From b7ce5489ddf6337250866e470aed35f7ff2d381a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 1 Jun 2017 16:46:46 -0700
Subject: [PATCH 01/49] suppress alert content based on mockups

---
 ...ows-defender-advanced-threat-protection.md | 30 ++++++++++++-------
 1 file changed, 20 insertions(+), 10 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 9dd0f7d8b2..4aafb1a1f2 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -56,7 +56,7 @@ Windows Defender ATP lets you create suppression rules so you can limit the aler
 
 Suppression rules can be created from an existing alert.
 
-When a suppression rule is created, it will take effect from this point onwards. It will not affect existing alerts already in the queue, but new alerts triggered after the rule is created will not be displayed.
+When a suppression rule is created, it will take effect from the point when the rule is created. The rule will not affect existing alerts already in the queue prior to the rule creation. The rule will only be applied on alerts that satisfy the conditions set after the rule is created.
 
 There are two contexts for a suppression rule that you can choose from:
 
@@ -65,20 +65,30 @@ There are two contexts for a suppression rule that you can choose from:
 
 The context of the rule lets you tailor the queue to ensure that only alerts you are interested in will appear. You can use the examples in the following table to help you choose the context for a suppression rule:
 
-**Context** | **Definition** |**Example scenarios**
----|---|---
-**Suppress alert on this machine** | Alerts with the same alert title and on that specific machine only will be suppressed. <br /><br />All other alerts on that machine will not be suppressed. | <ul><li>A security researcher is investigating a malicious script that has been used to attack other machines in your organization.</li><li>A developer regularly creates PowerShell scripts for their team.</li></ul>
-**Suppress alert in my organization** | Alerts with the same alert title on any machine will be suppressed. | <ul><li>A benign administrative tool is used by everyone in your organization.</li></ul>
+| **Context**                           | **Definition**                                                                                                                                              | **Example scenarios**                                                                                                                                                                                                  |
+|:--------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Suppress alert on this machine**    | Alerts with the same alert title and on that specific machine only will be suppressed. <br /><br />All other alerts on that machine will not be suppressed. | <ul><li>A security researcher is investigating a malicious script that has been used to attack other machines in your organization.</li><li>A developer regularly creates PowerShell scripts for their team.</li></ul> |
+| **Suppress alert in my organization** | Alerts with the same alert title on any machine will be suppressed.                                                                                         | <ul><li>A benign administrative tool is used by everyone in your organization.</li></ul>                                                                                                                               |
 
 
-**Suppress an alert and create a suppression rule:**
+### Suppress an alert and create a new suppression rule:
 
+[JOEY: ADD SCREENSHOT WHEN READY IN STAGING!!!]
 1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
-2. Scroll down to the **Supression rules** section.
-3. Choose the context for suppressing the alert.
 
-> [!NOTE]
-> You cannot create a custom or blank suppression rule. You must start from an existing alert.
+2. Scroll down to the **Supression rules** section.
+
+3. Choose the context for suppressing the alert.
+  > [!NOTE]
+  > You cannot create a custom or blank suppression rule. You must start from an existing alert.
+4. Specify the conditions for when the rule is applied:
+  - Alert title
+  - Indicator of compromise (IOC)
+  - Suppression conditions
+    > [!NOTE]
+    > The SHA1 of the alert cannot be modified
+5. Specify the action and scope on the alert. You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. You can also specify to suppress the alert on the machine only or the whole organization.
+
 
 **See the list of suppression rules:**
 

From 92b4bf3cf016d1f5210d1d92e6e3dd9e50144b6a Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Fri, 2 Jun 2017 10:59:21 -0700
Subject: [PATCH 02/49] fix note

---
 .../manage-alerts-windows-defender-advanced-threat-protection.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 4aafb1a1f2..38cebf0d09 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -85,6 +85,7 @@ The context of the rule lets you tailor the queue to ensure that only alerts you
   - Alert title
   - Indicator of compromise (IOC)
   - Suppression conditions
+
     > [!NOTE]
     > The SHA1 of the alert cannot be modified
 5. Specify the action and scope on the alert. You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. You can also specify to suppress the alert on the machine only or the whole organization.

From 58317c8045bbc29eebff211ab84d23b1e4526b30 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 8 Jun 2017 14:13:02 -0700
Subject: [PATCH 03/49] add show user details and skype integration

---
 ...nced-features-windows-defender-advanced-threat-protection.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index e32f2b9d8d..f9f9f7c868 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -34,6 +34,8 @@ This feature is only available if you have an active Office 365 E5 or the Threat
 
 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
+You have the option of enabling displaying of user details and Skype for Business integration.
+
 
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
 2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.

From e3c105aba96e4a690bb20a0155758496a6008c9d Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 8 Jun 2017 14:20:32 -0700
Subject: [PATCH 04/49] add information on user details and skype for b

---
 ...ced-features-windows-defender-advanced-threat-protection.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index f9f9f7c868..ad4f24a441 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -34,9 +34,10 @@ This feature is only available if you have an active Office 365 E5 or the Threat
 
 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
-You have the option of enabling displaying of user details and Skype for Business integration.
+You have the option of enabling displaying of user details and Skype for Business integration. When you enable displaying of user details, you'll be able to see user details such as: picture, name, title, and department information stored in Azure Active Directory (AAD). Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone.
 
 
+## Enable advanced features
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.
 2. Select the advanced feature you want to configure and toggle the setting between **On** and **Off**.
 3. Click **Save preferences**.

From 17dd1249c8e44ba599ff37171b9a3ab766e98377 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 8 Jun 2017 14:28:12 -0700
Subject: [PATCH 05/49] udpates

---
 ...-features-windows-defender-advanced-threat-protection.md | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index ad4f24a441..5fdf5d8795 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -34,7 +34,11 @@ This feature is only available if you have an active Office 365 E5 or the Threat
 
 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
-You have the option of enabling displaying of user details and Skype for Business integration. When you enable displaying of user details, you'll be able to see user details such as: picture, name, title, and department information stored in Azure Active Directory (AAD). Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone.
+## Show user details
+When you enable this feature, you'll be able to see user details such as: picture, name, title, and department information stored in Azure Active Directory (AAD). These information will be available from the user account details view when investigating user accounts.
+
+## Skype for Business integration
+Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
 
 
 ## Enable advanced features

From 446e687cf5b4ed0d4b4142771df3bf4f0c3e3fae Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Thu, 8 Jun 2017 15:40:14 -0700
Subject: [PATCH 06/49] updates

---
 ...ed-features-windows-defender-advanced-threat-protection.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 5fdf5d8795..83244c7754 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -34,8 +34,8 @@ This feature is only available if you have an active Office 365 E5 or the Threat
 
 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
-## Show user details
-When you enable this feature, you'll be able to see user details such as: picture, name, title, and department information stored in Azure Active Directory (AAD). These information will be available from the user account details view when investigating user accounts.
+## Azure Active Directory details
+When you enable this feature, you'll be able to see user details from Azure Active Directory (AAD) including name, photo, title, and department information. These information will be available from the user account details view when investigating user accounts.
 
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.

From 7dec28078748d5dd934208338df613d35a3f3e38 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Fri, 9 Jun 2017 13:18:09 -0700
Subject: [PATCH 07/49] adding files for ZTD

---
 store-for-business/add-profile-to-devices.md  |  79 ++++++++++++++++++
 .../images/autopilot-process.png              | Bin 0 -> 4484 bytes
 2 files changed, 79 insertions(+)
 create mode 100644 store-for-business/add-profile-to-devices.md
 create mode 100644 store-for-business/images/autopilot-process.png

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
new file mode 100644
index 0000000000..30f739a286
--- /dev/null
+++ b/store-for-business/add-profile-to-devices.md
@@ -0,0 +1,79 @@
+---
+title: Add profile to manage Windows installation on devices  (Windows 10)
+description: Add an AutoPilot profile to devices. AutoPilot profiles control what is included in Windows set up experience for your employees. 
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+localizationpriority: high
+---
+
+# Add AutoPilot profile to devices
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+## What is AutoPilot
+Windows AutoPilot simplifies device set up for IT Admins. You create and apply an AutoPilot profile to your devices. When people in your organization run the out-of-box experience on the device, it installs and configures Windows based on the profile you applied to the device. 
+
+Windows AutoPilot allows you to:
+- Automatically join devices to Azure Active Directory
+- Auto-enroll devices into MDM services, such as Intune
+- Restrict the Administrator account creation
+- Create and auto-assign devices to configuration groups based on the devices' profile
+- Customize OOBE content specific to the organization
+- Link to staged deploy topic
+
+### AutoPilot requirements
+Verify this list ... 
+- Devices pre-installed with Windows 10 Pro Creators Update (version 1703 or later) 
+- The devices must have access to the internet. When the device can’t connect, it shows the default Windows out-of-box experience (OOBE) screens.
+- Enrolling the device into an MDM requires Azure Active Directory Premium.
+
+For more information, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
+
+## AutoPilot in Microsoft Store for Business and Education
+You can manage new devices in Microsoft Store. Devices need to meet these requirements:
+- Windows 10 (version ... which???)
+- Specific hardware vendor???
+- New devices that have not been through Windows out-of-box experience. 
+
+You can create and apply AutoPilot profiles to these devices. The overall process looks like this. 
+
+![Block diagram with main steps for using AutoPilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png)
+
+Figure 1 - AutoPilot process
+
+### Upload device list
+To manage devices through Microsoft Store for Business and Education, you'll need a csv file that contains specific information about the devices. You should be able to get this from the supplier or store where you purchased the devices. 
+
+The device information file needs to be in this format:
+
+| Column    | Data |
+| --------- | ---- |
+| column A | data type 1|
+| column B | data type 2|
+| column C | data type 3|
+
+## Upload device list
+Or, keep at H2, so this shows in right rail??
+
+## Group devices
+Info on creating groups.
+
+Why would you use them?
+
+**Create device groups**
+
+## Add profile
+Info on adding profiles -- need to create one to start; can have multiple; can edit later
+
+TODO: include info in this topic on managing profiles, making changes, and which devices those changes are applied to -- or -- have a separate topic on managing AutoPilot profiles
+
+**Add AutoPilot profile**
+
+## Apply profile
+Info on selecting devices by group or individually to apply profile
\ No newline at end of file
diff --git a/store-for-business/images/autopilot-process.png b/store-for-business/images/autopilot-process.png
new file mode 100644
index 0000000000000000000000000000000000000000..4554605b456f191d91f3382835f04917234d3677
GIT binary patch
literal 4484
zcmeHLXH-+$)&;$Q2-qmnQ51<LfS@!fN|Rm^T7vW{0fV$i6$KHALKG1$AcCPoC<%lX
z0!SC6X$S-es7P;$glgc+b@;yFedGOjzu$X5PTA+|v)5efoHOQ}E8fCPpXadfVHOq^
z9zz3N2n)*r5$3t?p##jl31haNd0-8M=xei-^@+|i2Y+~JnQF1H;Luz@T-can&f5mC
zKo*u0L4R$m6P^+wEG)-`40W}vLL8Sf`;++f1mdW~Po_b=@QLP{kH^P%4mY#_xL_uN
z51P%?*pDe4?g6JC8vz_27(AtW)A&-~+v0{7X|t5N$X$vpZSzQzpFH@*e(~C7FlAop
z<=2);?L(*kxPJk4O#2YK6L@dzo8z%{ml=1?9k%ZauELRjs#1mKhWn55ewb^0_tq@m
zNk&d4e=siXc`2}4Ix8YT>sZ8(Z=F$l+p~j%gTy<liD>j<t@3pwV5VZ~Dd@0$3fV#z
zZls6P+BPz2O;T4;QBhZq_&$>mi-<SB%8A#Jj}wb?2Y<xpK9qz!|4tC`Fm*9pSzWyv
zxwF3geYV`Gsk&BrFHB19R4sGf{R(_8`&s6^$o)MMKELAZDvh}L@y$Ww@y~a6H<sHb
zOWisCsA0xEW|Km`rwg|Nhk)LSC?l4Zmo*}`zEUf_${k5pu3W)C2;7{1CU$H*Q3rnw
z3WFRxQDnGn=K`jjO8G+Y8AePrgzoP#I?)mmqM{>N4@4vmQe9k@Rn9(UOO{duJxjL-
zGt+#b7%LS@Ul>{(E}tZYZw}_@%Q-c^go52U9uSxi1T0d>6~7?JHEw-gEN^NIobBts
zx{pQStt*hCN$m%^lY~<Y5-uF>e@b5-tFZ=G^H7+Gpx0oK))Pfwy-%#@`=`}FSZ3z9
zd&~++L2^(n2gMKSAfZsTBX3<<Jq&q_bFcHqa;URET&no{nny#px&MY**qTrLtDqph
zwPn=bK!6Ki42Mc876a5j%3pMki~T#~W;f@qBV0b6r(vLMP?1YKxe)X9UT5=DF@gUU
zfW0uQ<Qu7S_O%hfN#7@>0rTB=8)2@&tJDMH2i-c&T9o1inKe_fgn`Ko(F|a!uldQ8
zRDwRMz8ZUS@XGAX6|BI^XIO(?Z=g{aZKjm6_00o`-_i1E=m5;ql+tUX0gL02MrJNv
z-zv$00#`{rzRw?lL1~$Vfb&m>PUI9STOUhu%xf^XRlNL()x#A0yjnFhC(!GKDiHQ8
z{U{0ZPKy~vQ)+S4@cgj+n8xN*rRLaKS3XK&ObOt8XHP24#U~!q!QaMZ*N?sGk&Weq
zQ*Ptfe=Q(ffq|wv<PEO?#^84#`;rc&R*L8ZQqXia1md#VbtYx<wZudfx}miTBJHZv
z-+-yw^{FV6&BDhHn&x%jwUxaI6m8flR?n)`O-|_{5A8nc{cKjXtx^U+1d)?C%1iOu
z>|rN*y<Cq0E7NZgiaJI|*5gOCXPv+u4!T9xm!(Rk2fDLw*AskGK^aJP{&q^C-&!+V
zIyf*gaB)qto(wI;-8A#zRu*&d6SEh(JYlC?(1X8zhu`GN{hx)S;4Pa9rRmlrZ;9Ug
zHPd>K@knk16=4uKC7wKLgz)fvIuYVSdnwx^OdHzD4VreGabIGqX~K-$CCX5!!t`4x
zcYj{OX6}T146W;g^UxGR!0*HJd~1!IVLF%Tn~BwNV7Kcg!rVdo3=^)kW=Rq%zd+T)
zrt)@pWeDxn4tS6d6-%$EQGJYp1iwgJ+qjDqvJ~uiuo$dMDk6z12UYpu1R-`kL(#X3
zcpu^WXa!%Y_@zj}p1y9fHTa_HoTVXC=;6}~=F9Z1*R8T^55f$*Wo)@Hc@UyVm_kZV
zwQVxIsh9G>l#dP#KevF0LFO!2kFqU#PuGWnb22N>XJdJWtajlwf_cJ(;W`4&I%jHr
z$hXxTXkH|j5N20r_Mt=z(HEu*_bdf$BbSN`Obl&f%X)cak1jk48;iZNR@MGwMx#do
z5qZWDuBfyk3N*^6LWgGck9c3kS$S72_m~Ipw6>{`+Mjq%<KI=ZTx%c?OnYLR+5JNG
z48w&tEGKor`paqOX5m3<y)uw~_(?2B%3|yz)Qpr;tBvX;>O}n^%Y@O4ae<g|=QHV!
z{Tp|BL5o*-VM-h&0D5c5?ldSspZFZ!buoWp^Wr)C@-qu`bm1Ivly&+oU2Po;g-d}c
zb-T$}FR%IKoP=#t*edk4PGy$G6$S7<YJI0Hk7I@yKyYq{q)n@y#)@%(!S4}b(uI#k
zFM;ofq#v!b%X6rBWmCooVjtVBvq`Q3c1p$rh6+h<WzfQ$GU*fVHgbv!$f?&gO6}3=
zn`9`Tf!@4heuF8a#i8F-c|L!1%GKf$@k!D3+@6R`*^+5{v4pTiX|?(?;|VC^OMBa%
z#AG=X&c7k+<p>U7_we#?8xr89HMd8SS{2HifHiWoE#2aAGtrFsdV}NM*9apQm|tK$
zhD=<Y(_U6SsV7F*ylgt3pKcv%qfsD4;lT=E3#^BGxer@V&cTcA!;7EP_vrZ%whL+P
zw4)_A!Z7p8OLs>;H{LZ8R<W=7P`v2b;W=_cfxmrDnPy3{fj33~Nl1O_U6GE9*=g!k
z$bD@cF>7<%eg}3Jzj=dNTkK>z=|-CJJI++Q`#kEqs3gHCs?uItZFDi|!=J?Wm>fH<
z={heUX0&rIJi*nirVevi)xEg-gpNos`ISMW8+)pRHJe?zbMMeCjZz0pgDxgCjtA$_
zhr@t4tO$C{-{dYq6V&u$r3-He)#IG2>{6Cc`1uO2A(dwKO@Th0{uB7?RF{}+kezAr
z!l<|0@T0cAF4Qk_vC#XAW39kU`Wv$WcW`yD{Ht3xY{1dccs0DFqO;y{p?{ap@<n5$
z&0l>fVZ*m7v@<Do#?uW3xupDz$%(HL(D%Qg6G<degq+%C%O#bwJ_w~0DaAnEzZjUh
zB`ApG_N|wH$w76&oqdCPUzdcft2nD%2FMgDO5-vPNWEaR?x(%<2Q$-fsaC@|+}LX4
z?va|xruBURn)n4e@@-STRJ?8St2Fn>E@%=j&<IWb2u&i|f!_!JaG|zDjma_&<wWev
z7i=_z2H!Juf}h-itBF{YWaX^ElIVt8OO^fgPvmdHBxJLq_Ch7j$CB^;eB7ooliy=%
zGMct(b5hQ+D$oNs5-cvCX~^cW(JVs$;26wj9N?ywSoxIh;%10AXAGa|NE#nPL7WQu
zVI7T^hs1t7UOT(wk#C#4$1N%@{u!BWj>IJT&sAJEzMQZ;_d$%a!9m8Z8!-+M8~W-J
zM9ikWab1Rm=%txcI1;5)aTtSM6DANR@Q%6Vu*yXWvQHN_yYgbhP_XaXr1qHM{cZG)
zWb;Bk(ViR2k+*o^Yd6`>*m_ETzcn*qC$E6j1UL1k6D6*%1E1@OkW^H&1^?KL-Tz|Z
zIpyX&g8jt3K7h1|!j;zSR}m9mN9LZHEUUAE6=8%S0!xBonz84RqThRV2B^>!@;lR9
z&w>l6XPO%EpMX<MZa1#|<i_tde47ke|9bnL+6uScJl_#*#|6Nb(}*;<N{j|))zpC3
zKlGeK2_WtLjOOhzmJseIp+FScZ|mOw2PF^Kdn)NHc)AIiy&3hNtNbO~dJ}Du*Vv3~
zm!!QEm=fxynruaoTH6hJ@G`yEH8I193L{t@S4n;Z_pHa3_sk(>S$#TR_y0q8sab>T
zkD7aKy$hO@&)MnDytJWk!yY^?Jyz%{b9y6d?R81|0Q*E)wQEtt^M|1NhlBK}+CXnD
zC|1La-@}&Wr||PM26me<<zP%rCB-&<f6AG6bS=7>2@&u&wdlsKwwRn;S_rtr$7h}F
zaNwte{UrtiM{oiD5JT!iRLlMuxfsIK0Qi5Z^1oU3GR??;j&abT+*uh1>rs_{b4&SF
z$&XLUjh>RvL~HKMEew?mGd*Vb=1Pt}`YB3Mjqf+J^&E(DV0`P8kaKLPfV-V(+@8rO
zZ`@hvk!$)<prVm7_Rmhy1Pj0){M}q_`&}dA!+jXjsZMvdKE?SpF({v_n{Mt&nW3kV
zQymFR&WSrJp&7ohG*n`%udkmW79&n&eZw@GTn}DIDV}<k4goLiZB9n*(}$g+m<%Bi
z_2b*_YEx6>?nYDlJZ^mDr~Qp#Fc`D_S$|!n5$|jOArf@<t|NyKO!syQ3o2rbCx1b?
z+9Lg;PKb+(?`@3vnZHuU`3uy4lkgV?$?s;2z7OA7FJfct(0z6Zb6Z;>-O9$l`**Ab
zvl1?B4d~t84CRzs#;q-F-?pAqIT?+ffuyQznW1?J5cTz+txR48+=fAPju)NhZ(or?
zlw68p&{G+=ZpMJ_;Dl0MdE7j2*|gvN8!{nl%L_*6;Puy!=l`vqgF_jB*{x{vEW{i-
h{ovHr?&?140k>=()_mOzX6J;(P|r-aOxrp7{{Z^!ecJ#4

literal 0
HcmV?d00001


From b890217c197bc2e2ef136705684548d80cb97f6f Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Fri, 9 Jun 2017 13:24:50 -0700
Subject: [PATCH 08/49] fixing links

---
 store-for-business/add-profile-to-devices.md | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 30f739a286..4f9044e9d4 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -58,6 +58,11 @@ The device information file needs to be in this format:
 | column B | data type 2|
 | column C | data type 3|
 
+**Upload device list**
+1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). 
+2. Click **Manage**, and then click **Devices**.
+3. 
+
 ## Upload device list
 Or, keep at H2, so this shows in right rail??
 

From 4e640aa80f46a46ec1b4817cdd1a648ebf604a0e Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 12 Jun 2017 10:06:07 -0700
Subject: [PATCH 09/49] changes from review

---
 store-for-business/add-profile-to-devices.md | 23 ++++++++++----------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 4f9044e9d4..b6e83c344d 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -9,7 +9,7 @@ author: TrudyHa
 localizationpriority: high
 ---
 
-# Add AutoPilot profile to devices
+# Add Windows AutoPilot deployment profile to devices
 
 **Applies to**
 
@@ -19,13 +19,15 @@ localizationpriority: high
 ## What is AutoPilot
 Windows AutoPilot simplifies device set up for IT Admins. You create and apply an AutoPilot profile to your devices. When people in your organization run the out-of-box experience on the device, it installs and configures Windows based on the profile you applied to the device. 
 
-Windows AutoPilot allows you to:
-- Automatically join devices to Azure Active Directory
-- Auto-enroll devices into MDM services, such as Intune
-- Restrict the Administrator account creation
-- Create and auto-assign devices to configuration groups based on the devices' profile
-- Customize OOBE content specific to the organization
-- Link to staged deploy topic
+Windows AutoPilot deployment program sets these items:
+- Skips setup for Cortana, OneDrive, and OEM registration
+- Automatically sets up work or school accounts
+
+You can decide whether or not to set these items:
+- Skip privacy settings
+- Disable local admin account creation on the device
+
+
 
 ### AutoPilot requirements
 Verify this list ... 
@@ -47,7 +49,7 @@ You can create and apply AutoPilot profiles to these devices. The overall proces
 
 Figure 1 - AutoPilot process
 
-### Upload device list
+## Add devices
 To manage devices through Microsoft Store for Business and Education, you'll need a csv file that contains specific information about the devices. You should be able to get this from the supplier or store where you purchased the devices. 
 
 The device information file needs to be in this format:
@@ -63,9 +65,6 @@ The device information file needs to be in this format:
 2. Click **Manage**, and then click **Devices**.
 3. 
 
-## Upload device list
-Or, keep at H2, so this shows in right rail??
-
 ## Group devices
 Info on creating groups.
 

From 483243a5643e73e3c9732195372b9fb33a58a896 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Tue, 13 Jun 2017 14:40:28 -0700
Subject: [PATCH 10/49] edit based on tomer feedback and updated rel topic

---
 ...atures-windows-defender-advanced-threat-protection.md | 9 ++++++++-
 ...ations-windows-defender-advanced-threat-protection.md | 2 ++
 ...ttings-windows-defender-advanced-threat-protection.md | 4 +++-
 ...ttings-windows-defender-advanced-threat-protection.md | 2 ++
 4 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 83244c7754..a13e3a95dd 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -35,7 +35,12 @@ This feature is only available if you have an active Office 365 E5 or the Threat
 When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
 ## Azure Active Directory details
-When you enable this feature, you'll be able to see user details from Azure Active Directory (AAD) including name, photo, title, and department information. These information will be available from the user account details view when investigating user accounts.
+When you enable this feature, you'll be able to see user details including name, photo, title, and department information when investigating user account entities. You can find user account information in the following views:
+- Dashboard
+- Alert queue
+- Machine details page
+
+For more information, see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection).
 
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
@@ -50,3 +55,5 @@ Enabling the Skype for Business integration gives you the ability to communicate
 - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
index 494eb84889..99d2f5b51f 100644
--- a/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/configure-email-notifications-windows-defender-advanced-threat-protection.md
@@ -71,3 +71,5 @@ This section lists various issues that you may encounter when using email notifi
 - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
 - [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
index aca26a9b12..fa66ca420f 100644
--- a/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/general-settings-windows-defender-advanced-threat-protection.md
@@ -34,5 +34,7 @@ During the onboarding process, a wizard takes you through the general settings o
 
 ## Related topics
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
-- [Turn on the preview experience in Windows Defender ATP ](preview-settings-windows-defender-advanced-threat-protection.md)
+- [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
index 8ae02a81bb..1c4dcb2648 100644
--- a/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/preview-settings-windows-defender-advanced-threat-protection.md
@@ -29,3 +29,5 @@ Turn on the preview experience setting to be among the first to try upcoming fea
 - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
+- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
+- [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)

From de966042b02d533bbb1cea25617be7ffa1b47b20 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Thu, 15 Jun 2017 15:53:49 -0700
Subject: [PATCH 11/49] adding art and content

---
 store-for-business/add-profile-to-devices.md |  40 +++++++++----------
 store-for-business/images/add-devices.png    | Bin 0 -> 11228 bytes
 2 files changed, 19 insertions(+), 21 deletions(-)
 create mode 100644 store-for-business/images/add-devices.png

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index b6e83c344d..b682dddf2f 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -16,20 +16,19 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
-## What is AutoPilot
-Windows AutoPilot simplifies device set up for IT Admins. You create and apply an AutoPilot profile to your devices. When people in your organization run the out-of-box experience on the device, it installs and configures Windows based on the profile you applied to the device. 
+## What is Windows AutoPilot Deployment Program?
+Windows AutoPilot Deployment Program simplifies device set up for IT Admins. You create and apply an AutoPilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, it installs and configures Windows based on the AutoPilot deployment profile you applied to the device. 
 
