowed to run on that machine.
@ -69,7 +69,7 @@ If using a signed and protected policy then disabling this policy setting doesn'
 | Name | Value |
 |:--|:--|
 | Name | ConfigCIPolicy |
-| Friendly Name | Deploy Windows Defender Application Control |
+| Friendly Name | Deploy App Control for Business |
 | Location | Computer Configuration |
 | Path | System > Device Guard |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\DeviceGuard |
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_DnsClient Policy CSP
 description: Learn more about the ADMX_DnsClient Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -91,7 +91,7 @@ Specifies that NetBIOS over TCP/IP (NetBT) queries are issued for fully qualifie
 <!-- DNS_AppendToMultiLabelName-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies that computers may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
+Specifies that the DNS client may attach suffixes to an unqualified multi-label name before sending subsequent DNS queries if the original name query fails.
 A name containing dots, but not dot-terminated, is called an unqualified multi-label name, for example "server.corp" is an unqualified multi-label name. The name "server.corp.contoso.com" is an example of a fully qualified name because it contains a terminating dot.
@ -103,7 +103,7 @@ If attaching suffixes is allowed, and a DNS client with a primary domain suffix
 - If you disable this policy setting, no suffixes are appended to unqualified multi-label name queries if the original name query fails.
- If you don't configure this policy setting, computers will use their local DNS client settings to determine the query behavior for unqualified multi-label names.
+- If you don't configure this policy setting, the DNS client will use its local settings to determine the query behavior for unqualified multi-label names.
 <!-- DNS_AppendToMultiLabelName-Description-End -->
 <!-- DNS_AppendToMultiLabelName-Editable-Begin -->
@ -162,9 +162,9 @@ Specifies a connection-specific DNS suffix. This policy setting supersedes local
 To use this policy setting, click Enabled, and then enter a string value representing the DNS suffix.
- If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the DNS suffix that you enter will be applied to all network connections used by the DNS client.
- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied connection specific DNS suffix, if configured.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied connection specific DNS suffix, if configured.
 <!-- DNS_Domain-Description-End -->
 <!-- DNS_Domain-Editable-Begin -->
@ -234,7 +234,7 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i
 For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
-If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
 For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using this policy setting. The default devolution level is two.
@ -295,11 +295,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
 <!-- DNS_IdnEncoding-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the computer is on non-domain networks with no WINS servers configured.
+Specifies whether the DNS client should convert internationalized domain names (IDNs) to Punycode when the DNS client is on non-domain networks with no WINS servers configured.
 - If this policy setting is enabled, IDNs aren't converted to Punycode.
- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the computer is on non-domain networks with no WINS servers configured.
+- If this policy setting is disabled, or if this policy setting isn't configured, IDNs are converted to Punycode when the DNS client is on non-domain networks with no WINS servers configured.
 <!-- DNS_IdnEncoding-Description-End -->
 <!-- DNS_IdnEncoding-Editable-Begin -->
@ -413,13 +413,13 @@ Specifies whether the DNS client should convert internationalized domain names (
 <!-- DNS_NameServer-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Defines the DNS servers to which a computer sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
+Defines the DNS servers to which the DNS client sends queries when it attempts to resolve names. This policy setting supersedes the list of DNS servers configured locally and those configured using DHCP.
 To use this policy setting, click Enabled, and then enter a space-delimited list of IP addresses in the available field. To use this policy setting, you must enter at least one IP address.
- If you enable this policy setting, the list of DNS servers is applied to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the list of DNS servers is applied to all network connections used by the DNS client.
- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied list of DNS servers, if configured.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied list of DNS servers, if configured.
 <!-- DNS_NameServer-Description-End -->
 <!-- DNS_NameServer-Editable-Begin -->
@ -535,18 +535,18 @@ Specifies that responses from link local name resolution protocols received over
 <!-- DNS_PrimaryDnsSuffix-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies the primary DNS suffix used by computers in DNS name registration and DNS name resolution.
+Specifies the primary DNS suffix used by the DNS client in DNS name registration and DNS name resolution.
 To use this policy setting, click Enabled and enter the entire primary DNS suffix you want to assign. For example: microsoft.com.
 > [!IMPORTANT]
-> In order for changes to this policy setting to be applied on computers that receive it, you must restart Windows.
+> In order for changes to this policy setting to be applied on the DNS client, you must restart Windows.
 - If you enable this policy setting, it supersedes the primary DNS suffix configured in the DNS Suffix and NetBIOS Computer Name dialog box using the System control panel.
 You can use this policy setting to prevent users, including local administrators, from changing the primary DNS suffix.
- If you disable this policy setting, or if you don't configure this policy setting, each computer uses its local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client uses the local primary DNS suffix, which is usually the DNS name of Active Directory domain to which it's joined.
 <!-- DNS_PrimaryDnsSuffix-Description-End -->
 <!-- DNS_PrimaryDnsSuffix-Editable-Begin -->
@ -600,18 +600,18 @@ You can use this policy setting to prevent users, including local administrators
 <!-- DNS_RegisterAdapterName-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies if a computer performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
+Specifies if the DNS client performing dynamic DNS registration will register A and PTR resource records with a concatenation of its computer name and a connection-specific DNS suffix, in addition to registering these records with a concatenation of its computer name and the primary DNS suffix.
 By default, a DNS client performing dynamic DNS registration registers A and PTR resource records with a concatenation of its computer name and the primary DNS suffix. For example, a computer name of mycomputer and a primary DNS suffix of microsoft.com will be registered as: mycomputer.microsoft.com.
- If you enable this policy setting, a computer will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the DNS client will register A and PTR resource records with its connection-specific DNS suffix, in addition to the primary DNS suffix. This applies to all network connections used by the DNS client.
-For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, a computer will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
+For example, with a computer name of mycomputer, a primary DNS suffix of microsoft.com, and a connection specific DNS suffix of VPNconnection, the DNS client will register A and PTR resource records for mycomputer. VPNconnection and mycomputer.microsoft.com when this policy setting is enabled.
 > [!IMPORTANT]
-> This policy setting is ignored on a DNS client computer if dynamic DNS registration is disabled.
+> This policy setting is ignored by the DNS client if dynamic DNS registration is disabled.
- If you disable this policy setting, or if you don't configure this policy setting, a DNS client computer won't register any A and PTR resource records using a connection-specific DNS suffix.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client won't register any A and PTR resource records using a connection-specific DNS suffix.
 <!-- DNS_RegisterAdapterName-Description-End -->
 <!-- DNS_RegisterAdapterName-Editable-Begin -->
@ -666,7 +666,7 @@ For example, with a computer name of mycomputer, a primary DNS suffix of microso
 <!-- DNS_RegisterReverseLookup-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies if DNS client computers will register PTR resource records.
+Specifies if the DNS client will register PTR resource records.
 By default, DNS clients configured to perform dynamic DNS registration will attempt to register PTR resource record only if they successfully registered the corresponding A resource record.
@ -674,13 +674,13 @@ By default, DNS clients configured to perform dynamic DNS registration will atte
 To use this policy setting, click Enabled, and then select one of the following options from the drop-down list:
-Don't register: Computers won't attempt to register PTR resource records.
+Don't register: the DNS client won't attempt to register PTR resource records.
-Register: Computers will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
+Register: the DNS client will attempt to register PTR resource records even if registration of the corresponding A records wasn't successful.
-Register only if A record registration succeeds: Computers will attempt to register PTR resource records only if registration of the corresponding A records was successful.
+Register only if A record registration succeeds: the DNS client will attempt to register PTR resource records only if registration of the corresponding A records was successful.
- If you disable this policy setting, or if you don't configure this policy setting, computers will use locally configured settings.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use locally configured settings.
 <!-- DNS_RegisterReverseLookup-Description-End -->
 <!-- DNS_RegisterReverseLookup-Editable-Begin -->
@ -734,11 +734,11 @@ Register only if A record registration succeeds: Computers will attempt to regis
 <!-- DNS_RegistrationEnabled-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
+Specifies if DNS dynamic update is enabled. DNS clients configured for DNS dynamic update automatically register and update their DNS resource records with a DNS server.
- If you enable this policy setting, or you don't configure this policy setting, computers will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled.
+- If you enable this policy setting, or you don't configure this policy setting, the DNS client will attempt to use dynamic DNS registration on all network connections that have connection-specific dynamic DNS registration enabled. For a dynamic DNS registration to be enabled on a network connection, the connection-specific configuration must allow dynamic DNS registration, and this policy setting mustn't be disabled.
- If you disable this policy setting, computers may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
+- If you disable this policy setting, the DNS client may not use dynamic DNS registration for any of their network connections, regardless of the configuration for individual network connections.
 <!-- DNS_RegistrationEnabled-Description-End -->
 <!-- DNS_RegistrationEnabled-Editable-Begin -->
@ -795,7 +795,7 @@ Specifies if DNS dynamic update is enabled. Computers configured for DNS dynamic
 <!-- Description-Source-ADMX -->
 Specifies whether dynamic updates should overwrite existing resource records that contain conflicting IP addresses.
-This policy setting is designed for computers that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other computers.
+This policy setting is designed for DNS clients that register address (A) resource records in DNS zones that don't use Secure Dynamic Updates. Secure Dynamic Update preserves ownership of resource records and doesn't allow a DNS client to overwrite records that are registered by other DNS clients.
 During dynamic update of resource records in a zone that doesn't use Secure Dynamic Updates, an A resource record might exist that associates the client's host name with an IP address different than the one currently in use by the client. By default, the DNS client attempts to replace the existing A resource record with an A resource record that has the client's current IP address.
@ -856,18 +856,18 @@ During dynamic update of resource records in a zone that doesn't use Secure Dyna
 <!-- DNS_RegistrationRefreshInterval-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies to computers performing dynamic DNS updates.
+Specifies the interval used by DNS clients to refresh registration of A and PTR resource. This policy setting only applies DNS clients performing dynamic DNS updates.
-Computers configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records.
+DNS clients configured to perform dynamic DNS registration of A and PTR resource records periodically reregister their records with DNS servers, even if the record hasn't changed. This reregistration is required to indicate to DNS servers that records are current and shouldn't be automatically removed (scavenged) when a DNS server is configured to delete stale records.
 > [!WARNING]
 > If record scavenging is enabled on the zone, the value of this policy setting should never be longer than the value of the DNS zone refresh interval. Configuring the registration refresh interval to be longer than the refresh interval of the DNS zone might result in the undesired deletion of A and PTR resource records.
 To specify the registration refresh interval, click Enabled and then enter a value of 1800 or greater. The value that you specify is the number of seconds to use for the registration refresh interval. For example, 1800 seconds is 30 minutes.
- If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, registration refresh interval that you specify will be applied to all network connections used by DNS clients that receive this policy setting.
- If you disable this policy setting, or if you don't configure this policy setting, computers will use the local or DHCP supplied setting. By default, client computers configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the local or DHCP supplied setting. By default, DNS clients configured with a static IP address attempt to update their DNS resource records once every 24 hours and DHCP clients will attempt to update their DNS resource records when a DHCP lease is granted or renewed.
 <!-- DNS_RegistrationRefreshInterval-Description-End -->
 <!-- DNS_RegistrationRefreshInterval-Editable-Begin -->
@ -921,13 +921,13 @@ To specify the registration refresh interval, click Enabled and then enter a val
 <!-- DNS_RegistrationTtl-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by computers to which this policy setting is applied.
+Specifies the value of the time to live (TTL) field in A and PTR resource records that are registered by the DNS client to which this policy setting is applied.
 To specify the TTL, click Enabled and then enter a value in seconds (for example, 900 is 15 minutes).
- If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by computers that receive this policy setting.
+- If you enable this policy setting, the TTL value that you specify will be applied to DNS resource records registered for all network connections used by the DNS client.
- If you disable this policy setting, or if you don't configure this policy setting, computers will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client will use the TTL settings specified in DNS. By default, the TTL is 1200 seconds (20 minutes).
 <!-- DNS_RegistrationTtl-Description-End -->
 <!-- DNS_RegistrationTtl-Editable-Begin -->
@ -985,7 +985,7 @@ Specifies the DNS suffixes to attach to an unqualified single-label name before
 An unqualified single-label name contains no dots. The name "example" is a single-label name. This is different from a fully qualified domain name such as "example.microsoft.com".
-Client computers that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com".
+DNS clients that receive this policy setting will attach one or more suffixes to DNS queries for a single-label name. For example, a DNS query for the single-label name "example" will be modified to "example.microsoft.com" before sending the query to a DNS server if this policy setting is enabled with a suffix of "microsoft.com".
 To use this policy setting, click Enabled, and then enter a string value representing the DNS suffixes that should be appended to single-label names. You must specify at least one suffix. Use a comma-delimited string, such as "microsoft.com,serverua.microsoft.com,office.microsoft.com" to specify multiple suffixes.
@ -1170,15 +1170,15 @@ Specifies the security level for dynamic DNS updates.
 To use this policy setting, click Enabled and then select one of the following values:
-Unsecure followed by secure - computers send secure dynamic updates only when nonsecure dynamic updates are refused.
+Unsecure followed by secure - the DNS client sends secure dynamic updates only when nonsecure dynamic updates are refused.
-Only unsecure - computers send only nonsecure dynamic updates.
+Only unsecure - the DNS client sends only nonsecure dynamic updates.
-Only secure - computers send only secure dynamic updates.
+Only secure - The DNS client sends only secure dynamic updates.
- If you enable this policy setting, computers that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
+- If you enable this policy setting, DNS clients that attempt to send dynamic DNS updates will use the security level that you specify in this policy setting.
- If you disable this policy setting, or if you don't configure this policy setting, computers will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
+- If you disable this policy setting, or if you don't configure this policy setting, DNS clients will use local settings. By default, DNS clients attempt to use unsecured dynamic update first. If an unsecured update is refused, clients try to use secure update.
 <!-- DNS_UpdateSecurityLevel-Description-End -->
 <!-- DNS_UpdateSecurityLevel-Editable-Begin -->
@ -1232,13 +1232,13 @@ Only secure - computers send only secure dynamic updates.
 <!-- DNS_UpdateTopLevelDomainZones-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies if computers may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com".
+Specifies if the DNS client may send dynamic updates to zones with a single label name. These zones are also known as top-level domain zones, for example: "com".
 By default, a DNS client that's configured to perform dynamic DNS update will update the DNS zone that's authoritative for its DNS resource records unless the authoritative zone is a top-level domain or root zone.
- If you enable this policy setting, computers send dynamic updates to any zone that's authoritative for the resource records that the computer needs to update, except the root zone.
+- If you enable this policy setting, the DNS client sends dynamic updates to any zone that's authoritative for the resource records that the DNS client needs to update, except the root zone.
- If you disable this policy setting, or if you don't configure this policy setting, computers don't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the computer needs to update.
+- If you disable this policy setting, or if you don't configure this policy setting, the DNS client doesn't send dynamic updates to the root zone or top-level domain zones that are authoritative for the resource records that the DNS client needs to update.
 <!-- DNS_UpdateTopLevelDomainZones-Description-End -->
 <!-- DNS_UpdateTopLevelDomainZones-Editable-Begin -->
@ -1309,7 +1309,7 @@ Each connection-specific DNS suffix, assigned either through DHCP or specified i
 For example, when a user submits a query for a single-label name such as "example," the DNS client attaches a suffix such as "microsoft.com" resulting in the query "example.microsoft.com," before sending the query to a DNS server.
-If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the computer (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
+If a DNS suffix search list isn't specified, the DNS client attaches the primary DNS suffix to a single-label name. If this query fails, the connection-specific DNS suffix is attached for a new query. If none of these queries are resolved, the client devolves the primary DNS suffix of the DNS client (drops the leftmost label of the primary DNS suffix), attaches this devolved primary DNS suffix to the single-label name, and submits this new query to a DNS server.
 For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the non-dot-terminated single-label name "example," and the DNS query for example.ooo.aaa.microsoft.com fails, the DNS client devolves the primary DNS suffix (drops the leftmost label) till the specified devolution level, and submits a query for example.aaa.microsoft.com. If this query fails, the primary DNS suffix is devolved further if it's under specified devolution level and the query example.microsoft.com is submitted. If this query fails, devolution continues if it's under specified devolution level and the query example.microsoft.com is submitted, corresponding to a devolution level of two. The primary DNS suffix can't be devolved beyond a devolution level of two. The devolution level can be configured using the primary DNS suffix devolution level policy setting. The default devolution level is two.
@ -1370,11 +1370,11 @@ For example, if the primary DNS suffix ooo.aaa.microsoft.com is attached to the
 <!-- Turn_Off_Multicast-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Specifies that link local multicast name resolution (LLMNR) is disabled on client computers.
+Specifies that link local multicast name resolution (LLMNR) is disabled on the DNS client.
-LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a client computer to another client computer on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible.
