Merge pull request #5160 from MicrosoftDocs/master

Publish 05/07/2021, 10:30 AM

windows/client-management/includes/allow-adobe-flash-shortdesc.md

@@ -0,0 +1,12 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Adobe Flash is integrated with Microsoft Edge and runs Adobe Flash content by default. With this policy, you can configure Microsoft Edge to prevent Adobe Flash content from running.

windows/client-management/includes/allow-clearing-browsing-data-on-exit-shortdesc.md

@@ -0,0 +1,12 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not clear the browsing data on exit by default, but users can configure the _Clear browsing data_ option in Settings.  Browsing data includes information you entered in forms, passwords, and even the websites visited. With this policy, you can configure Microsoft Edge to clear the browsing data automatically each time Microsoft Edge closes.

windows/client-management/includes/allow-configuration-updates-for-books-library-shortdesc.md

@@ -0,0 +1,12 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge automatically updates the configuration data for the Books library. Disabling this policy prevents Microsoft Edge from updating the configuration data. If Microsoft receives feedback about the amount of data about the Books library, the data comes as a JSON file.

windows/client-management/includes/allow-cortana-shortdesc.md

@@ -0,0 +1,12 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Since Microsoft Edge is integration with Cortana, Microsoft Edge allows users to use Cortana voice assistant by default. With this policy, you can configure Microsoft Edge to prevent users from using Cortana but can still search to find items on their device.

windows/client-management/includes/allow-developer-tools-shortdesc.md

@@ -0,0 +1,12 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date: 10/02/2018
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to use the F12 developer tools to build and debug web pages by default. With this policy, you can configure Microsoft Edge to prevent users from using the F12 developer tools.

windows/client-management/includes/allow-extended-telemetry-for-books-tab-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, and depending on the device configuration, Microsoft Edge gathers basic diagnostic data about the books in the Books Library and sends it to Microsoft. Enabling this policy gathers and sends both basic and additional diagnostic data, such as usage data.

windows/client-management/includes/allow-extensions-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to add or personalize extensions in Microsoft Edge by default. With this policy, you can configure Microsoft to prevent users from adding or personalizing extensions.

windows/client-management/includes/allow-fullscreen-mode-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows fullscreen mode by default, which shows only the web content and hides the Microsoft Edge UI. When allowing fullscreen mode, users and extensions must have the proper permissions. Disabling this policy prevents fullscreen mode in Microsoft Edge. 

windows/client-management/includes/allow-inprivate-browsing-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows InPrivate browsing, and after closing all InPrivate tabs, Microsoft Edge deletes the browsing data from the device.  With this policy, you can configure Microsoft Edge to prevent InPrivate web browsing.

windows/client-management/includes/allow-microsoft-compatibility-list-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+During browser navigation, Microsoft Edge checks the Microsoft Compatibility List for websites with known compatibility issues. If found, users are prompted to use Internet Explorer, where the site loads and displays correctly. Periodically during browser navigation, Microsoft Edge downloads the latest version of the list and applies the updates.  With this policy, you can configure Microsoft Edge to ignore the compatibility list.  You can view the compatibility list at about:compat.

windows/client-management/includes/allow-prelaunch-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge pre-launches as a background process during Windows startup when the system is idle waiting to be launched by the user.  Pre-launching helps the performance of Microsoft Edge and minimizes the amount of time required to start Microsoft Edge. You can also configure Microsoft Edge to prevent from pre-launching.

windows/client-management/includes/allow-printing-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to print web content by default. With this policy, you can configure Microsoft Edge to prevent users from printing web content. 

windows/client-management/includes/allow-saving-history-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge saves the browsing history of visited websites and shows them in the History pane by default. Disabling this policy prevents Microsoft Edge from saving the browsing history. If browsing history existed before disabling this policy, the previous browsing history remains in the History pane.  Disabling this policy does not stop roaming of existing browsing history or browsing history from other devices.

windows/client-management/includes/allow-search-engine-customization-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can add new search engines or change the default search engine, in Settings. With this policy, you can prevent users from customizing the search engine in Microsoft Edge. 

windows/client-management/includes/allow-sideloading-of-extensions-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows sideloading, which installs and runs unverified extensions.  Disabling this policy prevents sideloading of extensions but does not prevent sideloading using Add-AppxPackage via PowerShell.  You can only install extensions through Microsoft store (including a store for business), enterprise storefront (such as Company Portal) or PowerShell (using Add-AppxPackage).  

windows/client-management/includes/allow-tab-preloading-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows preloading of the Start and New Tab pages during Windows sign in, and each time Microsoft Edge closes by default. Preloading minimizes the amount of time required to start Microsoft Edge and load a new tab.  With this policy, you can configure Microsoft Edge to prevent preloading of tabs. 

windows/client-management/includes/allow-web-content-on-new-tab-page-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  11/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the default New Tab page and lets the users make changes. If you disable this policy, a blank page loads instead of the New Tab page and prevents users from changing it. 

windows/client-management/includes/allow-windows-app-to-share-data-users-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+With this policy, you can configure Windows 10 to share application data among multiple users on the system and with other instances of that app. Data shared through the SharedLocal folder is available through the Windows.Storage API. If you previously enabled this policy and now want to disable it, any shared app data remains in the SharedLocal folder.

windows/client-management/includes/always-show-books-library-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the Books Library only in countries or regions where supported. With this policy, you can configure Microsoft Edge to show the Books Library regardless of the device’s country or region.

windows/client-management/includes/configure-additional-search-engines-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users cannot add, remove, or change any of the search engines in Microsoft Edge, but they can set a default search engine. You can set the default search engine using the Set default search engine policy. However, with this policy, you can configure up to five additional search engines and set any one of them as the default. If you previously enabled this policy and now want to disable it, disabling deletes all configured search engines.

windows/client-management/includes/configure-adobe-flash-click-to-run-setting-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge supports Adobe Flash as a built-in feature rather than as an external add-on and updates automatically via Windows Update. By default, Microsoft Edge prevents Adobe Flash content from loading automatically, requiring action from the user, for example, clicking the **Click-to-Run** button.  Depending on how often the content loads and runs, the sites for the content gets added to the auto-allowed list. Disable this policy if you want Adobe Flash content to load automatically.

windows/client-management/includes/configure-autofill-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to use the Autofill feature to populate the form fields automatically. With this policy, you can configure Microsoft Edge, when enabled to use Autofill or, when disabled to prevent using Autofill.

windows/client-management/includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not send browsing history data to Microsoft 365 Analytics by default.  With this policy though, you can configure Microsoft Edge to send intranet history only, internet history only, or both to Microsoft 365 Analytics for enterprise devices with a configured Commercial ID.

windows/client-management/includes/configure-cookies-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows all cookies from all websites by default.  With this policy, you can configure Microsoft to block only 3rd-party cookies or block all cookies. 

windows/client-management/includes/configure-do-not-track-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not send ‘Do Not Track’ requests to websites asking for tracking information, but users can choose to send tracking information to sites they visit. With this policy, you can configure Microsoft Edge to send or never send tracking information.

windows/client-management/includes/configure-enterprise-mode-site-list-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology.  If you have sites or apps that use this technology, you can configure Microsoft Edge to check the Enterprise Mode Site List XML file that lists the sites and domains with compatibility issues and switch to IE11 automatically. You can use the same site list for both Microsoft Edge and IE11, or you can use separate lists. By default, Microsoft Edge ignores the Enterprise Mode and the Enterprise Mode Site List XML file. In this case, users might experience problems while using legacy apps. These sites and domains must be viewed using Internet Explorer 11 and Enterprise Mode. 