-Windows AutoPilot deployment program sets these items:
+By default, these items are included in Windows AutoPilot deployment profiles:
 - Skips setup for Cortana, OneDrive, and OEM registration
 - Automatically sets up work or school accounts
 
-You can decide whether or not to set these items:
+You can decide whether or not to set these items in Windows AutoPilot deployment profiles:
 - Skip privacy settings
 - Disable local admin account creation on the device
 
 
-
-### AutoPilot requirements
+### Windows AutoPilot Deployment Program requirements
 Verify this list ... 
 - Devices pre-installed with Windows 10 Pro Creators Update (version 1703 or later) 
 - The devices must have access to the internet. When the device can’t connect, it shows the default Windows out-of-box experience (OOBE) screens.
@@ -37,20 +36,20 @@ Verify this list ...
 
 For more information, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
 
-## AutoPilot in Microsoft Store for Business and Education
-You can manage new devices in Microsoft Store. Devices need to meet these requirements:
+## Windows AutoPilot deployment profiles in Microsoft Store for Business and Education
+You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements:
 - Windows 10 (version ... which???)
 - Specific hardware vendor???
 - New devices that have not been through Windows out-of-box experience. 
 
-You can create and apply AutoPilot profiles to these devices. The overall process looks like this. 
+You can create and apply AutoPilot deployment profiles to these devices. The overall process looks like this. 
 
 ![Block diagram with main steps for using AutoPilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png)
 
 Figure 1 - AutoPilot process
 
 ## Add devices
-To manage devices through Microsoft Store for Business and Education, you'll need a csv file that contains specific information about the devices. You should be able to get this from the supplier or store where you purchased the devices. 
+To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 
 
 The device information file needs to be in this format:
 
@@ -60,24 +59,23 @@ The device information file needs to be in this format:
 | column B | data type 2|
 | column C | data type 3|
 
-**Upload device list**
-1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com). 
+When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. You need to have at least one device group. The first time you add devices, you'll need to create a device group. 
+
+**Add and group devices**
+1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
-3. 
+3. Click **Add devices**, navigate to the *.csv file and select it. 
+4. Type a name for a new device group, or choose one from the list, and then click **Add**. <br>  
+![Screenshot of Add devices to a group dialog. You can create a new group, or select a current group.](images/add-devices.png)
 
-## Group devices
-Info on creating groups.
+You'll see your devices  
 
-Why would you use them?
-
-**Create device groups**
-
-## Add profile
+## Create AutoPilot deployment profile
 Info on adding profiles -- need to create one to start; can have multiple; can edit later
 
 TODO: include info in this topic on managing profiles, making changes, and which devices those changes are applied to -- or -- have a separate topic on managing AutoPilot profiles
 
 **Add AutoPilot profile**
 
-## Apply profile
+## Apply AutoPilot deployment profile
 Info on selecting devices by group or individually to apply profile
\ No newline at end of file
diff --git a/store-for-business/images/add-devices.png b/store-for-business/images/add-devices.png
new file mode 100644
index 0000000000000000000000000000000000000000..14093fd6490ebb4efbb14f0d537aa60aedab0c2e
GIT binary patch
literal 11228
zcmZ8{Wn5KH)HNj_UD5*53esJdl9KMegmg>im2QzP2}$Xa?v@si?(Xim_dM7C`{8+h
z?}rn6X3joqPV8BG%|xmy%VJ}YV;~?PV9U!%t0N#FYQfL*(UIW$`YG}u_yN&XT~-pI
za-8x2ZlG96C`lk7)Wl&vo4$bCFP-J|ToDim-2QEdtCrMW2nZ}L^3oETUdAU`FWoff
z()UL6cIgjB3tV?Ujk_^TkEDAo`!9POpDHpDGQBQNY+9-@C#K_|i9xKRBYw$Y68+(e
z$IF-Wfw%q^_z_x?1lF>4Hs;CS5Ngtte6>mx>PLaqr^AC1O>{gYg{ixXvds?PPTw{E
zvlYO|IN7*l)N<q=VRp^w_~2mj=*H{p^z`)T$h?NQ03%qcbJAL~Ph^1A@?(y2*`zJr
z>FL4jA&(b-`j|}Oq#2+4od?-tEP0l8+4POAPrbiSUH{*i>B31HRm8dl6#n~*#Wz%B
zN<RKzeig1alQ9XSqV1xh?JFyyMn1uaB}PVBLVv;e5+8(peH2IgW9SYK4<*Oqv9*x$
zRLSs5r2EX-+Zd1ObG<0h6}qU@N|mdoH|BqlOMy0hAFut%9h`8#RyDS&R2}gjj_n3S
zzt|hb3O_wn-k!1c@pb-<8mwK$drjd}uTK<%QR7KTfHQ0_DN@T^dMlmlGtd6@byc<_
zrGM3GF8}S_-L0E>r@(sw4^0XtvNL}lkJ9xxf7|-@Cg$IcTz8)Co<A^zbivfC&g)If
z$JaGRUELwvRo#eoyaF{oM3pnQnb*wI5kd2Ta!k00{+&N^vh0Xcwk)>27$U-d_&Ma@
zJZ&jSPERjIo8j$GQ{e5No}A3wZgx4NAKTmhLj7J9AQe}X`pU#I7NfYGL`g2V^fvGP
zhFtxkW3bv<#Yy*$jy5uxt|O1kCn-zH=UmOdQT;5Y#X&hZ>4;F=VIkCmLGR-O;>(m+
zBUm8aCovhi4Bq96c#QMf$Ur)BYPTR(Yt8Zt>-v3t=M(2FJZT%}KXs_#b|v8^KD<rJ
zP-k&86e~kjHC#i7zu3a2@<v9gg!)X2%vcwa8`h5zvZQ43Fa5Dubjl>uXbGM+3Ps7R
z5g8L@@-1WszP3}BiX()Y6k9{~U;oj4iWLwq;xFJDvhn#PK%6g89NwlU(IQslq5Zu-
zhy(9+NCR%N^rS$KRUx&NA|`e&qLd){G16;nWleVBUR2`QT4h8l3Q-~vB}=-i?#P1^
zNefl%zFb-H9ekTw(wnf3@l(g7Fv5tDK%@Pqo8LXSJwcitGy)ieKAf>yz*J4zys(+B
zxD5RemeNi#Kbab~TYme#OuC!95cUAVH6v?LF$E{8IatTZs<G%}*<9Yyfu*P+|6y1@
zNBSSGF{q3bHK^t%ld^Cnh|h)K50*4<@{HHx)x^@TdUs@bV5=)va`H=9y^G7wPjTGA
z3lU-;7QKe}ehqPAZ-Nw2XvFYuHXXzPbWhvsA9_2+HZMBJLdDGSs;(u^VkFm~p<)LO
z^2l9G?Fe#W9-{D%`)ktLN#6PO81t<X`z0dTbJh#I34Syrk#h8Vt|&p;(S&V|%^fAR
zAlgV-F{EsvZ#o_+TMMgqu6xiAt627*3%mpo(Cn~QEA)sMm}{|;y3A46;}y!Yn>@NQ
zjN(I+tI*HbFOz$MYex`MGSs${jjKg(SaD=O6DCulVAO<t7@~B_oli2o2(EFdei0h+
z*;&ECOjmdDV4R1to|2s{+_@T6TG##^ovd=8m5kbYU|wrhnu7#j`RWX!NaEz7crh%X
zIqhb+;%AS=B~zv(!ZaZ5>vfSVQtBvF)FCv(Qg__LTLg)gpMq?SeVySHWR;VV;j46z
zl9X`C|I_LI?9{e!K#*RsSB781L4$7g{mm&~dGt7o;KWVb11P#WZG7!mAKzWy&(Jb4
zoF?KT@DH$<)@CLT5GQMw9i1I%fgw$_?_?*`hkpMasFMK9p2JJ9j#)S#TPRLOXjN_^
zVSzC*_KF$h;M+nPtOv7RnVHLbT*4~|_bf1yp9_J-26ell2GI;4aZKMF&GG1C=PYv1
zG}hOPTA!I<?1|+u=~5&b_;qMW<17PoP{O|X0W%w$=8RNN?K1PmOZ`f|y`7!ATU%XP
zPa1e_Q~&Q9{~OznYA!>CBdJ#t+tE&bbyc#iXj34G7=!BFvpoWkj(!u1wP#~k^jZ(>
zP+9=14ESyTuUc;&d@nJolUbES^vcM_c34;=cMF0v5;EZ*HVt6>Yhjv}R0Ersm>{Wj
zvauNlx$er(0R@mC(q4{(41Ill9=|d6mf!}8IchO`5_K#5e^tfjt$xe*IgfR6L*EAc
z<p2~;mp5>neLI|wbBVB*X3t!0FqL@t38lF#z#4R|f=7rT{5W@WXTS>GbMpA}oI^9f
z?{U4BKdm?F^ACgXaV&ru+;9J1ZwJ4^e4noK%OIwF@g8{Y-UWN-CBgWWD*GZKRzn~0
z%+Y-x=Z<7upt#)WikETc)lJ<vNTx$WLpoIrG$#DK3=BI{J0s}x1&atrXJ>KI(XIYZ
zx8_+V-7$b_lG3v^?I>dcjWLJE^#ou!FA(*(R%0IC+A54$v$DXhG~W{%J)WE;)#Z4&
z*&ls%d4*psUyo?XLHa!_i-Me->PQ471#q_9ohls3HYe#i{N3_l$t%dKW_}VB$N6=5
z4^n-5dt0JW9B{u8j!Pv%BwUT``l;db&Tv$e0?KhwrG9;BZZ1NgM2XZF2>_FXO#}ja
zHqQ!2va`1z9Uk879I(k0N{T<BWjV68+%?Vi{C(hmiIg*cRl@RcjmFzmx6NS8Drq#K
z1{@q5z+f<AW8=3aZ_Uv7a1>l!TuRC*|8&Ow@boHxg@*Tt0ne^_fRxf#iVi${(BI<$
zx}JbG=H;mBcHg_xrAC#I<O_wwx_R0{+_WrZX_~?%@`Nz*&EsTN(>fbM^SMtdJ*N1n
z%ayPkcNlIjk>|lw;mpj8g@py_H$91911$Q(jT--<1P0&R<7Nl|d%QVfdH1e>CwfO=
zIyoy_IF(h8oRrjSZ#*lOf<If-m-r$Nh0Ih-OH0?n#1kJMKh2F5+|d?)1lBb*eS-mR
zu-E(iIiZOxa7IE&2^*;m&k{W~DQUUgm*gp-^^IwBb8{x2gXHZ>t0&0oTwMC@_I9AZ
z-&7XtcM*C{5|)SaT4=lW^UmRn-S~IGUUPaAI1kt-w1OK;3xc#<Tuic$@eHi|w`Xf-
zySrh^99&$N8&YCM>f7}_3KC;b<mXgYqr;sY|Fc!m-J!THR9%0m-q{KR7kx=dN#`&%
zl{UJL*4C%x=F9Bt?6kBr_oLbR`g%?$<J$AJ4u4-b(})P!P~d$xt5IE4RCGncR{gC%
z=xAwja&p##o0%DX<X4ukr*W&t>x(vZb>bdGG8tgv5ek_P#U%M|H6g?PXKwE9Vvsrq
zG?5Yg-DmrEd<iv#^3|&s^(Zf1ROxMDXrU|h&<L_p_Vo6~lM@q%@d=p^#JKJquf2|l
zQxUgSS10)H?+>k37gtMVtH}(lK97j-zS^S}a9&^U4z^y{M|YOn$G05ISebwfW&klQ
zFNSl({81mj9v|DwrCM2l@H#9;h!sV@kr3nI(Kxc?l8DElmYBp{TwLg`f3o6c*fQZ<
z(`&YU^_`G_Kox>caq(HJ)z>E>F){1=cU39MxuHZR{Dp;u$d{O3@talG8yuFz9<~!_
zwGR@Q17D>k2?$Tf%q6C$H=7TRA50hLk1N_piPZF^?QRoMP(*Wio-BrD?*!wD{j92z
zRsZ-A^ANZBbn#V)zhp~<bZ78%gl+yO%A~~U>tDZkw7>NusW>?~p=|d|y5xc_-$Yy7
zl+O4{N{Wbx5D*g9uzwE(J#XM1F6z@`SCDQ9h=8GJXlPGpDF5Dw%j(hyCStakO}huS
z(#hdWnO`*7!0H?rVx+j}w9<l&nEQk$&rv=Ed7RF9r-OEB{KrE4qgfY`$Nl*R|EgDh
zeX{5jrAF8TCh`74IC;WYCO>X3*X4K)XicAnh55}J{2r<GzDUBOxeBXFV$3k5m}lDZ
zU+`8VgkEX-6$2aA^@~-VF!G?jzv2q(p(FJ>Po}7aA7o`eQV@@XVN>Li*#sMynGskL
z?<?VHTgvK@o^$$O^3N~U+i9q)<EyrGXJlqh?yWYt1Uop7jEwkhjqz6*HV1JWK8%22
z1itw4)z8m<#Rt>L#TQ4dp2bQ}x`v^D{-|Elp#R>HI!vptfj@)v$)pmENv0?zQXw3x
zJ;C9QIA`(fRG3<&a&d5%v|X_2{PU+>rl~F2=1NIPDg1BG&F^)q5vILRIPSfCF2{ok
z6^6cD{J8;P^(xyQenBu%75?jWFvSqUDG2huB#N#lN9F${fq=0L52_J7<Vqh?-xFS8
z?n735iXhC`b#8JmOn0c>lnT1;k`no2VCA#a+VPO@gT-tGQwd0u>O9YkPtBS=PRMs(
zi?)q?d!75-?7Fwu8akBN{3eD9EfF0An)PH}F-a?>k#8DGSG9ako#M3C0X=O!i&~YS
zZ*6HY+uzMZ4$VayOh7{{0&-;!sS`;?-SEVtn8!>wOneyF0)I;i&`c-+X+^{&0PL=F
zaI^C}g^WH=Q(hizie-)8!%nK%;mBbZ)HKafN4xe0&;k30avDkx$9l$=9W8V}?wN9<
zQXlt|PndBYv+DoS<>`2<Q8fBp5Hpy5ksk{&CW?aJQF^MvpfMLsF&lq?-s~ajm04Tz
zO`MQ9Z#05pvj*k3fm3_E$BGb9lg}7AE3s<h8tk?)&sWIf_<sAXMs=kGICqp8SpyCo
zpE3yjqnJp{4uZ^apq!mCDKWc!a?R(Rs8=kjzGtGGo}|uOVrAMDeGK2W^t#N9YrP_M
zO@B;FoU!h{mFp)nsQnZ<##F??YU@0JC$7U415+bBP)2jbd$LMI`kVMcACsOEds15l
zfKiXG_+L>2_p<0VGo>>e<t;TY7wUMT`^UzxS^Q9RUpIlUjyyPFQYwQg-^ITaD-7Aq
zmXno2m^~)*KGfGAD<>b1UUzz3?2M$wA08jaG&3iCsVv4LA|`%CVt!2+YPOk`oE-Wk
zuFA<w5-E=255&giE#n5Qdb7qp<yG`lEtfV8+N-kiQi7mx)A5)})64Cl{kPR`_mV%V
z9#ZdhpBm3XE<)X+Q1@aZA`Bbsy%iKNv@abT9N?pVKtO;3ziBiHyV_|M+9+Q09}uzZ
z{^B+j1~=n9xXnxLmPAh#(S-%29vcHALBmvDUcMIQvXSH|6#Cw%rF?X?Q4oD_qj{e?
zES($G_@T0vW0Vi{eBRsYxd63|Ik)acuNFFIt)3uZE8l(m7wkW25+R9bDHu07{}_7)
zlMbZ&t=^l^5>%wG0p?qvu%gm;e8Sb7@xn|@XhsB|z6^Dy?e%hSc9$X|?wj5oFKk{R
z!G8cJO_@bf`_B%h#VR@3JT?h8uxA7g#Zn8Xc|zPw$S;!9w^&<se*Bu_=vG#&qFBcb
zg&Z-Xn+>7o@uEg6%Q)16w3`;@SCD%0z}Z>t>&#l1=}2l7>7&gDY3Y#0MqH%$c(o`!
z)Q`PU;vGPv+rpIj;MX@aXQi#JzO&_e{7$t?QJ(`t^53w{=kEe^5AbgMa^Nm{X>k6q
zM_PsVTgZnfS_c0umh1f-7+|{i@tT}AglRL>^aJ#;tO}<Y7#!~Bq9SxYWmt$zWLopu
z!d7&_m%(h14?U=O?0zKEK;W_948aJ7;YT9u;$Q97;NnQP+57wZTQ5I6k3`ho+)?yj
zO4wZOjuDb;|4r{VH+oG*HY9mG8;svR)E#Vp@}9yH_NTMSp=2~dFXpnXdm}$i?2>?A
z8|{pij&7@NVz=ho4982KtFfF&UqZeu5LT+9@iDs8Mia*7_r2}!1IrS9n7v#Ivq0Vl
zOqT*$R#rwvRBjrSq<UJ)*u6Z+FABxD8Z2UlcZoPuBKzChAsd+L_|ZWvEkeKKtVdT?
zpc4>ST^eAX3a1=Bo5aCduCA`yv+)%M4IKdNY4}BjAtMh~iT%~NwY_~`T29h;tQ*)t
zFfN;+Nu6GWGXGuOM1%c8&}&{^-Yg++3=Q0ed|p!hLkg#kw<|X0_{8PthK7b--~3O%
z==To{nDM&6dS0+Hgajxke5{GSzIIEBOyEp2mm8F*Z*0sLr+iTwi(pB;nNqBj#d-F{
zgr;J|FCnPZtmaE41~+C>T>CnTwoY_6HIo#Vy_>uHSoR5)N)lL2El^Of^l)oy1d1A1
zR^8KYu_APURc!TXJ;_Wxj4tSECWROt{VyM>L-XqlS{+x&b>=RkqU<Uv-~=zND>@Ux
z;pQzcl!lbc?9!&I8yXT4@t1wJO4df$^Hkbu?(Z@s1qr{!u;wK2u1s2heBuM}r>n#N
z$;Zb>I&!$+>sK85jn}3;B}Rd*9M{cF<<iseFg|{<HE7_SA84wHg^k@Cf%4MZ%PW`j
zH7H>7(xOPzB0X<@ypk=c+G~g)0x@_B`gAurx!mC&Ug$Dr5@J|wf*2(k7wlqSEx+9!
z0QJ$-BzmeKa{2k3k8zac-0(8A%BYoinvB$P(erHe1ATczgGXUBrZ#oN-Ngldj>Tp!
zM}zsgyI%9>tKIiKWc^q{sWDey-kI{z-%d?UA^EczwGg#aX;aS%@6pEZt!K`6m59$p
zLN|5)+VT>=-TWxsBaa$3EMAkwp35bG+<3OES7(V`OLMT%8%}zje1%EHVXhs-5_BU{
z`sOsIS~KPMtlLjgOGG)*<SZjF7_8dmc-F1Tnqs++{V?Muq4Tva%8RfHv{4<?0qgG4
z7!0S^+tN$#`Gdmw<s-$iS7}mAdXS%nQkop)mo+3Jc_E{m=Z8Fwrr~5$;VG<RIW`GC
zyBH#d6FK{HJ=AUb9$I<Q&CsZ%FxwF{hVN)}76ad+@jSnosX{8Wz0ql1y0&`{W~{5<
z_Hbk~W2DBb?{LSgjDb18<wK#^x2d#~SG742HI5?;m{Mw}u#%3c?I$=h^=o%Fn$Hoy
zUVX8lij@yowEz=UZ4L!SA(0$TY-XODkf8#l)jISEL@!~&5^bxOb~daQs_#}`IZBcK
z&ikb5acW92ktnU3Mr4CFR4&HKteP>eSrGMw<1|ons9QwSM&Nxy;tZUz8EMzL$No0k
zVyDYgYU^T@C%w)|<#*<nmNrL|vil%Fw5cv?`%K*oizEq!mLd20yyI}zF*c?u+SIK<
zLqYlX-^oBR1$#J7NWhQ=c?L?#Dc~L@Y(_!fwzRD5Xp`aN{o2*>H>wC)SS+!<PRjhe
zu8YAWU$V2k9I!>a@K}Kh4$`Y?s<^6qb7JpI&xuL{jdMjEB`1zo$g#5ei%D;cRRFw1
z<o==VBKVNZ7-4!15}E+$C|^v8aE5FQ0#^Po5(&JoSO+;YjBN1KIIT%U7MgEOyxyuh
zK!~zIgH;8@uK-&wzQxD4qj0}`DfZ^}dP4n?!pVb`x&-$0gq`*J<OKJk3X1rY1D6!8
zPu|cEXofYS;ZlqJvG!#pZeK8?q#csw$^~S8K<Y>V*-D76jl7LXF2vs6P1D}*lReU^
zx%rkET&R#)pket@z8~@Xy!t14yF~PmFwkpfV7j=Y_DKEkOr7F=t?L-jp<Q+|bA4;e
zgT%#EyZ1@IqNqLJT*d2?l?wmd_4E<s*DO$7zQv?4JggfL6LTDzX6%F>7wdGkf$O%Z
z5I_KDiqRhxbX|@e`=(dE(V%Zenm8qN<nm@!I=S6|dd`5JuT&tmgPet2%^(^XwA+De
zcIoozgP!~?AsP2)>Y+WLdTTH)Rql}qee<DfwfvDk(_P5H%S|!dYk!yU<5}oIPUid)
zq0Xt`2D&><1k<3S>jz5U7dQq`1fD20fVLDF!Zj^-rJH`1DW?E4ib6UnW8@BzuB?a3
z__;+_xgl+p4hDxPX=0NOMm0tdCv9AW6+@4YuWzf5j~)?=Aw5Azz8Tl;Me$;uR;KQf
zC1$|ny}Lj8tqsTt(BB6!7ER+1LTU)33)gaSqoWi-qXD-QpZE^2k>lcLE@Y2x4+_za
zdtzjeab6<Yy&2^}o=CBn_{Dh+KI6-bZQt}{?JMD|^DMG=Y$tD^4Z1k(`ds<T>!4>M
zk&6qjH>+ZYFhnY-DBGK+J`G67h>Xp*UL7S!*nD@Nzq}E|{{v8?1cYT=U`~IIHfir3
zo{kOIYd1ehECfG+(atV!&aa!jpOgc}FTPcC#GMG^P>E5JlW%Vw&CNO4JGAV#Pn%B{
zu}3S+n_`ZLd7IU>wpLXEf#n)AuNYPXR^O;iR=n4N`uX$u9T=+``rNIa6hP57^fc2n
zG_{kn{8>fbeJ&epxZl<cC@6oYlUZ3XAlpwr&>ibwU?+!%gW;QGx1>Cg#jx`{Sam<=
zySYVcZf5T8(=Os429x!Kf-au`sa+t2E}YA+4eGek)@<85kl*axirjD(9TgSxb@3G?
z5&8BR39+7rk?0Lw@sUG?ut+17SbUvBw6C7`!_G$%ol1{Z?^Gx)bY>*BOsCbjGeA^~
zZFWU?-$da#A(>^#apm*cuQzA*-Sx96>>aw0=f5RN#)!_!N*MAJA_oV}V=T-C6%`I+
zE%mQ%rd*v&LyPOo2>RkM6JRf8(J(^Xe?i)Nm+A_FphDV`_Fms_8f_<oHbTEB7e~iX
z?K}WK4?te2dk09jy{nuhZ^LVGs`U5<g{|+hzpa;-_j0Oj2p$fso>IlJH_*u1>U+5v
zes5)ZDv?hMAN(4HdYcInl;wsZ1>;*=Yx;&uQx3~13-*Qi%xT#@VcAo+2K&+GZ8f0P
zQO^h`;b*%D2=nkXty2nvO-&K?1fRou&ueurRj8trB6c$iAU%_TNU`>#jcy`sgiRxm
z;#4bJA0emT$YLD(pm##0b*-8GED2$IFAhLY_wnu&{5nag5H3&0-ID1VwN`UNg5h^%
z@Q3wsX$w+Nu(<&ZKhkN^WA)!qgOR1{b-+3zZ4LyBm5;BlPd{~rn|HX}3~ySny$B6O
zgk>8%dz`7L#K<X2F9c)@)8(06T`8YjFRRUYnND6N_cK_fzR$``NpBba?U^5L)xA*X
zXr}{y$^g*WLCeSG*Zyk9jh=cZ<ui=vXrb?)`d_<z9E2_vD_gkAyIAN43f96dxG2Yl
zV`5{+gxp(7P8zhQ38|^;_}`t*W>p>8zGGW!$)7nK-_7PVz&dP+Dw;hKHNwryr=`o!
zJFTY1v|4a!!@jAHyx?rTL-7uk0XMt-NCC{OJnwo7LYn;JH*_&g>e_xW)4qG2FCkQ#
za|{i8ctAx94VBIA{2M|~nH2f@YhnF^nL|5yC>N?uHVq}&!aU;{k~BL)Ff2bmza<og
zwnvT{|L|~_1KsNJP0}kvw7Tewy~!8zF|yMCEFu(o19oICsU&<Uvt)*5ad)xg(vYNu
zJn%d!<5H~o)s$k^mavah%CWaiG_Dpl(dgb1qX`Vo-vJ--@u+q5K{e7D_(1fxnJkAZ
zC0IiDN5A<Y^$)KVvE2`$XgECe=TUizb(4K!yXH=_5BMVkd|vSt@5k;I7uuyfdXowx
zrRlE>M;FLt@yv0`VCf<S50GDJ0B+yXC$b=~ir66*F?OhK>z_`Wr0a>IWkcW#b|>FB
zpYsQWdHRbW2J?eiuLbJg@#+cADg0=3gM@u)(j~6ZA26YVeIi+~Lih;d*ZMedKp4t=
zC4w{0d3y)SuYlliXQr9f(kR!IT%!!r2a)>fei)~Jca#H#cG9jgMq{g!#r*})2Z3^P
z+31hyF!(5B9CLvE7_tBJYqq1DDytVb0|wWtpI$sN6*4ju(K9eIF%{7dGBNfsFs?&)
z^vy(iZGS2yB&Qm2bJZ6Ay6@}j`^3hn>}KyK?(FOYrY5r6_8iYP0_f5K<O*e9=)g_N
zY)Z<kwuFZ3RdNyI`R59~M=)u_C%8<X!OPF>VpKP^=yM12&rcsRjsO;}A$6`h5d#o$
z8JSyktW9&Q`0ad?RpP6bw6+AbzaR-bb0oO>tZ4YZ3bus+H17Bc1efkHHtRip!YG!6
zbfmxYRKo({BK8)3kt5c5O8unw>>5A|7rasal@gNtuaEd^r-mv>YJ>*#pG@8vk!l3>
z{07&-{d%v*c7f)91i|^Ay(#&~6cIT>cLT{jTI+JceaDT5!s)pF$iFlV0$?CGn;76!
z6`BVA>;XLR_yxaS2J-JNivI^GDRlY@f^N1<XY7#;NWlHM;ASHJxdPD5%>MI^`F}Wx
zI`I5Jef>-g$Hd`o{-t;ig5QS{^8bM+Gyd1=AMi%;m99$I!2=kDbKLaNatkC1#L+NP
z{l{<q5B&Tal?mWY#0Ab7!u%B|YT}>tFWKEUfuanjNT`7%jS}&FURw_b;G_>R@1>(@
zDDo{`d8sF^ra&x#@Y$1+wLgoCKCsRHkyJLrHv{PKeUs}R4qHwILHJ(HBlW@+=rMNS
z>(_Cd(E4ak7+9E}iqnKv-9|mArvRl)z6K+apq#P)9hQrF#>{^O$c+6Xj2~DO6{<6c
z$~fM3+s>!JTQD#yDtuFn(#%Mr%_I^vQE!_m&<&M;sqK4z{zJLAH}uTb2}lJ$A9g}l
zj({ub0NB>tD(q+urgv^WumlP?dEaCDjcp7JY)wGUK>;F=ZX`xSHXX-c`UmuLg2xGp
z`aMW5T<Ox%a`*Q34)rhFo}d4dMq<KlQT)}qu&|KdX{D#W6<A+g1E$#nuBjbC-#d=N
zm0`hYr+2*v9U;BzK=1+Lx@=t#<o@byVwNSxNp}-Yasnl)m=5*K9;7=LI6SodRjN?S
zX$Du*;gcDBl`Fw$cL9&Loj||rYN_CpR-Hskh--^2&W3eC$?hjV*VVvIFRRI4>8|Ow
zCWhe(@;Jx`IWc6@Ah5WYpYz#FBjgDh*Jdnnm63Hje5@HboX*V@>P$4hgJ83koqDn2
zNt^&1l5sQy?4Qq?AZPWBs}EJw4m$qtc;Y-{1h`7pGE!mfp2PxU&q+3MWF(s=T4ESe
zfQIfXew(ey+Ym<_i(1&y;13uYb-(@BHbE9|8WF}o7`F@<IEDcc*#M%e7c}4Ul@@O@
z342ymrRhz%+T7pS8HHDsr3lCy3Lc576_q8GmG9WuS$a_m#{30FBYTlWN+>@EB|0Zg
zHP;~<EHt||Ho-Un$cfdNU(Nw&%=9{^JOeqIv6dtAPK+~+N+nutEMliw6)EwNe~&)k
zNyEOVw7Swo`GMUv5uBdL!#qbCd;qkbv8FK|t=R|RIA}gFd!f;s0!uLH1bPne!qpk7
zqp77iGy8p9u*GNWFsL>vEbLJVO?{Iv(eCKb&eryj;&Afy@5k`RnZx0rx)-rG*pZyR
zji@Nb);1D~-WJ};Ev1z|lq<BQmU-)W_u;D#j@S%;F4eL3LGD&DN!Uy6%F0Sv?2eA`
zeoEt@@fE^=34_i@7(MRb6i|+0Bi18?l=)Y7i%9fs?e$95pw@Jr7T!bg(7WO^T#uYA
z3gf&C^8AeS+x8bFAM4nl>(jb3$2G#3>yN-q#P!7A*q0p^JUIXwyc?-HTBQ_6wKxNv
zkJFtC)hmF^QmiP93f$z&(`Yy{F%}sS@p}wppaW(<1RIsHy&ZSYcy>8I{S%=I@ESA}
ze4-LePSjXa_1zsk*x&zo{9S|@#LmB`J3Cph{Wm(5ydAl%@$uN!-d-TdTh2%${Tpej
z%elA~Zwta8uj~v+2A1SB8gai0@hi+|(Ydi{A??kHNFM^FrGE1%p=+sr5T5SUs!P=5
z&g<YdpJ@B7kx77|1vKv&aBo4by+^+W?E+%_QP-fr>$qlb2PtTG((fC)lu>Zov+8Wk
z{?A+ou>is1ukY{uU=0-pmJp%4^%{G3qxauu+z;EP^#B<B?JjTDu=A`>On(;<5iM5E
z^eAfL5PV}fl1h=a$0nBOYkPW3mf5k~V6tksmfN)+!BO?)3;PQH!wJUXZb!F!mcjX|
zv)E&_MG##E@)1bsreiJR+po~T^it4^3;l)rd1P)NZb7w^4L169v=(UPyh=XUVAG2Y
z>?ct%Y-xSBy*<JA8t11q=6ma}Wla~*g(v&EI0iXD#l{f8MoXaMb958-V6|JAD(wCd
zm<>ZT;A;*W=&Sc!zPq{8Z}lGBDH^dq0BgDIsGmG0AAP>UAfS^>DPQn<T3wl8!`z%w
zS65GL6K#aT*2H4sqIBD=B^*t)PHTckmbJtCWS)=MVKcqLxjO@~N{%ecv;Jy^+FJRQ
zi5_R)cAKssF%M@CUJR7Hq_NbF3aZez=gAXO<wp<Q*}-yJN^uyht@W%tR!jIdhXr|!
ze6O*D=bm*m+E=(0I-@4;gk3j04K!9gV&jD79)kr*0S(P#ZsknL0Tj5pzI6l3`2)ZT
z&UebR4clkQ*LPs8ppK(PCi|t`8<^>n<4SYQwB3<Tc0e-k%+9Nw<e67{6s4&XV2{hb
zgOJ~%l~l$$`WgJq?{ToM)9XzF0$c*GlA7b+_-dEC4ZSZH4WO~<M{Ugg=}+ATz~0R%
zF(hm49kI~fou=OoEkE~6Wss8tIaHOvdwew2MzO?&Av!JIw`ockVO2}lA)W4`Zr8Tq
zDzk;6Rt5wtnU-On&IDF}`glHFhPVn(WA;Xm1JJy4>i3bWo~MgoAr(z1cRg2N-0l^`
z6bGJw8yP`={7So_n4K|hG6ZYg@8JT~WBj?*G<#S5(b}z*9tNGKe<pj6_#DL0Zgi6Q
zdH$Zdd4g+(-}BI0=f|z>q!d+9=r9gQv%0$Iwc2cjL%tJ}ygq4h^bd%C?CaKS90Naw
zhlhuRzPNv?Fl;ncaqdEGoN=URAWGKK)=7lrWUFv%o;~;sQhPh!oyH%xt-W7-tQbNp
zZ6+&soSHL1rK4q%4WLYDd{-)db2L^8EW>6t67D<;yeV1NymDze+H5Ly7B$zTT9tJi
zg|(@^ubdk(jRHCLdK(c~Goa}o>IuDF*ABn~XiFc^jfAHcM6YrxewJ3M=_I9OiE0>X
zuH~}5e=m}ju4kl^>dw4ir4!L|VfLZFxpesQ@N&wWNtuY4gd{0NYgUt(WJgCcB{hkd
z`okwv@3*zDUM1`N92rr-h>DI@n0S?%Tw+&N>#DN1yGtpS6sd>eL3gtFX3XUV#I%(>
z^yZB13c4phGK<F4Dbx!!;Lg9lTP;^_yx9}zSANOj0{ZNtHn8&ojm_V?z-8-47&h9W
z6ehcmRY|9aYA0)<rOxRKKm*$#&e-Ru%zozDD_mecUi=ZFU{1ZhRY5*gC6n7$+NM8-
zy7!q%&%nSy%ScaOT~*VgGOtDE6MXzBw*Vvl)UM-f%hNZ~&@<A~(x|Acs2KRwQ540H
zr&Cg@Zk`z&OYW|OJqvZe;XQs5$62Nj`UOkuys&ArRnN6m@5;RL2WOI8W8Zp<0Wx2V
zpqQ2nu;Vff<<<%1m*Y7EewLrbSChKh;(|Vd(0^wUIa^*<ib&Hw2SUbWC0;=Gd~|Q*
zk#dk?`q{o*10q;PQcBooZy7@bt6_R1U8fKJDWw_sw<ia_9fD~3N@h8GxcQJim1uQ;
zqPz^E(hQ=a3`!vcKK!8`5h~N!AM0|1`vh=5l;xC(0ayzKkfqt%o_Oi(QJx7goRH&-
z?0ZruW`Uq2d21wd{J`1kqP8Hh7iZ%oU56@<R-Co4ekgz+08kSe!}fsZvIcV;n1$$<
zFAh@zh2`an`#^WFZ&k-l=9$W^rhfzY=I!tGGxkhDn&3D6;zMy2q|eiZtgg7uc-4$Q
zP_%au!?xMc1~3FLJlxg{zddBFvAWd4pgFNr;j(S_P~gWJKs|ZYX=3(FJ^h$E#%J@L
z>--M5JA<8oV4J=WXMc-D$C<%au<5a>;>y)<lIWUOjY*u@S!oHu&#>5ud=u~H&i9ua
z^U_gwoPB>+*3!shFt1NkdO99%V}_LL(r#&1n9h*q_a~NRA08kwi6zCw#nJYP>0U4$
zE8iz}$jzw=Yy%u{x!Vc7kM#_=9H<h2&)17}0X~6k<xn93$khNlnG@`>3U+rCox*C>
z6KV)<fqB3DWIo}1q9`+6k;!jRY3yKQ<7i{EX&B!mBz}asXK^z3!^ZTNp+nD2izk3M
zofQjbx!wmkq;=KA(tLc_I^(;xVyIIfQ)J+l89*xGrN8<+cC@fDrZI$mXrj?0uv?-s
z&hbcnaRrIsjHOiXLnMszA$yO=TiZRbQ8WLEdT^fdo{+}aPWA%M+a+RN={9n<z<D^j
zS-JSXWaIy(1HDHO`Za(7UPxo?5dg$N0AL#(27@nxszKD?NA()97K2lLxbeTq!+(UI
zs~jerQuhRmqVBvwH)}(1L2i^i08jJ;bNx$P@GMmTeqjsfl~@o>gbNzv?X^?N_1d4=
z8lFvh14@p>m6t)J{OC3Y+Om7Ec%7jJiV3i))g$Pit8cz$9kS}HvweQ>jEl^G;Hr^f
z$5H;Rm(x;UMoLvPj1yK@*<H?^&az0gYt-g)t8M@@xePl$#xZewef)@(gOP-zvT2@3
z@AVF?RjjudsjxTkex4rDqSOeDqXoyqKYInS%>-T*=Z=80?~EE4?NB&(dUtJJIdS@u
z13JQw`uq29#)y|2A0MrZ5G3#jk@apouGt6Y`$j}skx7l<SAJbbpgP(@$62rW&wsE{
zj+G}uuQ0R5iO`qg&(%j)x@a72!CW(y$p2x8Q%I&AO961tQi#a$)PXJdid+Qw56aS&
Ik|sg_0|R)zu>b%7