+LLMNR is a secondary name resolution protocol. With LLMNR, queries are sent using multicast over a local network link on a single subnet from a DNS client to another DNS client on the same subnet that also has LLMNR enabled. LLMNR doesn't require a DNS server or DNS client configuration, and provides name resolution in scenarios in which conventional DNS name resolution isn't possible.
- If you enable this policy setting, LLMNR will be disabled on all available network adapters on the client computer.
+- If you enable this policy setting, LLMNR will be disabled on all available network adapters on the DNS client.
 - If you disable this policy setting, or you don't configure this policy setting, LLMNR will be enabled on all available network adapters.
 <!-- Turn_Off_Multicast-Description-End -->
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_FileSys Policy CSP
 description: Learn more about the ADMX_FileSys Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -260,7 +260,7 @@ Encrypting the page file prevents malicious users from reading data that has bee
 <!-- LongPathsEnabled-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Enabling Win32 long paths will allow manifested win32 applications and Windows Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process.
+Enabling Win32 long paths will allow manifested win32 applications and packaged Microsoft Store applications to access paths beyond the normal 260 character limit. Enabling this setting will cause the long paths to be accessible within the process.
 <!-- LongPathsEnabled-Description-End -->
 <!-- LongPathsEnabled-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_MicrosoftDefenderAntivirus Policy CSP
 description: Learn more about the ADMX_MicrosoftDefenderAntivirus Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1523,11 +1523,13 @@ This policy setting defines the number of days items should be kept in the Quara
 <!-- RandomizeScheduleTaskTimes-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to configure the scheduled scan, and the scheduled security intelligence update, start time window in hours.
+This policy setting allows you to configure the randomization of the scheduled scan start time and the scheduled definition update start time.
- If you disable or don't configure this setting, scheduled tasks will begin at a random time within 4 hours after the time specified in Task Scheduler.
+- If you enable or don't configure this policy setting, and didn't set a randomization window in the Configure scheduled task time randomization window setting , then randomization will be added between 0-4 hours.
- If you enable this setting, you can widen, or narrow, this randomization period. Specify a randomization window of between 1 and 23 hours.
+- If you enable or don't configure this policy setting, and set a randomization window in the Configure scheduled task time randomization window setting, the configured randomization window will be used.
 - If you disable this policy setting, but configured the scheduled task time randomization window, randomization won't be done.
 <!-- RandomizeScheduleTaskTimes-Description-End -->
 <!-- RandomizeScheduleTaskTimes-Editable-Begin -->
@ -3528,11 +3530,11 @@ This policy setting allows you to configure scanning mapped network drives.
 <!-- Scan_DisableScanningNetworkFiles-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to configure scanning for network files. It's recommended that you don't enable this setting.
+This policy setting allows the scanning of network files using on access protection. The default is enabled. Recommended to remain enabled in most cases.
- If you enable this setting, network files will be scanned.
+- If you enable or don't configure this setting, network files will be scanned.
- If you disable or don't configure this setting, network files won't be scanned.
+- If you disable this setting, network files won't be scanned.
 <!-- Scan_DisableScanningNetworkFiles-Description-End -->
 <!-- Scan_DisableScanningNetworkFiles-Editable-Begin -->
@ -3556,7 +3558,7 @@ This policy setting allows you to configure scanning for network files. It's rec
 | Name | Value |
 |:--|:--|
 | Name | Scan_DisableScanningNetworkFiles |
-| Friendly Name | Scan network files |
+| Friendly Name | Configure scanning of network files |
 | Location | Computer Configuration |
 | Path | Windows Components > Microsoft Defender Antivirus > Scan |
 | Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
@ -5436,12 +5438,7 @@ Valid remediation action values are:
 <!-- UX_Configuration_CustomDefaultActionToastString-OmaUri-End -->
 <!-- UX_Configuration_CustomDefaultActionToastString-Description-Begin -->
-<!-- Description-Source-ADMX -->
+<!-- Description-Source-Not-Found -->
 This policy setting allows you to configure whether or not to display additional text to clients when they need to perform an action. The text displayed is a custom administrator-defined string. For example, the phone number to call the company help desk. The client interface will only display a maximum of 1024 characters. Longer strings will be truncated before display.
 - If you enable this setting, the additional text specified will be displayed.
 - If you disable or don't configure this setting, there will be no additional text displayed.
 <!-- UX_Configuration_CustomDefaultActionToastString-Description-End -->
 <!-- UX_Configuration_CustomDefaultActionToastString-Editable-Begin -->
@ -5458,6 +5455,7 @@ This policy setting allows you to configure whether or not to display additional
 <!-- UX_Configuration_CustomDefaultActionToastString-DFProperties-End -->
 <!-- UX_Configuration_CustomDefaultActionToastString-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -5465,10 +5463,6 @@ This policy setting allows you to configure whether or not to display additional
 | Name | Value |
 |:--|:--|
 | Name | UX_Configuration_CustomDefaultActionToastString |
 | Friendly Name | Display additional text to clients when they need to perform an action |
 | Location | Computer Configuration |
 | Path | Windows Components > Microsoft Defender Antivirus > Client Interface |
 | Registry Key Name | Software\Policies\Microsoft\Windows Defender\UX Configuration |
 | ADMX File Name | WindowsDefender.admx |
 <!-- UX_Configuration_CustomDefaultActionToastString-AdmxBacked-End -->
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_Netlogon Policy CSP
 description: Learn more about the ADMX_Netlogon Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -420,6 +420,8 @@ Note that this policy setting doesn't affect NetBIOS-based discovery for DC loca
 - If you enable or don't configure this policy setting, the DC location algorithm doesn't use NetBIOS-based discovery as a fallback mechanism when DNS-based discovery fails. This is the default behavior.
 - If you disable this policy setting, the DC location algorithm can use NetBIOS-based discovery as a fallback mechanism when DNS based discovery fails.
 This setting has no effect unless the BlockNetbiosDiscovery setting is disabled. NetBIOS-based discovery is considered unsecure, has many limitations, and will be deprecated in a future release. For these reasons, NetBIOS-based discovery isn't recommended. See <https://aka.ms/dclocatornetbiosdeprecation> for more information.
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-Description-End -->
 <!-- Netlogon_AvoidFallbackNetbiosDiscovery-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_Printing Policy CSP
 description: Learn more about the ADMX_Printing Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -749,7 +749,7 @@ This preference allows you to change default printer management.
 <!-- MXDWUseLegacyOutputFormatMSXPS-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2022.
+Microsoft XPS Document Writer (MXDW) generates OpenXPS (*.oxps) files by default in Windows 10, Windows 10 and Windows Server 2025.
 - If you enable this group policy setting, the default MXDW output format is the legacy Microsoft XPS (*.xps).
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_StartMenu Policy CSP
 description: Learn more about the ADMX_StartMenu Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -997,7 +997,7 @@ This policy setting allows you to prevent users from changing their Start screen
 |:--|:--|
 | Name | NoChangeStartMenu |
 | Friendly Name | Prevent users from customizing their Start Screen |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
 | Path | Start Menu and Taskbar |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\Explorer |
 | Registry Value Name | NoChangeStartMenu |
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_Taskbar Policy CSP
 description: Learn more about the ADMX_Taskbar Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -69,7 +69,7 @@ A reboot is required for this policy setting to take effect.
 |:--|:--|
 | Name | DisableNotificationCenter |
 | Friendly Name | Remove Notifications and Action Center |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
 | Path | Start Menu and Taskbar |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
 | Registry Value Name | DisableNotificationCenter |
@ -748,11 +748,11 @@ This policy setting allows you to turn off automatic promotion of notification i
 <!-- ShowWindowsStoreAppsOnTaskbar-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows users to see Windows Store apps on the taskbar.
+This policy setting allows users to see packaged Microsoft Store apps on the taskbar.
- If you enable this policy setting, users will see Windows Store apps on the taskbar.
+- If you enable this policy setting, users will see packaged Microsoft Store apps on the taskbar.
- If you disable this policy setting, users won't see Windows Store apps on the taskbar.
+- If you disable this policy setting, users won't see packaged Microsoft Store apps on the taskbar.
 - If you don't configure this policy setting, the default setting for the user's device will be used, and the user can choose to change it.
 <!-- ShowWindowsStoreAppsOnTaskbar-Description-End -->
@ -778,7 +778,7 @@ This policy setting allows users to see Windows Store apps on the taskbar.
 | Name | Value |
 |:--|:--|
 | Name | ShowWindowsStoreAppsOnTaskbar |
-| Friendly Name | Show Windows Store apps on the taskbar |
+| Friendly Name | Show packaged Microsoft Store apps on the taskbar |
 | Location | User Configuration |
 | Path | Start Menu and Taskbar |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_TerminalServer Policy CSP
 description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -3585,7 +3585,7 @@ This policy setting allows you to specify which protocols can be used for Remote
 - If you enable this policy setting, you must specify if you would like RDP to use UDP.
-You can select one of the following options: "Use both UDP and TCP", "Use only TCP" or "Use either UDP or TCP (default)".
+You can select one of the following options: "Use either UDP or TCP (default)" or "Use only TCP".
 If you select "Use either UDP or TCP" and the UDP connection is successful, most of the RDP traffic will use UDP.
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_Thumbnails Policy CSP
 description: Learn more about the ADMX_Thumbnails Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -95,11 +95,14 @@ File Explorer displays thumbnail images by default.
 <!-- Description-Source-ADMX -->
 This policy setting allows you to configure how File Explorer displays thumbnail images or icons on network folders.
-File Explorer displays thumbnail images on network folders by default.
+File Explorer displays only icons and never displays thumbnail images on network folders by default.
- If you enable this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
+- If you disable this policy setting, File Explorer displays thumbnail images on network folders.
- If you disable or don't configure this policy setting, File Explorer displays only thumbnail images on network folders.
+- If you enable or don't configure this policy setting, File Explorer displays only icons and never displays thumbnail images on network folders.
 > [!NOTE]
 > Allowing the use of thumbnail images from network folders can expose the users' computers to security risks.
 <!-- DisableThumbnailsOnNetworkFolders-Description-End -->
 <!-- DisableThumbnailsOnNetworkFolders-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_WindowsExplorer Policy CSP
 description: Learn more about the ADMX_WindowsExplorer Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -472,7 +472,15 @@ You can specify a known folder using its known folder id or using its canonical
 <!-- DisableMotWOnInsecurePathCopy-OmaUri-End -->
 <!-- DisableMotWOnInsecurePathCopy-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting determines the application of the Mark of the Web tag to files sourced from insecure locations.
 - If you enable this policy setting, files copied from unsecure sources won't be tagged with the Mark of the Web.
 - If you disable or don't configure this policy setting, files copied from unsecure sources will be tagged with the appropriate Mark of the Web.
 > [!NOTE]
 > Failure to tag files from unsecure sources with the Mark of the Web can expose users' computers to security risks.
 <!-- DisableMotWOnInsecurePathCopy-Description-End -->
 <!-- DisableMotWOnInsecurePathCopy-Editable-Begin -->
@ -489,7 +497,6 @@ You can specify a known folder using its known folder id or using its canonical
 <!-- DisableMotWOnInsecurePathCopy-DFProperties-End -->
 <!-- DisableMotWOnInsecurePathCopy-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -497,6 +504,11 @@ You can specify a known folder using its known folder id or using its canonical
 | Name | Value |
 |:--|:--|
 | Name | DisableMotWOnInsecurePathCopy |
 | Friendly Name | Do not apply the Mark of the Web tag to files copied from insecure sources |
 | Location | Computer Configuration |
 | Path | WindowsComponents > File Explorer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Explorer |
 | Registry Value Name | DisableMotWOnInsecurePathCopy |
 | ADMX File Name | WindowsExplorer.admx |
 <!-- DisableMotWOnInsecurePathCopy-AdmxBacked-End -->
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_WPN Policy CSP
 description: Learn more about the ADMX_WPN Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -254,7 +254,7 @@ No reboots or service restarts are required for this policy setting to take effe
 |:--|:--|
 | Name | NoToastNotification |
 | Friendly Name | Turn off toast notifications |
-| Location | User Configuration |
+| Location | Computer and User Configuration |
 | Path | Start Menu and Taskbar > Notifications |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\PushNotifications |
 | Registry Value Name | NoToastApplicationNotification |
--- a/windows/client-management/mdm/policy-csp-appdeviceinventory.md
+++ b/windows/client-management/mdm/policy-csp-appdeviceinventory.md
@ -1,7 +1,7 @@
 ---
 title: AppDeviceInventory Policy CSP
 description: Learn more about the AppDeviceInventory Area in Policy CSP.
-ms.date: 08/07/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -33,7 +33,12 @@ ms.date: 08/07/2024
 <!-- TurnOffAPISamping-OmaUri-End -->
 <!-- TurnOffAPISamping-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy controls the state of API Sampling. API Sampling monitors the sampled collection of application programming interfaces used during system runtime to help diagnose compatibility problems.
 - If you enable this policy, API Sampling won't be run.
 - If you disable or don't configure this policy, API Sampling will be turned on.
 <!-- TurnOffAPISamping-Description-End -->
 <!-- TurnOffAPISamping-Editable-Begin -->
@ -50,7 +55,6 @@ ms.date: 08/07/2024
 <!-- TurnOffAPISamping-DFProperties-End -->
 <!-- TurnOffAPISamping-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -58,6 +62,11 @@ ms.date: 08/07/2024
 | Name | Value |
 |:--|:--|
 | Name | TurnOffAPISamping |
 | Friendly Name | Turn off API Sampling |
 | Location | Computer Configuration |
 | Path | Windows Components > App and Device Inventory |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
 | Registry Value Name | DisableAPISamping |
 | ADMX File Name | AppDeviceInventory.admx |
 <!-- TurnOffAPISamping-AdmxBacked-End -->
@ -83,7 +92,12 @@ ms.date: 08/07/2024
 <!-- TurnOffApplicationFootprint-OmaUri-End -->
 <!-- TurnOffApplicationFootprint-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy controls the state of Application Footprint. Application Footprint monitors the sampled collection of registry and file usage to help diagnose compatibility problems.
 - If you enable this policy, Application Footprint won't be run.
 - If you disable or don't configure this policy, Application Footprint will be turned on.
 <!-- TurnOffApplicationFootprint-Description-End -->
 <!-- TurnOffApplicationFootprint-Editable-Begin -->
@ -100,7 +114,6 @@ ms.date: 08/07/2024
 <!-- TurnOffApplicationFootprint-DFProperties-End -->
 <!-- TurnOffApplicationFootprint-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -108,6 +121,11 @@ ms.date: 08/07/2024
 | Name | Value |
 |:--|:--|
 | Name | TurnOffApplicationFootprint |
 | Friendly Name | Turn off Application Footprint |
 | Location | Computer Configuration |
 | Path | Windows Components > App and Device Inventory |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
 | Registry Value Name | DisableApplicationFootprint |
 | ADMX File Name | AppDeviceInventory.admx |
 <!-- TurnOffApplicationFootprint-AdmxBacked-End -->
@ -133,7 +151,12 @@ ms.date: 08/07/2024
 <!-- TurnOffInstallTracing-OmaUri-End -->
 <!-- TurnOffInstallTracing-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy controls the state of Install Tracing. Install Tracing is a mechanism that tracks application installs to help diagnose compatibility problems.
 - If you enable this policy, Install Tracing won't be run.
 - If you disable or don't configure this policy, Install Tracing will be turned on.
 <!-- TurnOffInstallTracing-Description-End -->
 <!-- TurnOffInstallTracing-Editable-Begin -->
@ -150,7 +173,6 @@ ms.date: 08/07/2024
 <!-- TurnOffInstallTracing-DFProperties-End -->
 <!-- TurnOffInstallTracing-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -158,6 +180,11 @@ ms.date: 08/07/2024
 | Name | Value |
 |:--|:--|
 | Name | TurnOffInstallTracing |
 | Friendly Name | Turn off Install Tracing |
 | Location | Computer Configuration |
 | Path | Windows Components > App and Device Inventory |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
 | Registry Value Name | DisableInstallTracing |
 | ADMX File Name | AppDeviceInventory.admx |
 <!-- TurnOffInstallTracing-AdmxBacked-End -->
@ -167,6 +194,65 @@ ms.date: 08/07/2024
 <!-- TurnOffInstallTracing-End -->
 <!-- TurnOffWin32AppBackup-Begin -->
 ## TurnOffWin32AppBackup
 <!-- TurnOffWin32AppBackup-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- TurnOffWin32AppBackup-Applicability-End -->
 <!-- TurnOffWin32AppBackup-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/AppDeviceInventory/TurnOffWin32AppBackup
 ```
 <!-- TurnOffWin32AppBackup-OmaUri-End -->
 <!-- TurnOffWin32AppBackup-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy controls the state of the compatibility scan for backed up applications. The compatibility scan for backed up applications evaluates for compatibility problems in installed applications.
 - If you enable this policy, the compatibility scan for backed up applications won't be run.