windows/client-management/includes/configure-favorites-bar-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge hides the favorites bar by default but shows it on the Start and New Tab pages. Also, by default, the Favorites Bar toggle, in Settings, is set to Off but enabled letting users make changes. With this policy, you can configure Microsoft Edge to either show or hide the Favorites Bar on all pages.

windows/client-management/includes/configure-favorites-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Discontinued in Windows 10, version 1809.  Use the **[Provision Favorites](../available-policies.md#provision-favorites)** policy instead. 

windows/client-management/includes/configure-home-button-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge shows the home button and by clicking it the Start page loads by default. With this policy, you can configure the home button to load the New Tab page or a URL defined in the Set Home Button URL policy. You can also configure Microsoft Edge to hide the home button. 

windows/client-management/includes/configure-kiosk-mode-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Configure how Microsoft Edge behaves when it’s running in kiosk mode with assigned access, either as a single-app or as one of many apps running on the kiosk device. You can control whether Microsoft Edge runs InPrivate full screen, InPrivate multi-tab with a tailored experience for kiosks, or normal browsing in Microsoft Edge.

windows/client-management/includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+You can configure Microsoft Edge kiosk mode to reset to the configured start experience after a specified amount of idle time in minutes (0-1440). The reset timer begins after the last user interaction. Once the idle time meets the time specified, a confirmation message prompts the user to continue, and if no user action, Microsoft Edge kiosk mode resets after 30 seconds. Resetting to the configured start experience deletes the current user’s browsing data.

windows/client-management/includes/configure-open-microsoft-edge-with-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads a specific page or pages defined in the Configure Start Pages policy and allow users to make changes. With this policy, you can configure Microsoft Edge to load either the Start page, New Tab page, previously opened pages. You can also configure Microsoft Edge to prevent users from changing or customizing the Start page. For this policy to work correctly, you must also configure the Configure Start Pages. If you want to prevent users from making changes, don’t configure the Disable Lockdown of Start Pages policy.

windows/client-management/includes/configure-password-manager-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses Password Manager automatically, allowing users to manager passwords locally. Disabling this policy restricts Microsoft Edge from using Password Manager. Don’t configure this policy if you want to let users choose to save and manage passwords locally using Password Manager. 

windows/client-management/includes/configure-pop-up-blocker-shortdesc.md

@@ -0,0 +1,12 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns off Pop-up Blocker, which opens pop-up windows. Enabling this policy turns on Pop-up Blocker preventing pop-up windows from opening. If you want users to choose to use Pop-up Blocker, don’t configure this policy. 
+

windows/client-management/includes/configure-search-suggestions-in-address-bar-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can choose to see search suggestions in the Address bar of Microsoft Edge.  Disabling this policy hides the search suggestions and enabling this policy shows the search suggestions.

windows/client-management/includes/configure-start-pages-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge loads the pages specified in App settings as the default Start pages.  With this policy, you can configure one or more Start pages when you enable this policy and enable the Configure Open Microsoft Edge With policy. Once you set the Start pages, either in this policy or Configure Open Microsoft Edge With policy, users cannot make changes. 

windows/client-management/includes/configure-windows-defender-smartscreen-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge uses Windows Defender SmartScreen (turned on) to protect users from potential phishing scams and malicious software by default.  Also, by default, users cannot disable (turn off) Windows Defender SmartScreen. Enabling this policy turns on Windows Defender SmartScreen and prevent users from turning it off.  Don’t configure this policy to let users choose to turn Windows defender SmartScreen on or off. 

windows/client-management/includes/disable-lockdown-of-start-pages-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the Start pages configured in either the Configure Start Pages policy or Configure Open Microsoft Edge policies cannot be changed and remain locked down. Enabling this policy unlocks the Start pages, and lets users make changes to either all configured Start page or any Start page configured with the Configure Start pages policy.

windows/client-management/includes/do-not-sync-browser-settings-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between user’s devices and allowing users to choose to make changes.  The “browser” group uses the _Sync your Settings_ option in Settings to sync information like history and favorites. Enabling this policy prevents the “browser” group from using the Sync your Settings option.  If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option.

windows/client-management/includes/do-not-sync-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge turns on the _Sync your settings_ toggle in **Settings > Device sync settings** letting users choose what to sync on their devices. Enabling this policy turns off and disables the _Sync your settings_ toggle preventing the syncing of user’s settings between their devices. If you want syncing turned off by default in Microsoft Edge but not disabled, enable this policy and select the _Allow users to turn syncing on_ option. 

windows/client-management/includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge does not sync the user’s favorites between IE and Microsoft Edge.  Enabling this policy syncs favorites between Internet Explorer and Microsoft Edge. Changes to favorites in one browser reflect in the other, including additions, deletions, modifications, and ordering of favorites. 

windows/client-management/includes/microsoft-browser-extension-policy-shortdesc.md

@@ -0,0 +1,13 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  04/23/2020
+ms.reviewer: 
+audience: itpro
+manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+[Microsoft browser extension policy](/legal/microsoft-edge/microsoft-browser-extension-policy):
+This article describes the supported mechanisms for extending or modifying the behavior or user experience of Microsoft Edge and Internet Explorer, or the content these browsers display. Techniques that aren't explicitly listed in this article are considered to be **unsupported**.

windows/client-management/includes/prevent-access-to-about-flags-page-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can access the about:flags page in Microsoft Edge, which is used to change developer settings and enable experimental features. Enabling this policy prevents users from accessing the about:flags page.

windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious files, allowing them to continue downloading the unverified file(s). Enabling this policy prevents users from bypassing the warnings, blocking them from downloading of the unverified file(s).

windows/client-management/includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge allows users to bypass (ignore) the Windows Defender SmartScreen warnings about potentially malicious sites, allowing them to continue to the site. With this policy though, you can configure Microsoft Edge to prevent users from bypassing the warnings, blocking them from continuing to the site.

windows/client-management/includes/prevent-certificate-error-overrides-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge, by default, allows overriding of the security warnings to sites that have SSL errors, bypassing or ignoring certificate errors. Enabling this policy prevents overriding of the security warnings.

windows/client-management/includes/prevent-changes-to-favorites-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can add, import, and make changes to the Favorites list in Microsoft Edge. Enabling this policy locks down the Favorites list in Microsoft Edge, preventing users from making changes. When enabled, Microsoft Edge turns off the Save a Favorite, Import settings, and context menu items, such as Create a new folder. Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.

windows/client-management/includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge collects the Live Tile metadata and sends it to Microsoft to help provide users a complete experience when they pin Live Tiles to the Start menu. However, with this policy, you can configure Microsoft Edge to prevent Microsoft from collecting Live Tile metadata, providing users with a limited experience.

windows/client-management/includes/prevent-first-run-webpage-from-opening-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when launching Microsoft Edge for the first time, the First Run webpage (a welcome page) hosted on Microsoft.com loads automatically via an FWLINK. The welcome page lists the new features and helpful tips of Microsoft Edge. With this policy, you can configure Microsoft Edge to prevent loading the welcome page on first explicit user-launch.

windows/client-management/includes/prevent-turning-off-required-extensions-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge allows users to uninstall extensions by default. Enabling this policy prevents users from uninstalling extensions but lets them configure options for extensions defined in this policy, such as allowing InPrivate browsing. Any additional permissions requested by future updates of the extension gets granted automatically. If you enabled this policy and now you want to disable it, the list of extension package family names (PFNs) defined in this policy get ignored after disabling this policy.