literal 0
HcmV?d00001


From bca29f09fb1ea94dddee296d61e4f23ec5f92535 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Fri, 16 Jun 2017 13:32:29 -0700
Subject: [PATCH 12/49] adding more content

---
 .../images/autopilot-process.png              | Bin 4484 -> 9361 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/store-for-business/images/autopilot-process.png b/store-for-business/images/autopilot-process.png
index 4554605b456f191d91f3382835f04917234d3677..491b8c0ef0e40126a8cd01c10805e4f8aa998f67 100644
GIT binary patch
literal 9361
zcmcI~Wl&sO(=M*TU4m<n2?T;W1b24}mf-F#L4pN$*Wm8%!QEkC@B|p#zaigyPSt(y
z&s+D$%<MJQ)%$5%yL&$?TuDI^4TTs53JMBMT1s363JQh`avg~T1Np{Y2W&uopq*4C
zMWHGuNDm<kI13SZ5h$pd7}Q5&c*q*rUP{{uBI^A5f!;7DcZY(ap_3LDQFAx=or&y@
zE3q=fCoF}89M=6#l9htAHIH&yvL(UZvpbBL*_s_1G+cR78Q}{P7z?M??n>YzxX77D
znhIr5((fWd6X)b2kF*6HFHA=XgHlT>O@S=k+0?pmm?~%9dzqRw^5AuktUs@Q<+|Zl
zwo!JJMVZstX+VJ#NP(m}gYrWAdT}A590B>~Jpi}x?^5*t+cIzQ1u&3q6Y%1pE-dVS
zIU8n~>UkHT#nQ;-P@;H;pLSg6kPx_lGB)w&q4IKVV60FmyQ;EOz!Au7aKY#4cDg3W
zeb!p-y4`iOB-DOv^W+uyenOb&dA7cuw8LBZC;ogo_gt|zs_EqnvrOhaXlC#&;*GEF
z3=ao4>)w6z?;uYD0%F3YR>PPHt=`k>C+A$C%=leI*^m9vm`whczL<T4n+{`O>@(M=
z=Q5Y$g$kVpAg@Dpw3Vfm=UtK(OZET496Tr#NoZBmZm?Z_7T8RXYtNtj{nYCAg*=!*
zhcIU$U`NPqyvYR#IYU6OQF0O8W~F{x#i5~E&q>S^x(F|F&LQ+Z!7lfQ!IykBk?j!z
zuHR(j1TLF49c<+T7uos6T)+9*={`PgteUPg+K><uBB?mUrF9s_8L+0vFslsVyjo~;
zrGi%|xbg55{g^jIKhS`I-p?#rP}Io!Vc*_Geg5P;Xr<vR0WK~a74)e149d(H3msPE
zoE7nrYG+8OCu5At%guHd)4Qr)#7;Ox;h(I9l)xZ2`e*+01%<c0!t^PsQeF*Oy~0ve
zMOFqiQf~pdf*@VXJk8_!dJg`?J}*P>i_J(7MszFIY%t&b+Ei(4rC@RQ#~ew*5*Vqk
z22iL(Fo!PkY040|UVj67P`InwVfa??eBO<Agc{K#?d(^IE;XOan}^-<JX8W!H4P07
zb@lm$h2DGh@lWM?QUHJzKIFzNO4(qRxno*BnJ32@a05oy<7}{&9L^%lb3)f$4e$Y|
zN&qlu_r7y<ak-i=*F-y3E=Xp6gC9AkjBv%cDOzYyn?DCh0?Bo3g%}hwHm{Q^p;10$
zl*HuZAgLTBef><f%!teQ$T*WY-iTKlOQvNvoJxCZ>rPJ}uQ6^m0<C)aDp66Ni!Svf
z?h0++o=FfKV&&bW*P&2!;2Nc96+{!i+V|x$zA5S6Xwhv4LDD!dw(qt_*>H7<KQAv2
zIGV^bDEA}<Fe9YKFU`k(4S-3<XYtaqv~ojo#x|BcPdOaNX12VsRB-t|tN$nK9$kI?
ziW_Rf8Cf=jZxTl(VXw)e1t3yB@>-n~XbYXT{b^!*y7;t;bHYOKoQEn$dwHw?by$ed
zF+k<Q5%4N42a*1==~fuz<<<vBncd^#tM2&xPL2wyGPaTgw;-AL65^q0xK}Lf9qr#$
zrltS{?|4HHOw(c&i>Go%k36;Z1NnvJ<-hyBipw}dl6D&9f5kulEL6y5I$fxFONVsl
zd`#$gF2jNZ3-(udAG3wBZB{|qF_+T>@eAE+<Pr{PO<7$2%z&aPMeIcx@=c{y!DTv_
z2;#tlCO+u#c!Muf>dcm5|6+kC_Z2i0xj?$|fA`)8%43UO^B|3iG3Zhy#upMIVo{$m
zE61!8-@YF_Des{jui~)^k>s~fq`^k4#xjp$%pav(n#j$GE9!f*AJis(JQt_wbuh?q
z!cx5H#)EmE{GL{iIvWp_O6^9R^7yh;^>K-UW<6Uuia_0{@sLMz=;dB*qU+}fex%V;
za<)8cvz);ZNIjv|oGJLmUY+K>rmFLoM)+RN_-;KH%lT-oUH;SrqU>joEOH8daB#AM
zPdxT_WWRuN>VTHCJk`3z9PXVejWGehxGveLrg6j=O+ZUl-1#+J7FH+Jp_zG<3L+g)
z6#R(mwz&`cH5ZwPhv=rxrW+XuEaNr}tY<rDm-&)0>4;qsXe95r5(QRU_j})|xZG&5
zul+|FGjB-Y+oW?aqdlk8pvFjEQ;WC!E}s$87BbOCIpoGD<O%6nQ9j>sSP3lhUd@4b
zth~(qL+*OqAQsto-WfKq=EdTDP+Xsvq1Ff=*`K7S&<&Wo>^ps$rcC5NLo@Kwl1#w&
zP$gNQaw^WF4V>Pqom(t>j9?bPQGWRq?0&qNk*BaxOX(N6Jk-I$OhP4($`7JOzR?P9
zKbbsHMq7!=eqYqmnK0!A@jjL~DlN}gC!SWjkF3EX*drxECN(?Cln7O7#@F~X#eG{U
zF8yq$hBp^xPrWhTL_8*yFuTdDt*>}Q`+buU{jXJpn2J~J7fG_ezm>_8?!c~gK^|1S
zis66wl!louKk9UIWSrvm#3eAQGw-zpo-|W)D*kee3_A)|S#r%bk{3@#*G@t#&-q=Z
zSz>(=+tl|8Z-F37StWrA$uGp_j9XyRGVK-wRETpv%WQuLD?tC%n*o^JsrgB=rcR&m
z<3i_)LGAj*$x<@<_P{vG{A_1sn72b=`n^tcbLPQwYT;oHg9N6pY;XIe``7pjrk#@j
zkDX+aezZa}KRe#68V4Ljo|!+{n)Ap!yN^t&)pj=y#J2ZlblYQC!1%AihF%=tgwtSd
zH|f9u?Y?XIHxi7ZBumF)&3w>d={J$z%qe(5KU5!*$gvCuaboyT_9IXEnlUru*K-Iv
ziwQEpeuw9&(){~&Y=`&;#75@;z!mzi1-yV7eM0ZXgfkiy&|LrB1blqm9zlfePqzY;
zu^S%TtAx`xsH*;xaEuWu!3fpKhBz?=euqn$Db<D34-(=ZdN%y+tx31L6VKw0i}d<T
zt|OHhm#;HU5)zUXELLy6X+7dx)Z{!I1+xoh4gNq@MrBN9{MO2$^}c1q&4z`S&cMF?
zw~6nrM5(9f+XKmb;d0(OvB!ghP8KI>w){@PFSges1d=Abnj-W^2x*ja0UI1B^(*b}
zt!SsVr_Hw;{Ra$k#Bc7E(d(0_)TnF~_&+X=BXCpikC5SfaNNk4%9nKGHeU4~Ai~+s
zAV)npW=T5K@&++i8wPrpz<)mjx5Ecg;Hv%#N(e*$`U#SPM+}0l1*I|3Fdn5zy?6AA
zS-dSFKAz6NsX6EcRb~(NF%x-5xOa-Xh3NWtb;*gF$*cwF9p)Z^XLfn2jTz2O`A3YK
z@EXjkvp;7NloF`sl=TiSfywm;htod5^qJZr6CbPxg^A-*k0fTVciR%>T$}k;HKOjO
z^wUn{7k#JeG)Q^UuP}@hO$uY|>Dp;n<F7fddWa#-7tyOeECEl^b|Za|7SG{ugBt;I
z;2GDh1f#cXkP^!MG{aO`r}(%JEsG$)WjHu$C#5genyWb`ZihLL)2atOYo(^!<h!g_
zN(U<8yoJBf`sjrlzg5i&Q;$&KJUeB63T?FAW<33y1Jk)S>63{oxN*!QVLM`Y9omFI
z-vro-LZo@|@pbUdhBKv&<z$vXzp158XIRrSw!tIYtcm>I0CU*vwQY|HGC=BXb?{W)
zX@jl)v!Did0vA)ksZWoEAZXfTSbM2%NYqp3K=wB2Go(1>jpB}WW1{=cLxXoR`W&lM
z1jNIo?f^8^gBkg8&Q@c3*|!@tdsG&bs26F`g4W!1ih`b(8Mk!4^zpyP!*NsV{b?>>
zB2?hE>36N`be3KOJIB*=r3S56;zum-yk>*va%W2DF?8%&LTD}!UgZduHuTIIqWreE
zFS(C3d<OB)e?Z-Z3~j6F@y_m*%Sf@GLP|7+XrY1FmJs`o@g{>2Q8I=2_bkkP4o-^)
z{%8!*x+mHcvO2lzP!vDRZx?0`l1NSAl>#Bx{L{8;(Yj7>(t9kgyADRRPgdsSC;k+{
zx)&dB^&jc{%-6che#n47s5N(-Q8Hqxh`^6=^Ck_=Bv+33bh_|kw?%YlwyRdw(NI$C
zc5wuSXZoU|jDKq)m})A#HNc!B*Zm>svB2T+!G~IMlRUZ0tnC&oxMeNlkDFDCI<pV&
z_?(rNop8tRD|9xz|A8gY<tw`4GX0!@v14X}wmD!|PoLMW^{u1_3zm-+sinFAi#q#s
zBsix5SLBx8T8H&B?ak5rkGFj@;E>0YNjw2|H%XPf7&9}V$T7t@#YlTt9z>A0rK%XD
z%YIivL*_LD1lKiv{kVsfCKf-^4X6Ch&3Mw_580&0s9VpNNw7lfOM2#7g$AY7nv@*d
z(uKPq=f2@l9Mj$&tK0;(;t45FXg+ZG96x0dushHnMs&g_;x2<O-$b2CEyd1rKwh}S
zuuxvSj#|`nz4wxGR;h!&>o-2UoJLF2!cP%H3~Oqza{S)Q2%<8P*_O%XEh3I9GX)L*
zn;$pzxl3G<ol10g$BEuFHm5^QxIVrsrhI7Q4bD>R+Hmd{+^C~-^Yh<594oHE&r?90
zJg8naIPpKVMT?5xsvwz;{HgT(YeQu>0}r!}@LmjnA;p(r2%KDjG0=#Hih4X#ICiyY
zh#@2<CI$-&tJ@GSpkMN{G9;VQM)#uN1EkISu6SpNPaFY?$~~%wa*iK?SCMDJJ)l*T
zij^T7DAzQj{qFUQVdbEGee;QUr_@UEj@4cJSI96Ac_xF`v#lIah<nwF5_l|e=p&xZ
zhF@qHQ&Wz*kFt5G$0GpsoIrIVRhH9z51K=)1h&Hp*D?`O|H|k(3S7jdt8wE7jkq^@
zb&WhMBsO+Witg?JS2>+=K?0j0)lO8h$Yl*h;GI1)@Y<0e<R<Mh$<&S04XdjkT!XZw
zHf>YX!HMv-C+l>rc3apxkilhKt59Iq4=}vs0$%n@A{A5*u<E`1x$K3a*0y&U_?}Qd
zAJ=O+UWh7+7~c3Oah^MGNkb?pDZ9S&q(8hCCkDSrItEby)V9@fU$AWj>;4=rU?mwp
zKxw_(OjGQ}Z&PkK5+VB_)@M_MfcGJU2>9{m!@?4jz>d_4ZPG||j5*iCVm2{Z`S8mI
z3?&K--oQJ<+@eO`#p#QSO-8+|yYRehfGO+r+OQXE;@vIxFE9e3QYe9-E6~G1$|OkP
zI(VJDucQ~eeM#*tg{ZniBua;SkpL(nb=TG()+c<Hc_Z7(h30hk+1Q7O!)`LFRi~k&
zBtr9AS#+gQfoPhVm0c~|z#uRE<u{%Le<K1tvs}%BGu>U)>Ky->J+cC9TT?cFGt;Bm
zQaTbwNx}$G%6?A(vU05hmp%bG9>RV>ng+v^tU-c~kRP+TN5Jpjh@r(G(?Fc$#)m#_
z<rc+|N!*3x%KkHIS^>~SL2$82V-x*%`x<(h3MR8YiZ$dYck&7B6Z-ePAVEAfF)cTk
zG>5OlPG6N=l>6lz;IWb$kHxg}K~Y^kMd~rY3un1+9At=Qhai^Dlb5gHyPBiPtBlg_
zSS~mBo2`$~o~5&3%e7+G`NoQNVkjeI`U$-<9^F5_Vi@3DMb3>s$J2}lBMw;lVyg#B
z#X8t1gTfv`)NlL@eq6-VKNd957SdjuT71#-y^aRn-<Nbc^v3O6+rdIt8^5M5>tJX_
zrUJgKj7CJvKDFcqAdS^LX5{%%sX%K<xk@>RRIy@yakC?S|L5=QkHCN?Vs&en%lrl5
z&pM8VG^F-{+EkY6y57q#i=Wj_yAw^t?i|1mele({*)vxMrw=c+*5c`!WX;bNyMo6S
zXw?%f)9HN@s9JjpWNT;|tutR!E#s9$476QhNKV%@@NS-$eeE8n%<d}7V|;ICzw-I5
zw7>jZ-5EZV`SUn<dAKkk!474P=SR9+r>jL#B+WUWLk^<wLOEq=$u>g{H_a>_Qbs;8
z{mS!^@|~wYMHbZiabNo&cOn$`VYePrmj&MylIY?S^gMHc_>}CYL6YS=G`sNGYLh>z
zaf&@wI2F?3LsH~smaO~(^lvF&#)5~6)n^}i6`Qh2DR6NXKUAN82BwB@N1lG)dg=xF
zYr~XmT@!LvJ1r_navVLByDB}`OmD~O2eL(4(p~Dvg1j3=q)2DaBzA`5ZqOza{iutd
z|LnW6;>?^ze2a=|E<c;(OYYI4#y?9q4J<Z^!|<v8a5WsnOdeBQ(6o6<_9LasSgiAc
zg~yk&q?yhERwIM)r$;m%cuHqNH9Dhh=Ar6NSclj>=s?2efOsXzt(^{tqccxPe%-|^
zPEeM2cpGev+o!jER?X~~6%nPRHSe6m)!;A5sKp~<FOyFAyU`+79X{58>OhhQQiTnB
zampzY48UAXH_I!%GGr-$yb_~E*6*3`0-|dO^fq&MCJu9Ay=lOG;wptI=|4crk}qC=
zY~>!<iLXn=%s>{b^WAwUvkI0u#D}zb!hntim0;bem`?#3$Pzg?iP+?L3zyGiY0A-H
zjfBNHXu`mJ{CyKqLEvc~T99W*E1L2|jyf$vRaJWtI$>3ElBzqTa|)co*O4Xq+aSHm
zMRLxw%^}iWT6ipSJGFF`^JrUY!CGBabr&R+J;Bi*&Hy*ExYei)gc9^`qA9K~jO)+v
zd5#j7HrtHjvW=waWH50eg%q|beD`W6+HY;=AM>`%r?Ac#U@xq7H0p{7$WaGSb`baY
z;-xAju;X6lE9a<-VjYOD3x8m*uDIL8dnoR5`B`$HHBBC=(QRownVnXhM?MJ{^|%ky
zR(0sc4t`?7HaKnz+DB!=E^vS^1COE|b#nUb{1p88OFzFD_2DHo2sV{vKl=f3)5|UR
zApUz@Q;d1Y=Kb3!bsy}lPyG=OnvVdkmHu&I{dOX+yKjh_Ax<J&U2_p_{efVko6i)M
z^Gs3zu4=D%WC=zw5uw)x4>v$z4vk|+!1^rQ$8!RSjm>1>3n5Ft2J!Bq<gW~_bv7g9
zS<S8w9|ALLyp3nC0sVR-&jfb04$klk9g&>xl8D&$54F6QOdhPKV2%8B#u1CL-oLL6
z)>0>>ja-skY;Ply^w>{V4%S-do+{&tHTZ*BJ{FWEixnJW#MfweK>jwoG!&Qr18<St
z8=*aGY?O%p$+}Vs$K8&a2cdBmtl;=HMdK-w!;MN^jxM6j;L91L{|@MB_z4cvqdn<<
zi@l$H*o^i`{BKFr7+&-Y8@|;Vycdf8>z<fokw*8PX(Y+^4{Y=%d*sCg{11Byx)a6l
zvoFKNbJ68g*PoV3=c3)XX1gm@`M_9qBmbbalP1G0d;|YviEF7&%a=STr^|H3Sy$s^
z)s<4ncXv4ZbT2Tj*Z`GTLSi}SMU{7t44=IR*3WF{%Dg~t#CBNhsDYoXbiGLLyOMWO
z;@ACC3@_ScIdm|fa1<7kMc4iT@h#FsMjfN;`N=l_K&4IEhrQ)Mt9-Vw`F@=JPlVTM
zKe&P{-gtTVy3Vnsj7eAz|AUJp9`T<Ts)yM8-rP*RK6_JBSJL0;>iOb3wswiA&h0zB
zT}Lp~dC_A2JCbz{i-S67d#s5CKZ|6w%J0S3G-iCYksF^RJf+5A6`1d&ElB1HK<%xM
z3X2@9{lzwk9NAR3a|Wsw^1h3UvN|<d=aD4vYn;x#I#Zt2>aohtKoBT?aLu+nGAA9#
zJT+PXE(Pun3QJ4)k^H2D6)86m@oWj;q`~pn6gc-BRr*DRdu~5yK;7jf3fm#G_+q<O
z6NXV7(_PQ+T8J)(#U5RNL7-ZAj58!aKuz0_8-VQMb{wc+LbQ~g(wEAI`;dO;bS$v?
z@z=NRH#k5qpHb?9WUqSM_%k7y&LthpRms7irJ`>sHQUvVl%t8?4t#st_*_jRl)_7%
zZ`<Vfcd;gJ%MHMJxN;0goH^v*VJgaUcC`X9aX|I!nzgJBTmAu$QtO~$IX%tVuS9!&
zJd>m;;7W@2^j`LX+Uh^s^i)}C#Ld>pvZ|y_pcdKl_D<iWl1&uJ$hR(Y6pcTrEk9|h
zY1d$Qrf@JG$iI%V5aWaL5_13E>RoZcZ3*V8?tL9VJDc0rY}3#CW!=rbo$YEpfrL#5
z=?b1{sB2^2klF7z?>=#dQiy*U#SG54OiR#(5MbF=OqYhe@g(r^YH%(vF>)c2Ei6&!
z+AAp>l(~bOWxo_z?_P%fcV~NR4B0k@m;%%%YlBTkf97yO%shfQ1d&Ckga-OTrspzJ
z-D&9JPp%yu;O;p;qxMqrr2Bid?T$&dMkH0kCNMg-?OlhHZ%|uo{01i{vvHaIRtlk0
zFUx}6?}1}#&&_wZE1Gg>@*K?t=nK_ZIYf}T{nglDm8lrVoPCwx7^Sq-%VWb$8nT;q
zd#DeP5!KC-#f;(aATw&rgi~y;x9VJw2}oE%3DI>(pDO$mgkr!!YnJ?(Zv8>@*Jjt<
zHHoWt>(pW6i3E4!4q|YMl)S5eR-b2}Ig-m?bFgJZghm7Ybu2x9Z50Hg&x`faaA~g>
zM)B!hss7=`Mw?4d5RjF0$<xljk<Kr$-f0y&w@N?>Ni=ud>ILnObbC2ny5m~&Ed53%
z*saR=E2A&^((31Gq|&{h^NDZxF8?+E{#$6!x^j5Z#^whzK~?e|ejDRK2t907mOb>x
z@dZX4poW&AKNfd49SqFF2BYMZXz49m3$TC<L{M^_|E{yDJm<g*Ud<wsqNjOJ#p$?d
zh#gr1R)<l<Tx<ti@$M3|@#t`Fib~j0ZS?=;S#eeIH{@Q&0Xu~$Frh4b?q`@n3$&b%
zMxoADnG&s-arIditZxxYjb+cp`)yRQl3Wmzc_NqvoH3ciX)5}9r+jBrN@apR%F0Fr
zGa{?Fh@xKqY&M%>vHw-i`}7uy*>8YM4zsA|<ub3~KPg*A>3zE-a=O1YkwFiaJAvy*
zO54^*mg3m-k%>`9)<LF%=oCXI)@N%gph0@OaN#rI;fWvG-Yu=TAu*y3C(CmQ!M{F}
zsOnGHY|oBUkC4W&G?T~kTIg_=YNIG@)3O}gO{iW}rt&n7;2Ahyn!IaY-kRWeQ~yQh
zQ5o=W&c;*9qAWZs+}F8DR`oYLB){nqzhL`3;>%(O`*+jb?SAKh`C?-0kF0OxR&y&m
zcYa|m-j22-TwXLlewD}YpZxpJAbnZLaomGgCv(I9!QGyjZ!2S8Y$8b8tJa*CJ(mUm
zJM_W(hvm(OAXD-?VeU(?_^`J*#@;u2;kWL?Y+P=t>x5J3kbdMU@X`^sLqG)cc|13n
zz9RaW!Oze4c}Ninpy;{q4D~cM7K1xE686X$zD@s;pW_hJStUxuZIIc17sst(y%hiW
zRHcBAAaKsM3$OyVb(5&Q+=k~#lC9Xo0I(b>JM?n@2?KV7@axO3X%dl?$I(^qp~l5i
zb4C1*em(mO%zkWw{i}7)Ah92Y`cb-KVgy}42D;XOZ0HHDKiq)zr{!D`MH*8VbI{ba
z{-S$)DG|_y5K(6yW2PMIp9fl^5*)8G*Hl!eKaquMyxF06fd~xdEPwuX2m)=Plljh+
zA=$T>$o--G^boND+`<GXgpBV}9}98f5RirCE}}vSh!YYfeB}R)l?(&SYe+uXWyohT
zFyh)qn~-PYp9+s!^d;@YNd%PxOAZ@zW_cdHE_TviF0TAYhg97nG%qFF)gjTk-?k3E
z#LnG^ys6o@_I17<WOr3*w0PhW-5fSBsr=x!A)tMGHl6sgSL(w=zV3aoGvWqLAh;y{
zxVLBboEAQhoEU4sI;AtJ^l!`P0y}>2hS1Y!{scJEwCVcr8{<*k{V_;_+sf7+){Xi8
z%RDT(Ad1<Rd%flJ-u$d5un@uR$a_a&U!b_^dF!0&Co37#%{kLO^+u>ej`}(jPC+s%
z^oCjxyNip9stVVmmE39d*2fgtVT)<L&Cw^J7d&B4tJh~%xx#W$i>h^9r{3<9`0C<W
zm7s)Yi%4i}rdSZbpc1+P$xKaS5upKjYvK)3H_j8qUpnMdsp?SFb_+Ss%_rj0F{nuy
zMdyTcq4IH5T@DA#*rkGlT>^Tngml%32k#&(5#B4sXXfdl9)Q?EQi;l^X%NB|7dzPk
zKALL$l{#UM@fFoB=~5-g*W}zaN~L(wZgZ(=3tjG(+;_1U(gO}7eTAiJ&1@IulNx2b
z1IaA9T1#N`)?=Tm(3r(SC>LF36-k^|+G_L?LZF1M;rd?A6{fB1y>yC_gU&|42F6zu
za$ort6C~08iz|ZgR@JdNWcs4AlNxy<qUihYzPw{KJY0)Lp8W);(4HZ~0HJE4pdnPv
z(JPzAurRjD0AC^O^dl7gv2_>Q9Lw>x^;T4_Sm%rq35TIq;)@R1!2f|L;wru-DX=m0
znK!Stweyl7O=fs!Cb1mRdjH-HK0qhnqs?j~8VX7v&XXsuuqR_5A%r7L{L2v@%=5Ca
zped#YbHNQ#wT9@p;h{w%?c4=(ojh)Ly@h$#8rFbdywYU1nJX4nU0od;iy4a|4zpaH
z;TmfY!6poGiNLGZIXyi{3b}KXhOR|~p1n6*i}>4}F!!+K9Z!CNV238x7O0`<(0{Kq
zz}oP-o*)TrlR64#eN~{v74sY!kb;02cm<<&L~Az)J>Fn7YreOn>)Yyl6*ilgBI~|q
z?Qvxhrm(r3kG_Zc{wtKa(LI!qu_$yFoSzAg4@Jjk<7x<V#{L?bqgO}7_rCo_XB&QG
zvaU_IP$|EUd7s7|<IhhH%5HrMU70d!oPf76%3Li~rB4y>=E)X!r;cZr0%#L5LvrZN
zD_uwDIkI{VD@+fiVHrfl>vO3tE#YD_sbF(Xyxo6ZrzyzDjRtl`vK_F%)FZoH?(})s
z+A``SVR~9WhC2kIjnm?nQlq}=(eU)R$~>5Wyjz1%v>KY4nrdnpLVkiD_8%@1IjQeM
zUC?MVW5H!BRo0+Fq0Fv)FB>T(k`#bH|9iIs=3YFQapByrqxobr<yL8$5KdV3)xwn{
zS}zuO;kI_G+vO^+rTL?yn41^pqP#{YspHtj3XjwzWXlWk)j~z|=QXw*U?Ul{h|Q`$
zc6Bwp2XBNwzjx*sJ(iZdg%qGEMVwis*y>fM=fPi{cq#IF9i9zkWo7N{kHCRQ0#>~x
zuiMMcybGf?x5b>!^}tocravo!m`t~vIimm&r`divieDwK+o9v;#1)qdDw6d$Sxq39
z5ds!5F-ot!FqzhVFYRH~8k7_O87D&Gh~qDV-((<@hr7j$&FlqOX5{la5Brg9{nDYM
zt^cw))}Xagg^c{>fRJ>GwplPw%qJN$g|u2xBM3o6M1%r?+1ePp2fBd*hgF2AuN5ck
z5}2Y2aSZ&cvo|~$qg4E9R3MZ#Xe?O-LdJJbj*gBpX;%6>+9Uh3E5!$KKB3!lb@yX!
zs)QWEGCPW3q;UF+l1hov8SZ)lVnY32qygO-CIL;-Z!LZ?{y@!vDIJ_v2Y{4O{97r6
zZES4h<<X>Icmw#)aQtZ)5byM8DseO}0L}bR*@E^SMhMXHQfG&--LfX~eUu%|FVL?h
zOW9AtLJ9<i6*}jKL0KLy)I2mMGL$sbR46qgT=Jt9rN1ItvnT}yRJ{EbDMygE!KX_8
zG%?RqZAfJWzLL`Akn;|>6kqzccmrtk2&KvV3ARE!SYG_SNPPpLpctV2Y4q@*KJO&s
zTIS>Eq58|tI$na2Ynu0=S;fbcC41>VI|eYp*azq&d_j0Ue*yf4{oZI4%KzPrV*6H%
zKm_bYvN((|9_yRQeIw;r|M+_Tj%HFlMu;17p;&6U9GWrpsJk=RTl{;c2um6a(j*w8
z3*dyHJ#JerX93$V_Ouystf~0Qg-M0U1(B#Tv=<a#W@_i+VsRZrT0iTESLkGXiRWOI
zN}kJcNQgi4Qs>W2e2*~8eg(#>(XqAzzLq`5qHGm}2!s>CJYqXQm3Tc%BMSZhaHfVS
c@a)AOTa|KIfTa?0j0j3vLP5Mz)F|+O08haIxc~qF

literal 4484
zcmeHLXH-+$)&;$Q2-qmnQ51<LfS@!fN|Rm^T7vW{0fV$i6$KHALKG1$AcCPoC<%lX
z0!SC6X$S-es7P;$glgc+b@;yFedGOjzu$X5PTA+|v)5efoHOQ}E8fCPpXadfVHOq^
z9zz3N2n)*r5$3t?p##jl31haNd0-8M=xei-^@+|i2Y+~JnQF1H;Luz@T-can&f5mC
zKo*u0L4R$m6P^+wEG)-`40W}vLL8Sf`;++f1mdW~Po_b=@QLP{kH^P%4mY#_xL_uN
z51P%?*pDe4?g6JC8vz_27(AtW)A&-~+v0{7X|t5N$X$vpZSzQzpFH@*e(~C7FlAop
z<=2);?L(*kxPJk4O#2YK6L@dzo8z%{ml=1?9k%ZauELRjs#1mKhWn55ewb^0_tq@m
zNk&d4e=siXc`2}4Ix8YT>sZ8(Z=F$l+p~j%gTy<liD>j<t@3pwV5VZ~Dd@0$3fV#z
zZls6P+BPz2O;T4;QBhZq_&$>mi-<SB%8A#Jj}wb?2Y<xpK9qz!|4tC`Fm*9pSzWyv
zxwF3geYV`Gsk&BrFHB19R4sGf{R(_8`&s6^$o)MMKELAZDvh}L@y$Ww@y~a6H<sHb
zOWisCsA0xEW|Km`rwg|Nhk)LSC?l4Zmo*}`zEUf_${k5pu3W)C2;7{1CU$H*Q3rnw
z3WFRxQDnGn=K`jjO8G+Y8AePrgzoP#I?)mmqM{>N4@4vmQe9k@Rn9(UOO{duJxjL-
zGt+#b7%LS@Ul>{(E}tZYZw}_@%Q-c^go52U9uSxi1T0d>6~7?JHEw-gEN^NIobBts
zx{pQStt*hCN$m%^lY~<Y5-uF>e@b5-tFZ=G^H7+Gpx0oK))Pfwy-%#@`=`}FSZ3z9
zd&~++L2^(n2gMKSAfZsTBX3<<Jq&q_bFcHqa;URET&no{nny#px&MY**qTrLtDqph
zwPn=bK!6Ki42Mc876a5j%3pMki~T#~W;f@qBV0b6r(vLMP?1YKxe)X9UT5=DF@gUU
zfW0uQ<Qu7S_O%hfN#7@>0rTB=8)2@&tJDMH2i-c&T9o1inKe_fgn`Ko(F|a!uldQ8
zRDwRMz8ZUS@XGAX6|BI^XIO(?Z=g{aZKjm6_00o`-_i1E=m5;ql+tUX0gL02MrJNv
z-zv$00#`{rzRw?lL1~$Vfb&m>PUI9STOUhu%xf^XRlNL()x#A0yjnFhC(!GKDiHQ8
z{U{0ZPKy~vQ)+S4@cgj+n8xN*rRLaKS3XK&ObOt8XHP24#U~!q!QaMZ*N?sGk&Weq
zQ*Ptfe=Q(ffq|wv<PEO?#^84#`;rc&R*L8ZQqXia1md#VbtYx<wZudfx}miTBJHZv
z-+-yw^{FV6&BDhHn&x%jwUxaI6m8flR?n)`O-|_{5A8nc{cKjXtx^U+1d)?C%1iOu
z>|rN*y<Cq0E7NZgiaJI|*5gOCXPv+u4!T9xm!(Rk2fDLw*AskGK^aJP{&q^C-&!+V
zIyf*gaB)qto(wI;-8A#zRu*&d6SEh(JYlC?(1X8zhu`GN{hx)S;4Pa9rRmlrZ;9Ug
zHPd>K@knk16=4uKC7wKLgz)fvIuYVSdnwx^OdHzD4VreGabIGqX~K-$CCX5!!t`4x
zcYj{OX6}T146W;g^UxGR!0*HJd~1!IVLF%Tn~BwNV7Kcg!rVdo3=^)kW=Rq%zd+T)
zrt)@pWeDxn4tS6d6-%$EQGJYp1iwgJ+qjDqvJ~uiuo$dMDk6z12UYpu1R-`kL(#X3
zcpu^WXa!%Y_@zj}p1y9fHTa_HoTVXC=;6}~=F9Z1*R8T^55f$*Wo)@Hc@UyVm_kZV
zwQVxIsh9G>l#dP#KevF0LFO!2kFqU#PuGWnb22N>XJdJWtajlwf_cJ(;W`4&I%jHr
z$hXxTXkH|j5N20r_Mt=z(HEu*_bdf$BbSN`Obl&f%X)cak1jk48;iZNR@MGwMx#do
z5qZWDuBfyk3N*^6LWgGck9c3kS$S72_m~Ipw6>{`+Mjq%<KI=ZTx%c?OnYLR+5JNG
z48w&tEGKor`paqOX5m3<y)uw~_(?2B%3|yz)Qpr;tBvX;>O}n^%Y@O4ae<g|=QHV!
z{Tp|BL5o*-VM-h&0D5c5?ldSspZFZ!buoWp^Wr)C@-qu`bm1Ivly&+oU2Po;g-d}c
zb-T$}FR%IKoP=#t*edk4PGy$G6$S7<YJI0Hk7I@yKyYq{q)n@y#)@%(!S4}b(uI#k
zFM;ofq#v!b%X6rBWmCooVjtVBvq`Q3c1p$rh6+h<WzfQ$GU*fVHgbv!$f?&gO6}3=
zn`9`Tf!@4heuF8a#i8F-c|L!1%GKf$@k!D3+@6R`*^+5{v4pTiX|?(?;|VC^OMBa%
z#AG=X&c7k+<p>U7_we#?8xr89HMd8SS{2HifHiWoE#2aAGtrFsdV}NM*9apQm|tK$
zhD=<Y(_U6SsV7F*ylgt3pKcv%qfsD4;lT=E3#^BGxer@V&cTcA!;7EP_vrZ%whL+P
zw4)_A!Z7p8OLs>;H{LZ8R<W=7P`v2b;W=_cfxmrDnPy3{fj33~Nl1O_U6GE9*=g!k
z$bD@cF>7<%eg}3Jzj=dNTkK>z=|-CJJI++Q`#kEqs3gHCs?uItZFDi|!=J?Wm>fH<
z={heUX0&rIJi*nirVevi)xEg-gpNos`ISMW8+)pRHJe?zbMMeCjZz0pgDxgCjtA$_
zhr@t4tO$C{-{dYq6V&u$r3-He)#IG2>{6Cc`1uO2A(dwKO@Th0{uB7?RF{}+kezAr
z!l<|0@T0cAF4Qk_vC#XAW39kU`Wv$WcW`yD{Ht3xY{1dccs0DFqO;y{p?{ap@<n5$
z&0l>fVZ*m7v@<Do#?uW3xupDz$%(HL(D%Qg6G<degq+%C%O#bwJ_w~0DaAnEzZjUh
zB`ApG_N|wH$w76&oqdCPUzdcft2nD%2FMgDO5-vPNWEaR?x(%<2Q$-fsaC@|+}LX4
z?va|xruBURn)n4e@@-STRJ?8St2Fn>E@%=j&<IWb2u&i|f!_!JaG|zDjma_&<wWev
z7i=_z2H!Juf}h-itBF{YWaX^ElIVt8OO^fgPvmdHBxJLq_Ch7j$CB^;eB7ooliy=%
zGMct(b5hQ+D$oNs5-cvCX~^cW(JVs$;26wj9N?ywSoxIh;%10AXAGa|NE#nPL7WQu
zVI7T^hs1t7UOT(wk#C#4$1N%@{u!BWj>IJT&sAJEzMQZ;_d$%a!9m8Z8!-+M8~W-J
zM9ikWab1Rm=%txcI1;5)aTtSM6DANR@Q%6Vu*yXWvQHN_yYgbhP_XaXr1qHM{cZG)
zWb;Bk(ViR2k+*o^Yd6`>*m_ETzcn*qC$E6j1UL1k6D6*%1E1@OkW^H&1^?KL-Tz|Z
zIpyX&g8jt3K7h1|!j;zSR}m9mN9LZHEUUAE6=8%S0!xBonz84RqThRV2B^>!@;lR9
z&w>l6XPO%EpMX<MZa1#|<i_tde47ke|9bnL+6uScJl_#*#|6Nb(}*;<N{j|))zpC3
zKlGeK2_WtLjOOhzmJseIp+FScZ|mOw2PF^Kdn)NHc)AIiy&3hNtNbO~dJ}Du*Vv3~
zm!!QEm=fxynruaoTH6hJ@G`yEH8I193L{t@S4n;Z_pHa3_sk(>S$#TR_y0q8sab>T
zkD7aKy$hO@&)MnDytJWk!yY^?Jyz%{b9y6d?R81|0Q*E)wQEtt^M|1NhlBK}+CXnD
zC|1La-@}&Wr||PM26me<<zP%rCB-&<f6AG6bS=7>2@&u&wdlsKwwRn;S_rtr$7h}F
zaNwte{UrtiM{oiD5JT!iRLlMuxfsIK0Qi5Z^1oU3GR??;j&abT+*uh1>rs_{b4&SF
z$&XLUjh>RvL~HKMEew?mGd*Vb=1Pt}`YB3Mjqf+J^&E(DV0`P8kaKLPfV-V(+@8rO
zZ`@hvk!$)<prVm7_Rmhy1Pj0){M}q_`&}dA!+jXjsZMvdKE?SpF({v_n{Mt&nW3kV
zQymFR&WSrJp&7ohG*n`%udkmW79&n&eZw@GTn}DIDV}<k4goLiZB9n*(}$g+m<%Bi
z_2b*_YEx6>?nYDlJZ^mDr~Qp#Fc`D_S$|!n5$|jOArf@<t|NyKO!syQ3o2rbCx1b?
z+9Lg;PKb+(?`@3vnZHuU`3uy4lkgV?$?s;2z7OA7FJfct(0z6Zb6Z;>-O9$l`**Ab
zvl1?B4d~t84CRzs#;q-F-?pAqIT?+ffuyQznW1?J5cTz+txR48+=fAPju)NhZ(or?
zlw68p&{G+=ZpMJ_;Dl0MdE7j2*|gvN8!{nl%L_*6;Puy!=l`vqgF_jB*{x{vEW{i-
h{ovHr?&?140k>=()_mOzX6J;(P|r-aOxrp7{{Z^!ecJ#4


From 6a0f1f95bf704445578d6740f40966e673bdb70b Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 19 Jun 2017 07:58:30 -0700
Subject: [PATCH 13/49] updates

---
 store-for-business/add-profile-to-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index b682dddf2f..b561ecc696 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -46,7 +46,7 @@ You can create and apply AutoPilot deployment profiles to these devices. The ove
 
 ![Block diagram with main steps for using AutoPilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png)
 
-Figure 1 - AutoPilot process
+Figure 1 - Windows AutoPilot Deployment Program process
 
 ## Add devices
 To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 

From 1492b5a22aada145b8fe30c0aec260d272c970ce Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 19 Jun 2017 09:56:59 -0700
Subject: [PATCH 14/49] updates

---
 store-for-business/add-profile-to-devices.md | 30 +++++++++++---------
 1 file changed, 17 insertions(+), 13 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index b561ecc696..e3c9c16944 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -38,7 +38,7 @@ For more information, see [Overview of Windows AutoPilot](https://review.docs.mi
 
 ## Windows AutoPilot deployment profiles in Microsoft Store for Business and Education
 You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements:
-- Windows 10 (version ... which???)
+- Windows 10 (versions ...)
 - Specific hardware vendor???
 - New devices that have not been through Windows out-of-box experience. 
 