 - If you disable or don't configure this policy, the compatibility scan for backed up applications will be run.
 <!-- TurnOffWin32AppBackup-Description-End -->
 <!-- TurnOffWin32AppBackup-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- TurnOffWin32AppBackup-Editable-End -->
 <!-- TurnOffWin32AppBackup-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- TurnOffWin32AppBackup-DFProperties-End -->
 <!-- TurnOffWin32AppBackup-AdmxBacked-Begin -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | TurnOffWin32AppBackup |
 | Friendly Name | Turn off compatibility scan for backed up applications |
 | Location | Computer Configuration |
 | Path | Windows Components > App and Device Inventory |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppCompat |
 | Registry Value Name | DisableWin32AppBackup |
 | ADMX File Name | AppDeviceInventory.admx |
 <!-- TurnOffWin32AppBackup-AdmxBacked-End -->
 <!-- TurnOffWin32AppBackup-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- TurnOffWin32AppBackup-Examples-End -->
 <!-- TurnOffWin32AppBackup-End -->
 <!-- AppDeviceInventory-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- AppDeviceInventory-CspMoreInfo-End -->
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -1,7 +1,7 @@
 ---
 title: ApplicationManagement Policy CSP
 description: Learn more about the ApplicationManagement Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -30,11 +30,11 @@ ms.date: 04/10/2024
 <!-- AllowAllTrustedApps-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed Windows Store apps.
+This policy setting allows you to manage the installation of trusted line-of-business (LOB) or developer-signed packaged Microsoft Store apps.
- If you enable this policy setting, you can install any LOB or developer-signed Windows Store app (which must be signed with a certificate chain that can be successfully validated by the local computer).
+- If you enable this policy setting, you can install any LOB or developer-signed packaged Microsoft Store app (which must be signed with a certificate chain that can be successfully validated by the local computer).
- If you disable or don't configure this policy setting, you can't install LOB or developer-signed Windows Store apps.
+- If you disable or don't configure this policy setting, you can't install LOB or developer-signed packaged Microsoft Store apps.
 <!-- AllowAllTrustedApps-Description-End -->
 <!-- AllowAllTrustedApps-Editable-Begin -->
@ -269,7 +269,7 @@ Allows or denies development of Microsoft Store applications and installing them
 | Name | Value |
 |:--|:--|
 | Name | AllowDevelopmentWithoutDevLicense |
-| Friendly Name | Allows development of Windows Store apps and installing them from an integrated development environment (IDE) |
+| Friendly Name | Allows development of packaged Microsoft Store apps and installing them from an integrated development environment (IDE) |
 | Location | Computer Configuration |
 | Path | Windows Components > App Package Deployment |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Appx |
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@ -1,7 +1,7 @@
 ---
 title: AppRuntime Policy CSP
 description: Learn more about the AppRuntime Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -32,9 +32,9 @@ ms.date: 01/18/2024
 <!-- AllowMicrosoftAccountsToBeOptional-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting lets you control whether Microsoft accounts are optional for Windows Store apps that require an account to sign in. This policy only affects Windows Store apps that support it.
+This policy setting lets you control whether Microsoft accounts are optional for packaged Microsoft Store apps that require an account to sign in. This policy only affects packaged Microsoft Store apps that support it.
- If you enable this policy setting, Windows Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.
+- If you enable this policy setting, packaged Microsoft Store apps that typically require a Microsoft account to sign in will allow users to sign in with an enterprise account instead.
 - If you disable or don't configure this policy setting, users will need to sign in with a Microsoft account.
 <!-- AllowMicrosoftAccountsToBeOptional-Description-End -->
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@ -1,7 +1,7 @@
 ---
 title: AppVirtualization Policy CSP
 description: Learn more about the AppVirtualization Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -33,6 +33,9 @@ ms.date: 01/18/2024
 <!-- AllowAppVClient-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
 > [!NOTE]
 > Application Virtualization (App-V) will reach end-of-life April 2026. After that time, the App-V client will be excluded from new versions of the Windows operating system. See aka.ms/AppVDeprecation for more information.
 <!-- AllowAppVClient-Description-End -->
 <!-- AllowAppVClient-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@ -1,7 +1,7 @@
 ---
 title: Cryptography Policy CSP
 description: Learn more about the Cryptography Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- Cryptography-Begin -->
 # Policy CSP - Cryptography
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Cryptography-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Cryptography-Editable-End -->
@ -79,7 +77,7 @@ Allows or disallows the Federal Information Processing Standard (FIPS) policy.
 <!-- ConfigureEllipticCurveCryptography-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureEllipticCurveCryptography-Applicability-End -->
 <!-- ConfigureEllipticCurveCryptography-OmaUri-Begin -->
@ -146,7 +144,7 @@ CertUtil.exe -DisplayEccCurve.
 <!-- ConfigureSystemCryptographyForceStrongKeyProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureSystemCryptographyForceStrongKeyProtection-Applicability-End -->
 <!-- ConfigureSystemCryptographyForceStrongKeyProtection-OmaUri-Begin -->
@ -196,7 +194,7 @@ System cryptography: Force strong key protection for user keys stored on the com
 <!-- OverrideMinimumEnabledDTLSVersionClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- OverrideMinimumEnabledDTLSVersionClient-Applicability-End -->
 <!-- OverrideMinimumEnabledDTLSVersionClient-OmaUri-Begin -->
@ -235,7 +233,7 @@ Override minimal enabled TLS version for client role. Last write wins.
 <!-- OverrideMinimumEnabledDTLSVersionServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- OverrideMinimumEnabledDTLSVersionServer-Applicability-End -->
 <!-- OverrideMinimumEnabledDTLSVersionServer-OmaUri-Begin -->
@ -274,7 +272,7 @@ Override minimal enabled TLS version for server role. Last write wins.
 <!-- OverrideMinimumEnabledTLSVersionClient-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- OverrideMinimumEnabledTLSVersionClient-Applicability-End -->
 <!-- OverrideMinimumEnabledTLSVersionClient-OmaUri-Begin -->
@ -313,7 +311,7 @@ Override minimal enabled TLS version for client role. Last write wins.
 <!-- OverrideMinimumEnabledTLSVersionServer-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- OverrideMinimumEnabledTLSVersionServer-Applicability-End -->
 <!-- OverrideMinimumEnabledTLSVersionServer-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -1,7 +1,7 @@
 ---
 title: Defender Policy CSP
 description: Learn more about the Defender Area in Policy CSP.
-ms.date: 06/28/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -745,7 +745,7 @@ This policy setting allows you to configure scheduled scans and on-demand (manua
 | Name | Value |
 |:--|:--|
 | Name | Scan_DisableScanningNetworkFiles |
-| Friendly Name | Scan network files |
+| Friendly Name | Configure scanning of network files |
 | Location | Computer Configuration |
 | Path | Windows Components > Microsoft Defender Antivirus > Scan |
 | Registry Key Name | Software\Policies\Microsoft\Windows Defender\Scan |
--- a/windows/client-management/mdm/policy-csp-desktopappinstaller.md
+++ b/windows/client-management/mdm/policy-csp-desktopappinstaller.md
@ -1,7 +1,7 @@
 ---
 title: DesktopAppInstaller Policy CSP
 description: Learn more about the DesktopAppInstaller Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -11,8 +11,6 @@ ms.date: 01/18/2024
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- DesktopAppInstaller-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- DesktopAppInstaller-Editable-End -->
@ -215,7 +213,14 @@ Users will still be able to execute the *winget* command. The default help will
 <!-- EnableBypassCertificatePinningForMicrosoftStore-OmaUri-End -->
 <!-- EnableBypassCertificatePinningForMicrosoftStore-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy controls whether the [Windows Package Manager](/windows/package-manager/) will validate the Microsoft Store certificate hash matches to a known Microsoft Store certificate when initiating a connection to the Microsoft Store Source.
 - If you enable this policy, the [Windows Package Manager](/windows/package-manager/) will bypass the Microsoft Store certificate validation.
 - If you disable this policy, the [Windows Package Manager](/windows/package-manager/) will validate the Microsoft Store certificate used is valid and belongs to the Microsoft Store before communicating with the Microsoft Store source.
 - If you don't configure this policy, the [Windows Package Manager](/windows/package-manager/) administrator settings will be adhered to.
 <!-- EnableBypassCertificatePinningForMicrosoftStore-Description-End -->
 <!-- EnableBypassCertificatePinningForMicrosoftStore-Editable-Begin -->
@ -232,7 +237,6 @@ Users will still be able to execute the *winget* command. The default help will
 <!-- EnableBypassCertificatePinningForMicrosoftStore-DFProperties-End -->
 <!-- EnableBypassCertificatePinningForMicrosoftStore-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -240,6 +244,11 @@ Users will still be able to execute the *winget* command. The default help will
 | Name | Value |
 |:--|:--|
 | Name | EnableBypassCertificatePinningForMicrosoftStore |
 | Friendly Name | Enable App Installer Microsoft Store Source Certificate Validation Bypass |
 | Location | Computer Configuration |
 | Path | Windows Components > Desktop App Installer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
 | Registry Value Name | EnableBypassCertificatePinningForMicrosoftStore |
 | ADMX File Name | DesktopAppInstaller.admx |
 <!-- EnableBypassCertificatePinningForMicrosoftStore-AdmxBacked-End -->
@ -445,7 +454,14 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
 <!-- EnableLocalArchiveMalwareScanOverride-OmaUri-End -->
 <!-- EnableLocalArchiveMalwareScanOverride-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy controls the ability to override malware vulnerability scans when installing an archive file using a local manifest using the command line arguments.
 - If you enable this policy, users can override the malware scan when performing a local manifest install of an archive file.
 - If you disable this policy, users will be unable to override the malware scan of an archive file when installing using a local manifest.
 - If you don't configure this policy, the [Windows Package Manager](/windows/package-manager/) administrator settings will be adhered to.
 <!-- EnableLocalArchiveMalwareScanOverride-Description-End -->
 <!-- EnableLocalArchiveMalwareScanOverride-Editable-Begin -->
@ -462,7 +478,6 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
 <!-- EnableLocalArchiveMalwareScanOverride-DFProperties-End -->
 <!-- EnableLocalArchiveMalwareScanOverride-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -470,6 +485,11 @@ This policy controls whether or not the [Windows Package Manager](/windows/packa
 | Name | Value |
 |:--|:--|
 | Name | EnableLocalArchiveMalwareScanOverride |
 | Friendly Name | Enable App Installer Local Archive Malware Scan Override |
 | Location | Computer Configuration |
 | Path | Windows Components > Desktop App Installer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
 | Registry Value Name | EnableLocalArchiveMalwareScanOverride |
 | ADMX File Name | DesktopAppInstaller.admx |
 <!-- EnableLocalArchiveMalwareScanOverride-AdmxBacked-End -->
@ -618,9 +638,9 @@ This policy controls the Microsoft Store source included with the [Windows Packa
 <!-- Description-Source-ADMX -->
 This policy controls whether users can install packages from a website that's using the ms-appinstaller protocol.
- If you enable or don't configure this setting, users will be able to install packages from websites that use this protocol.
+- If you enable this setting, users will be able to install packages from websites that use this protocol.
- If you disable this setting, users won't be able to install packages from websites that use this protocol.
+- If you disable or don't configure this setting, users won't be able to install packages from websites that use this protocol.
 <!-- EnableMSAppInstallerProtocol-Description-End -->
 <!-- EnableMSAppInstallerProtocol-Editable-Begin -->
@ -724,7 +744,7 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-Applicability-End -->
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-OmaUri-Begin -->
@ -734,7 +754,14 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-OmaUri-End -->
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy determines if a user can perform an action using the [Windows Package Manager](/windows/package-manager/) through a command line interface (WinGet CLI, or WinGet PowerShell).
 If you disable this policy, users won't be able execute the [Windows Package Manager](/windows/package-manager/) CLI, and PowerShell cmdlets.
 If you enable, or don't configuring this policy, users will be able to execute the [Windows Package Manager](/windows/package-manager/) CLI commands, and PowerShell cmdlets. (Provided "Enable App Installer" policy isn't disabled).
 This policy doesn't override the "Enable App Installer" policy.
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-Description-End -->
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-Editable-Begin -->
@ -751,7 +778,6 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-DFProperties-End -->
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -759,6 +785,11 @@ The settings are stored inside of a .json file on the user’s system. It may be
 | Name | Value |
 |:--|:--|
 | Name | EnableWindowsPackageManagerCommandLineInterfaces |
 | Friendly Name | Enable Windows Package Manager command line interfaces |
 | Location | Computer Configuration |
 | Path | Windows Components > Desktop App Installer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
 | Registry Value Name | EnableWindowsPackageManagerCommandLineInterfaces |
 | ADMX File Name | DesktopAppInstaller.admx |
 <!-- EnableWindowsPackageManagerCommandLineInterfaces-AdmxBacked-End -->
@ -774,7 +805,7 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- EnableWindowsPackageManagerConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- EnableWindowsPackageManagerConfiguration-Applicability-End -->
 <!-- EnableWindowsPackageManagerConfiguration-OmaUri-Begin -->
@ -784,7 +815,12 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- EnableWindowsPackageManagerConfiguration-OmaUri-End -->
 <!-- EnableWindowsPackageManagerConfiguration-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy controls whether the [Windows Package Manager](/windows/package-manager/) configuration feature can be used by users.
 - If you enable or don't configure this setting, users will be able to use the [Windows Package Manager](/windows/package-manager/) configuration feature.
 - If you disable this setting, users won't be able to use the [Windows Package Manager](/windows/package-manager/) configuration feature.
 <!-- EnableWindowsPackageManagerConfiguration-Description-End -->
 <!-- EnableWindowsPackageManagerConfiguration-Editable-Begin -->
@ -801,7 +837,6 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- EnableWindowsPackageManagerConfiguration-DFProperties-End -->
 <!-- EnableWindowsPackageManagerConfiguration-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -809,6 +844,11 @@ The settings are stored inside of a .json file on the user’s system. It may be
 | Name | Value |
 |:--|:--|
 | Name | EnableWindowsPackageManagerConfiguration |
 | Friendly Name | Enable Windows Package Manager Configuration |
 | Location | Computer Configuration |
 | Path | Windows Components > Desktop App Installer |
 | Registry Key Name | Software\Policies\Microsoft\Windows\AppInstaller |
 | Registry Value Name | EnableWindowsPackageManagerConfiguration |
 | ADMX File Name | DesktopAppInstaller.admx |
 <!-- EnableWindowsPackageManagerConfiguration-AdmxBacked-End -->
@ -835,9 +875,9 @@ The settings are stored inside of a .json file on the user’s system. It may be
 <!-- SourceAutoUpdateInterval-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy controls the auto update interval for package-based sources.
+This policy controls the auto-update interval for package-based sources. The default source for [Windows Package Manager](/windows/package-manager/) is configured such that an index of the packages is cached on the local machine. The index is downloaded when a user invokes a command, and the interval has passed.
- If you disable or don't configure this setting, the default interval or the value specified in settings will be used by the [Windows Package Manager](/windows/package-manager/).
+- If you disable or don't configure this setting, the default interval or the value specified in the [Windows Package Manager](/windows/package-manager/) settings will be used.
 - If you enable this setting, the number of minutes specified will be used by the [Windows Package Manager](/windows/package-manager/).
 <!-- SourceAutoUpdateInterval-Description-End -->
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@ -1,7 +1,7 @@
 ---
 title: DeviceLock Policy CSP
 description: Learn more about the DeviceLock Area in Policy CSP.
-ms.date: 08/05/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -11,8 +11,6 @@ ms.date: 08/05/2024
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- DeviceLock-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!IMPORTANT]
@ -25,7 +23,7 @@ ms.date: 08/05/2024
 <!-- AccountLockoutPolicy-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AccountLockoutPolicy-Applicability-End -->
 <!-- AccountLockoutPolicy-OmaUri-Begin -->
@ -64,7 +62,7 @@ Account lockout threshold - This security setting determines the number of faile
 <!-- AllowAdministratorLockout-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllowAdministratorLockout-Applicability-End -->
 <!-- AllowAdministratorLockout-OmaUri-Begin -->
@ -329,7 +327,7 @@ Determines the type of PIN or password required. This policy only applies if the
 <!-- ClearTextPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ClearTextPassword-Applicability-End -->
 <!-- ClearTextPassword-OmaUri-Begin -->
@ -685,7 +683,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!-- MaximumPasswordAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- MaximumPasswordAge-Applicability-End -->
 <!-- MaximumPasswordAge-OmaUri-Begin -->
@ -1025,7 +1023,7 @@ This security setting determines the period of time (in days) that a password mu
 <!-- MinimumPasswordLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- MinimumPasswordLength-Applicability-End -->
 <!-- MinimumPasswordLength-OmaUri-Begin -->
@ -1078,7 +1076,7 @@ This security setting determines the least number of characters that a password
 <!-- MinimumPasswordLengthAudit-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- MinimumPasswordLengthAudit-Applicability-End -->
 <!-- MinimumPasswordLengthAudit-OmaUri-Begin -->
@ -1128,7 +1126,7 @@ This security setting determines the minimum password length for which password
 <!-- PasswordComplexity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- PasswordComplexity-Applicability-End -->
 <!-- PasswordComplexity-OmaUri-Begin -->
@ -1188,7 +1186,7 @@ Complexity requirements are enforced when passwords are changed or created.