windows/client-management/includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, the “browser” group syncs automatically between the user’s devices, letting users make changes. With this policy, though, you can prevent the “browser” group from syncing and prevent users from turning on the _Sync your Settings_ toggle in Settings. If you want syncing turned off by default but not disabled, select the _Allow users to turn “browser” syncing_ option in the Do not sync browser policy. For this policy to work correctly, you must enable the Do not sync browser policy.

windows/client-management/includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows localhost IP address while making calls using the WebRTC protocol. Enabling this policy hides the localhost IP addresses. 

windows/client-management/includes/provision-favorites-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, users can customize the Favorites list in Microsoft Edge. With this policy though, you provision a standard list of favorites, which can include folders, to appear in the Favorites list in addition to the user’s favorites. Edge. Once you provision the Favorites list, users cannot customize it, such as adding folders for organizing, and adding or removing any of the favorites configured. 

windows/client-management/includes/search-provider-discovery-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge follows the OpenSearch 1.1 specification to discover and use web search providers. When a user browses to a search service, the OpenSearch description is picked up and saved for later use. Users can then choose to add the search service to use in the Microsoft Edge address bar.

windows/client-management/includes/send-all-intranet-sites-to-ie-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, all websites, including intranet sites, open in Microsoft Edge automatically.  Only enable this policy if there are known compatibility problems with Microsoft Edge.  Enabling this policy loads only intranet sites in Internet Explorer 11 automatically.

windows/client-management/includes/set-default-search-engine-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge uses the search engine specified in App settings, letting users make changes at any time unless the Allow search engine customization policy is disabled, which restricts users from making changes. With this policy, you can either remove or use the policy-set search engine. When you remove the policy-set search engine, Microsoft Edge uses the specified search engine for the market, which lets users make changes to the default search engine. You can use the policy-set search engine specified in the OpenSearch XML, which prevents users from making changes.

windows/client-management/includes/set-home-button-url-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, Microsoft Edge shows the home button and loads the Start page, and locks down the home button to prevent users from changing what page loads. Enabling this policy loads a custom URL for the home button. When you enable this policy, and enable the Configure Home Button policy with the _Show home button & set a specific page_ option selected, a custom URL loads when the user clicks the home button.

windows/client-management/includes/set-new-tab-url-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+Microsoft Edge loads the default New Tab page by default. Enabling this policy lets you set a New Tab page URL in Microsoft Edge, preventing users from changing it.  When you enable this policy, and you disable the Allow web content on New Tab page policy, Microsoft Edge ignores any URL specified in this policy and opens about:blank. 

windows/client-management/includes/show-message-when-opening-sites-in-ie-shortdesc.md

@@ -0,0 +1,10 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+Microsoft Edge does not show a notification before opening sites in Internet Explorer 11. However, with this policy, you can configure Microsoft Edge to display a notification before a site opens in IE11 or let users continue in Microsoft Edge.  If you want users to continue in Microsoft Edge, enable this policy to show the _Keep going in Microsoft Edge_ link in the notification. For this policy to work correctly, you must also enable the Configure the Enterprise Mode Site List or Send all intranet sites to Internet Explorer 11, or both.

windows/client-management/includes/unlock-home-button-shortdesc.md

@@ -0,0 +1,11 @@
+---
+author: dansimp
+ms.author: dansimp
+ms.date:  10/02/2018
+ms.reviewer: 
+audience: itpro
manager: dansimp
+ms.prod: edge
+ms.topic: include
+---
+
+By default, when you enable the Configure Home Button policy or provide a URL in the Set Home Button URL policy, Microsoft Edge locks down the home button to prevent users from changing the settings.  When you enable this policy, users can make changes to the home button even if you enabled the Configure Home Button or Set Home Button URL policies. 

windows/client-management/mdm/device-update-management.md

@@ -69,7 +69,8 @@ Some important highlights:
 -   The protocol allows the MDM to sync update metadata for a particular update by calling GetUpdateData. For more information, see [GetUpdateData](/openspecs/windows_protocols/ms-wsusss/c28ad30c-fa3f-4bc6-a747-788391d2d964) in MSDN. The LocURI to get the applicable updates with their revision Numbers is `<LocURI>./Vendor/MSFT/Update/InstallableUpdates?list=StructData</LocURI>`. Because not all updates are available via S2S sync, make sure you handle SOAP errors.
 -   For mobile devices, you can either sync metadata for a particular update by calling GetUpdateData, or for a local on-premises solution, you can use WSUS and manually import the mobile updates from the Microsoft Update Catalog site. For more information, see [Process flow diagram and screenshots of server sync process](#process-flow-diagram-and-screenshots-of-server-sync-process).
 
-> **Note**  On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, etc). Each time such a change is made that doesn’t affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number).
+> [!NOTE]
+> On Microsoft Update, metadata for a given update gets modified over time (updating descriptive information, fixing bugs in applicability rules, localization changes, etc). Each time such a change is made that doesn’t affect the update itself, a new update revision is created. The identity of an update revision is a compound key containing both an UpdateID (GUID) and a RevisionNumber (int). The MDM should not expose the notion of an update revision to IT. Instead, for each UpdateID (GUID) the MDM should just keep the metadata for the later revision of that update (the one with the highest revision number).
 
 
 ## <a href="" id="examplesofupdatestructure"></a>Examples of update metadata XML structure and element descriptions

windows/client-management/mdm/networkqospolicy-csp.md

@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: manikadhiman
-ms.date: 06/26/2017
+ms.date: 04/22/2021
 ms.reviewer: 
 manager: dansimp
 ---
@@ -25,7 +25,11 @@ The following actions are supported:
 - Layer 3 tagging using a differentiated services code point (DSCP) value
 
 > [!NOTE]
-> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on Azure AD Hybrid joined devices and for devices using GPO and CSP at the same time. The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004.
+> The NetworkQoSPolicy configuration service provider is officially supported for devices that are Intune managed and Azure AD joined. Currently, this CSP is not supported on the following devices:
+> - Azure AD Hybrid joined devices.
+> - Devices that use both GPO and CSP at the same time.
+> 
+> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Window 10, version 2004.
 