@@ -48,16 +48,16 @@ You can create and apply AutoPilot deployment profiles to these devices. The ove
 
 Figure 1 - Windows AutoPilot Deployment Program process
 
-## Add devices
+## Add devices and apply AutoPilot deployment profile
 To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 
 
 The device information file needs to be in this format:
 
 | Column    | Data |
 | --------- | ---- |
-| column A | data type 1|
-| column B | data type 2|
-| column C | data type 3|
+| Serial Number | data type 1|
+| Product Id | data type 2|
+| Hardware Hash | data type 3|
 
 When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. You need to have at least one device group. The first time you add devices, you'll need to create a device group. 
 
@@ -65,17 +65,21 @@ When you add devices, you need to add them to a *device group*. Device groups al
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **Add devices**, navigate to the *.csv file and select it. 
-4. Type a name for a new device group, or choose one from the list, and then click **Add**. <br>  
-![Screenshot of Add devices to a group dialog. You can create a new group, or select a current group.](images/add-devices.png)
+4. Type a name for a new device group, or choose one from the list, and then click **Add**. </br>
+If you don't add devices to a group, you can select the individual devices to apply a profile to. <br>  
+![Screenshot of Add devices to a group dialog. You can create a new group, or select a current group.](images/add-devices.png)</br>
+ 
+5. Click the devices or device group that you want to manage. You need to select devices before you can apply an AutoPilot deployment profile. 
 
-You'll see your devices  
+**Apply AutoPilot deployment profile**
+1. When you have devices selected, click    
 
-## Create AutoPilot deployment profile
+## Manage AutoPilot deployment profiles
 Info on adding profiles -- need to create one to start; can have multiple; can edit later
 
-TODO: include info in this topic on managing profiles, making changes, and which devices those changes are applied to -- or -- have a separate topic on managing AutoPilot profiles
+**Create AutoPilot profile**
 
-**Add AutoPilot profile**
+**Edit AutoPilot profile**
+
+**Delete AutoPilot profile**
 
-## Apply AutoPilot deployment profile
-Info on selecting devices by group or individually to apply profile
\ No newline at end of file

From f4c5083a90438c587961a8f3884ad55b755854cd Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 26 Jun 2017 15:58:09 -0700
Subject: [PATCH 15/49] adding content

---
 store-for-business/add-profile-to-devices.md | 30 +++++++++++++++++---
 1 file changed, 26 insertions(+), 4 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index e3c9c16944..b3f58dfbb2 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -59,7 +59,7 @@ The device information file needs to be in this format:
 | Product Id | data type 2|
 | Hardware Hash | data type 3|
 
-When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. You need to have at least one device group. The first time you add devices, you'll need to create a device group. 
+When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. The first time you add devices to a group, you'll need to create a device group. 
 
 **Add and group devices**
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
@@ -72,14 +72,36 @@ If you don't add devices to a group, you can select the individual devices to ap
 5. Click the devices or device group that you want to manage. You need to select devices before you can apply an AutoPilot deployment profile. 
 
 **Apply AutoPilot deployment profile**
-1. When you have devices selected, click    
+1. When you have devices selected, click **AutoPilot deployment**. 
+2. Choose the AutoPilot deployment profile to apply to the selected devices. 
+> [!NOTE]
+> The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile. 
+3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**. 
 
 ## Manage AutoPilot deployment profiles
-Info on adding profiles -- need to create one to start; can have multiple; can edit later
+You can manage the AutoPiolot deployment profiles that you created in Microsoft Store for Business. You can create a new profile, editing or delete a profile. 
+
+AutoPilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include. 
+
+### AutoPilot deployment profiles - default settings
+These settings are configured with all AutoPilot deployment profiles:
+- Skip Cortana, OneDrive, and OEM registration setup pages
+- Automatically setup for work or school
+- Sign in experience with company or school brand 
+
+### AutoPilot deployment profiles - optional settings
+These settings are off by default. You can turn them on for your AutoPilot deployment profiles:
+- Skip privacy settings
+- Disable local admin account creation on the device
 
 **Create AutoPilot profile**
-
+1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
+2. Click **Manage**, and then click **Devices**.
+3. Click **AutoPilot deployment**, and then click **Create new profile**
 **Edit AutoPilot profile**
 
 **Delete AutoPilot profile**
 
+## Apply a different AutoPilot deployment profile to devices
+After you've applied an AutoPilot deployment profile to a device, you can remove the profile and apply a new profile. 
+

From 2a617b6388a7b0a449eca7ff52b838e003282574 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 26 Jun 2017 16:33:18 -0700
Subject: [PATCH 16/49] adding metadata and content

---
 store-for-business/add-profile-to-devices.md | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index b3f58dfbb2..1329573dbb 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -6,6 +6,8 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+ms.author: TrudyHa
+ms.date: 06/26/2107
 localizationpriority: high
 ---
 
@@ -97,8 +99,20 @@ These settings are off by default. You can turn them on for your AutoPilot deplo
 **Create AutoPilot profile**
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
-3. Click **AutoPilot deployment**, and then click **Create new profile**
+3. Click **AutoPilot deployment**, and then click **Create new profile**. 
+TBD: art
+
 **Edit AutoPilot profile**
+1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
+2. Click **Manage**, and then click **Devices**.
+3. Click **AutoPilot deployment**, click **Edit your profiles**, and then choose the profile to edit.
+TBD: art
+4. Change settings for the profile, and then click **Save**. 
+-or-
+Click **Delete profile** to delete the profile. 
+
+
+
 
 **Delete AutoPilot profile**
 

From 09e6039e5ee2cd2d05d2bc68e3a1fe892816e898 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 08:55:52 -0700
Subject: [PATCH 17/49] adding content

---
 store-for-business/add-profile-to-devices.md | 84 ++++++++------------
 1 file changed, 33 insertions(+), 51 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 1329573dbb..31e0fc8bce 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -18,30 +18,27 @@ localizationpriority: high
 -   Windows 10
 -   Windows 10 Mobile
 
+Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
+
 ## What is Windows AutoPilot Deployment Program?
-Windows AutoPilot Deployment Program simplifies device set up for IT Admins. You create and apply an AutoPilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, it installs and configures Windows based on the AutoPilot deployment profile you applied to the device. 
+In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 
 
-By default, these items are included in Windows AutoPilot deployment profiles:
-- Skips setup for Cortana, OneDrive, and OEM registration
-- Automatically sets up work or school accounts
+AutoPilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include. 
 
-You can decide whether or not to set these items in Windows AutoPilot deployment profiles:
+### AutoPilot deployment profiles - default settings
+These settings are configured with all AutoPilot deployment profiles:
+- Skip Cortana, OneDrive, and OEM registration setup pages
+- Automatically setup for work or school
+- Sign in experience with company or school brand 
+
+### AutoPilot deployment profiles - optional settings
+These settings are off by default. You can turn them on for your AutoPilot deployment profiles:
 - Skip privacy settings
 - Disable local admin account creation on the device
 
-
-### Windows AutoPilot Deployment Program requirements
-Verify this list ... 
-- Devices pre-installed with Windows 10 Pro Creators Update (version 1703 or later) 
-- The devices must have access to the internet. When the device can’t connect, it shows the default Windows out-of-box experience (OOBE) screens.
-- Enrolling the device into an MDM requires Azure Active Directory Premium.
-
-For more information, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
-
 ## Windows AutoPilot deployment profiles in Microsoft Store for Business and Education
 You can manage new devices in Microsoft Store for Business or Microsoft Store for Education. Devices need to meet these requirements:
-- Windows 10 (versions ...)
-- Specific hardware vendor???
+- Windows 10, version 1703 or later
 - New devices that have not been through Windows out-of-box experience. 
 
 You can create and apply AutoPilot deployment profiles to these devices. The overall process looks like this. 
@@ -53,13 +50,10 @@ Figure 1 - Windows AutoPilot Deployment Program process
 ## Add devices and apply AutoPilot deployment profile
 To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 
 
-The device information file needs to be in this format:
-
-| Column    | Data |
-| --------- | ---- |
-| Serial Number | data type 1|
-| Product Id | data type 2|
-| Hardware Hash | data type 3|
+Columns in the device information file needs to using this naming and be in this order:
+- Column 1: Serial Number
+- Column 2: Product Id 
+- Column 3: Hardware Hash   
 
 When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. The first time you add devices to a group, you'll need to create a device group. 
 
@@ -75,47 +69,35 @@ If you don't add devices to a group, you can select the individual devices to ap
 
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
-2. Choose the AutoPilot deployment profile to apply to the selected devices. 
-> [!NOTE]
-> The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile. 
-3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**. 
+2. Choose the AutoPilot deployment profile to apply to the selected devices.</br> 
+> [! NOTE]
+> The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
+3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
+TBD: art 
 
 ## Manage AutoPilot deployment profiles
-You can manage the AutoPiolot deployment profiles that you created in Microsoft Store for Business. You can create a new profile, editing or delete a profile. 
-
-AutoPilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include. 
-
-### AutoPilot deployment profiles - default settings
-These settings are configured with all AutoPilot deployment profiles:
-- Skip Cortana, OneDrive, and OEM registration setup pages
-- Automatically setup for work or school
-- Sign in experience with company or school brand 
-
-### AutoPilot deployment profiles - optional settings
-These settings are off by default. You can turn them on for your AutoPilot deployment profiles:
-- Skip privacy settings
-- Disable local admin account creation on the device
+You can manage the AutoPilot deployment profiles created in Microsoft Store. You can create a new profile, edit, or delete a profile. 
 
 **Create AutoPilot profile**
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **AutoPilot deployment**, and then click **Create new profile**. 
-TBD: art
+TBD: art. 
+4. Name the profile, choose the settings to include, and then click **Create**.</br>
+The new profile is added to the **AutoPilot deployment** list.  
 
-**Edit AutoPilot profile**
+**Edit or delete AutoPilot profile**
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **AutoPilot deployment**, click **Edit your profiles**, and then choose the profile to edit.
 TBD: art
-4. Change settings for the profile, and then click **Save**. 
--or-
+4. Change settings for the profile, and then click **Save**.</br> 
+-or-</br>
 Click **Delete profile** to delete the profile. 
 
-
-
-
-**Delete AutoPilot profile**
-
 ## Apply a different AutoPilot deployment profile to devices
-After you've applied an AutoPilot deployment profile to a device, you can remove the profile and apply a new profile. 
+After you've applied an AutoPilot deployment profile to a device, if you decide to apply a different profile, you can remove the profile and apply a new profile. 
+
+> [!NOTE]
+> The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 

From 5e5b62ff90baa345fa309063190454e8487e85bb Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 10:16:23 -0700
Subject: [PATCH 18/49] adding content

---
 store-for-business/add-profile-to-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 31e0fc8bce..f77185f188 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -70,7 +70,7 @@ If you don't add devices to a group, you can select the individual devices to ap
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
 2. Choose the AutoPilot deployment profile to apply to the selected devices.</br> 
-> [! NOTE]
+> [!NOTE]
 > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
 TBD: art 

From bc302808a44b0cc91b5e8049b1fe298129f19cc4 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 10:26:46 -0700
Subject: [PATCH 19/49] testing format

---
 store-for-business/add-profile-to-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index f77185f188..2221b6ea8b 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -70,7 +70,7 @@ If you don't add devices to a group, you can select the individual devices to ap
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
 2. Choose the AutoPilot deployment profile to apply to the selected devices.</br> 
-> [!NOTE]
+> [!NOTE]</br>
 > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
 TBD: art 

From 8feec26bcd22091afdb2e86261dae804d58f4786 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 10:41:06 -0700
Subject: [PATCH 20/49] testing fix

---
 store-for-business/add-profile-to-devices.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 2221b6ea8b..f03cbfa235 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -70,8 +70,8 @@ If you don't add devices to a group, you can select the individual devices to ap
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
 2. Choose the AutoPilot deployment profile to apply to the selected devices.</br> 
-> [!NOTE]</br>
-> The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
+    > [!NOTE]</br>
+    > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
 TBD: art 
 

From ec39af92053b10aef8a46abd0ebddf6c6a9c4147 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 11:00:12 -0700
Subject: [PATCH 21/49] test fix

---
 store-for-business/add-profile-to-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index f03cbfa235..09478a88e0 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -70,7 +70,7 @@ If you don't add devices to a group, you can select the individual devices to ap
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
 2. Choose the AutoPilot deployment profile to apply to the selected devices.</br> 
-    > [!NOTE]</br>
+    > [!NOTE]
     > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
 TBD: art 

From 8a70a1c4175b59edd4488be18cfd12a3f4549af9 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 11:53:29 -0700
Subject: [PATCH 22/49] testing fix

---
 store-for-business/add-profile-to-devices.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 09478a88e0..8c810c8e4b 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -69,9 +69,11 @@ If you don't add devices to a group, you can select the individual devices to ap
 
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
-2. Choose the AutoPilot deployment profile to apply to the selected devices.</br> 
+2. Choose the AutoPilot deployment profile to apply to the selected devices.
+ 
     > [!NOTE]
-    > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.</br> 
+    > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.
+     
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
 TBD: art 
 

From 533b1c3e90bf990fc3eded7728a8122b060fd69f Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 12:30:47 -0700
Subject: [PATCH 23/49] adding error section

---
 store-for-business/add-profile-to-devices.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 8c810c8e4b..a0a42027ac 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -103,3 +103,12 @@ After you've applied an AutoPilot deployment profile to a device, if you decide
 > [!NOTE]
 > The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 
+## AutoPilot deployment profile error messages
+Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in Microsoft Store for Business and Education. 
+
+| Message Id | Message | Explanation |
+| ---------- | ------- | ----------- |
+| wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. | placeholder |
+| wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. | placeholder |
+| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multliple .csv files. | placeholder |
+| wadp004    | Try that again. Something happened on our end. Waiting a bit might help. | placeholder | 

From 8863c2d018cacfcdf0b4b4ebe92e34cc6ba7d0ef Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Tue, 27 Jun 2017 16:04:46 -0700
Subject: [PATCH 24/49] updates

---
 store-for-business/add-profile-to-devices.md | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index a0a42027ac..0d7a007fa3 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -11,12 +11,11 @@ ms.date: 06/26/2107
 localizationpriority: high
 ---
 
-# Add Windows AutoPilot deployment profile to devices
+# Manage Windows device deployment with Windows AutoPilot Deployment
 
 **Applies to**
 
 -   Windows 10
--   Windows 10 Mobile
 
 Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
 
@@ -50,10 +49,12 @@ Figure 1 - Windows AutoPilot Deployment Program process
 ## Add devices and apply AutoPilot deployment profile
 To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 
 
-Columns in the device information file needs to using this naming and be in this order:
-- Column 1: Serial Number
-- Column 2: Product Id 
-- Column 3: Hardware Hash   
+Columns in the device information file needs to use this naming and be in this order:
+- Column 1: Device Serial Number
+- Column 2: Windows Product ID 
+- Column 3: Hardware Hash
+
+Add troubleshooting steps ... in case addng devices fails   
 
 When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. The first time you add devices to a group, you'll need to create a device group. 
 
@@ -104,7 +105,10 @@ After you've applied an AutoPilot deployment profile to a device, if you decide
 > The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 
 ## AutoPilot deployment profile error messages
-Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in Microsoft Store for Business and Education. 
+Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in Microsoft Store for Business and Education.
+
+Customers will see the message id
+my toic lists the messageFor .csv file
 
 | Message Id | Message | Explanation |
 | ---------- | ------- | ----------- |

From de22b94d4a9ed46cea35034d7b1d75231689d652 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Wed, 28 Jun 2017 08:14:16 -0700
Subject: [PATCH 25/49] updates

---
 store-for-business/add-profile-to-devices.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 0d7a007fa3..5a4cb3d760 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -116,3 +116,5 @@ my toic lists the messageFor .csv file
 | wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. | placeholder |
 | wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multliple .csv files. | placeholder |
 | wadp004    | Try that again. Something happened on our end. Waiting a bit might help. | placeholder | 
+| wadp005    | Check with your device provider for your csv file. One of the devices on your list has been claimed by another organization. | placeholder |
+| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. | placeholder |
\ No newline at end of file

From a8addc83f4fa1bcb1c66a8d751a806d5ecd33f2d Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 3 Jul 2017 11:35:40 -0700
Subject: [PATCH 26/49] updates from review

---
 store-for-business/add-profile-to-devices.md | 51 ++++++++++----------
 1 file changed, 26 insertions(+), 25 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 5a4cb3d760..72a8a3aad9 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -1,5 +1,5 @@
 ---
-title: Add profile to manage Windows installation on devices  (Windows 10)
+title: Manage Windows device deployment with Windows AutoPilot Deployment
 description: Add an AutoPilot profile to devices. AutoPilot profiles control what is included in Windows set up experience for your employees. 
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -22,6 +22,12 @@ Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For
 ## What is Windows AutoPilot Deployment Program?
 In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 
 
+You can create and apply AutoPilot deployment profiles to these devices. The overall process looks like this. 
+
+![Block diagram with main steps for using AutoPilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png)
+
+Figure 1 - Windows AutoPilot Deployment Program process
+
 AutoPilot deployment profiles have two main parts: default settings that can't be changed, and optional settings that you can include. 
 
 ### AutoPilot deployment profiles - default settings
@@ -40,24 +46,20 @@ You can manage new devices in Microsoft Store for Business or Microsoft Store fo
 - Windows 10, version 1703 or later
 - New devices that have not been through Windows out-of-box experience. 
 
-You can create and apply AutoPilot deployment profiles to these devices. The overall process looks like this. 
-
-![Block diagram with main steps for using AutoPilot in Microsoft Store for Business: upload device list; group devices (this step is optional); add profile; and apply profile.](images/autopilot-process.png)
-
-Figure 1 - Windows AutoPilot Deployment Program process
-
 ## Add devices and apply AutoPilot deployment profile
 To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 
 
-Columns in the device information file needs to use this naming and be in this order:
+### Device information files
+Columns in the device information file need to use this naming and be in this order:
 - Column 1: Device Serial Number
 - Column 2: Windows Product ID 
 - Column 3: Hardware Hash
 
-Add troubleshooting steps ... in case addng devices fails   
-
 When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. The first time you add devices to a group, you'll need to create a device group. 
 
+> [!NOTE]
+> You can only add devices to a group when you add devices to **Micrososft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. 
+
 **Add and group devices**
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
@@ -73,7 +75,7 @@ If you don't add devices to a group, you can select the individual devices to ap
 2. Choose the AutoPilot deployment profile to apply to the selected devices.
  
     > [!NOTE]
-    > The first time you use AutoPilot deployment profiles, you'll need to create one. See Create AutoPilot profile.
+    > The first time you use AutoPilot deployment profiles, you'll need to create one. See [Create AutoPilot profile](#create-autopilot-profile).
      
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
 TBD: art 
@@ -81,7 +83,8 @@ TBD: art
 ## Manage AutoPilot deployment profiles
 You can manage the AutoPilot deployment profiles created in Microsoft Store. You can create a new profile, edit, or delete a profile. 
 
-**Create AutoPilot profile**
+### Create AutoPilot profile
+
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **AutoPilot deployment**, and then click **Create new profile**. 
@@ -89,7 +92,8 @@ TBD: art.
 4. Name the profile, choose the settings to include, and then click **Create**.</br>
 The new profile is added to the **AutoPilot deployment** list.  
 
-**Edit or delete AutoPilot profile**
+### Edit or delete AutoPilot profile
+
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **AutoPilot deployment**, click **Edit your profiles**, and then choose the profile to edit.
@@ -105,16 +109,13 @@ After you've applied an AutoPilot deployment profile to a device, if you decide
 > The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 
 ## AutoPilot deployment profile error messages
-Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in Microsoft Store for Business and Education.
+Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in **Microsoft Store for Business and Education**. 
 
-Customers will see the message id
-my toic lists the messageFor .csv file
-
-| Message Id | Message | Explanation |
-| ---------- | ------- | ----------- |
-| wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. | placeholder |
-| wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. | placeholder |
-| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multliple .csv files. | placeholder |
-| wadp004    | Try that again. Something happened on our end. Waiting a bit might help. | placeholder | 
-| wadp005    | Check with your device provider for your csv file. One of the devices on your list has been claimed by another organization. | placeholder |
-| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. | placeholder |
\ No newline at end of file
+| Message Id | Message explanation | 
+| ---------- | ------------------- |
+| wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
+| wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
+| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multliple .csv files. |
+| wadp004    | Try that again. Something happened on our end. Waiting a bit might help. |
+| wadp005    | Check with your device provider for your csv file. One of the devices on your list has been claimed by another organization. |
+| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file

From 55fdc1fa39db4fce832833c40f968317c13878da Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Mon, 3 Jul 2017 12:10:53 -0700
Subject: [PATCH 27/49] updates

---
 store-for-business/add-profile-to-devices.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 72a8a3aad9..3e3d833c08 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -49,7 +49,7 @@ You can manage new devices in Microsoft Store for Business or Microsoft Store fo
 ## Add devices and apply AutoPilot deployment profile
 To manage devices through Microsoft Store for Business and Education, you'll need a .csv file that contains specific information about the devices. You should be able to get this from your Microsoft account contact, or the store where you purchased the devices. Upload the .csv file to Microsoft Store to add the devices. 
 