 <!-- PasswordHistorySize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- PasswordHistorySize-Applicability-End -->
 <!-- PasswordHistorySize-OmaUri-Begin -->
@ -1360,7 +1358,7 @@ If you enable this setting, users will no longer be able to modify slide show se
 <!-- RelaxMinimumPasswordLengthLimits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- RelaxMinimumPasswordLengthLimits-Applicability-End -->
 <!-- RelaxMinimumPasswordLengthLimits-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@ -1,7 +1,7 @@
 ---
 title: Experience Policy CSP
 description: Learn more about the Experience Area in Policy CSP.
-ms.date: 08/07/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 08/07/2024
 <!-- Experience-Begin -->
 # Policy CSP - Experience
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Experience-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Experience-Editable-End -->
@ -484,7 +482,7 @@ Allow screen capture.
 <!-- AllowScreenRecorder-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllowScreenRecorder-Applicability-End -->
 <!-- AllowScreenRecorder-OmaUri-Begin -->
@ -494,7 +492,7 @@ Allow screen capture.
 <!-- AllowScreenRecorder-OmaUri-End -->
 <!-- AllowScreenRecorder-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to control whether screen recording functionality is available in the Windows Snipping Tool app.
 - If you disable this policy setting, screen recording functionality won't be accessible in the Windows Snipping Tool app.
@ -531,7 +529,12 @@ This policy setting allows you to control whether screen recording functionality
 | Name | Value |
 |:--|:--|
 | Name | AllowScreenRecorder |
-| Path | Programs > AT > WindowsComponents > SnippingTool |
+| Friendly Name | Allow Screen Recorder |
 | Location | User Configuration |
 | Path | Windows Components > Snipping Tool |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\SnippingTool |
 | Registry Value Name | AllowScreenRecorder |
 | ADMX File Name | Programs.admx |
 <!-- AllowScreenRecorder-GpMapping-End -->
 <!-- AllowScreenRecorder-Examples-Begin -->
@ -1681,7 +1684,7 @@ This policy setting lets you turn off cloud consumer account state content in al
 <!-- DisableTextTranslation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisableTextTranslation-Applicability-End -->
 <!-- DisableTextTranslation-OmaUri-Begin -->
@ -1887,7 +1890,7 @@ _**Turn syncing off by default but don’t disable**_
 <!-- EnableOrganizationalMessages-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.4828] and later <br> ✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later <br> ✅ Windows Insider Preview |
+| ❌ Device <br> ✅ User | ❌ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 with [KB5041582](https://support.microsoft.com/help/5041582) [10.0.19045.4842] and later <br> ✅ Windows 11, version 22H2 with [KB5020044](https://support.microsoft.com/help/5020044) [10.0.22621.900] and later <br> ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- EnableOrganizationalMessages-Applicability-End -->
 <!-- EnableOrganizationalMessages-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@ -1,7 +1,7 @@
 ---
 title: FileExplorer Policy CSP
 description: Learn more about the FileExplorer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -138,7 +138,7 @@ When This PC location is restricted, give the user the option to enumerate and n
 <!-- DisableGraphRecentItems-Description-Begin -->
 <!-- Description-Source-ADMX -->
-Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, etc.
+Turning off this setting will prevent File Explorer from requesting cloud file metadata and displaying it in the homepage and other views in File Explorer. Any insights and files available based on account activity will be stopped in views such as Recent, Recommended, Favorites, Details pane, etc.
 <!-- DisableGraphRecentItems-Description-End -->
 <!-- DisableGraphRecentItems-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@ -1,7 +1,7 @@
 ---
 title: HumanPresence Policy CSP
 description: Learn more about the HumanPresence Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- HumanPresence-Begin -->
 # Policy CSP - HumanPresence
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- HumanPresence-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- HumanPresence-Editable-End -->
@ -21,7 +19,7 @@ ms.date: 01/18/2024
 <!-- ForceAllowDimWhenExternalDisplayConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ForceAllowDimWhenExternalDisplayConnected-Applicability-End -->
 <!-- ForceAllowDimWhenExternalDisplayConnected-OmaUri-Begin -->
@ -85,7 +83,7 @@ Determines whether Allow Adaptive Dimming When Battery Saver On checkbox is forc
 <!-- ForceAllowLockWhenExternalDisplayConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ForceAllowLockWhenExternalDisplayConnected-Applicability-End -->
 <!-- ForceAllowLockWhenExternalDisplayConnected-OmaUri-Begin -->
@ -149,7 +147,7 @@ Determines whether Allow Lock on Leave When Battery Saver On checkbox is forced
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ForceAllowWakeWhenExternalDisplayConnected-Applicability-End -->
 <!-- ForceAllowWakeWhenExternalDisplayConnected-OmaUri-Begin -->
@ -213,7 +211,7 @@ Determines whether Allow Wake on Approach When External Display Connected checkb
 <!-- ForceDisableWakeWhenBatterySaverOn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ForceDisableWakeWhenBatterySaverOn-Applicability-End -->
 <!-- ForceDisableWakeWhenBatterySaverOn-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@ -1,7 +1,7 @@
 ---
 title: InternetExplorer Policy CSP
 description: Learn more about the InternetExplorer Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1005,7 +1005,12 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLegacyURLFields-OmaUri-End -->
 <!-- AllowLegacyURLFields-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting allows the use of some disabled functionality, such as WorkingDirectory field or pluggable protocol handling, in Internet Shortcut files.
 If you enable this policy, disabled functionality for Internet Shortcut files will be re-enabled.
 If you disable, or don't configure this policy, some functionality for Internet Shortcut files, such as WorkingDirectory field or pluggable protocol handling, will be disabled.
 <!-- AllowLegacyURLFields-Description-End -->
 <!-- AllowLegacyURLFields-Editable-Begin -->
@ -1022,7 +1027,6 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowLegacyURLFields-DFProperties-End -->
 <!-- AllowLegacyURLFields-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -1030,6 +1034,11 @@ Note. It's recommended to configure template policy settings in one Group Policy
 | Name | Value |
 |:--|:--|
 | Name | AllowLegacyURLFields |
 | Friendly Name | Allow legacy functionality for Internet Shortcut files |
 | Location | Computer and User Configuration |
 | Path | Windows Components > Internet Explorer |
 | Registry Key Name | Software\Policies\Microsoft\Internet Explorer\Main |
 | Registry Value Name | AllowLegacyURLFields |
 | ADMX File Name | inetres.admx |
 <!-- AllowLegacyURLFields-AdmxBacked-End -->
@ -7923,13 +7932,11 @@ This policy setting allows you to manage the opening of windows and frames and a
 <!-- JScriptReplacement-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting specifies whether JScript or JScript9Legacy is loaded for MSHTML/WebOC/MSXML/Cscript based invocations.
+This policy setting specifies whether JScript or JScript9Legacy is loaded.
- If you enable this policy setting, JScript9Legacy will be loaded in situations where JScript is instantiated.
+- If you enable this policy setting or not configured, JScript9Legacy will be loaded in situations where JScript is instantiated.
 - If you disable this policy, then JScript will be utilized.
 - If this policy is left unconfigured, then MSHTML will use JScript9Legacy and MSXML/Cscript will use JScript.
 <!-- JScriptReplacement-Description-End -->
 <!-- JScriptReplacement-Editable-Begin -->
@ -7953,7 +7960,7 @@ This policy setting specifies whether JScript or JScript9Legacy is loaded for MS
 | Name | Value |
 |:--|:--|
 | Name | JScriptReplacement |
-| Friendly Name | Replace JScript by loading JScript9Legacy in place of JScript via MSHTML/WebOC. |
+| Friendly Name | Replace JScript by loading JScript9Legacy in place of JScript. |
 | Location | Computer and User Configuration |
 | Path | Windows Components > Internet Explorer |
 | Registry Key Name | Software\Policies\Microsoft\Internet Explorer\Main |
@ -13407,7 +13414,7 @@ If you enable this policy, the zoom of an HTML dialog in Internet Explorer mode
 If you disable, or don't configure this policy, the zoom of an HTML dialog in Internet Explorer mode will be set based on the zoom of it's parent page.
-For more information, see <https://go.microsoft.com/fwlink/?linkid=2102115>
+For more information, see <https://go.microsoft.com/fwlink/?linkid=2220107>
 <!-- ResetZoomForDialogInIEMode-Description-End -->
 <!-- ResetZoomForDialogInIEMode-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@ -1,7 +1,7 @@
 ---
 title: LanmanWorkstation Policy CSP
 description: Learn more about the LanmanWorkstation Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -36,6 +36,8 @@ This policy setting determines if the SMB client will allow insecure guest logon
 - If you disable this policy setting, the SMB client will reject insecure guest logons.
 If you enable signing, the SMB client will reject insecure guest logons.
 Insecure guest logons are used by file servers to allow unauthenticated access to shared folders. While uncommon in an enterprise environment, insecure guest logons are frequently used by consumer Network Attached Storage (NAS) appliances acting as file servers. Windows file servers require authentication and don't use insecure guest logons by default. Since insecure guest logons are unauthenticated, important security features such as SMB Signing and SMB Encryption are disabled. As a result, clients that allow insecure guest logons are vulnerable to a variety of man-in-the-middle attacks that can result in data loss, data corruption, and exposure to malware. Additionally, any data written to a file server using an insecure guest logon is potentially accessible to anyone on the network. Microsoft recommends disabling insecure guest logons and configuring file servers to require authenticated access".
 <!-- EnableInsecureGuestLogons-Description-End -->
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -1,7 +1,7 @@
 ---
 title: LocalPoliciesSecurityOptions Policy CSP
 description: Learn more about the LocalPoliciesSecurityOptions Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -360,7 +360,7 @@ Accounts: Rename guest account This security setting determines whether a differ
 <!-- Audit_AuditTheUseOfBackupAndRestoreprivilege-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Audit_AuditTheUseOfBackupAndRestoreprivilege-Applicability-End -->
 <!-- Audit_AuditTheUseOfBackupAndRestoreprivilege-OmaUri-Begin -->
@ -404,7 +404,7 @@ Audit: Audit the use of Backup and Restore privilege This security setting deter
 <!-- Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings-Applicability-End -->
 <!-- Audit_ForceAuditPolicySubcategorySettingsToOverrideAuditPolicyCategorySettings-OmaUri-Begin -->
@ -445,7 +445,7 @@ Audit: Force audit policy subcategory settings (Windows Vista or later) to overr
 <!-- Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits-Applicability-End -->
 <!-- Audit_ShutdownSystemImmediatelyIfUnableToLogSecurityAudits-OmaUri-Begin -->
@ -718,7 +718,7 @@ Devices: Restrict CD-ROM access to locally logged-on user only This security set
 <!-- Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly-Applicability-End -->
 <!-- Devices_RestrictFloppyAccessToLocallyLoggedOnUserOnly-OmaUri-Begin -->
@ -771,7 +771,7 @@ Devices: Restrict floppy access to locally logged-on user only This security set
 <!-- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways-Applicability-End -->
 <!-- DomainMember_DigitallyEncryptOrSignSecureChannelDataAlways-OmaUri-Begin -->
@ -825,7 +825,7 @@ Domain member: Digitally encrypt or sign secure channel data (always) This secur
 <!-- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible-Applicability-End -->
 <!-- DomainMember_DigitallyEncryptSecureChannelDataWhenPossible-OmaUri-Begin -->
@ -878,7 +878,7 @@ Domain member: Digitally encrypt secure channel data (when possible) This securi
 <!-- DomainMember_DigitallySignSecureChannelDataWhenPossible-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DomainMember_DigitallySignSecureChannelDataWhenPossible-Applicability-End -->
 <!-- DomainMember_DigitallySignSecureChannelDataWhenPossible-OmaUri-Begin -->
@ -928,7 +928,7 @@ Domain member: Digitally sign secure channel data (when possible) This security
 <!-- DomainMember_DisableMachineAccountPasswordChanges-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DomainMember_DisableMachineAccountPasswordChanges-Applicability-End -->
 <!-- DomainMember_DisableMachineAccountPasswordChanges-OmaUri-Begin -->
@ -982,7 +982,7 @@ Domain member: Disable machine account password changes Determines whether a dom
 <!-- DomainMember_MaximumMachineAccountPasswordAge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DomainMember_MaximumMachineAccountPasswordAge-Applicability-End -->
 <!-- DomainMember_MaximumMachineAccountPasswordAge-OmaUri-Begin -->
@ -1035,7 +1035,7 @@ Domain member: Maximum machine account password age This security setting determ
 <!-- DomainMember_RequireStrongSessionKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DomainMember_RequireStrongSessionKey-Applicability-End -->
 <!-- DomainMember_RequireStrongSessionKey-OmaUri-Begin -->
@ -1335,7 +1335,7 @@ Interactive logon: Don't require CTRL+ALT+DEL This security setting determines w
 <!-- InteractiveLogon_MachineAccountLockoutThreshold-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- InteractiveLogon_MachineAccountLockoutThreshold-Applicability-End -->
 <!-- InteractiveLogon_MachineAccountLockoutThreshold-OmaUri-Begin -->
@ -1535,7 +1535,7 @@ Interactive logon: Message title for users attempting to log on This security se
 <!-- InteractiveLogon_NumberOfPreviousLogonsToCache-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- InteractiveLogon_NumberOfPreviousLogonsToCache-Applicability-End -->
 <!-- InteractiveLogon_NumberOfPreviousLogonsToCache-OmaUri-Begin -->
@ -1575,7 +1575,7 @@ Interactive logon: Number of previous logons to cache (in case domain controller
 <!-- InteractiveLogon_PromptUserToChangePasswordBeforeExpiration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- InteractiveLogon_PromptUserToChangePasswordBeforeExpiration-Applicability-End -->
 <!-- InteractiveLogon_PromptUserToChangePasswordBeforeExpiration-OmaUri-Begin -->
@ -1864,7 +1864,7 @@ Microsoft network client: Send unencrypted password to connect to third-party SM
 <!-- MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession-Applicability-End -->
 <!-- MicrosoftNetworkServer_AmountOfIdleTimeRequiredBeforeSuspendingSession-OmaUri-Begin -->
@ -2047,7 +2047,7 @@ Microsoft network server: Digitally sign communications (if client agrees) This
 <!-- MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire-Applicability-End -->
 <!-- MicrosoftNetworkServer_DisconnectClientsWhenLogonHoursExpire-OmaUri-Begin -->
@ -2090,7 +2090,7 @@ Microsoft network server: Disconnect clients when logon hours expire This securi
 <!-- MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel-Applicability-End -->
 <!-- MicrosoftNetworkServer_ServerSPNTargetNameValidationLevel-OmaUri-Begin -->
@ -2131,7 +2131,7 @@ Microsoft network server: Server SPN target name validation level This policy se
 <!-- NetworkAccess_AllowAnonymousSIDOrNameTranslation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_AllowAnonymousSIDOrNameTranslation-Applicability-End -->
 <!-- NetworkAccess_AllowAnonymousSIDOrNameTranslation-OmaUri-Begin -->
@ -2312,7 +2312,7 @@ Network access: Don't allow anonymous enumeration of SAM accounts and shares Thi
 <!-- NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication-Applicability-End -->
 <!-- NetworkAccess_DoNotAllowStorageOfPasswordsAndCredentialsForNetworkAuthentication-OmaUri-Begin -->
@ -2360,7 +2360,7 @@ Network access: Don't allow storage of passwords and credentials for network aut
 <!-- NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers-Applicability-End -->
 <!-- NetworkAccess_LetEveryonePermissionsApplyToAnonymousUsers-OmaUri-Begin -->
@ -2412,7 +2412,7 @@ Network access: Let Everyone permissions apply to anonymous users This security
 <!-- NetworkAccess_NamedPipesThatCanBeAccessedAnonymously-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_NamedPipesThatCanBeAccessedAnonymously-Applicability-End -->
 <!-- NetworkAccess_NamedPipesThatCanBeAccessedAnonymously-OmaUri-Begin -->
@ -2452,7 +2452,7 @@ Network access: Named pipes that can be accessed anonymously This security setti
 <!-- NetworkAccess_RemotelyAccessibleRegistryPaths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_RemotelyAccessibleRegistryPaths-Applicability-End -->
 <!-- NetworkAccess_RemotelyAccessibleRegistryPaths-OmaUri-Begin -->
@ -2495,7 +2495,7 @@ Network access: Remotely accessible registry paths This security setting determi
 <!-- NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths-Applicability-End -->
 <!-- NetworkAccess_RemotelyAccessibleRegistryPathsAndSubpaths-OmaUri-Begin -->
@ -2644,7 +2644,7 @@ Network access: Restrict clients allowed to make remote calls to SAM This policy
 <!-- NetworkAccess_SharesThatCanBeAccessedAnonymously-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_SharesThatCanBeAccessedAnonymously-Applicability-End -->
 <!-- NetworkAccess_SharesThatCanBeAccessedAnonymously-OmaUri-Begin -->
@ -2684,7 +2684,7 @@ Network access: Shares that can be accessed anonymously This security setting de
 <!-- NetworkAccess_SharingAndSecurityModelForLocalAccounts-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkAccess_SharingAndSecurityModelForLocalAccounts-Applicability-End -->
 <!-- NetworkAccess_SharingAndSecurityModelForLocalAccounts-OmaUri-Begin -->
@ -2728,7 +2728,7 @@ Network access: Sharing and security model for local accounts This security sett
 <!-- NetworkSecurity_AllowLocalSystemNULLSessionFallback-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkSecurity_AllowLocalSystemNULLSessionFallback-Applicability-End -->
 <!-- NetworkSecurity_AllowLocalSystemNULLSessionFallback-OmaUri-Begin -->
@ -2958,7 +2958,7 @@ Network security: Don't store LAN Manager hash value on next password change Thi
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-Applicability-End -->
 <!-- NetworkSecurity_ForceLogoffWhenLogonHoursExpire-OmaUri-Begin -->
@ -3083,7 +3083,7 @@ Network security LAN Manager authentication level This security setting determin
 <!-- NetworkSecurity_LDAPClientSigningRequirements-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetworkSecurity_LDAPClientSigningRequirements-Applicability-End -->
 <!-- NetworkSecurity_LDAPClientSigningRequirements-OmaUri-Begin -->
@ -3489,7 +3489,7 @@ Network security: Restrict NTLM: Outgoing NTLM traffic to remote servers This po
 <!-- RecoveryConsole_AllowAutomaticAdministrativeLogon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- RecoveryConsole_AllowAutomaticAdministrativeLogon-Applicability-End -->
 <!-- RecoveryConsole_AllowAutomaticAdministrativeLogon-OmaUri-Begin -->
@ -3539,7 +3539,7 @@ Recovery console: Allow automatic administrative logon This security setting det
 <!-- RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders-Applicability-End -->
 <!-- RecoveryConsole_AllowFloppyCopyAndAccessToAllDrivesAndAllFolders-OmaUri-Begin -->
@ -3696,7 +3696,7 @@ Shutdown: Clear virtual memory pagefile This security setting determines whether
 <!-- SystemCryptography_ForceStrongKeyProtection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- SystemCryptography_ForceStrongKeyProtection-Applicability-End -->
 <!-- SystemCryptography_ForceStrongKeyProtection-OmaUri-Begin -->
@ -3737,7 +3737,7 @@ System Cryptography: Force strong key protection for user keys stored on the com
 <!-- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems-Applicability-End -->
 <!-- SystemObjects_RequireCaseInsensitivityForNonWindowsSubsystems-OmaUri-Begin -->
@ -3787,7 +3787,7 @@ System objects: Require case insensitivity for non-Windows subsystems This secur
 <!-- SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects-Applicability-End -->
 <!-- SystemObjects_StrengthenDefaultPermissionsOfInternalSystemObjects-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-lsa.md
+++ b/windows/client-management/mdm/policy-csp-lsa.md
@ -1,7 +1,7 @@
 ---
 title: LocalSecurityAuthority Policy CSP
 description: Learn more about the LocalSecurityAuthority Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -93,7 +93,7 @@ This policy controls the configuration under which LSASS loads custom SSPs and A
 <!-- Description-Source-ADMX -->
 This policy controls the configuration under which LSASS is run.
- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for clean installed, HVCI capable, client SKUs that are domain or cloud domain joined devices. This configuration isn't UEFI locked. This can be overridden if the policy is configured.
+- If you don't configure this policy and there is no current setting in the registry, LSA will run as protected process for all clean installed, HVCI capable, client SKUs. This configuration isn't UEFI locked. This can be overridden if the policy is configured.
 - If you configure and set this policy setting to "Disabled", LSA won't run as a protected process.
@ -135,7 +135,7 @@ This policy controls the configuration under which LSASS is run.
 | Friendly Name | Configures LSASS to run as a protected process |
 | Location | Computer Configuration |
 | Path | System > Local Security Authority |
-| Registry Key Name | System\CurrentControlSet\Control\Lsa |
+| Registry Key Name | Software\Policies\Microsoft\Windows\System |
 | ADMX File Name | LocalSecurityAuthority.admx |
 <!-- ConfigureLsaProtectedProcess-GpMapping-End -->
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@ -1,7 +1,7 @@
 ---
 title: MSSecurityGuide Policy CSP
 description: Learn more about the MSSecurityGuide Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -11,8 +11,6 @@ ms.date: 01/31/2024
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- MSSecurityGuide-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- MSSecurityGuide-Editable-End -->
@ -223,7 +221,7 @@ ms.date: 01/31/2024
 <!-- NetBTNodeTypeConfiguration-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- NetBTNodeTypeConfiguration-Applicability-End -->
 <!-- NetBTNodeTypeConfiguration-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@ -1,7 +1,7 @@
 ---
 title: NetworkListManager Policy CSP
 description: Learn more about the NetworkListManager Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 08/06/2024
 <!-- NetworkListManager-Begin -->
 # Policy CSP - NetworkListManager
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- NetworkListManager-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- NetworkListManager-Editable-End -->
@ -21,7 +19,7 @@ ms.date: 08/06/2024
 <!-- AllNetworks_NetworkIcon-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllNetworks_NetworkIcon-Applicability-End -->
 <!-- AllNetworks_NetworkIcon-OmaUri-Begin -->
@ -70,7 +68,7 @@ This policy setting allows you to specify whether users can change the network i
 <!-- AllNetworks_NetworkLocation-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllNetworks_NetworkLocation-Applicability-End -->
 <!-- AllNetworks_NetworkLocation-OmaUri-Begin -->
@ -119,7 +117,7 @@ This policy setting allows you to specify whether users can change the network l
 <!-- AllNetworks_NetworkName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllNetworks_NetworkName-Applicability-End -->
 <!-- AllNetworks_NetworkName-OmaUri-Begin -->
@ -262,7 +260,7 @@ This policy setting provides the string that names a network. If this setting is
 <!-- IdentifyingNetworks_LocationType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- IdentifyingNetworks_LocationType-Applicability-End -->
 <!-- IdentifyingNetworks_LocationType-OmaUri-Begin -->
@ -311,7 +309,7 @@ This policy setting allows you to configure the Network Location for networks th
 <!-- UnidentifiedNetworks_LocationType-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- UnidentifiedNetworks_LocationType-Applicability-End -->
 <!-- UnidentifiedNetworks_LocationType-OmaUri-Begin -->
@ -360,7 +358,7 @@ This policy setting allows you to configure the Network Location type for networ
 <!-- UnidentifiedNetworks_UserPermissions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- UnidentifiedNetworks_UserPermissions-Applicability-End -->
 <!-- UnidentifiedNetworks_UserPermissions-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@ -1,7 +1,7 @@
 ---
 title: Notifications Policy CSP
 description: Learn more about the Notifications Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- Notifications-Begin -->
 # Policy CSP - Notifications
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Notifications-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Notifications-Editable-End -->
@ -21,7 +19,7 @@ ms.date: 01/18/2024
 <!-- DisableAccountNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisableAccountNotifications-Applicability-End -->
 <!-- DisableAccountNotifications-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@ -1,7 +1,7 @@
 ---
 title: Printers Policy CSP
 description: Learn more about the Printers Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -369,7 +369,7 @@ Determines whether Redirection Guard is enabled for the print spooler.
 You can enable this setting to configure the Redirection Guard policy being applied to spooler.
- If you disable or don't configure this policy setting, Redirection Guard will default to being 'enabled'.
+- If you disable or don't configure this policy setting, Redirection Guard will default to being 'Enabled'.
 - If you enable this setting you may select the following options:
@ -435,7 +435,12 @@ The following are the supported values:
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-OmaUri-End -->
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting controls whether packet level privacy is enabled for RPC for incoming connections.
 By default packet level privacy is enabled for RPC for incoming connections.
 If you enable or don't configure this policy setting, packet level privacy is enabled for RPC for incoming connections.
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-Description-End -->
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-Editable-Begin -->
@ -452,7 +457,6 @@ The following are the supported values:
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-DFProperties-End -->
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -460,6 +464,11 @@ The following are the supported values:
 | Name | Value |
 |:--|:--|
 | Name | ConfigureRpcAuthnLevelPrivacyEnabled |
 | Friendly Name | Configure RPC packet level privacy setting for incoming connections |
 | Location | Computer Configuration |
 | Path | Printers |
 | Registry Key Name | System\CurrentControlSet\Control\Print |
 | Registry Value Name | RpcAuthnLevelPrivacyEnabled |
 | ADMX File Name | Printing.admx |
 <!-- ConfigureRpcAuthnLevelPrivacyEnabled-AdmxBacked-End -->
@ -685,7 +694,16 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
 <!-- ConfigureWindowsProtectedPrint-OmaUri-End -->
 <!-- ConfigureWindowsProtectedPrint-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 Determines whether Windows protected print is enabled on this computer.
 By default, Windows protected print isn't enabled and there aren't any restrictions on the print drivers that can be installed or print functionality.
 - If you enable this setting, the computer will operate in Windows protected print mode which only allows printing to printers that support a subset of inbox Windows print drivers.
 - If you disable this setting or don't configure it, there aren't any restrictions on the print drivers that can be installed or print functionality.
 For more information, please see [insert link to web page with WPP info]
 <!-- ConfigureWindowsProtectedPrint-Description-End -->
 <!-- ConfigureWindowsProtectedPrint-Editable-Begin -->
@ -702,7 +720,6 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
 <!-- ConfigureWindowsProtectedPrint-DFProperties-End -->
 <!-- ConfigureWindowsProtectedPrint-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -710,6 +727,11 @@ If you disable or don't configure this policy setting, dynamic TCP ports are use
 | Name | Value |
 |:--|:--|
 | Name | ConfigureWindowsProtectedPrint |
 | Friendly Name | Configure Windows protected print |
 | Location | Computer Configuration |
 | Path | Printers |
 | Registry Key Name | Software\Policies\Microsoft\Windows NT\Printers\WPP |
 | Registry Value Name | WindowsProtectedPrintGroupPolicyState |
 | ADMX File Name | Printing.admx |
 <!-- ConfigureWindowsProtectedPrint-AdmxBacked-End -->
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@ -1,7 +1,7 @@
 ---
 title: Privacy Policy CSP
 description: Learn more about the Privacy Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -2398,207 +2398,6 @@ List of semi-colon delimited Package Family Names of Windows Store Apps. The use
 <!-- LetAppsAccessGazeInput_UserInControlOfTheseApps-End -->
 <!-- LetAppsAccessGenerativeAI-Begin -->
 ## LetAppsAccessGenerativeAI
 <!-- LetAppsAccessGenerativeAI-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGenerativeAI-Applicability-End -->
 <!-- LetAppsAccessGenerativeAI-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI
 ```
 <!-- LetAppsAccessGenerativeAI-OmaUri-End -->
 <!-- LetAppsAccessGenerativeAI-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting specifies whether Windows apps can use generative AI features of Windows.
 <!-- LetAppsAccessGenerativeAI-Description-End -->
 <!-- LetAppsAccessGenerativeAI-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI-Editable-End -->
 <!-- LetAppsAccessGenerativeAI-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[0-2]` |
 | Default Value  | 0 |
 <!-- LetAppsAccessGenerativeAI-DFProperties-End -->
 <!-- LetAppsAccessGenerativeAI-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessGenerativeAI |
 | Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
 | Element Name | LetAppsAccessGenerativeAI_Enum |
 <!-- LetAppsAccessGenerativeAI-GpMapping-End -->
 <!-- LetAppsAccessGenerativeAI-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI-Examples-End -->
 <!-- LetAppsAccessGenerativeAI-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Begin -->
 ## LetAppsAccessGenerativeAI_ForceAllowTheseApps
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Applicability-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceAllowTheseApps
 ```
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-OmaUri-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Description-Begin -->
 <!-- Description-Source-DDF -->
 List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are allowed to use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Description-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Editable-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `;`) |
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-DFProperties-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessGenerativeAI |
 | Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
 | Element Name | LetAppsAccessGenerativeAI_ForceAllowTheseApps_List |
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-GpMapping-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-Examples-End -->
 <!-- LetAppsAccessGenerativeAI_ForceAllowTheseApps-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Begin -->
 ## LetAppsAccessGenerativeAI_ForceDenyTheseApps
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Applicability-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_ForceDenyTheseApps
 ```
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-OmaUri-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Description-Begin -->
 <!-- Description-Source-DDF -->
 List of semi-colon delimited Package Family Names of Microsoft Store Apps. Listed apps are denied the use generative AI features of Windows. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Description-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Editable-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `;`) |
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-DFProperties-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessGenerativeAI |
 | Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
 | Element Name | LetAppsAccessGenerativeAI_ForceDenyTheseApps_List |
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-GpMapping-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-Examples-End -->
 <!-- LetAppsAccessGenerativeAI_ForceDenyTheseApps-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Begin -->
 ## LetAppsAccessGenerativeAI_UserInControlOfTheseApps
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Applicability-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Privacy/LetAppsAccessGenerativeAI_UserInControlOfTheseApps
 ```
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-OmaUri-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Description-Begin -->
 <!-- Description-Source-DDF -->
 List of semi-colon delimited Package Family Names of Microsoft Store Apps. The user is able to control the generative AI setting for the listed apps. This setting overrides the default LetAppsAccessGenerativeAI policy setting for the specified apps.
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Description-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Editable-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | List (Delimiter: `;`) |
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-DFProperties-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | LetAppsAccessGenerativeAI |
 | Path | AppPrivacy > AT > WindowsComponents > AppPrivacy |
 | Element Name | LetAppsAccessGenerativeAI_UserInControlOfTheseApps_List |
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-GpMapping-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-Examples-End -->
 <!-- LetAppsAccessGenerativeAI_UserInControlOfTheseApps-End -->
 <!-- LetAppsAccessGraphicsCaptureProgrammatic-Begin -->
 ## LetAppsAccessGraphicsCaptureProgrammatic
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@ -1,7 +1,7 @@
 ---
 title: RemoteDesktopServices Policy CSP
 description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -156,7 +156,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DisconnectOnLockLegacyAuthn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisconnectOnLockLegacyAuthn-Applicability-End -->
 <!-- DisconnectOnLockLegacyAuthn-OmaUri-Begin -->
@ -166,7 +166,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DisconnectOnLockLegacyAuthn-OmaUri-End -->
 <!-- DisconnectOnLockLegacyAuthn-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session can't be left on the lock screen and can't reconnect automatically due to loss of network connectivity.
 This policy applies only when using legacy authentication to authenticate to the remote PC. Legacy authentication is limited to username and password, or certificates like smartcards. Legacy authentication doesn't leverage the Microsoft identity platform, such as Microsoft Entra ID. Legacy authentication includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols.
 - If you enable this policy setting, Remote Desktop connections using legacy authentication will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and re-enter their credentials when prompted.
 - If you disable or don't configure this policy setting, Remote Desktop connections using legacy authentication will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates.
 <!-- DisconnectOnLockLegacyAuthn-Description-End -->
 <!-- DisconnectOnLockLegacyAuthn-Editable-Begin -->
@ -183,7 +190,6 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DisconnectOnLockLegacyAuthn-DFProperties-End -->
 <!-- DisconnectOnLockLegacyAuthn-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -191,7 +197,12 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 | Name | Value |
 |:--|:--|
 | Name | TS_DISCONNECT_ON_LOCK_POLICY |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name |  Disconnect remote session on lock for legacy authentication |
 | Location | Computer Configuration |
 | Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
 | Registry Value Name | fDisconnectOnLockLegacy |
 | ADMX File Name | TerminalServer.admx |
 <!-- DisconnectOnLockLegacyAuthn-AdmxBacked-End -->
 <!-- DisconnectOnLockLegacyAuthn-Examples-Begin -->
@ -206,7 +217,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-Applicability-End -->
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-OmaUri-Begin -->
@ -216,7 +227,14 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-OmaUri-End -->
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to configure the user experience when the Remote Desktop session is locked by the user or by a policy. You can specify whether the remote session will show the remote lock screen or disconnect when the remote session is locked. Disconnecting the remote session ensures that a remote session can't be left on the lock screen and can't reconnect automatically due to loss of network connectivity.