 The following shows the NetworkQoSPolicy configuration service provider in tree format.
 ```

windows/client-management/mdm/policy-csp-applicationmanagement.md

@@ -390,7 +390,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [allow-windows-app-to-share-data-users-shortdesc](../../../browsers/edge/shortdesc/allow-windows-app-to-share-data-users-shortdesc.md)]
+[!INCLUDE [allow-windows-app-to-share-data-users-shortdesc](../includes/allow-windows-app-to-share-data-users-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->

windows/client-management/mdm/policy-csp-browser.md

@@ -312,7 +312,7 @@ Most restricted value: 0
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-autofill-shortdesc](../../../browsers/edge/shortdesc/configure-autofill-shortdesc.md)]
+[!INCLUDE [configure-autofill-shortdesc](../includes/configure-autofill-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -391,7 +391,7 @@ To verify AllowAutofill is set to 0 (not allowed):
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../../../browsers/edge/shortdesc/allow-configuration-updates-for-books-library-shortdesc.md)]
+[!INCLUDE [allow-configuration-updates-for-books-library-shortdesc](../includes/allow-configuration-updates-for-books-library-shortdesc.md)]
 
 
 <!--/Description-->
@@ -459,7 +459,7 @@ Supported values:
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [configure-cookies-shortdesc](../../../browsers/edge/shortdesc/configure-cookies-shortdesc.md)]
+[!INCLUDE [configure-cookies-shortdesc](../includes/configure-cookies-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -541,7 +541,7 @@ To verify AllowCookies is set to 0 (not allowed):
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-[!INCLUDE [allow-developer-tools-shortdesc](../../../browsers/edge/shortdesc/allow-developer-tools-shortdesc.md)]
+[!INCLUDE [allow-developer-tools-shortdesc](../includes/allow-developer-tools-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -609,7 +609,7 @@ Most restricted value: 0
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [configure-do-not-track-shortdesc](../../../browsers/edge/shortdesc/configure-do-not-track-shortdesc.md)]
+[!INCLUDE [configure-do-not-track-shortdesc](../includes/configure-do-not-track-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -689,7 +689,7 @@ To verify AllowDoNotTrack is set to 0 (not allowed):
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1607* 
 
-[!INCLUDE [allow-extensions-shortdesc](../../../browsers/edge/shortdesc/allow-extensions-shortdesc.md)]
+[!INCLUDE [allow-extensions-shortdesc](../includes/allow-extensions-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -758,7 +758,7 @@ Supported values:
 <!--Description-->
 
 
-[!INCLUDE [allow-adobe-flash-shortdesc](../../../browsers/edge/shortdesc/allow-adobe-flash-shortdesc.md)]
+[!INCLUDE [allow-adobe-flash-shortdesc](../includes/allow-adobe-flash-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -828,7 +828,7 @@ Supported values:
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later*  
 
 
-[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../../../browsers/edge/shortdesc/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
+[!INCLUDE [configure-adobe-flash-click-to-run-setting-shortdesc](../includes/configure-adobe-flash-click-to-run-setting-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -899,7 +899,7 @@ Most restricted value: 1
 <!--Description-->
 
 
-[!INCLUDE [allow-fullscreen-mode-shortdesc](../../../browsers/edge/shortdesc/allow-fullscreen-mode-shortdesc.md)]
+[!INCLUDE [allow-fullscreen-mode-shortdesc](../includes/allow-fullscreen-mode-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -974,7 +974,7 @@ Most restricted value: 0
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [allow-inprivate-browsing-shortdesc](../../../browsers/edge/shortdesc/allow-inprivate-browsing-shortdesc.md)]
+[!INCLUDE [allow-inprivate-browsing-shortdesc](../includes/allow-inprivate-browsing-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1046,7 +1046,7 @@ Most restricted value:  0
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* 
 
 
-[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../../../browsers/edge/shortdesc/allow-microsoft-compatibility-list-shortdesc.md)]
+[!INCLUDE [allow-microsoft-compatibility-list-shortdesc](../includes/allow-microsoft-compatibility-list-shortdesc.md)]
 
 
 <!--/Description-->
@@ -1116,7 +1116,7 @@ Most restricted value:  0
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [configure-password-manager-shortdesc](../../../browsers/edge/shortdesc/configure-password-manager-shortdesc.md)]
+[!INCLUDE [configure-password-manager-shortdesc](../includes/configure-password-manager-shortdesc.md)]
 
 
 <!--/Description-->
@@ -1195,7 +1195,7 @@ To verify AllowPasswordManager is set to 0 (not allowed):
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-pop-up-blocker-shortdesc](../../../browsers/edge/shortdesc/configure-pop-up-blocker-shortdesc.md)]
+[!INCLUDE [configure-pop-up-blocker-shortdesc](../includes/configure-pop-up-blocker-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1275,7 +1275,7 @@ To verify AllowPopups is set to 0 (not allowed):
 
 
 
-[!INCLUDE [allow-prelaunch-shortdesc](../../../browsers/edge/shortdesc/allow-prelaunch-shortdesc.md)]
+[!INCLUDE [allow-prelaunch-shortdesc](../includes/allow-prelaunch-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1352,7 +1352,7 @@ Most restricted value: 0
 <!--Description-->
 
 
-[!INCLUDE [allow-printing-shortdesc](../../../browsers/edge/shortdesc/allow-printing-shortdesc.md)]
+[!INCLUDE [allow-printing-shortdesc](../includes/allow-printing-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1429,7 +1429,7 @@ Most restricted value: 0
 <!--Description-->
 
 
-[!INCLUDE [allow-saving-history-shortdesc](../../../browsers/edge/shortdesc/allow-saving-history-shortdesc.md)]
+[!INCLUDE [allow-saving-history-shortdesc](../includes/allow-saving-history-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1508,7 +1508,7 @@ Most restricted value: 0
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* 
 
 
-[!INCLUDE [allow-search-engine-customization-shortdesc](../../../browsers/edge/shortdesc/allow-search-engine-customization-shortdesc.md)]
+[!INCLUDE [allow-search-engine-customization-shortdesc](../includes/allow-search-engine-customization-shortdesc.md)]
 
 
 
@@ -1579,7 +1579,7 @@ Most restricted value: 0
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../../../browsers/edge/shortdesc/configure-search-suggestions-in-address-bar-shortdesc.md)]
+[!INCLUDE [configure-search-suggestions-in-address-bar-shortdesc](../includes/configure-search-suggestions-in-address-bar-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1651,7 +1651,7 @@ Most restricted value: 0
 <!--Description-->
 
 
-[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../../../browsers/edge/shortdesc/allow-sideloading-of-extensions-shortdesc.md)]
+[!INCLUDE [allow-sideloading-of-extensions-shortdesc](../includes/allow-sideloading-of-extensions-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1726,7 +1726,7 @@ Most restricted value: 0
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../../../browsers/edge/shortdesc/configure-windows-defender-smartscreen-shortdesc.md)]
+[!INCLUDE [configure-windows-defender-smartscreen-shortdesc](../includes/configure-windows-defender-smartscreen-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1805,7 +1805,7 @@ To verify AllowSmartScreen is set to 0 (not allowed):
 <!--Description-->
 
 
-[!INCLUDE [allow-tab-preloading-shortdesc](../../../browsers/edge/shortdesc/allow-tab-preloading-shortdesc.md)]
+[!INCLUDE [allow-tab-preloading-shortdesc](../includes/allow-tab-preloading-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1881,7 +1881,7 @@ Most restricted value: 1
 <!--Description-->
 
 
-[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../../../browsers/edge/shortdesc/allow-web-content-on-new-tab-page-shortdesc.md)]
+[!INCLUDE [allow-web-content-on-new-tab-page-shortdesc](../includes/allow-web-content-on-new-tab-page-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -1956,7 +1956,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [always-show-books-library-shortdesc](../../../browsers/edge/shortdesc/always-show-books-library-shortdesc.md)]
+[!INCLUDE [always-show-books-library-shortdesc](../includes/always-show-books-library-shortdesc.md)]
 
 
 
@@ -2029,7 +2029,7 @@ Most restricted value: 0
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* 
 
-[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../../../browsers/edge/shortdesc/allow-clearing-browsing-data-on-exit-shortdesc.md)]
+[!INCLUDE [allow-clearing-browsing-data-on-exit-shortdesc](../includes/allow-clearing-browsing-data-on-exit-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2109,7 +2109,7 @@ To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* 
 
-[!INCLUDE [configure-additional-search-engines-shortdesc](../../../browsers/edge/shortdesc/configure-additional-search-engines-shortdesc.md)]
+[!INCLUDE [configure-additional-search-engines-shortdesc](../includes/configure-additional-search-engines-shortdesc.md)]
 
 > [!IMPORTANT]