-### Device information files
+### Device information file format
 Columns in the device information file need to use this naming and be in this order:
 - Column 1: Device Serial Number
 - Column 2: Windows Product ID 
@@ -108,7 +108,7 @@ After you've applied an AutoPilot deployment profile to a device, if you decide
 > [!NOTE]
 > The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 
-## AutoPilot deployment profile error messages
+## AutoPilot device information file error messages
 Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in **Microsoft Store for Business and Education**. 
 
 | Message Id | Message explanation | 

From 545e4653046dc1e652f5164a080960ac9e86bfde Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 5 Jul 2017 11:50:54 -0700
Subject: [PATCH 28/49] update alert status image

---
 .../images/atp-alert-status.png               | Bin 43851 -> 24128 bytes
 ...ows-defender-advanced-threat-protection.md |   2 +-
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/images/atp-alert-status.png b/windows/threat-protection/windows-defender-atp/images/atp-alert-status.png
index b2380e0236224e2a52b6280b7527dc8d99fb32cc..bc0275c6221984d78aef94af90cc964e6ca01a75 100644
GIT binary patch
literal 24128
zcmd3O1yq&Yy6yrLL=Z$25D5uEL`vyY0TEF^=`KlW=~k2w0RaW2LFw)W=@O7w^a6<`
zvFL8@yZ-;|v&XryZ;W&AxMS>p3*Y+I_s#jvcfRpF&m>S$UgpAi>hlN$;)3iWspkj;
z4j%%6`}Q0@Trn}ok%fN<Z69g8LLf+*u>awFW+%A@7YQ6>pGp%<5uCkrhaNMpFY(tU
zX?2JDjt*uv_K1w!pO4@Yu>)L^GJa)bZ*J>gZexugCuCrP>*ul8C2ee7?afWi91z*0
zKZW5c$zNCPjSaB3UUx9JGDh(2k`lrvgxF7%Y)l-S4eX5(I<}|S+ll^qxcMt1O9Qyo
z9#QtAI210Q!(LW1u(vk1Hbwln_QxNt5&ZpqM|&e<#P+E#<{!67+E`f`TRR|jen!^8
zHGJ%C%H|H1#)$NlK2`+cIzm?JzOqZ~63SEYvS~8c2^UXGR1?oR96dz}-)Ag1cwdoU
zgk&AGoxd4Vh`wxUAlLP3eYvcY#ml2Ok}dJ=cURZSSB-Cj(PHRr8b-DX{UeS-9=SqG
z#fT61QN%>d*WWysQe?P}`^+|YYn8N5p>i(x{@mHI)wK7w4z^uWO%FtR`ceI~%(CIi
zI_@NT1Y&0xlSR7vl?ap@ch98LNlA&<D>5-YHAp85OXVI2c%(#SA@!Y&n2)jVvL7{>
z`FY9U0N!^=52d0T{{6Ob3<lS0w=?0}szqMs0$HzHHmY(ia<Jy`GvDyqAzo%-yzJxV
zH*>1Eh{qdF-%2v*dRS7Xeb7Vd5&K#{qeV_5hgR9gbhW=z$8R>(>2J%8`D^Fu&r!sl
zOy3Qib53Kn5kTmhFZzvXD%5v#n2GDWQ#;-4F&tk}8~oiWry8&;&6!t{;nlV~5wZK*
zx$dYUvwEuhvvEyHPMd%SwZ#qBs$S<3N*I<Xw_Uh}=H|k!EuH1&BH4_x>XXi8%BIr`
zDrkgHUPtKrxHK4CXt&;5jaPF<V^uOX6*PJ=m-&$lvAf23^!ENX65iHLHMxKKRj8a#
z&%_?BeRQEW>59v9)AOm{#lTq3WJZ5C5Wi5eNbcQOe#k1g6bsK5JZ?4(2pA;ILcic*
z)Z}uCZ^^WO`{Zj#chFq(R%DCjv(lqrkBvr2nAwd7DkIM=({HunbmlczewO!gIY&>s
zH|5x7kbIOndE7w_=AxHV5=aD_RC0OyBDt*8N>s%Nldu*U-kE0PRsL)=IKF?geJpsR
zkMUVviPmm_qqVyo*&i;A*C`p-l+kTDeV!v29uA9A^%K*VgF&_<Q8jcN!6gWMEq`*>
zW81VyR9-fj9`(kZvm#{(guM6q*PH!b*WST^&7T#iFqHB-`eyQtDyoFkX4PbVd{r7Z
zC%Vp+X)b9+P!ZoTl#-n`Uif(k<#iI<$X}cwV~tZarpjBmxAY}?{Be-`A}dLM2z@u6
z&zMCD&P5SYL~j=jm=cCPGwbiq&1RX|kA_!XJ=ylQZYgyRo!0ER(%W&^Pe1viXE3`J
zt{7?#Sdv`?v+m9RptE$}y;)l0et9!0`v<rK!sjL_;vjb?xg<k(U@lO)^I3S=wXj!z
z-W!YYv02^{=8SJ`CnZgSPj7qY%$>)YH}7OFfd@XrJ_QV`zsvrz>E*#l^mcL(^N=_A
zKmp5U+1}x9k|I26$SpTun?E7<(&lQXZYVvM21Dfj?BOoaUXtT{HfCF8|F@G?bmjds
zK2J_?aeZK!rMkajwj8}3^hpO_oD3RhRg96$tR(nYt<qho7l9@ClBd1yhOV@MX{go}
z(_ZuPzIU75n+!+MD#9<*zHIFML%M{Lfmzk)WB<COOd43GGSp){pZSW-XP(nG2p@1E
zo|h{g9z32b)L9+9p8MC{K22C~s1Q;(3c4v`dGN&Hrlxbp;5!=CU=?&`<XGRph4d42
z4-T<Y4)%V#b<yeggFy8^U}dal(Ngw&t1f<oq`ejbK5k~7ty1EUd$ST%2-`%8ot%nT
z%h(fL8R;RB3nnZ%{;Ve+N7*y;4bNSfL+NW3=eI&*8nPT2*$L}sJKr`b0|&JvRVw-w
zKh*`yy5)G8SM6=AIfxV|Nci{bd9XAPQyu+u?L%2vWjf#dHZ$$|_iW#So5ZZnO3vn}
zQX|&yvx6glWb4O4z$#8>ZPeRrOwqNe;J;2wp6hO1Z*)yg86H&*ji9G%a6$PZ@Fnf*
zU$GZJ+(|B(3xq-E|E~B9+X}rN=rcv9=l)Atj^anYLS}$!2;;@vZSDHL)l<E-@y8wx
z`l07M)i9A|F?Zvw35+SV25j0=@P#m{-YQ-L%caR-&8#Q|@8Z4}FpT7brb%uN3x1#a
zxU|h_SBNFFs#lBtbjwU4b$g}5eXmjxa~eBmGTW4$`vGxe2J69hVkr2od2?}G+77eY
zJH~l(KIYcoYIi9mW#Eh~Jko6d_4P8p3KC88UR&Yo`1DyHnDcsbFB4rJ5tWAxI=AX*
z$hk!AE!CPNrb~s$4JO&!r_LT37CMEqQs%qSc@vh}?$HA__y>t`EL|#2AIUtp)mk;G
zI-3rmV#hdd*KES#C7V-SA%0Z!wQAMcAuWp&i<EZ8xu4AoT;h_&j6YgX67|ahwd_62
zDetY-q>6Q~XiI1n=@vhL5AHi&^(oB8x}C1(?AC7wsp1K9$}RiDvnoU~BYhvWUUn>W
zYrX*YML-;9uGEn%v4~8yzSjtw$?Y=%8jZKMQJlnCWuAVEl0z<~P3RSNa?_pY-u<Ap
z-q&K*TEAciUqqQ1$BkS0uU8T@2jW(A-s)jZ&?u$nvPsBaxU0f?UbBdH($snEJ<U^h
zL3}-$L;be9d&t4(NBecRztCI_ZVxM}e(t29arI60@rO5)p5EE*C!_THKc|<qqaI2*
z;~VP>jZOMTi_>h}Jue?8{LYtv)U7P#k1TuF$-V4Lc%hH3O@EL>AiPhwf+T~wVqT{X
zOiYBV)*g0OCH+}cr$%72N56@?(Kefh^GpIUFJrJBg=Ot|-Wz%EqN~7J(^{Ru&ZdcE
z=3nj%Pk1e#)}u>R6Y!(!_1ARMD_*7uG3h0B-DB!26`Z+L9G@fUY97|FN9EeNf$qd{
z$w*-->tlKMR3*-j0Kdm)B;krtA{k07Gbd$ldYIr`P(TAbEYxerL!{b1F4_atjou-`
z=9SF4U#nd2KlA(wSfT4MGOKgjtXtpo?rBQ-^Ds2esOpMt-FG}&&wYHn;Q5uQ#qU04
z3KVTo4s9MALAa)rBL|GXV91neKBp^D63%YYp0IW8mSaUA@)Kj;d)Q#ttImdo1pRV1
z686}}g1}9b*!WqsSi3+4ElXWeK2wQz8!|*z<HzK&CmtzDnMaXc{jySJEfJAlxO}@X
z5)p+qDf@SREe%oLF|J&+rrIFw%-hy})@6FC6cb*JnofHHf&8x;!99!3o8m@UCPeRP
z<mu5}tf$U6lD?nx>yWSuUmata6tG?%6q8@wyb)Ef+$=pUGaEnN`4d^HJjlwZnO7MV
zy&<#M;hr~g8lY8+3h|hEjHZ1@<YZmnBumQRw&H=*xj*aJxf`Z55jKQ8?s^oX*)!-m
zQ1XduS8ylI**2r1{-wm{4U6=Vvc4lv;^mR=%AaPJDUx<n_MeFgdxtHyw$&Y?dzx+V
z(ex9!s7eA<R2}xwfwU_M-X4-a)$(5vorkwAMwQOMwm{n4<to$rkzKJ_;Dn)rLgAvg
zP%LX|98@$&;Z*4^iZO$+prCwSM?A<2s#mUW)cl;)+B#YYwF%gEwNKO9_dj}Bwo(r%
zEx`Tb=h<b|V-ltPyQP!I8*`b7U-_KHPrjE&(Qvz963+JINFDCKnvRyN;AE8$eLLg7
z*;E;$pmt%uQnt!(^Q7f!RDkU!MV?=D;b)3~2;7b1hEKb^S`hTeEH-G>K6CJy3WSU9
zPcisICd+twJ|?qL%J})P@;VEri}elcs5{h7-ZUURYnM=qH9uc;ygb{O+H+aJ=#xzt
zv(kk0pvJDKeYZAtin+ylKkmwA$gkQaS-xgl6-cX|{E{`aoKsbN5$DH9k!ka(E)kzG
z`|{pYwND)SXg&Oj;hbaX%<!Z^<CViXd}4o(SC8DgS2oeNhyC2Sil&5NRCWT|2zdqN
zwz30r32zc?fbl*(c^I`}<%_j89yzN4r08BnmE7}B+`DxJ!tz{}rCuK;t*n?4%^P3a
zI35t@igz}{@4P>?6mQbu-pvJ*;w;l!n_o({7e{*zE>%?aM0vWPI%<CUVICizwX0&T
zP_a;0vFMmR3~T48v#H_=vig%-o2$E9yHu|gBB1;^sHlHKFnMh1b0nlHJf8{nIGj2X
zj+Kmr#KR2%`Ltuq>G%h{NWGwyIFH|&;%giUH}{~N$i$n<)w~wbkU9<iV$?>ERSqwH
zBL0kf-2E%+{5}H*1kSgz21=-S+DI)E`_88m_!~w9opM1mbkD!>4q#X|_!G1}+y&N$
zitY!tRivenq=#gz6E0(G^OCV9RqEche-`BbvTkSeI;;@&bN0WHETZ7-TxRiw<6qVG
z|MF4)i*NkDb6aozz|atrkkHlb?QOa)8~&IAt1<pb)yD=+Z%3z_gOY|YcsdstsT-C?
ziozlz{nYe49ozKp#&o6U<RDGbRa8|OZ{9o?M9H<I7A7^z)EUXqSm}rv$B&^gtEi~(
z%88kLU^SGh6A&19Uqj=oLMPkp+fs^(zpQeY#KevxHG|!1=oS_h%2fD!;~I4G&))il
zknkG~W0J{t#HcnkHC<<AZPjbO6h<mURC*7e8gVb2Ib$)aD4grc<;#y47#PBtWuI$m
zM(^phzqljI!^4wlH!?DE39%j(7q`rvlbCo9_xiiHZy&Kl$nr@b+D(dtaw57+l)6}>
zXfIt#rq0XGIxc?m1~(0Zd;RMZmVyt36C3>b-Z{A)%$4LGYxM-r4GoivVI*u~VyHZ0
zy$XBjgXtiyrUX4r3-{fX=JASGIEZTk)>5XXtmlb{P@EC*@gb-xXUTBpN8x8;y8Lpq
z%7kyjST4wh|LX019V&4`b@uF8#P!Ia&`{^flecfr6l62Yei5*tLnMCthG%YW4u&Gb
zoW-vy>5Sr{+%z>cHQHW8B7FAtTpoqL{qlwCdrHdvaAuFA^;SBYgkQfD3u2jN)oVQ}
zT01WVpRo_hsi+XL<tSd=zcJ9!(UEVB5=QvqTqGy=t#RM2)G;|dIljrkaiwv6eVzO3
z6Ov9^L0kRd?TqZ~GYHYsqfNtck=5!Mr?0cKFOZ^nbtl3I;;Y^9^Gi!jeJOHcxkSB>
ziY-S9eF&(3`zv;~x8HyC=v;V2L~}VZORY-G;5vcyg9o^8-n?njgYtn>w>mv~NJZ`^
zt&lqTrAvN}5AKN*GMu^wwZCXsL}rmuQ!kb{UP9$~&{<SDuRb(2O}j;0YK=ONkc{Wf
zAF)i9V>v|*4!Wi2mXwryWF}l*UZ&HrNFKrzxNTdg=v1R;LM8l|WzP{2Nh&H{%o}2=
zyZ{YjL&F0HCnw<xtP$<ZA>JeIvtcp_glTu|y74xGm`;-Y=FNNHh4YcZN@{9pnR!*N
z%W)#k@_ZgAN3Lm`@VW+*qNLp1Zg!Mra#fguq}A#~4J?S=sI+#OHSOZ!VyvI9$I%n<
zi(GOF3iS4-QFy&5k9Y6hWn$WAm3r;P;7x&*mBRk$$B!R3oxU8*w)-M(+;KTp*zqx+
z_5KEWxX!yS)6#gTs<7}m^6@8MZ7*6W-Y4O+F>=DQoiu%YecIhjdVUPD-CPU#byAW-
zI<?;$ucGa{ITvi52>p&dHqh5L&{sB6m=v|Uahi>3cQBvzqF@I+dGcYAZ&<I-K#vkF
z9M~pyC@1^|kcrHfJq+>^{ob;VrDkuSP$)t7oop&P9tks6#tr=c5eo628>#kq2Y#B|
zCC2x)h(%hwYk#p}T)_MG=g%jzb8`fh)DA&USjgeSz0J}OABgij#P8g>qhF#~qxfxV
z-Bs>sT0a95Q{zzcMHHWdFzu~dw-lc}d;N}x(*Cq?W>ZnC(t)kAvQnGH+smtVuSNFp
zW8B1(RPLBALs3NOM)hqbCduOT3;4dByKHQ1gjcU#CD}yJ%`x4*OOEe*e@VMzf5}-8
z?VjVIhc?(hcHF7>I2X~{nS*fMvp%w9W@b*z%90~ypOizFI+q5I*C=dk!LX6wnfQrb
z^q&&0R$RH-w%fqfI#5_xm~S&F?!T^@b%lVG?((E?eSJL);}>Qd?nd~Gj%sdgZ6T<R
z5?Ps<_r7&FU&%tgfB*jc(r5`0-0vW)ASXw(<t7I6%Qx?5K_0p;4f7}~D_<87P+K~)
z;XaB)ri_xoK6?hUSIJUMN=cC}Il=yro&6I%$0#8|4=*&V?lqG#F-cW71qUZB>uXci
z)O<fbZ-($al(DkPu^8*r6W$qXLme_}RXK4`U%S?9`|8zQ82iVtFzizUdp;a#w6(R}
zgDs35iRYoyz`($s5xL-+T>91EhhUNP=ky5qSi#qkkrZKje0+RnFJDTkszzEEu`n}V
zhf(my1SkE$)6mdB;7_uuF)}hXd4S~+*EJs#QF311<m2ZzY!AO-=z`2tf#h+Pn@YRG
zQA$cGeUK|}2sy`i=guW~Xl5Ljs3;BWDI6gu@|$8}VuoY$+ivQ&DG)wgCX!E|27ejs
z>w7aesG9cIWbRT2&o3;z2HzU7q&U=tDLE|-<M`J51YZ+)|4;^gSIt&uhzt%6-d=FB
zMeBNBc~PLQf9EUB12%qs3dm6MQSCiFG7!ivUAm-SH1cbB_~yjD^P=B+1OEIm37s2S
zaG>kKEWQHUGgLmUa$0_%s!9P?lX9N3Hp^LX5bjMzmD_#WOGe<=>BlZJl~o4AgKVdp
z2nPlS4VOnt43Bbks$#teD-R8~DC>0l3Y?ZTRd)Ymq{Z8hNCk(4wAA|&gnj(z^Xb!N
zmCoR!JXl<h{+KS4D4Z*_w84FS&v`u7e%}WZAbdr>jdyhP^r$&Xd>;4YM1X%#78Dc+
z+D*TuVqHylRtoAe<7E^Q(x4%Ys5{bmX3gZh8qxRu3OnqmUL^7cE<0FQT3VW9^WnpX
z?<c+>EiS0<_S<mq>F0Mo)6~2bowX5@EXu**jR$M}d$_<TS&p$s;WZf<*=r81(tzFE
z<m8404~ih^;_p87k-p>MZ5<sAEy35GsjCMB1e{aZRcc4hO*aLS-@JYM@^)D0YMV$;
z!#kqY%AQAHv+(fnk6*tM1~ucxbfu13+jkCnT?4m@T8#+rHG4Z^scJPeKCW%|0I`>(
z5*HK0URf&~$ElC%xh@<2eR1?vKz|SMqqFnfA3uG1+vrc~ZsobZzc1*rmZ&x)>zuZ-
zVjU~yu1b7ZlJd}5z&HrU7B$LLNo$!w)=S$}o6<7rb?LuGVL$oA9#^|=vUJCb1-+W<
zPJ--ve0+@XAtYzH&dYnbKTSbKS^4tAP&(Rx#a@oZ`S~9eujYP%>t(6sO^?~sHNPb!
zU;BYas^9U64W|F2*t{QC=P9+Hh@IXxW~Ar!YaEY#bX0m~X2WcI1liTAfow{t`b)zF
z<?v2OjR7{b`}kH?R`V+>E&U1-!EJ4i5{81T6<)q%hu!yUXviP-?$0kgcr&e`t$XV;
zcKaK~9-CbPkc*`tTs#b>e&@RRXWf%_YUR5p@?<G(@<C2r9X-A07TLkULB3fp<6D3K
zs<^tGoC`9cbkZ&^g7I#PY#*-PZAshyHg%1P>Yl5sP-a%vdK0<Abp{5U-SL@&fR-OW
z5OB?Iaez&9qm9Ys&sWp&ZiUx&Y0FtSge4~@UY98;jaoij#nvk@0(7svfXzfxhEkgC
z&XNZ6jT=+13Fy`|Xw6;l@$uKn>W(i&ap|=vcx{ls_49M9UP5<9t*^Jz&(t2SG;a1t
z^ypu^ztZH1Tph}|KurAmTc~&g7%^YJ9ye6r65<0j-+3a6+dpE3Uaj@Y&`<s8iV@Fd
zyC4I@=G3eGpm#J)*?688@rBp?lGl2W-f#GPZ#F`~Ls^oV(^W5y$Ebz2ChtIWp!R4(
zZfj@9@Z@MebDfLcywyk~CUMLO|9)QF!(T7clHkYCWy^+6nNgKZh-1IOq0_Uow;UbY
z@p5u<(sOgM6Nu0fzvs~-wyWQpEG_uz4{>yKbhWl*<rO`z{TpCzZkvf}E#1~f!)l(?
z7GM%7W8)hX9GcAHM>n?B$kt7moHV&+vPv=YHR9L*tk#J8<c;PUrET9~oUoLVJx10)
z_Nv2!VEg-E8&jKo$MrWDr<GhmlxK+|y5{$9ebN2dh@%Vh=WI9sJXKavF@QldS|p8J
zBRtGhkj%-*AS4yvOB4(~-I>#QbW)dNw!ClMW~}92E4guM)jXC!I^it_A$4kMO3-;F
zmMiOtWVy>aqxE?CREfyN*5>A^c=wh1<{-+NLh(wzr%#`L5p~`8$a+?kY~B-@mNYm%
ze!I3yZZU6qyN^Vr)ADA`5W$+8xxZP#JAeP8tV{ZHJqa=n4#jGuD?QPCL3*k<@Qo#;
z+#TGCyaV2WT<wZC{&a5V5Nl&Iar4!GM(P_su7BfpQ@)5u+#G#+wBy2x!0tEjl%1!>
z?M#$hx=rAv)s@`~{b^OzM4bDrpV`&8p@_=M;rjU3g!A$giU;JqP;<R^7-nRqP%26V