 This policy applies only when using an identity provider that uses the Microsoft identity platform, such as Microsoft Entra ID, to authenticate to the remote PC. This policy doesn't apply when using Legacy authentication which includes the NTLM, CredSSP, RDSTLS, TLS, and RDP basic authentication protocols.
 - If you enable or don't configure this policy setting, Remote Desktop connections using the Microsoft identity platform will disconnect the remote session when the remote session is locked. Users can reconnect when they're ready and can use passwordless authentication if configured.
 - If you disable this policy setting, Remote Desktop connections using the Microsoft identity platform will show the remote lock screen when the remote session is locked. Users can unlock the remote session using their username and password, or certificates.
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-Description-End -->
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-Editable-Begin -->
@ -233,7 +251,6 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-DFProperties-End -->
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -241,7 +258,12 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 | Name | Value |
 |:--|:--|
 | Name | TS_DISCONNECT_ON_LOCK_AAD_POLICY |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Disconnect remote session on lock for Microsoft identity platform authentication |
 | Location | Computer Configuration |
 | Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
 | Registry Value Name | fDisconnectOnLockMicrosoftIdentity |
 | ADMX File Name | TerminalServer.admx |
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-AdmxBacked-End -->
 <!-- DisconnectOnLockMicrosoftIdentityAuthn-Examples-Begin -->
@ -439,7 +461,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitClientToServerClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later <br> ✅ [10.0.25398.946] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.3014] and later <br> ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later <br> ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later <br> ✅ [10.0.25398.946] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.3014] and later <br> ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later <br> ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later <br> ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- LimitClientToServerClipboardRedirection-Applicability-End -->
 <!-- LimitClientToServerClipboardRedirection-OmaUri-Begin -->
@ -453,7 +475,25 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitClientToServerClipboardRedirection-OmaUri-End -->
 <!-- LimitClientToServerClipboardRedirection-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to restrict clipboard data transfers from client to server.
 - If you enable this policy setting, you must choose from the following behaviors:
 - Disable clipboard transfers from client to server.
 - Allow plain text copying from client to server.
 - Allow plain text and images copying from client to server.
 - Allow plain text, images and Rich Text Format copying from client to server.
 - Allow plain text, images, Rich Text Format and HTML copying from client to server.
 - If you disable or don't configure this policy setting, users can copy arbitrary contents from client to server if clipboard redirection is enabled.
 > [!NOTE]
 > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used.
 <!-- LimitClientToServerClipboardRedirection-Description-End -->
 <!-- LimitClientToServerClipboardRedirection-Editable-Begin -->
@ -470,7 +510,6 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitClientToServerClipboardRedirection-DFProperties-End -->
 <!-- LimitClientToServerClipboardRedirection-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -478,7 +517,11 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 | Name | Value |
 |:--|:--|
 | Name | TS_CLIENT_CLIPBOARDRESTRICTION_CS |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Restrict clipboard transfer from client to server |
 | Location | Computer and User Configuration |
 | Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
 | ADMX File Name | TerminalServer.admx |
 <!-- LimitClientToServerClipboardRedirection-AdmxBacked-End -->
 <!-- LimitClientToServerClipboardRedirection-Examples-Begin -->
@ -493,7 +536,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitServerToClientClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later <br> ✅ [10.0.25398.946] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.3014] and later <br> ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later <br> ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later <br> ✅ Windows Insider Preview |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2523] and later <br> ✅ [10.0.25398.946] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.3014] and later <br> ✅ Windows 11, version 22H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22621.3672] and later <br> ✅ Windows 11, version 23H2 with [KB5037853](https://support.microsoft.com/help/5037853) [10.0.22631.3672] and later <br> ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- LimitServerToClientClipboardRedirection-Applicability-End -->
 <!-- LimitServerToClientClipboardRedirection-OmaUri-Begin -->
@ -507,7 +550,25 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitServerToClientClipboardRedirection-OmaUri-End -->
 <!-- LimitServerToClientClipboardRedirection-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting allows you to restrict clipboard data transfers from server to client.
 - If you enable this policy setting, you must choose from the following behaviors:
 - Disable clipboard transfers from server to client.
 - Allow plain text copying from server to client.
 - Allow plain text and images copying from server to client.
 - Allow plain text, images and Rich Text Format copying from server to client.
 - Allow plain text, images, Rich Text Format and HTML copying from server to client.
 - If you disable or don't configure this policy setting, users can copy arbitrary contents from server to client if clipboard redirection is enabled.
 > [!NOTE]
 > This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the stricter restriction will be used.
 <!-- LimitServerToClientClipboardRedirection-Description-End -->
 <!-- LimitServerToClientClipboardRedirection-Editable-Begin -->
@ -524,7 +585,6 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitServerToClientClipboardRedirection-DFProperties-End -->
 <!-- LimitServerToClientClipboardRedirection-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
@ -532,7 +592,11 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 | Name | Value |
 |:--|:--|
 | Name | TS_CLIENT_CLIPBOARDRESTRICTION_SC |
-| ADMX File Name | terminalserver.admx |
+| Friendly Name | Restrict clipboard transfer from server to client |
 | Location | Computer and User Configuration |
 | Path | Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services |
 | ADMX File Name | TerminalServer.admx |
 <!-- LimitServerToClientClipboardRedirection-AdmxBacked-End -->
 <!-- LimitServerToClientClipboardRedirection-Examples-Begin -->
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@ -1,7 +1,7 @@
 ---
 title: Search Policy CSP
 description: Learn more about the Search Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 08/06/2024
 <!-- Search-Begin -->
 # Policy CSP - Search
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Search-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Search-Editable-End -->
@ -648,7 +646,7 @@ The most restrictive value is `0` to now allow automatic language detection.
 <!-- ConfigureSearchOnTaskbarMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureSearchOnTaskbarMode-Applicability-End -->
 <!-- ConfigureSearchOnTaskbarMode-OmaUri-Begin -->
@ -930,13 +928,13 @@ This policy setting configures whether or not locations on removable drives can
 <!-- DoNotUseWebResults-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to control whether or not Search can perform queries on the web, if web results are displayed in Search, and if search highlights are shown in the search box and in search home.
+This policy setting allows you to control whether or not Search can perform queries on the web, and if the web results are displayed in Search.
- If you enable this policy setting, queries won't be performed on the web, web results won't be displayed when a user performs a query in Search, and search highlights won't be shown in the search box and in search home.
+- If you enable this policy setting, queries won't be performed on the web and web results won't be displayed when a user performs a query in Search.
- If you disable this policy setting, queries will be performed on the web, web results will be displayed when a user performs a query in Search, and search highlights will be shown in the search box and in search home.
+- If you disable this policy setting, queries will be performed on the web and web results will be displayed when a user performs a query in Search.
- If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search, and if search highlights are shown in the search box and in search home.
+- If you don't configure this policy setting, a user can choose whether or not Search can perform queries on the web, and if the web results are displayed in Search.
 <!-- DoNotUseWebResults-Description-End -->
 <!-- DoNotUseWebResults-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-settingssync.md
+++ b/windows/client-management/mdm/policy-csp-settingssync.md
@ -1,7 +1,7 @@
 ---
 title: SettingsSync Policy CSP
 description: Learn more about the SettingsSync Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -11,8 +11,6 @@ ms.date: 01/18/2024
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- SettingsSync-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- SettingsSync-Editable-End -->
@ -23,7 +21,7 @@ ms.date: 01/18/2024
 <!-- DisableAccessibilitySettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisableAccessibilitySettingSync-Applicability-End -->
 <!-- DisableAccessibilitySettingSync-OmaUri-Begin -->
@ -84,7 +82,7 @@ If you don't set or disable this setting, syncing of the "accessibility" group i
 <!-- DisableLanguageSettingSync-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisableLanguageSettingSync-Applicability-End -->
 <!-- DisableLanguageSettingSync-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@ -1,7 +1,7 @@
 ---
 title: SmartScreen Policy CSP
 description: Learn more about the SmartScreen Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -29,20 +29,11 @@ ms.date: 01/31/2024
 <!-- EnableAppInstallControl-OmaUri-End -->
 <!-- EnableAppInstallControl-Description-Begin -->
-<!-- Description-Source-ADMX -->
+<!-- Description-Source-DDF-Forced -->
-App Install Control is a feature of Windows Defender SmartScreen that helps protect PCs by allowing users to install apps only from the Store. SmartScreen must be enabled for this feature to work properly.
+Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
- If you enable this setting, you must choose from the following behaviors:
+> [!NOTE]
-
+> This policy will block installation only while the device is online. To block offline installation too, SmartScreen/PreventOverrideForFilesInShell and SmartScreen/EnableSmartScreenInShell policies should also be enabled. This policy setting is intended to prevent malicious content from affecting your user's devices when downloading executable content from the internet.
 - Turn off app recommendations.
 - Show me app recommendations.
 - Warn me before installing apps from outside the Store.
 - Allow apps from Store only.
 - If you disable or don't configure this setting, users will be able to install apps from anywhere, including files downloaded from the Internet.
 <!-- EnableAppInstallControl-Description-End -->
 <!-- EnableAppInstallControl-Editable-Begin -->
@ -110,23 +101,8 @@ App Install Control is a feature of Windows Defender SmartScreen that helps prot
 <!-- EnableSmartScreenInShell-OmaUri-End -->
 <!-- EnableSmartScreenInShell-Description-Begin -->
-<!-- Description-Source-ADMX -->
+<!-- Description-Source-DDF-Forced -->
-This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious.
+Allows IT Admins to configure SmartScreen for Windows.
 Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
 - If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
 - Warn and prevent bypass
 - Warn.
 - If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
 - If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app.
 - If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet.
 - If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings.
 <!-- EnableSmartScreenInShell-Description-End -->
 <!-- EnableSmartScreenInShell-Editable-Begin -->
@ -188,23 +164,8 @@ Some information is sent to Microsoft about files and programs run on PCs with t
 <!-- PreventOverrideForFilesInShell-OmaUri-End -->
 <!-- PreventOverrideForFilesInShell-Description-Begin -->
-<!-- Description-Source-ADMX -->
+<!-- Description-Source-DDF-Forced -->
-This policy allows you to turn Windows Defender SmartScreen on or off. SmartScreen helps protect PCs by warning users before running potentially malicious programs downloaded from the Internet. This warning is presented as an interstitial dialog shown before running an app that has been downloaded from the Internet and is unrecognized or known to be malicious. No dialog is shown for apps that don't appear to be suspicious.
+Allows IT Admins to control whether users can ignore SmartScreen warnings and run malicious files.
 Some information is sent to Microsoft about files and programs run on PCs with this feature enabled.
 - If you enable this policy, SmartScreen will be turned on for all users. Its behavior can be controlled by the following options:
 - Warn and prevent bypass
 - Warn.
 - If you enable this policy with the "Warn and prevent bypass" option, SmartScreen's dialogs won't present the user with the option to disregard the warning and run the app. SmartScreen will continue to show the warning on subsequent attempts to run the app.
 - If you enable this policy with the "Warn" option, SmartScreen's dialogs will warn the user that the app appears suspicious, but will permit the user to disregard the warning and run the app anyway. SmartScreen won't warn the user again for that app if the user tells SmartScreen to run the app.
 - If you disable this policy, SmartScreen will be turned off for all users. Users won't be warned if they try to run suspicious apps from the Internet.
 - If you don't configure this policy, SmartScreen will be enabled by default, but users may change their settings.
 <!-- PreventOverrideForFilesInShell-Description-End -->
 <!-- PreventOverrideForFilesInShell-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-speakforme.md
+++ b/windows/client-management/mdm/policy-csp-speakforme.md
@ -0,0 +1,79 @@
 ---
 title: SpeakForMe Policy CSP
 description: Learn more about the SpeakForMe Area in Policy CSP.
 ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
 <!-- SpeakForMe-Begin -->
 # Policy CSP - SpeakForMe
 <!-- SpeakForMe-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- SpeakForMe-Editable-End -->
 <!-- EnableSpeakForMe-Begin -->
 ## EnableSpeakForMe
 <!-- EnableSpeakForMe-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- EnableSpeakForMe-Applicability-End -->
 <!-- EnableSpeakForMe-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/Policy/Config/SpeakForMe/EnableSpeakForMe
 ```
 <!-- EnableSpeakForMe-OmaUri-End -->
 <!-- EnableSpeakForMe-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting controls whether to allow the creation of personal voices with SpeakForMe Accessibility Windows Application.
 - If you enable this policy setting, then user can create their personal voice models.
 - If you disable this policy setting, then user can't create their personal voice models with SpeakForMe.
 - If you don't configure this policy setting (default), then users can launch the training flow and create their personal voice model through SpeakForMe.
 <!-- EnableSpeakForMe-Description-End -->
 <!-- EnableSpeakForMe-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- EnableSpeakForMe-Editable-End -->
 <!-- EnableSpeakForMe-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 1 |
 <!-- EnableSpeakForMe-DFProperties-End -->
 <!-- EnableSpeakForMe-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 | Not allowed. |
 | 1 (Default) | Allowed. |
 <!-- EnableSpeakForMe-AllowedValues-End -->
 <!-- EnableSpeakForMe-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- EnableSpeakForMe-Examples-End -->
 <!-- EnableSpeakForMe-End -->
 <!-- SpeakForMe-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 <!-- SpeakForMe-CspMoreInfo-End -->
 <!-- SpeakForMe-End -->
 ## Related articles
 [Policy configuration service provider](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-sudo.md
+++ b/windows/client-management/mdm/policy-csp-sudo.md
@ -1,7 +1,7 @@
 ---
 title: Sudo Policy CSP
 description: Learn more about the Sudo Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 04/10/2024
 <!-- Sudo-Begin -->
 # Policy CSP - Sudo
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Sudo-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Sudo-Editable-End -->
@ -21,7 +19,7 @@ ms.date: 04/10/2024
 <!-- EnableSudo-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ❌ Pro <br> ❌ Enterprise <br> ❌ Education <br> ❌ Windows SE <br> ❌ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- EnableSudo-Applicability-End -->
 <!-- EnableSudo-OmaUri-Begin -->
@ -31,7 +29,20 @@ ms.date: 04/10/2024
 <!-- EnableSudo-OmaUri-End -->
 <!-- EnableSudo-Description-Begin -->
-<!-- Description-Source-Not-Found -->
+<!-- Description-Source-ADMX -->
 This policy setting controls use of the sudo.exe command line tool.
 - If you enable this policy setting, then you may set a maximum allowed mode to run sudo in. This restricts the ways in which users may interact with command-line applications run with sudo. You may pick one of the following modes to allow sudo to run in:
 "Disabled": sudo is entirely disabled on this machine. When the user tries to run sudo, sudo will print an error message and exit.
 "Force new window": When sudo launches a command line application, it will launch that app in a new console window.
 "Disable input": When sudo launches a command line application, it will launch the app in the current console window, but the user won't be able to type input to the command line app. The user may also choose to run sudo in "Force new window" mode.
 "Normal": When sudo launches a command line application, it will launch the app in the current console window. The user may also choose to run sudo in "Force new window" or "Disable input" mode.
 - If you disable this policy or don't configure it, the user will be able to run sudo.exe normally (after enabling the setting in the Settings app).
 <!-- EnableSudo-Description-End -->
 <!-- EnableSudo-Editable-Begin -->
@ -65,7 +76,11 @@ ms.date: 04/10/2024
 | Name | Value |
 |:--|:--|
 | Name | EnableSudo |
-| Path | Sudo > AT > System |
+| Friendly Name | Configure the behavior of the sudo command |
 | Location | Computer Configuration |
 | Path | System |
 | Registry Key Name | Software\Policies\Microsoft\Windows\Sudo |
 | ADMX File Name | Sudo.admx |
 <!-- EnableSudo-GpMapping-End -->
 <!-- EnableSudo-Examples-Begin -->
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -1,7 +1,7 @@
 ---
 title: System Policy CSP
 description: Learn more about the System Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -11,8 +11,6 @@ ms.date: 08/06/2024
 [!INCLUDE [ADMX-backed CSP tip](includes/mdm-admx-csp-note.md)]
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- System-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- System-Editable-End -->
@ -431,7 +429,7 @@ This policy setting determines whether Windows is allowed to download fonts and
 - If you enable this policy setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text.
- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally installed fonts.
+- If you disable this policy setting, Windows doesn't connect to an online font provider and only enumerates locally-installed fonts.
 - If you don't configure this policy setting, the default behavior depends on the Windows edition. Changes to this policy take effect on reboot.
 <!-- AllowFontProviders-Description-End -->
@ -569,7 +567,7 @@ Specifies whether to allow app access to the Location service. Most restricted v
 This policy is deprecated and will only work on Windows 10 version 1809. Setting this policy will have no effect for other supported versions of Windows.
 This policy setting configures a Microsoft Entra joined device so that Microsoft is the processor of the Windows diagnostic data collected from the device, subject to the Product Terms at< https://go.microsoft.com/fwlink/?linkid=2185086>.