 > Due to Protected Settings (aka.ms/browserpolicy), this setting applies only on domain-joined machines or when the device is MDM-enrolled. 
@@ -2184,7 +2184,7 @@ Most restricted value: 0
 <!--Description-->
 
 
-[!INCLUDE [configure-favorites-bar-shortdesc](../../../browsers/edge/shortdesc/configure-favorites-bar-shortdesc.md)]
+[!INCLUDE [configure-favorites-bar-shortdesc](../includes/configure-favorites-bar-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2260,7 +2260,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-home-button-shortdesc](../../../browsers/edge/shortdesc/configure-home-button-shortdesc.md)]
+[!INCLUDE [configure-home-button-shortdesc](../includes/configure-home-button-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2341,7 +2341,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-kiosk-mode-shortdesc](../../../browsers/edge/shortdesc/configure-kiosk-mode-shortdesc.md)]
+[!INCLUDE [configure-kiosk-mode-shortdesc](../includes/configure-kiosk-mode-shortdesc.md)]
 
 For this policy to work, you must configure Microsoft Edge in assigned access; otherwise, Microsoft Edge ignores the settings in this policy. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](/windows/configuration/kiosk-shared-pc).
 
@@ -2426,7 +2426,7 @@ Supported values:
 <!--Description-->
 
 
-[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../../../browsers/edge/shortdesc/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
+[!INCLUDE [configure-kiosk-reset-after-idle-timeout-shortdesc](../includes/configure-kiosk-reset-after-idle-timeout-shortdesc.md)]
 
 You must set ConfigureKioskMode to enabled (1 - InPrivate public browsing) and configure Microsoft Edge as a single-app in assigned access for this policy to take effect; otherwise, Microsoft Edge ignores this setting. To learn more about assigned access and kiosk configuration, see [Configure kiosk and shared devices running Windows desktop editions](/windows/configuration/kiosk-shared-pc).
 
@@ -2504,7 +2504,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../../../browsers/edge/shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../includes/configure-open-microsoft-edge-with-shortdesc.md)]
 
 **Version 1703 or later**:<br>
 If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
@@ -2593,7 +2593,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../../../browsers/edge/shortdesc/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
+[!INCLUDE [configure-browser-telemetry-for-m365-analytics-shortdesc](../includes/configure-browser-telemetry-for-m365-analytics-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2672,7 +2672,7 @@ Most restricted value: 0
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10*  
 
-[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../../../browsers/edge/shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+[!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../includes/disable-lockdown-of-start-pages-shortdesc.md)]
   
 > [!NOTE]
 > This policy has no effect when the Browser/HomePages policy is not configured. 
@@ -2747,7 +2747,7 @@ Most restricted value: 0
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../../../browsers/edge/shortdesc/allow-extended-telemetry-for-books-tab-shortdesc.md)]
+[!INCLUDE [allow-extended-telemetry-for-books-tab-shortdesc](../includes/allow-extended-telemetry-for-books-tab-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -2816,7 +2816,7 @@ Most restricted value: 0
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../../../browsers/edge/shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
+[!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../includes/configure-enterprise-mode-site-list-shortdesc.md)]
 
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@@ -2947,7 +2947,7 @@ Supported values:
 > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
 
 
-[!INCLUDE [configure-start-pages-shortdesc](../../../browsers/edge/shortdesc/configure-start-pages-shortdesc.md)]
+[!INCLUDE [configure-start-pages-shortdesc](../includes/configure-start-pages-shortdesc.md)]
 
 **Version 1607**<br>
 Starting with this version, the HomePages policy enforces that users cannot change the Start pages settings.
@@ -3030,7 +3030,7 @@ Supported values:
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1709* 
 
-[!INCLUDE [prevent-changes-to-favorites-shortdesc](../../../browsers/edge/shortdesc/prevent-changes-to-favorites-shortdesc.md)]
+[!INCLUDE [prevent-changes-to-favorites-shortdesc](../includes/prevent-changes-to-favorites-shortdesc.md)]
 
 
 <!--/Description-->
@@ -3100,7 +3100,7 @@ Most restricted value: 1
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../../../browsers/edge/shortdesc/prevent-access-to-about-flags-page-shortdesc.md)]
+[!INCLUDE [prevent-access-to-about-flags-page-shortdesc](../includes/prevent-access-to-about-flags-page-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3169,7 +3169,7 @@ Most restricted value: 1
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../../../browsers/edge/shortdesc/prevent-certificate-error-overrides-shortdesc.md)]
+[!INCLUDE [prevent-certificate-error-overrides-shortdesc](../includes/prevent-certificate-error-overrides-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3245,7 +3245,7 @@ Most restricted value: 1
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703* 
 
-[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../../../browsers/edge/shortdesc/prevent-first-run-webpage-from-opening-shortdesc.md)]
+[!INCLUDE [prevent-first-run-webpage-from-opening-shortdesc](../includes/prevent-first-run-webpage-from-opening-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3315,7 +3315,7 @@ Most restricted value: 1
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* 
 
-[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../../../browsers/edge/shortdesc/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
+[!INCLUDE [prevent-edge-from-gathering-live-tile-info-shortdesc](../includes/prevent-edge-from-gathering-live-tile-info-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3383,7 +3383,7 @@ Most restricted value: 1
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../../../browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
+[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-sites-shortdesc](../includes/prevent-bypassing-windows-defender-prompts-for-sites-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3452,7 +3452,7 @@ Most restricted value: 1
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../../../browsers/edge/shortdesc/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
+[!INCLUDE [prevent-bypassing-windows-defender-prompts-for-files-shortdesc](../includes/prevent-bypassing-windows-defender-prompts-for-files-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3520,7 +3520,7 @@ Most restricted value: 1
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../../../browsers/edge/shortdesc/prevent-turning-off-required-extensions-shortdesc.md)]
+[!INCLUDE [prevent-turning-off-required-extensions-shortdesc](../includes/prevent-turning-off-required-extensions-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3598,7 +3598,7 @@ Supported values:
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
 
-[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../../../browsers/edge/shortdesc/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
+[!INCLUDE [prevent-using-localhost-ip-address-for-webrtc-shortdesc](../includes/prevent-using-localhost-ip-address-for-webrtc-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3668,7 +3668,7 @@ Most restricted value: 1
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1709 or later* 
 
-[!INCLUDE [provision-favorites-shortdesc](../../../browsers/edge/shortdesc/provision-favorites-shortdesc.md)]
+[!INCLUDE [provision-favorites-shortdesc](../includes/provision-favorites-shortdesc.md)]
  
 
 Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.
@@ -3745,7 +3745,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../../../browsers/edge/shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
+[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../includes/send-all-intranet-sites-to-ie-shortdesc.md)]
 
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@@ -3820,7 +3820,7 @@ Most restricted value: 0
 <!--Description-->
 >*Supported versions: Microsoft Edge on Windows 10, version 1703*  
 
-[!INCLUDE [set-default-search-engine-shortdesc](../../../browsers/edge/shortdesc/set-default-search-engine-shortdesc.md)]
+[!INCLUDE [set-default-search-engine-shortdesc](../includes/set-default-search-engine-shortdesc.md)]
 
 > [!IMPORTANT]
 > This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the [Microsoft browser extension policy](/legal/windows/agreements/microsoft-browser-extension-policy).
@@ -3897,7 +3897,7 @@ Most restricted value: 1
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [set-home-button-url-shortdesc](../../../browsers/edge/shortdesc/set-home-button-url-shortdesc.md)]
+[!INCLUDE [set-home-button-url-shortdesc](../includes/set-home-button-url-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -3972,7 +3972,7 @@ Supported values:
 <!--/Scope-->
 <!--Description-->
 