zC++$?^1A#mOK3GVy`<ZXYHDhzB)qEChBEpWY_}Ix@^T~m((>|1jaoytM-ToU+sS^9
z_w>o(YAY<h-ApR)?2&yU&X20kD8r-Rm`l3ieVn-_sXrE$m$wi29({WlJWZI0z`$>d
z3UPlw0HQ-M?22K|EfM*{T6Z=j{Lvr+E<pzsE6Ri3$w_Z5Q<M1}F^Cenr}%VKR8-IE
zXsfUN_4|dSdn;Mu$M+8*%=Y&7;@mrat+PLTrb(X8_tdeNT)_IVBz|-@Y+mg4r$613
z(Nm2XKSxR`<LzCiR+VUvS*<%gtQ#>T`uOqVMeQo53*;<M);bPmJ^3yIRTIJT^nts(
z2x2?#>SFCa>x9-_LF?5F_C1MHVHcl1okSd8=hx>*NLuQS$LjX8yJsibBUpO}2Hwg>
zu((>qQF3bkfS9F1D$R0wus0LhJ2?2KL@{C)d2h{p_tnAH!u<UFy$0oNoHlUdnS!{d
zE}nKbHFbmVxg8R3JfRK3MmC9q-cSz>W9kN2OWT!kA!1?|FY|82MGS_FmUg*hyLatr
zg1DzTX)4|0>$@rmewq+#g@uLJF!XXHt-ogV*)!^dUnB<8U3uH3FyRXYhm^GReqjgi
znf(V)g<Irh=jG;-2w0EX?h`9+gr=w8^f=xgnxyBf6r-i3#X+fgdL>^M7pH^J*BsGL
zt3c_EbfOJhEhTn69({9l#uf@J(UZLy986k2DKS1Cz?hC>Lk!zHI}H{knRK;suam~r
zY|^fXb94K^0uVUpZSRwg8W|b!xNVs+zw`F}xE^9E=~p?x^y27dcJxGWjDU^d%6LU>
zCd&m$m<gThEE%>#E33vMCMHhI&L$2E3$yeLy$I>Ld@kM{>I`dFS|k#=w^Fr=TZs)*
z*nplQ7d4$UA)FoOd4aseMR)cs&#u1C6A1^}(;u&T#9I4LnA-04i25F`RFV3V(mzyF
z8_JJ_wy61VwT@Ia+{Ir1OxP|G+7GB5i7`Yk_4N^_d#w_RN=oEwo=6+#+T)!uoAoJw
z`UWR7PIW&&Ic1$=U45#kE$JN=0fv>=>@F)6bKG{*QVD~hem3y!1dk2E?pPsT)&!4B
zc6N4>oX|88K<x^->b7?IM?GbxkJWjP!{15=QCx5phztoKp%HN+hWJO^R!f~f=8E?N
ziZDeLm3Pt6)Sr$v?Uc92Ly0CI@9iY`>ii;DA$qV^j??sXkD{|hc?$AED|FNQ_4HE^
zTx~aIWx;dsmD1#;)zzsUNJ{d+xUjaYs=CI(!2ylTZ3tjc=l$TEJC`=DM(?#}a5OI?
z@xaXNW=kl2DD>pmei{<2nT<{Bke)Z~FHgS2Bo@r-stniz`wB>?Tf4hPFi%)w8CzR!
zudQ$N47YB*XFa=e9S;vr(ECI*Iwr<$s^P45ofj<xmPW|KJSIP>p2Uk@g-t8k>FQrW
zzJnwqvyhUSnBFzLe35LQ{J+EN{^xd7|9sl+K~`e;K~~!>^VXD!RqmaM>s#Ke49`vx
zCm2elBbBp=A4TqU57F<uwk+M7^3a#Uy!TR4RG)iaIh|3U<ncaGcd-2WE^;V&eI+wP
z&}oHQSMb;3y4xFFkzmtZFHbE;p;~Ld9$b$3l74XwE;83{uB06Z;sJ4@50SUDgb%%r
zrsg8-w#NBB4d~I@({j<6HS?ls_P#Gfb7ei2au%#}kmzwbAwQkdqpkWXXF3`BHR9n+
z-UYP+hn-{VA-fHXc=g4sMt43jm#KT~5Tl+xafcsBJV%HSU%3C!^<D~cDI&`eo5VrH
z2U3U5U`&3G)aZSKq~Wpu{8M9Ls9$LP=UP{H2k7ws)&j)1FsS;MMfwN2;{1kei|~p1
z5V1D6!L5RtIH@MW1dSnxO9xXIR-`*$_976d(z}q4e=7>OV@KYecewVu{8{qtg)X7Y
zq3bn5G9@1hjpws<rJR}S;%?er(VTfms`IW)V)enx9%q-Au2d91sr)1Kb~93G4+<&!
zVqRgt^R@*n-r_s+FmSzfsLNJ;6<bzxwum|;oVz%pW;H~%`OEX;M69oAa?4CjG@bwU
z(PFzknIL>yDp9(6Bw#PYsQJKDRFIm?hQHDy4kjO1NOytWH*rXQ=AC*Rm6xSy#22-)
zWnxuvejNDLTDaXMs4Yk<XaiU9y$DPEC0Aa#E@f{#knj@j^kmP;ucQPs;UKEZOsF;8
zYa7QBoHPCu(Bu2CdkUa(%Zk@;foZw?CbjNf=yzCb!F-!ClFH&1vVJ2uU$Ft@#C(N#
z;`x3qz4!K2N3gcZ*<buu8nHiYUxArSZ&!PKr>*4K4RD>*r1LYcbYI^Ha|&I2_}v)B
zq9<|fO(=D4rc)*OsEeg3`E*(cZ6QX(HHls>+55{}?;6j|Y`Ud8Ct!l=7qM@*o2|~d
zEf=3F!>)9_-M5QdqvlaL-(aL++>T4jwW4X%!q)c$TK4}qQv7J_?eoL~^DuyOPWSZZ
z-{=#rqfx>-<qL5!!c&YH>qO2{%doreFRyJDI>MSB^D@N+G}AJyxKG?*XC~+18EO6M
z5>a9s4$?+gq=MS=3w3UHs1QwdMXgT!Q;^jR)iY8K{VdAo4rlbrUaHQUMPb4*&RL8s
zA*!@xOv&`Hmv&Z9C#9Ffd*3yahPDQ+ldnI>CgExU1q*3RPxAMZ%)KI3XEOB6^9_20
z|4L*Q9-4;~HRo^y8K_AXSAR|4bJfZ(di?w$GNS%haD|K`VFwhaQUV7~*pb2P3aVsh
z-}Y!(K-nr|w_N7pj8slT{iGx*o`!9-Zfz_;(M6LNJ-6IbwWc!WxFk#Ltj_7RsBZU5
zcjS#0loJ5`F(yc#q3NN)^=<t{H#WlD%_vSS-ZJ%N)K-*Q93QsCT3x79GP=a9xSHYu
z><Gi-2}_-2S>o1%Y5w(5RGh|*%9t~<;mj&S@shD#sS4-Mp(cLw{<0Te`4P(0f`iZ%
zb-@WT2~pEYCA(Q^Wx6&tM_0Mb$w;;@<LoQ|trfeU=je0y{YN4!3gtuSK%dj~w4nJ@
z`G(}LGh{q=#avm_WEEL$_n0bQ?eh-Ed%vQEicTnQ=U`e9ajz={<6_grJHC55cz8Vh
z4E?SQQDrNo`FnGPl`M>F#96`>!|*TEH2;i~|59}G|N6EHqX!%Sm<tIB;joFYvJxaE
zC3$hF<qb*Z4Y~8$7#kbkE9;GGidg22wel{@$jg(lx4#2rlUVemCBM;Fsa0*xr#C&4
z98fafzkffo4(j&9N_EDKFd&AQI5;lk)gCN<tT*A0d8Vb6m7|E~v$SOSD4h8Oz+ewL
z%hwh<s7wHj{RbtjtT-%Qz7*3GhcYRgd1`w|k8%b;sJ{OG8jY^17TeNel-Wq3v3i+x
z+?aj@9*2OyP@W^vquskABG*(@R9@eV4ybPW3$XV=yc>ny_#y>GDm5!T`9^V2bbS1Z
zy;qHHD8S#zMMX+a)Sh$BEtLoA=27;GSuLYyXNfB&0IKzOowbXLiyN+VWCzq(3UiB>
zSNSN9hAW~>!@wX(UBTEmg-TCN&HwmtH)xq00Aq(LVXd+%w=o+9W3f;E*ZeGQq^6|>
zQDh!FDb?0>m!^1n-ePB`{Zk;ZWgro{;aSQhS+V@N5y%NAEw00!*Mp&U!vB#*$a@Rq
z05ArI!zM+ti0?oJ@Z|nQ8jM)-Bkci>H>C2h5X15c_Dg91#>)Zakm(xxnU<WK2?zsZ
zzCCK=&JL!~RFD4f06rJ_loM-R7q>J7RLLJjKl|7sD=KpG8AXD_AqK9w_gQZ2o#AC+
z_OaEvX#1Vn?VDwF)j7+P?uSE3<ErpBlDtl@8W>KpwY?6yvVFVETVlz7S;A<ib9kt6
zWbSE}_}*_kHXfd5qm_<XpTNpPg?ZW)jGpVwl+!(2Ni5z0+V3O*3~nT`s>2)gPF#X9
z`jZxTY5@PS&G3nNTYmXA6?6N({N2lk7pXH(B;Q3>`wkP-RexYjVi}UGh#0XEFx@WH
z^FOXcSB?x#YV1F@PiKRNq|J;Yd%ecKz~i_OHx9Y&RsD(-i}HMnc85=j?kb~7W_?M;
z*W43j!;RASx20YKR0n{*WJGmtuDnCdtVG4(d`O}DGgVdo7h;*2nNrSAPPA&=_<ZU)
zm1SiKA3S()k)A$J)B4ZPuXHu?#?Dxt!qCIOfC2G)e=cFyOsu=9wUvp51s?#oOPHml
zCFMA(wYNYdOw_nH+XC5en<A*+m7SfvcVr|GicaAtF?Woy>Vy<(0rwqC|NZU+iPchZ
z?BY#9UkOiYF{lN%$n^V+ss<7US)7@9>t~EWk5xtYgwo-iCFo922HMa=`Or_yU~ibq
z%FecI+qP&fH15P5LMyLfcuIhic>(+kW-y1Of2rqVhj(`y{rrV%`~mw<SR!N`AIZtR
z(hQ+_vD11W%0T}rTEHe=T@SdbMvol>A#H$>DDD?Juj+>C74-pQ)+8Gp8%qO>*SJ&7
z5q5h6DMB$e3XIjynFY$QGH^)$9*UmigQ!V`%he|bm~(`L&uH^W2np+9^NH%VuFtd@
z-1(}Ub6KJGLSsY2cqxs^-)ux0x<cvs^Ebd9Rd05S7{(UH0=<Kf@Q9hr#1_Vmj*b9$
zNU5lN?xctm>8PZU@X{_;jtdM8#iF7U-lv}a=FpYX6!Ogy*<%Wdi<Li!y!!LOA|75#
zvLEj{#uO?#UCcS_jU#keVcJ9Y>GS8nIFClZ3s|zlB8}_zZ3p+AC$6%O<mE#osk-9D
zuECbiysN8KW-Sd+b>^X#h6Wq1Dv2ywBL^%HT3On$K}1AE8_DzaiF%D&Nv3$m5G4i0
zpWYC&J74onx~Sj2dv{@^!G2Ksj1M46MnKWrWM{utcvxxBh;NCiRN0>Ro|g6v9Pi5X
zNh<N^HfAU*6#@|n#MaE^n23m(E#iza@TZ_%b)fZ*OY44`ePM2|GnFvL?sL3`4Gn&D
z!lfk=DRzZ>Z3ITkq-`C>H-~P}E2^E0(2uLg-~IYTUO~9rO$^b5V{dB8{u!f67oa*Q
zN4L6ky+$<QnBUPU`JSul^9rlk^?14;rQSB8LRq(M$eoP^MQ~;;t48Se%JO;?^H8<j
z-K7bhSG(me57$w4FLEW!D|%71l`Sb;{`ZtC&fR+bCN~5}MMcHymEWYCGyef~PGV`C
z)i8yN+`k?LQCT=A0qs~NcK@COt5G^idKNPu$)zX0gc%E1xx9;Ci90J%t^0lj9}v<1
z8VLO#%2EHfGb8YC)6<48OiVIQeCk<?0TdgFk|qs8T1cCiu)Gfn(&=WZqsT%ownn3b
zi$;ij>k)v{1Mh?6%|hNvg(wq+Y3u3nuh&<sF>#GOiu&|v)<FY^ygy-+&Kl33hkuDo
zNLbC!uGjY&v2?2BRLhgijmbJF*DMp2KPgIJ>1=DG+Tb%aF{zCGW9@o4<ecWw^6<9o
z28w)?lwSNcWE~e{9q+wH`tK4)Q>3~YK%Dil=T+Nlb)Nnas0$N6T)NAJY^lQjyAa44
zf3Y!$f+L)SMldm&Ul~OSaNZ3T7U7@nzklFB1nylfBp{)=hz4|8vlX7gm;#At9}D{Z
z0ctQR-esB)8>bIKPxna69ABw=J3GEAS?Li!e3Fg%@ft64IraNdb$Mn&^~n_H>f-iC
z)1`!8-79JMSFT(!m}+=uC<vHrN=k~MCZzul55J8$!nT@Pn`$JP(bCc)qoG-H8Ue=O
z`}gkwQ-Hnm3JBmKEcveu=IXHj!Mm>c5{QlT^mN-Q>!OhlK<Y4HY<iHD!4JQwM-_JO
zK(O4C5EiC}?l^M+c(F_?@mRFGo15RUTU&{bC?gja7b)NhZ9jirK6Q3<Gyv3kxX_rW
z)MhdSybp0tTbsts-5mg<Gy3^~b%xF7k^Vm{N|Mvl9}&w)OB);?Y#XYN9J?MYq^&Qc
zCA?pcU{#>dF$!va(-k9NG*RvP=*g2a+`}p>7);}vvqWoAbw_7ys@L)PZ6-cohVs6p
zr=NqZI={Nwij^EhM`yZu7MXN40L;ABa?NJXOip-ccsKw{SxrG?rV(|y_(MM(D2pHZ
z+z12(r*``2l;|@hC8o&9l9xjtMP4W<kTNncNtZnq@_zAxSyM|(jC0JQgpr;7rTX^v
zrxDACQc`cJ_#xO-Ips(WJ32W%$QueW5c&k9HLyW~OK6<&!NdC&;-n=od$L>Ptny8f
z99lGgDjXKV&t+Cui+;E!&}~pF=DvgQxt0B*!$#{Kt>M?NUtPce(vNWNfrQ{3k9(16
z&qGN`U#eQ$DO~t^YP1YVsc~mypm14PS<pgPR~PW{0Ib>8KEut1lBrm8c1CkWlkG9k
zX^hHu?%pjh?xX-8sECzdV!|UNB;=+JF7wQOL_%s)W&x}zpgg|A!|G`{N;hE1b8|UW
z@>hln@W7qqLrL8VtB-Wmb5t$I%k9)x34}IW(<{#3NdeR^h;*@$RN@0bYGCVDbDs*s
z0(IMkz8lDL*vU^~1)p6plazh>^h%Ptw)TetqgIj%$y-qcHo?Scmfm4i-iV9Wu8Cwv
zhKDyBzHWc<25I3)&C3!&C>O=Kt=XAbTs**vDh5^uArY$`rj@W`z>yHEh_Cnj`6Yg<
z(OHL@_}h6ec&Q6)rydMj^81ZiQQ5T)fU}$3Z%6ef0p$mVC7}pvW`DX1LuCT5yl~+{
zKv2-8*;hdPX3^*=Kt>5*ZEdPZ%9sQNsrX}_5|3H(OUcOKAsmF`1Z&Z9_`Wz}Wj1PO
zqk$b&PzYTlO0KB5svx%gNd{wSZM~y0L{4S-uBD{~%UhB314)%Qgpo$z`f{`a=m?IF
z2M-W&TDm7E7u0{ZqdSsylFBZLMXSzBY<hZHs?56KE#W){^GfIx=pe+sD{le=1A)?U
za?5D>!egXeT5Hl3{SJsk2S>*WOY>k_5mjUj78&dvAO8TPXn@hn=H_Oc3I}5#MoE%N
zVJ{(k2{O<#FMs@AFG!1bI}a?EHP@;w3$WJ0aU>7FJuC45lD9L044}m6JyT%5)xB<R
zR8N?A6Z%(+0WW9b<t4tcxrq%C7t?`$g)nf@JBHut0eHDt(uI<0F+lJD1rOYPZ~gS1
z{N?h9s3?C}f1cZA)w9+aMdW9(n=LKD>lVoodyaYmE-;4Evpyak9AIGhS<rRkd!wT=
z%u~>D@p7ts++txo;LX@?yobktJVe?-%}@C5JSn^!`0wf8MR)We;*`r1BVg6feCwUJ
z!#ou~IYV4}5KF57#at8km7==(&6eht7DnJSA$Cny-Ub=S@+VjO!EM#zl9IqmgoGvO
zVc}<18N^T?>Z)_++}s>Yg4Vh-ZHf>yK$*E>{({Fp?+u|t%7D3sI@RkY9y4&#K(Nzn
z=u4Q({i7e1vE1F1XL7c?Y9{rXZ@MzUnQ^~Tn2w0yyr`2z;Cx66G?(Vo|3@I+`hMew
zGMmYjPDX1jUETP`r;N+N#r|CGZ%FStg^=DItQAR4DTTq6fpmoAFcFv*+Kmc)h<KEt
z6-AmkOya+@RoOvB)NGX+6B8rt(xz~GwB#iv(1F?$HOLotGOQ1CE|ZZl3@$JEeE`3}
z#;Y%LKp+^(bp8A(Wow&Xe!N}ldDvvX5t8TegqC{`L5{X6aukkRoZ^YMEwP3yTiTrZ
zG)CDOqjH{*kPM9%Qiem|19q&q?VXNBV}awfc#pD$kaK+0bmBjU$>>cycFzqre)!zO
zpeP=tG@_zWV0ac<$zLc`u!6+#z=H2<R8CfTxw>e~z4%m*k9Lq6Sma{^z!6{xE?>El
zA?^X&k5a+U0$^AO_DzzK5X;D}TzQw8%A)dhV^bC<F)z=iEjNd2&7h^s56tA}^EUdZ
z_=Y~W3s8|^U%s4!#8F-@h;#r-etE2niIcN?AtFvYM~;Nol>Xwr0o%qMdm&bZcqv_7
zy5~wt20(UCPKFK)D6hZ0<!bsVVSt3#PaU?e`YtF(uo)!1!Rq@|;|Js(w~-a$@NzW(
z*4Vs*N9FOG2LZ)pQe`DI?8-*BbNNM%CB?<pZ{4y`cZ}wH8ELkCJVSqKd&tW+0_vlX
zx+63f0w3@BO7w-f`#(=w{I6!M8?=mG`e<YUgg^_h%lZZCYg_#aLF*g$-S?ll#CsG~
zX%6K;{*&_dmVnjf)Gq)1j2me1GXw<R%FC%BzJ1|)IcSBfzqZFcqt)nt^`+zw`O83`
z;v%T2scBNJMheej)9EfPy?`}MWmT1bNiH`3^YIDAmDSZvqARgGa%VpdB1Q3eW7x`o
zo%=3MwYu*t5e^rS!J@wM_)@U5SA95wLM_{_c`puR+`M(`!Lw&!i&KphL1&{lb#S?d
zgFl5vwWInVVT;7xv@PM>Us&oW<e(t>@Q~?bBdRW4{_;&RAW*R1)Ygve9O4Cd-Y!`m
zQa?<t3Ak9X#oPltdXps~@t^AMd%SF1b`<5adLCcaQGp5(8?Pa2CKNLUnC-zd$Cwjb
z(IwJSOn6lZQVudkyAc7r!T<4O)c<xV`u_>!)A(FZFBG~hP*}S2){R)Ulv<5>XtAC3
z8`a?y6QgyjnLuv=4szz~*`&h4zGXL9tOA#HLmRcwhl&3^K&R_3)t#c^$Hh<)oZdL|
z{|2C`8lry(Ph((aJ_AC@ma3NwW`Mf1f-A0di>#ihyd~b>+dH*h?cBIie(knaDKTPg
zF)MG{x$cnGq$i#u^)LNp@c;lp(8BhUdV+E&FNl?q-hR-K=tUxqI0;r^H-JP=f&cHA
z0mPHH7!MFkRw|cnHPzozP7<AA0Hvyy1{b&8ZtGU7^MzJh8-LwF<0yW<a{2OG_&(3m
zmFH@zs={$HbpM9#WG$N1{Zz~u1ZXO1Taj+}d3OZ#X-;B|R%})7HcOpFlhy#3S(o`2
z882a2ZEW_p{rvo(OcU{>6>XW5=+FmXOzR%r1q7%?l(&%@?UbOU`wks%=${LOgmzyj
zeO}!8+LYh^A{_AuU=~Oi;aw&X2&{ngxsy|=MXcy;+3?Hc<lm^(pwEf~nV@2Dgg<)Y
zlVkW?!H6YRWD2*bhi>qB*J-GrI~`SP`Hg9p)7W7~>8YLQ(IGh@`FNS!EanT=M(CYS
zQLlFCDzwV%wb=ARJ&!H<V;T<)PTkPEs%$JQ4@<1j+rsV&pJsb}HcBE^J+U%VH@C{k
z&Ki64`>ke5y#R>>zv%WC&zGfghgZ+sIV8=7Up(7xw6FVeg(|J^LYqn=l3R4qks@U0
z6UK>xCY)JlX>DhFy+uClcB97iu{t`nv0?G@W!FOM3h|9KMLm<;Qh(2@J9+)cozlEc
z+uA1!-KO*w;u5J&>(k8)b3$H6g0S9=dopycXAsIdIr;hANKvKKC-p$d(MF1SpHw$`
zJT@>e0O3b`qy1cW93G<j^yCmRpu<^#c~Q3lNQnP-xd@V$o<0<;4#l|3_}NcY+8YUX
zH+JlI+(PIjLg2bTU@r>0=^oCQ(lWc5hu}vQOSoh1r^mZwmoB}5ed2EpD{_;K?OAZq
z<OB#{W$xd9O(kwWdk%!5!Y?YmKZO?4G{KVsFpJvT4Rg%0_IsOKR7oQLE)kW~o%n}D
zl-By4Xa3=14-Zjh*$4OU<G>>pZHa%4&0aj~wTJ6K@zKF~%{;vZkQBu4Ekt!+QIB{K
zpg{iXAmYTi_=Pmx!_6%{NZv+GMuy=0`SXgZs(%Wzfn8ORn^j%p^*nG$8`~SmP-@hT
zN&{^kgX|@cG8PsU>2&WNZT5UCD(YXrEdDK=MMW}|dAzc>R|FIW5Q|AC)Iv9UbHx+}
zwX-_8T6}}ixn_2)X!U)LZVffKXKik>QhR$l2v6(7Z^$Xn0Qw@jr1<rY@%vk%P#>t=
z=W<qwb2KvU;2egm<fkIeJsiETwB#T-HXjsOe9T|zvYwpz*{n`%dS(V7A&>|pYKH3O
z$pA1Yqh|rY(?fW32#wGiK+4>vRDQ*E%mH+$rKX}HM3bNikjt06Z{H*xnrG_(Y4g!d