 For customers who enroll into the Microsoft Managed Desktop service, enabling this policy is required to allow Microsoft to process data for operational and analytic needs. See <https://go.microsoft.com/fwlink/?linkid=2184944> for more information.
-When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
+hen these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
 This setting has no effect on devices unless they're properly enrolled in Microsoft Managed Desktop. If you disable this policy setting, devices may not appear in Microsoft Managed Desktop.
 <!-- AllowMicrosoftManagedDesktopProcessing-Description-End -->
@ -888,7 +886,7 @@ To enable this behavior:
 When these policies are configured, Windows diagnostic data collected from the device will be subject to Microsoft processor commitments.
-If you disable or don't configure this policy setting, devices enrolled to Windows Autopatch won't be able to take advantage of some deployment service features.
+If you disable or don't configure this policy setting, devices enrolled to the Windows Update for Business deployment service won't be able to take advantage of some deployment service features.
 <!-- AllowWUfBCloudProcessing-Description-End -->
 <!-- AllowWUfBCloudProcessing-Editable-Begin -->
@ -1471,7 +1469,7 @@ This policy setting lets you prevent apps and features from working with files o
 * Users can't access OneDrive from the OneDrive app and file picker.
-* Windows Store apps can't access OneDrive using the WinRT API.
+* Packaged Microsoft Store apps can't access OneDrive using the WinRT API.
 * OneDrive doesn't appear in the navigation pane in File Explorer.
@ -1739,7 +1737,7 @@ This policy setting controls whether Windows records attempts to connect with th
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Description-Begin -->
 <!-- Description-Source-DDF -->
-Diagnostic files created when feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
+Diagnostic files created when a feedback is filed in the Feedback Hub app will always be saved locally. If this policy isn't present or set to false, users will be presented with the option to save locally. The default is to not save locally.
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Description-End -->
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Editable-Begin -->
@ -1761,8 +1759,8 @@ Diagnostic files created when feedback is filed in the Feedback Hub app will alw
 | Value | Description |
 |:--|:--|
-| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when feedback is submitted. The user will have the option to do so. |
+| 0 (Default) | False. The Feedback Hub won't always save a local copy of diagnostics that may be created when a feedback is submitted. The user will have the option to do so. |
-| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when feedback is submitted. |
+| 1 | True. The Feedback Hub should always save a local copy of diagnostics that may be created when a feedback is submitted. |
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-AllowedValues-End -->
 <!-- FeedbackHubAlwaysSaveDiagnosticsLocally-Examples-Begin -->
@ -1777,7 +1775,7 @@ Diagnostic files created when feedback is filed in the Feedback Hub app will alw
 <!-- HideUnsupportedHardwareNotifications-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- HideUnsupportedHardwareNotifications-Applicability-End -->
 <!-- HideUnsupportedHardwareNotifications-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@ -1,7 +1,7 @@
 ---
 title: SystemServices Policy CSP
 description: Learn more about the SystemServices Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 04/10/2024
 <!-- SystemServices-Begin -->
 # Policy CSP - SystemServices
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- SystemServices-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- SystemServices-Editable-End -->
@ -21,7 +19,7 @@ ms.date: 04/10/2024
 <!-- ConfigureComputerBrowserServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureComputerBrowserServiceStartupMode-Applicability-End -->
 <!-- ConfigureComputerBrowserServiceStartupMode-OmaUri-Begin -->
@ -171,7 +169,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureIISAdminServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureIISAdminServiceStartupMode-Applicability-End -->
 <!-- ConfigureIISAdminServiceStartupMode-OmaUri-Begin -->
@ -221,7 +219,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureInfraredMonitorServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureInfraredMonitorServiceStartupMode-Applicability-End -->
 <!-- ConfigureInfraredMonitorServiceStartupMode-OmaUri-Begin -->
@ -271,7 +269,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureInternetConnectionSharingServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureInternetConnectionSharingServiceStartupMode-Applicability-End -->
 <!-- ConfigureInternetConnectionSharingServiceStartupMode-OmaUri-Begin -->
@ -321,7 +319,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureLxssManagerServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureLxssManagerServiceStartupMode-Applicability-End -->
 <!-- ConfigureLxssManagerServiceStartupMode-OmaUri-Begin -->
@ -371,7 +369,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureMicrosoftFTPServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureMicrosoftFTPServiceStartupMode-Applicability-End -->
 <!-- ConfigureMicrosoftFTPServiceStartupMode-OmaUri-Begin -->
@ -421,7 +419,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureRemoteProcedureCallLocatorServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureRemoteProcedureCallLocatorServiceStartupMode-Applicability-End -->
 <!-- ConfigureRemoteProcedureCallLocatorServiceStartupMode-OmaUri-Begin -->
@ -471,7 +469,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureRoutingAndRemoteAccessServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureRoutingAndRemoteAccessServiceStartupMode-Applicability-End -->
 <!-- ConfigureRoutingAndRemoteAccessServiceStartupMode-OmaUri-Begin -->
@ -521,7 +519,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureSimpleTCPIPServicesStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureSimpleTCPIPServicesStartupMode-Applicability-End -->
 <!-- ConfigureSimpleTCPIPServicesStartupMode-OmaUri-Begin -->
@ -571,7 +569,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureSpecialAdministrationConsoleHelperServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureSpecialAdministrationConsoleHelperServiceStartupMode-Applicability-End -->
 <!-- ConfigureSpecialAdministrationConsoleHelperServiceStartupMode-OmaUri-Begin -->
@ -621,7 +619,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureSSDPDiscoveryServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureSSDPDiscoveryServiceStartupMode-Applicability-End -->
 <!-- ConfigureSSDPDiscoveryServiceStartupMode-OmaUri-Begin -->
@ -671,7 +669,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureUPnPDeviceHostServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureUPnPDeviceHostServiceStartupMode-Applicability-End -->
 <!-- ConfigureUPnPDeviceHostServiceStartupMode-OmaUri-Begin -->
@ -721,7 +719,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureWebManagementServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureWebManagementServiceStartupMode-Applicability-End -->
 <!-- ConfigureWebManagementServiceStartupMode-OmaUri-Begin -->
@ -771,7 +769,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode-Applicability-End -->
 <!-- ConfigureWindowsMediaPlayerNetworkSharingServiceStartupMode-OmaUri-Begin -->
@ -821,7 +819,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureWindowsMobileHotspotServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureWindowsMobileHotspotServiceStartupMode-Applicability-End -->
 <!-- ConfigureWindowsMobileHotspotServiceStartupMode-OmaUri-Begin -->
@ -871,7 +869,7 @@ This setting determines whether the service's start type is Automatic(2), Manual
 <!-- ConfigureWorldWideWebPublishingServiceStartupMode-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureWorldWideWebPublishingServiceStartupMode-Applicability-End -->
 <!-- ConfigureWorldWideWebPublishingServiceStartupMode-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-tenantrestrictions.md
+++ b/windows/client-management/mdm/policy-csp-tenantrestrictions.md
@ -1,7 +1,7 @@
 ---
 title: TenantRestrictions Policy CSP
 description: Learn more about the TenantRestrictions Area in Policy CSP.
-ms.date: 08/06/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -41,9 +41,9 @@ When you enable this setting, compliant applications will be prevented from acce
 <https://go.microsoft.com/fwlink/?linkid=2148762>
-Before enabling firewall protection, ensure that a Windows Defender Application Control (WDAC) policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding WDAC policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.
+Before enabling firewall protection, ensure that an App Control for Business policy that correctly tags applications has been applied to the target devices. Enabling firewall protection without a corresponding App Control for Business policy will prevent all applications from reaching Microsoft endpoints. This firewall setting isn't supported on all versions of Windows - see the following link for more information.
-For details about setting up WDAC with tenant restrictions, see <https://go.microsoft.com/fwlink/?linkid=2155230>
+For details about setting up App Control with tenant restrictions, see <https://go.microsoft.com/fwlink/?linkid=2155230>
 <!-- ConfigureTenantRestrictions-Description-End -->
 <!-- ConfigureTenantRestrictions-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -1,7 +1,7 @@
 ---
 title: Update Policy CSP
 description: Learn more about the Update Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,18 +9,12 @@ ms.date: 09/11/2024
 <!-- Update-Begin -->
 # Policy CSP - Update
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Update-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Update-Editable-End -->
 Update CSP policies are listed below based on the group policy area:
 - [Windows Insider Preview](#windows-insider-preview)
  - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes)
  - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
  - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
 - [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
  - [AllowNonMicrosoftSignedUpdate](#allownonmicrosoftsignedupdate)
  - [AllowOptionalContent](#allowoptionalcontent)
@ -61,7 +55,8 @@ Update CSP policies are listed below based on the group policy area:
  - [ConfigureDeadlineForQualityUpdates](#configuredeadlineforqualityupdates)
  - [ConfigureDeadlineGracePeriod](#configuredeadlinegraceperiod)
  - [ConfigureDeadlineGracePeriodForFeatureUpdates](#configuredeadlinegraceperiodforfeatureupdates)
-  - [ConfigureDeadlineNoAutoReboot](#configuredeadlinenoautoreboot)
+  - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
  - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
  - [ConfigureFeatureUpdateUninstallPeriod](#configurefeatureupdateuninstallperiod)
  - [NoUpdateNotificationsDuringActiveHours](#noupdatenotificationsduringactivehours)
  - [ScheduledInstallDay](#scheduledinstallday)
@ -76,6 +71,7 @@ Update CSP policies are listed below based on the group policy area:
  - [SetEDURestart](#setedurestart)
  - [UpdateNotificationLevel](#updatenotificationlevel)
 - [Legacy Policies](#legacy-policies)
  - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes)
  - [AutoRestartDeadlinePeriodInDays](#autorestartdeadlineperiodindays)
  - [AutoRestartDeadlinePeriodInDaysForFeatureUpdates](#autorestartdeadlineperiodindaysforfeatureupdates)
  - [AutoRestartNotificationSchedule](#autorestartnotificationschedule)
@ -99,188 +95,6 @@ Update CSP policies are listed below based on the group policy area:
  - [ScheduleRestartWarning](#schedulerestartwarning)
  - [SetAutoRestartNotificationDisable](#setautorestartnotificationdisable)
 ## Windows Insider Preview
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Begin -->
 ### AlwaysAutoRebootAtScheduledTimeMinutes
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Applicability-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes
 ```
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-OmaUri-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Description-Begin -->
 <!-- Description-Source-ADMX -->
 - If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.
 The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users.
 - If you disable or don't configure this policy, Windows Update won't alter its restart behavior.
 If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect.
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Description-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Editable-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[15-180]` |
 | Default Value  | 15 |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-DFProperties-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | AlwaysAutoRebootAtScheduledTime |
 | Friendly Name | Always automatically restart at the scheduled time |
 | Element Name | work (minutes) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
 | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
 | ADMX File Name | WindowsUpdate.admx |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-GpMapping-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Examples-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Begin -->
 ### ConfigureDeadlineNoAutoRebootForFeatureUpdates
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Applicability-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates
 ```
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-OmaUri-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Description-Begin -->
 <!-- Description-Source-DDF -->
 When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for feature updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForFeatureUpdates is configured.
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Description-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Editable-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-DFProperties-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-AllowedValues-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
 | Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
 | Element Name | ConfigureDeadlineNoAutoRebootForFeatureUpdates |
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-GpMapping-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Examples-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Begin -->
 ### ConfigureDeadlineNoAutoRebootForQualityUpdates
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Applicability-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates
 ```
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-OmaUri-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Description-Begin -->
 <!-- Description-Source-DDF -->
 When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired for quality updates, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates is configured.
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Description-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Editable-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-DFProperties-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-AllowedValues-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
 | Path | WindowsUpdate > AT > WindowsComponents > WindowsUpdateCat |
 | Element Name | ConfigureDeadlineNoAutoRebootForQualityUpdates |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-GpMapping-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Examples-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-End -->
 ## Manage updates offered from Windows Update
 <!-- AllowNonMicrosoftSignedUpdate-Begin -->
@ -2518,8 +2332,8 @@ Number of days before feature updates are installed on devices automatically reg
 | Name | Value |
 |:--|:--|
-| Name | ComplianceDeadline |
+| Name | ComplianceDeadlineForFU |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for feature update |
 | Element Name | Deadline (days) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@ -2578,7 +2392,7 @@ Number of days before quality updates are installed on devices automatically reg
 | Name | Value |
 |:--|:--|
 | Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for quality update |
 | Element Name | Deadline (days) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@ -2633,7 +2447,7 @@ Minimum number of days from update installation until restarts occur automatical
 | Name | Value |
 |:--|:--|
 | Name | ComplianceDeadline |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for quality update |
 | Element Name | Grace period (days) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@ -2687,8 +2501,8 @@ Minimum number of days from update installation until restarts occur automatical
 | Name | Value |
 |:--|:--|
-| Name | ComplianceDeadline |
+| Name | ComplianceDeadlineForFU |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for feature update |
 | Element Name | Grace Period (days) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
@ -2702,31 +2516,47 @@ Minimum number of days from update installation until restarts occur automatical
 <!-- ConfigureDeadlineGracePeriodForFeatureUpdates-End -->
-<!-- ConfigureDeadlineNoAutoReboot-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Begin -->
-### ConfigureDeadlineNoAutoReboot
+### ConfigureDeadlineNoAutoRebootForFeatureUpdates
-<!-- ConfigureDeadlineNoAutoReboot-Applicability-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1903 [10.0.18362] and later |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
-<!-- ConfigureDeadlineNoAutoReboot-Applicability-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Applicability-End -->
-<!-- ConfigureDeadlineNoAutoReboot-OmaUri-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-OmaUri-Begin -->
 ```Device
-./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoReboot
+./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForFeatureUpdates
 ```
-<!-- ConfigureDeadlineNoAutoReboot-OmaUri-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-OmaUri-End -->
-<!-- ConfigureDeadlineNoAutoReboot-Description-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Description-Begin -->
-<!-- Description-Source-DDF-Forced -->
+<!-- Description-Source-ADMX -->
-When enabled, devices won't automatically restart outside of active hours until the deadline and grace period have expired, even if an update is ready for restart. When disabled, an automatic restart may be attempted outside of active hours after update is ready for restart before the deadline is reached. Takes effect only if Update/ConfigureDeadlineForQualityUpdates or Update/ConfigureDeadlineForFeatureUpdates is configured.
+This policy lets you specify the number of days before feature updates are installed on devices automatically, and a grace period after which required restarts occur automatically.
 <!-- ConfigureDeadlineNoAutoReboot-Description-End -->
-<!-- ConfigureDeadlineNoAutoReboot-Editable-Begin -->
+Set deadlines for feature updates and quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they're offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users won't be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity.
 Set a grace period for feature updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations.
 You can set the device to delay restarting until both the deadline and grace period have expired.
 If you disable or don't configure this policy, devices will get updates and will restart according to the default schedule.
 This policy will override the following policies:
 1. Specify deadline before auto restart for update installation
 1. Specify Engaged restart transition and notification schedule for updates.
 1. Always automatically restart at the scheduled time
 1. Configure Automatic Updates.
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Description-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-<!-- ConfigureDeadlineNoAutoReboot-Editable-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Editable-End -->
-<!-- ConfigureDeadlineNoAutoReboot-DFProperties-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
@ -2734,36 +2564,115 @@ When enabled, devices won't automatically restart outside of active hours until
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
-<!-- ConfigureDeadlineNoAutoReboot-DFProperties-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-DFProperties-End -->
-<!-- ConfigureDeadlineNoAutoReboot-AllowedValues-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
-<!-- ConfigureDeadlineNoAutoReboot-AllowedValues-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-AllowedValues-End -->
-<!-- ConfigureDeadlineNoAutoReboot-GpMapping-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
-| Name | ComplianceDeadline |
+| Name | ComplianceDeadlineForFU |
-| Friendly Name | Specify deadlines for automatic updates and restarts |
+| Friendly Name | Specify deadline for automatic updates and restarts for feature update |
 | Element Name | Don't auto-restart until end of grace period. |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
 | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
 | ADMX File Name | WindowsUpdate.admx |
-<!-- ConfigureDeadlineNoAutoReboot-GpMapping-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-GpMapping-End -->
-<!-- ConfigureDeadlineNoAutoReboot-Examples-Begin -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
-<!-- ConfigureDeadlineNoAutoReboot-Examples-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Examples-End -->
-<!-- ConfigureDeadlineNoAutoReboot-End -->
+<!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Begin -->
 ### ConfigureDeadlineNoAutoRebootForQualityUpdates
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Applicability-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/ConfigureDeadlineNoAutoRebootForQualityUpdates
 ```
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-OmaUri-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Description-Begin -->
 <!-- Description-Source-ADMX -->
 This policy lets you specify the number of days before quality updates are installed on devices automatically, and a grace period after which required restarts occur automatically.