-[!INCLUDE [set-new-tab-url-shortdesc](../../../browsers/edge/shortdesc/set-new-tab-url-shortdesc.md)]
+[!INCLUDE [set-new-tab-url-shortdesc](../includes/set-new-tab-url-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -4045,7 +4045,7 @@ Supported values:
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../../../browsers/edge/shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+[!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../includes/show-message-when-opening-sites-in-ie-shortdesc.md)]
 
 
 > [!NOTE]
@@ -4189,7 +4189,7 @@ Supported values:
 >*Supported versions: Microsoft Edge on Windows 10, version 1703 or later* 
  
 
-[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../../../browsers/edge/shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
+[!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../includes/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
 
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.  
@@ -4271,7 +4271,7 @@ To verify that favorites are in synchronized between Internet Explorer and Micro
 <!--Description-->
 
 
-[!INCLUDE [unlock-home-button-shortdesc](../../../browsers/edge/shortdesc/unlock-home-button-shortdesc.md)]
+[!INCLUDE [unlock-home-button-shortdesc](../includes/unlock-home-button-shortdesc.md)]
 
 <!--/Description-->
 <!--ADMXMapped-->

windows/client-management/mdm/policy-csp-experience.md

@@ -1403,7 +1403,7 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [do-not-sync-browser-settings-shortdesc](../../../browsers/edge/shortdesc/do-not-sync-browser-settings-shortdesc.md)]
+[!INCLUDE [do-not-sync-browser-settings-shortdesc](../includes/do-not-sync-browser-settings-shortdesc.md)]
 
 Related policy:
    [PreventUsersFromTurningOnBrowserSyncing](#experience-preventusersfromturningonbrowsersyncing)
@@ -1497,7 +1497,7 @@ _**Turn syncing off by default but don’t disable**_
 
 <!--/Scope-->
 <!--Description-->
-[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../../../browsers/edge/shortdesc/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
+[!INCLUDE [prevent-users-to-turn-on-browser-syncing-shortdesc](../includes/prevent-users-to-turn-on-browser-syncing-shortdesc.md)]
 
 Related policy:
    [DoNotSyncBrowserSettings](#experience-donotsyncbrowsersetting)

windows/deployment/planning/windows-10-deprecated-features.md

@@ -26,6 +26,7 @@ The features described below are no longer being actively developed, and might b
 
 |Feature    |  Details and mitigation  | Announced in version |
 | ----------- | --------------------- | ---- |
+| Timeline | Starting in July 2021, if you have your activity history synced across your devices through your Microsoft account (MSA), you'll no longer have the option to upload new activity in Timeline. See [Get help with timeline](https://support.microsoft.com/windows/get-help-with-timeline-febc28db-034c-d2b0-3bbe-79aa0c501039).| 20H2 |
 | Microsoft Edge | The legacy version of Microsoft Edge is no longer being developed.| 2004 |
 | Companion Device Framework | The [Companion Device Framework](/windows-hardware/design/device-experiences/windows-hello-companion-device-framework) is no longer under active development.| 2004 |
 | Dynamic Disks | The [Dynamic Disks](/windows/win32/fileio/basic-and-dynamic-disks#dynamic-disks) feature is no longer being developed. This feature will be fully replaced by [Storage Spaces](/windows-server/storage/storage-spaces/overview) in a future release.| 2004 |

windows/deployment/update/update-compliance-configuration-manual.md

@@ -17,6 +17,9 @@ ms.topic: article
 
 # Manually Configuring Devices for Update Compliance
 
+> [!NOTE]
+> As of May 10, 2021, a new policy is required to use Update Compliance: "Allow Update Compliance Processing." For more details, see the Mobile Device Management policies and Group policies tables.
+
 There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows 10. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
 
 The requirements are separated into different categories:
@@ -47,13 +50,14 @@ Each MDM Policy links to its documentation in the CSP hierarchy, providing its e
 |**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | 1- Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. |
 |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) | 1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
 |**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
+| **System/AllowUpdateComplianceProcessing** | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. |
 
 > [!NOTE]
 > If you use Microsoft Intune, set the **ProviderID** to *MS DM Server*. If you use another MDM product, check with its vendor. See also [DMClient CSP](/windows/client-management/mdm/dmclient-csp).
 
-### Group Policies
+### Group policies
 
-All Group Policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.  
+All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.  
 
 | Policy | Value | Function |
 |---------------------------|-|-----------------------------------------------------------|
@@ -61,6 +65,7 @@ All Group Policies that need to be configured for Update Compliance are under **
 |**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. See the following policy for more information. |
 |**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
 |**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name will not be sent and will not be visible in Update Compliance, showing `#` instead. |
+|**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. |
 
 ## Required endpoints
 
@@ -89,4 +94,4 @@ A full Census sync adds a new registry value to Census's path. When this registr
 
 1. For every device you are manually configuring for Update Compliance, add or modify the registry key located at **HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Census** to include a new **DWORD value** named **FullSync** and set to **1**. 
 2. Run Devicecensus.exe with administrator privileges on every device. Devicecensus.exe is in the System32 folder. No additional run parameters are required. 
-3. After Devicecensus.exe has run, the **FullSync** registry value can be removed or set to **0**.
+3. After Devicecensus.exe has run, the **FullSync** registry value can be removed or set to **0**.

windows/deployment/update/update-compliance-configuration-script.md

@@ -17,91 +17,83 @@ ms.topic: article
 
 # Configuring devices through the Update Compliance Configuration Script
 
-The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more.
-
 > [!NOTE]
-> The Update Compliance configuration script does not offer options to configure Delivery Optimization. You have to do that separately.
+> A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing." If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must rerun the script so the new policy can be configured. We don't recommend using this script if you configure devices using MDM. Instead, configure the policies listed in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) by using your MDM provider. 
 
+The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures device policies via Group Policy, ensures that required services are running, and more.
 
 You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
 
-## How the script is organized
+## Script FAQ
 
-The script is organized into two folders **Pilot** and **Deployment**. Both folders have the same key files: `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the .bat itself, which will then execute `ConfigScript.ps1` with the parameters entered to RunConfig.bat.
+- I manage my devices with MDM. Should I use this script?
+No, you should not use this script. Instead configure the policies through your MDM provider. 
+- Does this script configure devices for Delivery Optimization?
+No. You must do that separately.
 
-- The **Pilot** folder and its contents are intended to be used on an initial set of single devices in specific environments (main office & satellite office, for example) for testing and troubleshooting prior to broader deployment. This script is configured to collect and output detailed logs for every device it runs on.
-- The **Deployment** folder is intended to be deployed across an entire device population in a specific environment once devices in that environment have been validated with the Pilot script.
+## How this script is organized
 
-## How to use the script
+This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You configure `RunConfig.bat` according to the directions in the `.bat` itself, which will then run `ConfigScript.ps1` with the parameters entered to `RunConfig.bat`. There are two ways of using the script: in **Pilot** mode or **Deployment** mode. 
 
-### Piloting and Troubleshooting
-
-> [!IMPORTANT]
-> If you encounter an issue with Update Compliance, the first step should be to run the script in Pilot mode on a device you are encountering issues with, and save these Logs for reference with Support.
-
-> [!IMPORTANT]
-> The script must be run in the System context. To do this, use the PsExec tool included in the file. For more about PsExec, see [PsExec](/sysinternals/downloads/psexec).