z)X>rj0*~-F(pYI|y&BZa7{bE=+dWitBcS{{1Ay58<-F@Mc~wz;)SMXWU5<Ti(FhnU
z)s3TeukVYvr!Z*Zl+ib<mUhM@<E;Uu8gm2L6rEn@-T@{Lpc)eJtwt~JM_T_>t=|3R
z$WX}v==gBHfv?$qKPm~RU(=rWD~(6@Ma<uLyzzPckeILUE#TYn*RLap`6?URB|NdP
zpZ9eI#F0Z338UV63!m?Ij{mEehnMTa`%rj5snWa#qKUAtUl&4?Jq>%}#SlJ#JQ0+$
zNWJKpOEM`?|Aj=J1>3bOj}#GrQuN`s-l1mlUY(XS1v4&A&X#{`Z_8s_|E-l~*RpeU
zbv3iLZYj5$!S-YbUxo@OA03>XgA7I>#qt2M*?a55`}a`VpAkRaQsT+B)M3;52nsE-
z?eQX0Qcxx#?tMCh0)&Z&hYW;!ACy8^lYgvX$VabHQ**=D%Qm4#n}R0Yui20+N4UbB
zfLK-V_HAOg_lzzib}CgrY6K*&M#BRA=J!|3EG!;4I+j=rTa@5Z5o^0fHyhrEveQBb
ziiS(*htkr4Yn@Puf&wBrIT>mnDl;jj4<Jzj-3@fj4nktk!a?<-dbSY~5|)7H5rw+p
zdul2!qM@MyD?Q-xR#*RG_KYox00HG5h`6qEa?10KgF;51+ZJt(z^cQbmkON1_OABy
z-bZ%5cbJpIy5?F3#^2qyvEc&w)*N>&R6<cIxZG6bps~m#rvQtryH-feYC-q_@dBVF
zRk7j*4QGnW%0xcUi#TO-Wt~M(K|zJZ30{5(D6UUK^*{xQ)dw8zEN8AmT?9*(k&#jE
zuy6^Gtma}+CNSK&(-(z=V#yIEScgV0SJg=I-hs+$ABxN$h6U-BuAmy7why_&u9^to
zh@)R0eNGxY7Tank>Beij?|`}n3wHomAbKdv+pxD4PQu8jw~4tyD<yT(^6v-3|7H0z
z-Jc-4JP8xdVoer#0{C)I=i0uFL}zEGr_LEN6wZX#p;g_dnJ9w1Jxue(-nN0hzUi_;
zmnZ-2`SbtynolAu15m50kjfTBg@xf1jV!fNll4Bj{7bR(FOcq@mzUS|towBNnmGVn
zyw1h%{fJ9#0hkq54GE%FJdF#CeII@NG@m}bKteD60s3ixAh1~9dEff$Crj-)qQ3RN
zOV7fV3H<(@8Ceeh*Q>%8)0JueNoN>fL6s;02?;%wNYT1_ecKVf?zXmz7}Y^Zp$UEN
zblo~giAeUlca^r?J{y1SG6D5rMr6I_4+Mf{6Z>}o23hMKs*QEOxFh6QW1lrrTMG@-
zaJe0mo12?HHx+1}r|jLy&uad7&}GTb#K?$?MKXetlNpg)5EKpjQ=dZL`~#G`Sg8<C
zmqm#oG@HYJcVqdW;03jwAcrYziOk73jU3ft=n~l3iQpZeeFdq~yPIkG`L^mPgTIyD
z0A=`_1JE|VxOfQ@MgKeY>(>nGgxJ^*@UF~A4#;;kJ8+B=*a(K<zCK(a&OjdC)Y8(R
z&#ez)X+!m^4`gL!A3b`cSfh)s+*uxDT||Ns_2|e006=|Eru<rPfbrh5w$5!G^KYBP
zrLa)VQdydni@Xg?40-?T4>?&`90XPHL(uIgKH-9@-O@5!UHrz4vj8K=ck)mN!=hc}
z2!~x7;3_947Zw|v9qkM_WM(C?F^qsS4LL9XGn6ClJOzNoe;q`@ncO<ifTl;tr;(%E
z8UesEoPbWGKpbkqQ70$`b#!zP_+_pDx}4L8y$s+~tf1Y4?3b{ircZ~5hYhTVlEbcF
zPfE4qfD`PA)k<Y0B@DvCqv#Fb2S7Vd7iG#z4J;;mhi>5uLIlY1iC|e?ReC8%KYS=m
zYg3|`)W0CLc58cUOOSSQbac_Kq71+t4F?9agc^r-vdCvWYq1w_1Z|Xlm5qZ#`tjrQ
z4ULV`=h}ruM4;TjMF4?vUrQ^-qH>(tjs@mMQ?|IUK*m4~$O-SGPw4SmFzWbty0m_P
zk}^|ny`spUxP0|0VVt~wVd0&GNXg5OaLhA+ma(gT;wma<%_q7&pp>4GLB=7Fh0L^g
zh84_*u)~Q1QrEgvnEldN87bg)hU1Xav2cf9jw*Wyt%x5)2Lu8}rh>|wiccw#h`&Mq
zTLG4uHc<ffLjLv@At{?}H*qzFr@Y~NH7P8siaR3t9!uc+<PesiP5=ae04sWrlTQ;)
z1uPB()+{8sGE!3IqNyxeg)agHD-yLqSe%vFTn^_83N}rRjRTAF5q_T4!0M{SzB_Y$
z(X2qdY2>j6cy24Eh8EygZYttT?%nT}`^P*~!~wy<=yqJ{f`4Y`ehm9$owr0sXQxb4
zoK2U>U1(-ulhe#+UPL)+YHBtiNhSsXBmmU&{glWb)8}Pb-@i94)VnhFQFQr7dyu_+
z@#6d9o%4)+si4E&O3Ti^?RT|TM`{xe(N$Lc$3XO-M^OBqcZK$Oc|?0%HeOgMq8_EB
z)R`ZxNs&PDb|T5ig!Hi;>p%aN$GUrZ4d`M(!gEli&R8jDR+z%CY+Gxacm;&U8%Dta
zZF(!|ibQV9yz!_*$HXi<nO-XqUr-jEci;;+`V&G}0tyeq=oMX$J_n9pDh$bFKj$bX
z-8!)nB@mdbBDa3O!^^=+BajY%i<l4y7Z!`^#tqOkQ=E##<Zd;*R;4*8R3nzN>9!O0
zLK~4wiGlj#EhujlL4E@YUhb#PTp-z`KzB4E)<Ec^t~c)YIrQm8jC;EvVJXouW3k>H
z`39}dMkx)L2mBQPk!Po%%L!N~GWpObb3v^c6NO=qs==yePS&nr^<~Q#mcBQDaP7d;
zK!Hqx71m&-mLT&&ZUqQjBa?8v{as-0p4%&uTU=XNshHBZ`i@qXfQ1!JcYE9R&0G&l
zT%Y<GhmLjkOO1B(ow}ec(z$&o+s}8jQ{fNdDgv<~0<0#8$Gc}6r`k4AMMV`QaC+Hz
zsaO{u!E>Z{MXkvLtK<gtRmNi8?cHBdHOb?kNs^}2fp@Zes33p`Uo~?WTGNnQ1}TuC
zjN`)*`*1d`yN}-?Yg~9eh!MYQ`1-N0s6KY3^xA%re@+x_e`@V=5lkN7*4EjMRb4qw
z9`&2ofc%*C&65gk^BEQ7o}Sp%4-JdD!<TUmo(#BPC0&Rg9|&Zy;!qx|7T<5ZUfZde
z*`T7rMcj6C5e0=CyQbbo{t{@^lDBU}eY@?9U7?EZ2MP1m(?yEzFI~T69x`K9GZR@0
zcGSAL%DVHdb=T-FH-eb!zJVhbjEx(_Q2No`+nr_$wXd&|hU}DQ$7Ar+xAKj4w;oSE
zm3rc!tuR*-Lo!n>E8b>vdV^b;GJ4*cZ#pys>zm*K`TcGh$c-3oll(bRb_ZU!T8T*J
zmkYHFC!t>iN0ZQolZMaxf-49v&<fDBNC;YgvZ%RZ{PHK(EZl>XWf__lQnRB05~-@A
zE?0V_f+<@gW+n8w*JiDwHlBxq?Cbq0RuVQCzpC6?G)}9e#cdS3=n`2yaie!PtMaXl
z_ryDe=v)R+nl%bnKXr{=QWYdJXUw7Q<tTxT&;U}o0#=@J1I?p>0++m00<1IHB)Fdg
z!IBiE6<A9-rwGJ-*g5c_kUS;3gHIYkc}KC?!O;K$z$6fEWnSA0w+la~qG#dCK@HL*
zW#d&@;@$Kmkk}RUyInn1v3ti#G@pABpaAS2@Uc7i>czIE8j?XqR?+v5z(qEB%*;ql
zQs+MkJ7M@S6Jvsb-2bd>`u`zX{qvykI41862&UI|>rQDw5|8lFC^DH!lQ_<(d(WC&
z^;Yiz2bAP+I10!Ld^oW63y@R5Za+mu8KFBqLj$^QCI-c+pwki+LLbV3eD&Lgnm{mM
z(+vV!=S?;G$K^I!@_)<EzX)6t$;=BVDB8NZ9MuQ)xdToC#R>cT`G((97IG-O5D1WO
zyy-P_P*<(^VDIIOj_xvnQ&Pe?p;?aX#xGtVeEQLM|Dv*Hw)oie*b&H`a44>TwIV|#
z_Ag)?%FKSnPV#-M01C#9<tW?RaS%t_dEU~%vhAJzN|K~Is|5oD$Yodvl--b)fKWPD
zoa96UTr<=sY5m$~zy7r356TaBHW5Mqa|Z1(0!}3XAzd_b`@vHZl0*B?I0$0DaRA>@
zgOl-Dj-Bun3kwUV5Ha?&xeXVogab+~N8UV*;b(vf3hFvwN|il(x!Z1D^l*EU1MMtW
z6w98@Kz?jKl{j8dfCE4a`Mx4ba3&8_-tVWN9)Qj(&>V;vYI|BNOXvK%w3HvzNaZ^G
zP>Y=T42PoR(|nN@XAw|q2E++Lc?rU2LrrVzm5(Bz26+exR1#x-Q!)n%G9y?U&NM7n
zJ6dc`G6R(b)GT9#o12?ZBYlLD0HF>w6d0uytoL3)a(UJJRK(=xmno-s=tqEHxloY{
zEETqbF;veR0`!6$I8`9!sEG05e_y)(7z}M=nFdz{ILa8Hn(QgZ21PRzeRNS)C7S-I
z$JgG&kQ^L%v4zYGEH_Y4&1+EJV2kZfpT0-urKPnl05Aq44+sgNm;ptKGRj;Hh7%19
zVp$m_so2&>i*YE36@h64@{z}SYra>PEiXA47klas^k8Oet__9-iEshz1tp2&aQ*U)
z8#fq)g!Y}Xh!BkWeq)bcVY}z=-=&aO9R2`XKJB;*!=)(cHM=|`U^U9SwCq~dNsb~(
z(CY(|Adi{^PE^2YDr~`04wCV4C!q}zOI~V!)br;ZU0o{3uK0TWADJpy+I0TZxo{RQ
z51*Rb<*yP}KJ7E;TsXh=ftU0S56^S|TQQA2jW>qYDbR~=8}e{V)*sB)fHOp@!N3^S
zVEbl6pkO6)<<k16fN*3)fCLW?*f;a;e}A3V#!9dhYJe?n-|7Qj(JJEg>Q&Jg`Q=7q
z{+QnWex~ln9l%d&$CK4wfwMfBgHc7+g3qq+6{qa<C!AdN^z_`r=$$Uw$18~MOTCQ{
z+0c;Dfa8*89PmWL$y!eYexnS@XXqKeJV`Y`3c=~vSPo^*IykwS#>zAsndC9vX31YA
zHkQszZ@HTa1zGQQ7W5RLKQJ^hl1?0<SBe1orDq}P0g#RsTAiI^2^Z~<)5U+y)JwLt
z<1@S6{4WOWN(Vw{lntwq7R_*Q;Ej2IYM`9xcsraGJe{0CwMc!2Hs0H%_mWv=ePMk;
z0OzezM&pOiBjzhPENrH~d_<C}#{6b2EkY4`m~nr+XL?6?<~xsFzgb~;F|85*wMS+@
zzmI$zrga`2q@}*2^j~_p(s(G_H9n%$TX^mAhLQ+TvX@LTw#k+~M3k{)8AP%SQpOTP
zQW;w__I+Qnj2NPh<<&5DGLm)1)>y`NZs+6qoe$^BIbWaW{@u^@T=%uz*LD4`R@fxW
z?#z{0>&tvR%qIAO;D@y7Nt>;8B@0)fOnXNYt@NOkPfm-|p)^U_0=RwguMaZ$0yxmQ
z8&7qcj*_2F^fe&Y_|faT@u_`t#P{|nNy2H??odk_!1%oa7YxAHuB{qA%344I7TZuv
zAix*(5}8@qqki;<di5>utNAUy%|9u`-dR~E@dx??koTrB#jpn>sYL$-&@ZsJO5|7#
zY__U#<3%74z}A3<%;ihRN5|YH?Fp9xQ{yn0td<sgHB6U14=6W3`WmWu8}@tahe$Pd
zqM7I>E4BK1(`UnKwPG+rP71`YZ;l4XWgi*%f}<$;KRvp~?*{Utj{Uqf8*_cJ$w^(d
zpv?-=b5e8!_8=c*N&%)?^Gd_|Rt))??V|M`Ft617Gd1h$J{3NkoQc+E`*#|B@~oTy
zj=kXqX$(=s55Q9k&%w$5{Pl~{DH7UFn`rc&>lK3dCSxiibFhp^G&`C(A|m1lU0(l>
zq6SBkT1#5^uZ^Ad9*My^CVTkQ(U>4$-6{g)ueIn_`snA8Bx^0VOhdEa^tP|3Wm0s+
zBJv9d2I^i<)_I8lT!+JODZtEtYX10l!LVO^<gBbLWaGq9uCRkzI^p?D_oJe+au$Ig
z3^JoH$EeyMH;*`5uZd=l9vb(otItun_N;LYqt4JRHqNo_w04^U`CEk|+jMaMT(%$S
zrTWi+0R;I)MVdgtT!Mafae6m_BIpHh8EVR9*AqRfWu8NxoRlrZ0<Msj;6MZfgoVjX
zpqU2dBI6g=lZj%SVn=JTxB@U@seKFkL)q2Wd@A?EubpE@tJwMbD*@hF3@H2Etg7J{
z9Uax!EV%OGx|&+?r(3Ghif<kayu?<PN2_;%rbMrRKDjL1PxzH;pT?0umRK3qx&eY}
zx}n@pv&d@1TRPWkhVE~rXza8zKr#dDHD{&Cn|@JHTJY>po(itY-XEp<ZwITBh6ad=
zPCKd(QESt)rRsz<LIEZVYUFhPHiU8`?W~{3AQdEzcj)YI49&pDm(vNNq^qP{V<|px
z6bC6Kf7*evN2DhsX9jQz2|AoAFrbCRVAdDlIzjp`c8K3*B;-?wugW=m9BQxtc)n?n
zF4qKETU{u)cAmT*BBHt{Hlp=dQ8Gm(y*J@_T=YD>zf7E$H+eJ_UtXS2l)&9QjYr^r
z_}w$ozv7H@6b-y3;1>JCIO%c&a$65(ax^E=42(z=;{|gG^o}l5|CdLUiy@!=oP#RF
z)lWcvaCEo1MRy=)$-2)XqQrRn;XUR{t-ViAM@rW@*84~ozq6`8N7nTZx8t-dVU<hX
zvU{d%Oj-=O$hhMbA7$aD%$mDuFX91#yj6;WKngcVeB-&fgJ_C&SwMz+^sB?}TFcS0
z@41``)w}oQWHpI;yGyiViMS|pH+ZuD&wVk-ZOz8eekt(LJKkCR@8feXTGa@(7E-r|
zQ;u1dNN_z6$6w~DfE(E7>@ZhR<RIDN?UW&rQj)uG$)jUnd6tV&;dV+xWmU!}4Dr5R
zJy|Y1eSz=k+sF87R~CM3W{eWp47<r4db9NVB>1zM_*0PE`m?u|`}EsOjFckHq8O<B
z0yOm7rnZl)+U-2$kE*E2*$b}?n_)V7;$b`A%oghC-66rt`f_R#IUZjLH59)_MLV;!
z9D|GX6k#Hb?Fn+Xl?T3AqUDFeIzR_@NtwQ2gK^ZgoRO9ya>P5FGsTMGF}Q0!>RD03
zx2u|w<ZeYhOaFwMz%>8G4GY?@pbs4OAv!NS*UB~_S-N^~<T=!|<H2ibnw+g0J;n18
zpIFRFkOXJ(Xngz|{efx*61P*3zr5)zE}B)y@p&9Qi?n!?zkQ=Q{FB3+-c3Nus|i8O
z!$E&eUAPrXQSD5C;dLoOkb9sfyz#CM$s5q?rr+zlJaX4Nc$T?^=ZH<zfw^oKm#x?#
zrt>T72>}K>NY<j-tQ%0a=kL)9`vQWgoXK7t&oCXIz<z+|Qt(u5<lJ=icFO&P{Hd!>
zEsLmty{j;2{G8a#?xY@RV{q%a>h(fKc@R->?a;gAQQPWa#82Kt<3`nMuVU0v15isz
zagLP_r*c{L7C*{l!~aSNK4s%Lj^9;JOBNFzno9qC&<*2!S*Jd7SzUi{#}zv@?Ege9
zveWs@Rsl=ldbmlgJOinaRvqiF6=ag=9<8;)J+m)0xZoqyr^kmGoXg(c`>_|a<YUzj
zW!P>sH25@aAgxIUNDHn8k-j?RKqGO!g}Q_NV_}$dNi1r(WDPIECPDphvRhU_2{B01
zaI+3sWkqz<g54|RCtjrPoBm^xU#qN~1Nxvwc$>LuyKd_6aNHNo3uxP>ie&sq-8`k1
zn$mHi$Xi)E&rY`C@bxoG*U@Kz%(+z#iw;8?+T#3^M!F(}42>7sWz*S0fUkd=KKB|)
z5?b^%%V)l0-&07GAHnZ8D{_9&^3GCzoPQE>AU_7yZ~(1qFE0USL7b7NG#hiw@giEn
zECeYG^{eJ9NoVz05Sj;5{!Mj(TDw{EJe$V8#dYUrCd^k^?eMq|4VKY`!{;ydQ=+>j
z5?&tCGQx_;Sq0gK%W!h=>btgg0?vU3(m;%C+>1KUCeW9rckjlKY`LwYd>$ArGy>5l
z)xulWWjQW@HN<3_#CJS(*{c?p9W1IP2Ft&n70wLz3pduSZKsT1ost(KORpFK?E=QY
zMamW!46^)|<}p<nNkdbrB;R7EPqx?<y9(yp<OXwx6rsF%uFdJWGN>(jaZllQTyGSP
z5?UK~B&{^HG;KGHD+e?7WVG$0dy(vnsfJQ(%)+uWZAw-)Rqrl#7YX!0LrU7u+#7jU
z6o~#M``CL@1>bWMwa{*G=-^mkQ74vMk+8`|MfEJfopOxr8ySRWTtUj>AB2M*eUl<S
znjc{+oQtsGVjEKea`fbFj5Mv{_-@6y+IE%dGq<?=dP+Mb@AQnU)!D!h(6TLkJn65`
z=)(^&7cCDt!ujv)70Dlur}ORY9;$1Nus)I77Zs>XzkaiTU5UP&k%7u*$w#OPS=hRu
zq#{EXIXwJOf~EDH3RRiSMhFF>Le-3LFTCy5ue|!d_jvrDG%ftCcPrv#ch426PC~!3
zB%=u`ub@&pY!N%u!@y0Va3chu`j5@%u9Fv?EX)oG=5u+j2y}9-wycnWj(3)2cbhC3
zGh0vps%_ObK9rVq(16pp_0mFsEk(~xt`+nZ)jfeURw|>Z=Yim@x+D0ugrPcs?EZtx
zVYJS^{(Entrw*o1p`Q8jKo3)nhe{ow%jp-aCG8ikVUG`l?nlgfD5$H)1K{_X+H&$J
zJwp%hh=|=5cpFk~(e3l=fpA+xRdc|>^{C9l?iW*g8$r{wKRBC@w+XxHOd7RqOf`$F
zZzSuFaC6FtixQ1Q@yLD-=yT|Q72ExH5#ax16_-eK1i+U^jdA3*`!*^H6EmH)D1V<W
zbX~(y8acN^Hx8DLepA$;Y~VU!zGHsiE=wQv&qEU~ibZwVhZvgWcw=&b>so7I!<--R
zuV-E=4%pTRXN$GtvYuA`nq$ntU}bPCbf!#%DUw<#JDi)_fu?-Xq3i(bH_mu!s(UjB
z9$PT~1vumzaAo3=1M_cjF<m!$axXnoxRMGVy=3FqQLZo(Yv*23@`cK3I^68Q2GoZy
zL~gN+{*;5=D@bSg?yYe$N5@s62N-;F0VFJKk?Cn5GbN-Rn8e?>>aVe<LxZJiPiKsA
zeh(Fm`K(xTWz21DIIw}0JN!OmL*yGE2%AumK??`&EHcTz2lZmk|9mdq#@%xCX9u7s
zp!DUVcOEq-Pj!qFmK_@-8xInUr9Ia1PDuE2A8_oGmJy=m44up;@ioIWDs%#HHSD*6
zaZoH#=b;+B0=wcW&Q=&0(!*RVNfcr-6yw@^D=#pN_iAEzIof(<-gnLF6jRQkl*f9T
zXWS4=_q4~##~`utdDNI1X*e_Gat1%uK+B+r0|X-)8f<@`D4Y-s9QDX>1ujWph&n*!
zD^j7WL+cII$eBqDftw^5NEj^<0$AgG5WJa<2PX;n+!HPd45{MSB^woQgU4dUxY~|d
zLFGV+_s!`t-cH=7APH-p^OE<CwtmdmXMel_ePHIM-5p6Nd*Nd!$2;NJwNOZRY3t2j
z`NOHp0CxKHQrWIerl&@pa#&N@2{!w(UL$np;jtV8yS1v7mBZtoHWeeONir4ru4_yX
zAL<i@p<FlX;Q8Mt&XgrHZ4e(;B@C{3UC;_L)f#lpwc|}28r{eGnn-<p*Sa$^!ZoAd
zU_)Bu#&CEV!t#{Q_ohd6zY5ttt5(NMCf&l~k^+YV7Ulzal-0TTTQN6_b6czBoOomY
z62XDUEdG0sfbbAIKad8m`Uw!e7>{qC?1;m(BaO;#K!pI;dJf`m7GD_J{FhmRF+o5q
z#IrjJ*xc*t+@Q5*JMsSL&%W?CV?83jARyhZegNKivwvHfE|iMK-`59Klu4@K=Tdie
z4?Eta1>v+^C+u`hbB;;mSFg7BZ=)w4&&<q#PIvyk=QTTQezSd#hVfWcaePj6SEgP+
z<@c24Sc>QL>Km8iDtlu1{4diIoO(yCasL(@&z5!1nFnk$-5v&m(jj_UhOknNhcEsK
DqUTMb