 Set deadlines for quality updates to meet your compliance goals. Updates will be downloaded and installed as soon as they're offered and automatic restarts will be attempted outside of active hours. Once the deadline has passed, restarts will occur regardless of active hours, and users won't be able to reschedule. If the deadline is set to 0 days, the update will be installed immediately upon offering, but might not finish within the day due to device availability and network connectivity.
 Set a grace period for quality updates to guarantee users a minimum time to manage their restarts once updates are installed. Users will be able to schedule restarts during the grace period and Windows can still automatically restart outside of active hours if users choose not to schedule restarts. The grace period might not take effect if users already have more than the number of days set as grace period to manage their restart, based on deadline configurations.
 You can set the device to delay restarting until both the deadline and grace period have expired.
 If you disable or don't configure this policy, devices will get updates and will restart according to the default schedule.
 This policy will override the following policies:
 1. Specify deadline before auto restart for update installation
 1. Specify Engaged restart transition and notification schedule for updates.
 1. Always automatically restart at the scheduled time
 1. Configure Automatic Updates.
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Description-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Editable-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-DFProperties-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Disabled. |
 | 1 | Enabled. |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-AllowedValues-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | ComplianceDeadline |
 | Friendly Name | Specify deadline for automatic updates and restarts for quality update |
 | Element Name | Don't auto-restart until end of grace period. |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
 | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate |
 | ADMX File Name | WindowsUpdate.admx |
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-GpMapping-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-Examples-End -->
 <!-- ConfigureDeadlineNoAutoRebootForQualityUpdates-End -->
 <!-- ConfigureFeatureUpdateUninstallPeriod-Begin -->
 ### ConfigureFeatureUpdateUninstallPeriod
@ -3647,6 +3556,68 @@ If you select "Apply only during active hours" in conjunction with Option 1 or 2
 ## Legacy Policies
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Begin -->
 ### AlwaysAutoRebootAtScheduledTimeMinutes
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621] and later |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Applicability-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes
 ```
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-OmaUri-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Description-Begin -->
 <!-- Description-Source-ADMX -->
 - If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.
 The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users.
 - If you disable or don't configure this policy, Windows Update won't alter its restart behavior.
 If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect.
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Description-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Editable-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[15-180]` |
 | Default Value  | 15 |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-DFProperties-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | AlwaysAutoRebootAtScheduledTime |
 | Friendly Name | Always automatically restart at the scheduled time |
 | Element Name | work (minutes) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Legacy Policies |
 | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
 | ADMX File Name | WindowsUpdate.admx |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-GpMapping-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Examples-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-End -->
 <!-- AutoRestartDeadlinePeriodInDays-Begin -->
 ### AutoRestartDeadlinePeriodInDays
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@ -1,7 +1,7 @@
 ---
 title: UserRights Policy CSP
 description: Learn more about the UserRights Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- UserRights-Begin -->
 # Policy CSP - UserRights
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- UserRights-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 User rights are assigned for user accounts or groups. The name of the policy defines the user right in question, and the values are always users or groups. Values can be represented as Security Identifiers (SID) or strings. For more information, see [Well-known SID structures](/openspecs/windows_protocols/ms-dtyp/81d92bba-d22b-4a8c-908a-554ab29148ab).
@ -258,7 +256,7 @@ This user right allows a process to impersonate any user without authentication.
 <!-- AdjustMemoryQuotasForProcess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AdjustMemoryQuotasForProcess-Applicability-End -->
 <!-- AdjustMemoryQuotasForProcess-OmaUri-Begin -->
@ -359,7 +357,7 @@ This user right determines which users can log on to the computer.
 <!-- AllowLogOnThroughRemoteDesktop-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllowLogOnThroughRemoteDesktop-Applicability-End -->
 <!-- AllowLogOnThroughRemoteDesktop-OmaUri-Begin -->
@ -460,7 +458,7 @@ This user right determines which users can bypass file, directory, registry, and
 <!-- BypassTraverseChecking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- BypassTraverseChecking-Applicability-End -->
 <!-- BypassTraverseChecking-OmaUri-Begin -->
@ -567,7 +565,7 @@ This user right determines which users and groups can change the time and date o
 <!-- ChangeTimeZone-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ChangeTimeZone-Applicability-End -->
 <!-- ChangeTimeZone-OmaUri-Begin -->
@ -1027,7 +1025,7 @@ This security setting determines which service accounts are prevented from regis
 <!-- DenyLogOnAsBatchJob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DenyLogOnAsBatchJob-Applicability-End -->
 <!-- DenyLogOnAsBatchJob-OmaUri-Begin -->
@ -1076,7 +1074,7 @@ This security setting determines which accounts are prevented from being able to
 <!-- DenyLogOnAsService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DenyLogOnAsService-Applicability-End -->
 <!-- DenyLogOnAsService-OmaUri-Begin -->
@ -1336,7 +1334,7 @@ Assigning this user right to a user allows programs running on behalf of that us
 <!-- IncreaseProcessWorkingSet-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- IncreaseProcessWorkingSet-Applicability-End -->
 <!-- IncreaseProcessWorkingSet-OmaUri-Begin -->
@ -1543,7 +1541,7 @@ This user right determines which accounts can use a process to keep data in phys
 <!-- LogOnAsBatchJob-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- LogOnAsBatchJob-Applicability-End -->
 <!-- LogOnAsBatchJob-OmaUri-Begin -->
@ -1592,7 +1590,7 @@ This security setting allows a user to be logged-on by means of a batch-queue fa
 <!-- LogOnAsService-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- LogOnAsService-Applicability-End -->
 <!-- LogOnAsService-OmaUri-Begin -->
@ -1889,7 +1887,7 @@ This user right determines which users can use performance monitoring tools to m
 <!-- ProfileSystemPerformance-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ProfileSystemPerformance-Applicability-End -->
 <!-- ProfileSystemPerformance-OmaUri-Begin -->
@ -1987,7 +1985,7 @@ This user right determines which users are allowed to shut down a computer from
 <!-- ReplaceProcessLevelToken-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ReplaceProcessLevelToken-Applicability-End -->
 <!-- ReplaceProcessLevelToken-OmaUri-Begin -->
@ -2088,7 +2086,7 @@ This user right determines which users can bypass file, directory, registry, and
 <!-- ShutDownTheSystem-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- ShutDownTheSystem-Applicability-End -->
 <!-- ShutDownTheSystem-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-webthreatdefense.md
+++ b/windows/client-management/mdm/policy-csp-webthreatdefense.md
@ -1,7 +1,7 @@
 ---
 title: WebThreatDefense Policy CSP
 description: Learn more about the WebThreatDefense Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/31/2024
 <!-- WebThreatDefense-Begin -->
 # Policy CSP - WebThreatDefense
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- WebThreatDefense-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!NOTE]
@ -23,7 +21,7 @@ ms.date: 01/31/2024
 <!-- AutomaticDataCollection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AutomaticDataCollection-Applicability-End -->
 <!-- AutomaticDataCollection-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 09/11/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -21,7 +21,7 @@ ms.date: 09/11/2024
 <!-- DisableAIDataAnalysis-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- DisableAIDataAnalysis-Applicability-End -->
 <!-- DisableAIDataAnalysis-OmaUri-Begin -->
@ -31,14 +31,12 @@ ms.date: 09/11/2024
 <!-- DisableAIDataAnalysis-OmaUri-End -->
 <!-- DisableAIDataAnalysis-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
-This policy setting allows you to determine whether end users have the option to allow snapshots to be saved on their PCs.
+This policy setting allows you to control whether Windows saves snapshots of the screen and analyzes the user's activity on their device.
- If disabled, end users will have a choice to save snapshots of their screen on their PC and then use Recall to find things they've seen.
+- If you enable this policy setting, Windows won't be able to save snapshots and users won't be able to search for or browse through their historical device activity using Recall.
- If the policy is enabled, end users won't be able to save snapshots on their PC.
+- If you disable or don't configure this policy setting, Windows will save snapshots of the screen and users will be able to search for or browse through a timeline of their past activities using Recall.
 - If the policy isn't configured, end users may or may not be able to save snapshots on their PC-depending on other policy configurations.
 <!-- DisableAIDataAnalysis-Description-End -->
 <!-- DisableAIDataAnalysis-Editable-Begin -->
@ -70,7 +68,12 @@ This policy setting allows you to determine whether end users have the option to
 | Name | Value |
 |:--|:--|
 | Name | DisableAIDataAnalysis |
-| Path | WindowsAI > AT > WindowsComponents > WindowsAI |
+| Friendly Name | Turn off Saving Snapshots for Windows |
 | Location | User Configuration |
 | Path | Windows Components > Windows AI |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\WindowsAI |
 | Registry Value Name | DisableAIDataAnalysis |
 | ADMX File Name | WindowsCopilot.admx |
 <!-- DisableAIDataAnalysis-GpMapping-End -->
 <!-- DisableAIDataAnalysis-Examples-Begin -->
@ -203,6 +206,58 @@ This policy setting allows you to control whether Image Creator functionality is
 <!-- DisableImageCreator-End -->
 <!-- SetCopilotHardwareKey-Begin -->
 ## SetCopilotHardwareKey
 <!-- SetCopilotHardwareKey-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- SetCopilotHardwareKey-Applicability-End -->
 <!-- SetCopilotHardwareKey-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/Policy/Config/WindowsAI/SetCopilotHardwareKey
 ```
 <!-- SetCopilotHardwareKey-OmaUri-End -->
 <!-- SetCopilotHardwareKey-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting determines which app opens when the user presses the Copilot key on their keyboard.
 - If the policy is enabled, the specified app will open when the user presses the Copilot key. Users can change the key assignment in Settings.
 - If the policy isn't configured, Copilot will open if it's available in that country or region.
 <!-- SetCopilotHardwareKey-Description-End -->
 <!-- SetCopilotHardwareKey-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- SetCopilotHardwareKey-Editable-End -->
 <!-- SetCopilotHardwareKey-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- SetCopilotHardwareKey-DFProperties-End -->
 <!-- SetCopilotHardwareKey-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | SetCopilotHardwareKey |
 | Path | WindowsCopilot > AT > WindowsComponents > WindowsCopilot |
 <!-- SetCopilotHardwareKey-GpMapping-End -->
 <!-- SetCopilotHardwareKey-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- SetCopilotHardwareKey-Examples-End -->
 <!-- SetCopilotHardwareKey-End -->
 <!-- TurnOffWindowsCopilot-Begin -->
 ## TurnOffWindowsCopilot
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -1,7 +1,7 @@
 ---
 title: WindowsLogon Policy CSP
 description: Learn more about the WindowsLogon Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -380,11 +380,11 @@ This policy setting allows you to control whether users see the first sign-in an
 <!-- EnableMPRNotifications-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy controls the configuration under which winlogon sends MPR notifications in the system.
+This policy controls whether the user's password is included in the content of MPR notifications sent by winlogon in the system.
- If you enable this setting or don't configure it, winlogon sends MPR notifications if a credential manager is configured.
+- If you disable this setting or don't configure it, winlogon sends MPR notifications with empty password fields of the user's authentication info.
- If you disable this setting, winlogon doesn't send MPR notifications.
+- If you enable this setting, winlogon sends MPR notifications containing the user's password in the authentication info.
 <!-- EnableMPRNotifications-Description-End -->
 <!-- EnableMPRNotifications-Editable-Begin -->
@ -415,7 +415,7 @@ This policy controls the configuration under which winlogon sends MPR notificati
 | Name | Value |
 |:--|:--|
 | Name | EnableMPRNotifications |
-| Friendly Name | Enable MPR notifications for the system |
+| Friendly Name | Configure the transmission of the user's password in the content of MPR notifications sent by winlogon. |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Logon Options |
 | Registry Key Name | Software\Microsoft\Windows\CurrentVersion\Policies\System |
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@ -1,7 +1,7 @@
 ---
 title: WindowsSandbox Policy CSP
 description: Learn more about the WindowsSandbox Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 09/27/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- WindowsSandbox-Begin -->
 # Policy CSP - WindowsSandbox
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- WindowsSandbox-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- WindowsSandbox-Editable-End -->
@ -149,7 +147,7 @@ This policy setting enables or disables clipboard sharing with the sandbox.
 <!-- AllowMappedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllowMappedFolders-Applicability-End -->
 <!-- AllowMappedFolders-OmaUri-Begin -->
@ -159,8 +157,18 @@ This policy setting enables or disables clipboard sharing with the sandbox.
 <!-- AllowMappedFolders-OmaUri-End -->
 <!-- AllowMappedFolders-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
-Allow mapping folders into Windows Sandbox.
+This policy setting enables or disables mapping folders into sandbox.
 - If you enable this policy setting, mapping folders from the host into Sandbox will be permitted.
 - If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files.
 - If you disable this policy setting, mapping folders from the host into Sandbox won't be permitted.
 - If you don't configure this policy setting, mapped folders will be enabled.
 Note that there may be security implications of exposing folders from the host into the container.
 <!-- AllowMappedFolders-Description-End -->
 <!-- AllowMappedFolders-Editable-Begin -->
@ -184,7 +192,12 @@ Allow mapping folders into Windows Sandbox.
 | Name | Value |
 |:--|:--|
 | Name | AllowMappedFolders |
-| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat |
+| Friendly Name | Allow mapping folders into Windows Sandbox |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Sandbox |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
 | Registry Value Name | AllowMappedFolders |
 | ADMX File Name | WindowsSandbox.admx |
 <!-- AllowMappedFolders-GpMapping-End -->
 <!-- AllowMappedFolders-Examples-Begin -->
@ -457,7 +470,7 @@ Note that there may be security implications of exposing host video input to the
 <!-- AllowWriteToMappedFolders-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 24H2 [10.0.26100] and later |
 <!-- AllowWriteToMappedFolders-Applicability-End -->
 <!-- AllowWriteToMappedFolders-OmaUri-Begin -->
@ -467,8 +480,18 @@ Note that there may be security implications of exposing host video input to the
 <!-- AllowWriteToMappedFolders-OmaUri-End -->
 <!-- AllowWriteToMappedFolders-Description-Begin -->
-<!-- Description-Source-DDF -->
+<!-- Description-Source-ADMX -->
-Allow Sandbox to write to mapped folders.
+This policy setting enables or disables mapping folders into sandbox.
 - If you enable this policy setting, mapping folders from the host into Sandbox will be permitted.
 - If you enable this policy setting and disable write to mapped folders, mapping folders from the host into Sandbox will be permitted, but Sandbox will only have permission to read the files.
 - If you disable this policy setting, mapping folders from the host into Sandbox won't be permitted.
 - If you don't configure this policy setting, mapped folders will be enabled.
 Note that there may be security implications of exposing folders from the host into the container.
 <!-- AllowWriteToMappedFolders-Description-End -->
 <!-- AllowWriteToMappedFolders-Editable-Begin -->
@ -492,8 +515,13 @@ Allow Sandbox to write to mapped folders.
 | Name | Value |
 |:--|:--|
-| Name | AllowWriteToMappedFolders |
+| Name | AllowMappedFolders |
-| Path | WindowsSandbox > AT > WindowsComponents > WindowsSandboxCat |
+| Friendly Name | Allow mapping folders into Windows Sandbox |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Sandbox |
 | Registry Key Name | SOFTWARE\Policies\Microsoft\Windows\Sandbox |
 | Registry Value Name | AllowMappedFolders |
 | ADMX File Name | WindowsSandbox.admx |
 <!-- AllowWriteToMappedFolders-GpMapping-End -->
 <!-- AllowWriteToMappedFolders-Examples-Begin -->
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@ -48,12 +48,12 @@ items:
    - name: Protocol
      expanded: true
      items:
-        - name: Overview
+      - name: Overview
-          href: ../declared-configuration.md
+        href: ../declared-configuration.md
-        - name: Discovery
+      - name: Discovery
-          href: ../declared-configuration-discovery.md
+        href: ../declared-configuration-discovery.md
-        - name: Enrollment
+      - name: Enrollment
-          href: ../declared-configuration-enrollment.md
+        href: ../declared-configuration-enrollment.md
    - name: Extensibility
      href: ../declared-configuration-extensibility.md
    - name: Resource access
@ -387,7 +387,7 @@ items:
          href: policy-csp-authentication.md
        - name: Autoplay
          href: policy-csp-autoplay.md
-        - name: BitLocker
+        - name: Bitlocker
          href: policy-csp-bitlocker.md
        - name: BITS
          href: policy-csp-bits.md
@ -537,6 +537,8 @@ items:
          href: policy-csp-settingssync.md
        - name: SmartScreen
          href: policy-csp-smartscreen.md
        - name: SpeakForMe
          href: policy-csp-speakforme.md
        - name: Speech
          href: policy-csp-speech.md
        - name: Start