+- In **Pilot** mode (`runMode=Pilot`), the script will enter a verbose mode with enhanced diagnostics, and save the results in the path defined with `logpath` in `RunConfig.bat`. Pilot mode is best for a pilot run of the script or for troubleshooting configuration.
+- In **Deployment** mode (`runMode=Deployment`), the script will run quietly. 
 
 
-When using the script in the context of troubleshooting, use `Pilot`. Enter `RunConfig.bat`, and configure it as follows:
+## How to use this script
 
-1. Configure `logPath` to a path where the script will have write access and a place you can easily access. This specifies the output of the log files generated when the script is in Verbose mode.
-2. Configure `commercialIDValue` to your CommercialID. To get your CommercialID, see [Getting your CommercialID](update-compliance-get-started.md#get-your-commercialid).
-3. Run the script. The script must be run in System context.
-4. Examine the Logs output for any issues. If there were issues:
-   - Compare Logs output with the required settings covered in [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
-   - Examine the script errors and refer to the [script error reference](#script-error-reference) on how to interpret the codes.
-   - Make the necessary corrections and run the script again.
-5. When you no longer have issues, proceed to using the script for more broad deployment with the `Deployment` folder.
+Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
+
+1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
+2. Set `commercialIDValue` to your Commercial ID.
+3. Run the script.
+4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
+5. If there are issues, gather the logs and provide them to Support.
 
 
-### Broad deployment
+## Script errors
 
-After verifying on a set of devices in a specific environment that everything is configured correctly, you can proceed to broad deployment.
-
-1. Configure `commercialIDValue` in `RunConfig.bat` to [your CommercialID](update-compliance-get-started.md#get-your-commercialid).
-2. Use a management tool like Configuration Manager or Intune to broadly deploy the script to your entire target population.
-
-## Script Error Reference
-
-|Error |Description |
-|-|-------------------|
-| 27 | Not system account. |
-| 37 | Unexpected exception when collecting logs|
-| 1  | General unexpected error|
-| 6  | Invalid CommercialID|
-| 48 | CommercialID is not a GUID|
-| 8  | Couldn't create registry key path to setup CommercialID|
-| 9  | Couldn't write CommercialID at registry key path|
-| 53 | There are conflicting CommercialID values.|
-| 11 | Unexpected result when setting up CommercialID.|
-| 62 | AllowTelemetry registry key is not of the correct type `REG_DWORD`|
-| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.|
-| 64 | AllowTelemetry is not of the correct type `REG_DWORD`.|
-| 99 | Device is not Windows 10.|
-| 40 | Unexpected exception when checking and setting telemetry.|
-| 12 | CheckVortexConnectivity failed, check Log output for more information.|
-| 12 | Unexpected failure when running CheckVortexConnectivity.|
-| 66 | Failed to verify UTC connectivity and recent uploads.| 
-| 67 | Unexpected failure when verifying UTC CSP connectivity of the WMI Bridge.|
-| 41 | Unable to impersonate logged-on user.|
-| 42 | Unexpected exception when attempting to impersonate logged-on user.|
-| 43 | Unexpected exception when attempting to impersonate logged-on user.|
-| 16 | Reboot is pending on device, restart device and restart script.|
-| 17 | Unexpected exception in CheckRebootRequired.|
-| 44 | Error when running CheckDiagTrack service.|
-| 45 | DiagTrack.dll not found.|
-| 50 | DiagTrack service not running.|
-| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
-| 55 | Failed to create new registry path for `SetDeviceNameOptIn` of the PowerShell script.|
-| 56 | Failed to create property for `SetDeviceNameOptIn` of the PowerShell script at registry path.|
-| 57 | Failed to update value for `SetDeviceNameOptIn` of the PowerShell script.|
-| 58 | Unexpected exception in `SetDeviceNameOptIn` of the PowerShell script.|
-| 59 | Failed to delete `LastPersistedEventTimeOrFirstBoot` property at registry path when attempting to clean up OneSettings.|
-| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
-| 61 | Unexpected exception when attempting to clean up OneSettings.|
-| 52 | Could not find Census.exe|
-| 51 | Unexpected exception when attempting to run Census.exe|
-| 34 | Unexpected exception when attempting to check Proxy settings.|
-| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
-| 35 | Unexpected exception when checking User Proxy.|
+|Error  |Description  |
+|---------|---------|
+| 27    | Not system account. |
+| 37    | Unexpected exception when collecting logs| 
+| 1    | General unexpected error| 
+| 6    | Invalid CommercialID| 
+| 48    | CommercialID is not a GUID| 
+| 8    | Couldn't create registry key path to setup CommercialID| 
+| 9    | Couldn't write CommercialID at registry key path| 
+| 53    | There are conflicting CommercialID values.| 
+| 11    | Unexpected result when setting up CommercialID.| 
+| 62    | AllowTelemetry registry key is not of the correct type REG_DWORD| 
+| 63    | AllowTelemetry is not set to the appropriate value and it could not be set by the script.| 
+| 64    | AllowTelemetry is not of the correct type REG_DWORD.| 
+| 99    | Device is not Windows 10.| 
+| 40    | Unexpected exception when checking and setting telemetry.| 
+| 12    | CheckVortexConnectivity failed, check Log output for more information.| 
+| 12    | Unexpected failure when running CheckVortexConnectivity.| 
+| 66    | Failed to verify UTC connectivity and recent uploads.|  
+| 67    | Unexpected failure when verifying UTC CSP.| 
+| 41    | Unable to impersonate logged-on user.| 
+| 42    | Unexpected exception when attempting to impersonate logged-on user.| 
+| 43    | Unexpected exception when attempting to impersonate logged-on user.| 
+| 16    | Reboot is pending on device, restart device and restart script.| 
+| 17    | Unexpected exception in CheckRebootRequired.| 
+| 44    | Error when running CheckDiagTrack service.| 
+| 45    | DiagTrack.dll not found.| 
+| 50    | DiagTrack service not running.| 
+| 54    | Microsoft Account Sign In Assistant (MSA) Service disabled.| 
+| 55    | Failed to create new registry path for SetDeviceNameOptIn| 
+| 56    | Failed to create property for SetDeviceNameOptIn at registry path| 
+| 57    | Failed to update value for SetDeviceNameOptIn| 
+| 58    | Unexpected exception in SetrDeviceNameOptIn| 
+| 59    | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.| 
+| 60    | Failed to delete registry key when attempting to clean up OneSettings.| 
+| 61    | Unexpected exception when attempting to clean up OneSettings.| 
+| 52    | Could not find Census.exe| 
+| 51    | Unexpected exception when attempting to run Census.exe| 
+| 34    | Unexpected exception when attempting to check  Proxy settings.| 
+| 30    | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.| 
+| 35    | Unexpected exception when checking User Proxy.| 
+| 91    | Failed to create new registry path for EnableAllowUCProcessing| 
+| 92    | Failed to create property for EnableAllowUCProcessing at registry path| 
+| 93    | Failed to update value for EnableAllowUCProcessing| 
+| 94    | Unexpected exception in EnableAllowUCProcessing| 

windows/deployment/update/update-compliance-get-started.md

@@ -17,29 +17,32 @@ ms.topic: article
 
 # Get started with Update Compliance
 
+> [!IMPORTANT]
+> **A new policy is required to use Update Compliance: "AllowUpdateComplianceProcessing"**. If you're already using Update Compliance and have configured your devices prior to May 10, 2021, you must configure devices with this additional policy. You can do this by rerunning the [Update Compliance Configuration Script](update-compliance-configuration-script.md) if you configure your devices through Group Policy, or refer to [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md) for details on manually configuring the new policy for both Group Policy and MDM. 
+
 This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
 
 1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance.
 2. [Add Update Compliance](#add-update-compliance-to-your-azure-subscription) to your Azure subscription.
 3. [Configure devices](#enroll-devices-in-update-compliance)  to send data to Update Compliance.
 
-After adding the solution to Azure and configuring devices, there will be a waiting period of up to 72 hours before you can begin to see devices in the solution. Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
+After adding the solution to Azure and configuring devices, it could take up to 72 hours before you can begin to see devices in the solution. Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
 
 ## Update Compliance prerequisites
 
 Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
 
-1. **Compatible Operating Systems and Editions**: Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
-2. **Compatible Windows 10 Servicing Channels**: Update Compliance supports Windows 10 devices on the Semi-Annual Channel (SAC) and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview (WIP) devices, but does not currently provide detailed deployment insights for them.
-3. **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
-4. **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
-5. **Showing Device Names in Update Compliance**: For Windows 10 1803+, device names will not appear in Update Compliance unless you individually opt-in devices via policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
+- **Compatible Operating Systems and Editions**: Update Compliance works only with Windows 10 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows 10 version and is not currently compatible with Windows Server, Surface Hub, IoT, etc.
+- **Compatible Windows 10 Servicing Channels**: Update Compliance supports Windows 10 devices on the Semi-Annual Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview (WIP) devices, but does not currently provide detailed deployment insights for them.
+- **Diagnostic data requirements**: Update Compliance requires devices be configured to send diagnostic data at *Required* level (previously *Basic*). To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows 10](https://support.microsoft.com/help/4468236/diagnostics-feedback-and-privacy-in-windows-10-microsoft-privacy).
+- **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
+- **Showing Device Names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
 
 ## Add Update Compliance to your Azure subscription
 
 Update Compliance is offered as an Azure Marketplace application which is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. To configure this, follow these steps:
 
-1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You may need to login to your Azure subscription to access this.
+1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this.
 2. Select **Get it now**.
 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
    - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance.
@@ -81,7 +84,7 @@ Update Compliance is offered as an Azure Marketplace application which is linked
 
 ### Get your CommercialID
 
-A CommercialID is a globally-unique identifier assigned to a specific Log Analytics workspace. The CommercialID is copied to an MDM or Group Policy and is used to identify devices in your environment.
+A CommercialID is a globally unique identifier assigned to a specific Log Analytics workspace. The CommercialID is copied to an MDM or Group Policy and is used to identify devices in your environment.
 
 To find your CommercialID within Azure:
 
@@ -94,20 +97,16 @@ To find your CommercialID within Azure:
 
 ## Enroll devices in Update Compliance
 
-Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance. After you configure devices, it can take up to 72 hours before devices are visible in the solution. Until then, Update Compliance will indicate it is still assessing devices.
+Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are two ways to configure devices to use Update Compliance:
 
-> [!NOTE]
-> If you use or plan to use [Desktop Analytics](/mem/configmgr/desktop-analytics/overview), follow the steps in [Enroll devices in Desktop Analytics](/mem/configmgr/desktop-analytics/enroll-devices) to also enroll devices in Update Compliance. You should be aware that the Commercial ID and Log Analytics workspace must be the same for both Desktop Analytics and Update Compliance.
+- If you use Group Policy to manage device policies, use the [Update Compliance Configuration Script](update-compliance-configuration-script.md).
+- If you manage devices through MDM providers like Intune, [manually configure device for Update Compliance](update-compliance-configuration-manual.md).
 
-### Configure devices using the Update Compliance Configuration Script
+After you configure devices, diagnostic data they send will begin to be associated with your Azure AD organization ("tenant"). However, enrolling to Update Compliance doesn't influence the rate at which required data is uploaded from devices. Device connectivity to the internet and generally how active the device is highly influences how long it will take before the device appears in Update Compliance. Devices that are active and connected to the internet daily can expect to be fully uploaded within one week (usually less than 72 hours). Devices that are less active can take up to two weeks before data is fully available. 
 
-The recommended way to configure devices to send data to Update Compliance is using the [Update Compliance Configuration Script](update-compliance-configuration-script.md). The script configures required policies via Group Policy. The script comes with two versions:
+### Update Compliance and Desktop Analytics
 
-- Pilot is more verbose and is intended to be use on an initial set of devices and for troubleshooting.
-- Deployment is intended to be deployed across the entire device population you want to monitor with Update Compliance.  
+If you use or plan to use [Desktop Analytics](/mem/configmgr/desktop-analytics/overview), you must use the same Log Analytics workspace for both solutions. 
 
-To download the script and learn what you need to configure and how to troubleshoot errors, see [Configuring Devices using the Update Compliance Configuration Script](update-compliance-configuration-script.md).
 
-### Configure devices manually
 
-It is possible to manually configure devices to send data to Update Compliance, but the recommended method of configuration is to use the [Update Compliance Configuration Script](update-compliance-configuration-script.md). To learn more about configuring devices manually, see [Manually Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).

windows/deployment/update/waas-manage-updates-wsus.md

@@ -172,6 +172,7 @@ You can now see these computers in the **Ring 3 Broad IT** computer group.
 
 
 <span id="wsus-gp"/>
+
 ## Use Group Policy to populate deployment rings
 
 The WSUS Administration Console provides a friendly interface from which you can manage Windows 10 quality and feature updates. When you need to add many computers to their correct WSUS deployment ring, however, it can be time-consuming to do so manually in the WSUS Administration Console. For these cases, consider using Group Policy to target the correct computers, automatically adding them to the correct WSUS deployment ring based on an Active Directory security group. This process is called *client-side targeting*. Before enabling client-side targeting in Group Policy, you must configure WSUS to accept Group Policy computer assignment.
@@ -357,4 +358,4 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 - [Walkthrough: use Group Policy to configure Windows Update for Business](waas-wufb-group-policy.md)
 - [Walkthrough: use Intune to configure Windows Update for Business](/intune/windows-update-for-business-configure)
 - [Deploy Windows 10 updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service)
-- [Manage device restarts after updates](waas-restart.md)
+- [Manage device restarts after updates](waas-restart.md)

windows/security/identity-protection/smart-cards/smart-card-debugging-information.md

@@ -57,7 +57,7 @@ To delete a container, type **certutil -delkey -csp "Microsoft Base Smart Card C
 
 ## Debugging and tracing using WPP
 
-WPP simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](https://blogs.msdn.com/b/ndis/archive/2011/04/06/diagnostics-with-wpp.aspx).
+WPP simplifies tracing the operation of the trace provider. It provides a mechanism for the trace provider to log real-time binary messages. Logged messages can be converted to a human-readable trace of the operation. For more information, see [Diagnostics with WPP - The NDIS blog](/archive/blogs/ndis/diagnostics-with-wpp).
 
 ### Enable the trace
 
@@ -247,4 +247,4 @@ For more information about CryptoAPI 2.0 Diagnostics, see [Troubleshooting an En
 
 ## See also
 
-[Smart Card Technical Reference](smart-card-windows-smart-card-technical-reference.md)
+[Smart Card Technical Reference](smart-card-windows-smart-card-technical-reference.md)

windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune.md

@@ -68,6 +68,9 @@ The steps to use Intune's custom OMA-URI functionality are:
     > [!div class="mx-imgBorder"]
     > ![Configure custom WDAC](images/wdac-intune-custom-oma-uri.png)
 
+> [!NOTE]
+> For the _Policy GUID_ value do not include the curly brackets. 
+
 ### Remove WDAC policies on Windows 10 1903+
 
 Upon deletion, policies deployed through Intune via the ApplicationControl CSP are removed from the system but stay in effect until the next reboot. In order to disable WDAC enforcement, first replace the existing policy with a new version of the policy that will "Allow *", like the rules in the example  policy at %windir%\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml. Once the updated policy is deployed, you can then delete the policy from the Intune portal. This will prevent anything from being blocked and fully remove the WDAC policy on the next reboot.

windows/sv/TOC.yml

@@ -0,0 +1,2 @@
+- name: Index
+  href: index.md

windows/sv/breadcrumb/toc.yml

@@ -0,0 +1,3 @@
+- name: Docs
+  tocHref: /
+  topicHref: /

windows/sv/index.md

@@ -0,0 +1 @@
+# Welcome to SV!