literal 43851
zcmdSAWl$Vn^evhI!Civ81$Pe+oC)q8+=IIZcO6_pg1fuByUXD24#98#{`c#BUtZOF
z_1;v`RL}HGpYA?;@3q%jCtOip3I&k>@xzA?C?IKZ<qsb|vVHgfl@AXEyu*km`vCm=
z=%g$q`k`Wi=m^+>F&B{&`S77S7U{+C6R?k9FRkVD;R9;#e}5kb?TSo3d??ujiHoSZ
z|2WI~<c_`g6x#gYm*3dlKCk2Uklc_6#Z=d?U00`w*dNjQ-^-ee903Fm`V~j<F(A0f
z2C^1*<L5TXt`~s4e2aS7KKa$dY$B7-X@BhDx#MEY%$z|F8%9Jyb!2o@z~g$?E`aQ%
zlF#?W-OS7^zo_U-VE3j6^UAdF=&-QZXDyS*8{EmIZ69-rcvETVFeR`(73(r}-4IvZ
zxBvMtg|ZkoHppDJ0Hm;?8Ttz%_;I;rh+;Im(|thyD`qltdZNVVcE%i#mdW%Y#eX|K
zO#g=+W%6`q)R9#}ZTtGY0F}5Rz0X<|jhg!4iEfY9$$VQut18_F;%JB~qt$A)bZhOf
zyg%O_YP`f}t-Ah|bmXyRTqRDEl>`N$$K9J_ebx6IvpbfKvMW=j<jE4>H@S9Lr-r5$
z{O_Zr)RBxey4q!BpvIvYiH6XQ;%B|_O6$fmwkolUzh_=3M@w$*fdx$KzB?`pZbY#T
z2+fM;U$ji(C3MP4hP#M(#HPDINWiD{7_}N0tY<#6Y2R#bk!{x-oRa9X$03`$By=Lm
z|1)+K@L@FBqf3@ur_J2Y;2Q+)tibE9IV>^yHRX<bvHZ9A4YRaA0`h?2_*MU=VG7tC
z;wu%*iMq14v)D?e#9&%+d93@Mltze<V46Zq5y|K_x{aMG*5-gZ!J=W?T(w9Ygy?q}
zHEWelMbFF$JN$G<`2H;pf~zD;K0E3V$>aBL3r?2NZOtmq8FgZnQ2p@d6*=N!XUYlM
z$n1ApbG8Oj?Jhda!@plYC-0fz{v6oy9*EgtYbXR)SnaCXBaWG}xDdUtkDM_zYJ$K8
zgXPe)6B-<#SPSE?z{z^I3doAh5*jh7Fi12+1%M}HMd5ro3OOg1c#J*?jdyHLN6UrW
z%U%zNbrYh(lnJ9(tqH75vtTKhIa>PtQ6RuZ8SU97P!B_RovF7w_?S!lT01g~iPU{$
zCq%T+{9e?s_OzNA*6zz&9YYh%F{~Hbp)4{pOd-v@GA3Jd^NX$3XLc$tLPGb0UR$>x
zi9JUmY9?prbtq|!e#`v0Vt{toTZSK!HKgq>^%LR4pf01vdkIot&5ro#1lS=;quFtH
z&FeO5<&I$Pv0<9$j_?igcThX_=D8=*^@-|_!t>41Vgk{gY;190V4FIz)_MG=42TPT
z^~OIwHQ~wyo1q}V&ozDARrlpm6#RFj!|UWKxW?}*{u+8^e?Svf$O&Uq8&uL2>LN4L
zbp~LKFCy2uXu^1cep%595SmK#I`O`pivlt7R(V>?ai-N~$1P<ZPuTk7IV8Eanfi^V
zK>vbU_Uz<No0s09X6r<na7*1nrDH>y;^*0XNc&%0Jlt7fG#vYQ8!zNTp`ST{el!`{
z&(9R!pQ1BVDh+2pal-+(Q%Pf^y7u$3rw6qj5v#-cgK(qH!PWtW>DN!>N?8HH1H{md
z_H6BgV=sU2DhUMxwFYnSiO2I9ayl$$i_~_WE(Rk!FDCk_dC>}E`P9nQ+fU-IOmrl*
z-k67!vNcMD+>ebA-=|=K>&2n!tWddFrRjtNJrva-$TZBvDhRy=b!KZ+8os>y6X^S@
z-`xO#nK$7kw|~ZK5aG3_Q>$xXa+)(P{5DhUQ%R2EXTfI;j+DBU$RCE?XvE{PBTnC?
zu$iQ?;l-=7?G&z|)iQUMc5Wn%qzF^O8jtJav7Y~^R_Q2c<HszAG;MK|!u+aTchd6e
zKK4;XWhlY%MPksm_k_!e-zkveEf!OBJ0#Hm<l%XTlIWE~PxQt{zOVj-4{wpxe6&Na
z5G<Y7NF2G_Hh_UPR?UascxFLmxUegNb@=;e$-rxaGk$Na1s%3&@pWLFTXM8}Cp_7r
zn?jVC+)PvGbMt~@YkFVLn255VE!QW|XVIxB6t9(gJn4|N>W#1o=)sp2bIr3Sly$Fz
z@^t;hwCd@!KUZ*Qf1;Rh!4D1R5c9O1YO`{`y%Gqrgl==eaG(Qj^AJfdt>5E3j|(AZ
z$)n2|UFpxY+=%2;p_x31i~%NJOGpkE9QR`}N}zK20Pe<|b(KX*%6+W3bIp5Dv;KVX
zpi=8(0WaJExeVg4S*iN#OKpkTkyR&x6FL<FsNC*&&Sq-2c2YRIx_g+irRtyxq}tU#
zSE7ge&g0QvagokF$g}m=K3XtD;i=&$)*3R=40GU$&l`eNd83zGqE^b}^z|+Dw{)_A
z8@V9FGJ)EmXtBsrCpO6VQLR+1SJYN9j<K;6<P=w?LmFSU?lyou7^R>Rh45RS#&D2#
z4RM6Jo{-=8kv7{``y`{Kw((R9$1k;sVx_+|*5D8;WtC{MBkYv$eaR~LX83g)mrIW1
zJ0m`)$CgI@$@ud2ahjs2sGaArmt$}w8o2i<+E=sTpb1Rp_4CpCA;u>ZYed%Y*iC<v
zKz+)oFY%bmDj|4cwK_XpoZB;Uf{^>!GW<2Zog6pS@E%{#DL*n+N)-WGu40r9LV?(V
zOdyq#ERbc;6kdc3#aA_BvM6Gl_NT%{SlFX~f<S*k+vK4CG`*t2;l{Mm)m7`f<I^*3
zBLS-+2}S_krD?fc$hhu=T&IXg4J4UHPNW9CzU^k;+C4z<W7_Udt7W-_&xxZ(nNq>H
z(V49cBj(v@FqSWVi^AAcNFGO3X$<g2Sjo1vg2eq=CG$mWmcirxOYHf>)sfuGSs+_T
zo7$+pSDF3&@;Nb=W%D?Yu*M*Vbt`8?a54IA!IG&qBw_7KElzgZ^R^qRoMs-McL&uJ
zvn7RIHeW#uuFC$I&6BBV(dmuaXP(LHGf;fPKw6d!Nz3)qYbEKvSM2F0=`G}ZEgo-y
ze#<mnC}@Z24HghgqG?6Jk9D5jrD)ygC{ghnvC_e`+-B<5cU)}s>TX!0_%0ovUiWWr
zd{O_gSd3@z7o&>0`|?fy31eeEXr{_zRj{K(?;#gWh^(aUbgJDnlw^F><&57Qa_nQy
zCTBc`+|KH~KyMuM(h~CocT0#t6(R$3GG_+^w_tbc(;hMq9BxtgF*mi@Mv$PGvw4)Z
z+H$mEOckNf;uqxlq-BE{vNzmTZ5vpiqOpphYB^4MY*Z@WK1Ic$K=F4kJS@T)bE6y4
zuwh?g;}64RP-MH5g59lgX%chcJ$^(QHEJqnr*Ezq5Mu-7o4P=nB#!D_@>!x{-{m^*
zut*JRaBaW%yh?l@M!y5=Ov+tt+e?ECMV#8!6H?Iea(q$|IGAgNZM*zY>%8DoYyWAQ
zm@5fy%RY|_>jaCHZ!jBPwutVT(`YF(a4TYqX0Bu!@Qj^bVe3zLUJBOT=1UgcpT~K8
z&jd0Rhkv4r#H6+#gB65Kjkpg6l-27`kyw5=cZY+vQ-cYIk;6kP{szAeOuV(6yU7s6
zVAMyY>o!fV^VA#GCch3&x*%|e2pGe&ql{3jZcI_tir>v8b_%<lP8Yv_0m@iiZdUM<
zKn$Vqm;ow?F{^ew%bFZXFwwdCV2I8gA1X^@rvC?JL4rTyvQHvE<w05TmFf5+H{7(z
zBKgj+9*;XLNmy%>K_RV!<AS8Qco>bq9pNwxrX2gUMt0dYZ}F60PutqTOlp&rPuyOG
zRw7wrD#<ZxHj$8Ze!CsPfY#lOm3T2>%HG)oE%6IG-&OuQ7ur*`O`$@mYFfht#?6{F
z=58U42!YDN5Fri~Qu3Phu4*on8>wMT1V$_2cihvjLv!&(qjhncd`9=jy~Vhp<C<?S
zSx>u-*cHN?oqP5$f?7?Zk;WirF1d!I^-hP#1teDzWj!@>@`?8qb3ArR?|3vf5?0{e
zMW^t2l14EQ@_Kwcph$ALl`;Hw;=Sm;K$DUsG!0bJr_I*~MY8l$0aVhfvpKH&hC-|?
zvFnV+Gst0Ra->cBzOCCJX#S<-zU9?-=d%q7yUj5DB1Z;VsL$fAlqiG4@6<AWvQfQS
z3k+pJQ{u0t)z(E<*}c+xvI<7R=KMQ{*}-2%h~4*qdXdKfAL5O?C#%`eel0~>f5Bz)
zuxzrQMrl^giBNMtj+hV(53%0mWDblg(yH=OMF?gRaMm$!s*-E`2xLfi@s#*h!tAVt
z3aRt&WXDt1L;D+|8qL37tL4m9`%Yt^)25WuUhYpkH<G;0`3<(eQh2w+$_;sST0iY1
ztc5;EU_0;)Js-pfBE&+|Oz0c=-KN;SDhkb~l909KqYfUDE8P~}uT8CYfo{$w3S@Px
z6{gIzH#VQMQ?u9u*W6hxp7`Mqt^HQx?yrzCP(L{x%q^QXXM9%uwWaq&<cJWUTCo9u
zo)iVqP6wwigTJHSgRiB~ylgeVR^6oNf9BrPC)ZCsSu5<D*i2vhMB{i~4Fch1n;IGa
zVthsMpZF)f*tE!N$^GLmoiN0QJ2?1{4gI9!<!IAOr)v!!YDwCgi#)^FJ~kCNC5G#5
zF{Zh+!0+m>Q1H(ZmmqWRgtGddWnjZHr*+Li&9gQKaPSjj=G@#Cr!o29lj(X7?@-Qr
zaNgX$IOAg?n<&Llm8i_tR&f0!lUGdYbtrzB3upLos;2M1?q}lX=)O0}asBt<!bWQ8
z&lShtV@1O~m5;~PWyUf6<*HZeio~LDqUKdUsSq0@;EcHJUmM@>Dy~YX3_KNJ6}zYn
z=IqJXq|29N^{9sW{`g_R*x9U<v?s5nxCQ{g8uc0GSz&OJ-;Zx~b$s|d20d-e(2}b}
zvE5W7YE`-bs8WeTwwvx4J(#y96J^%~lhyO>ni9lGB)2+U@f4VuNNT`h*5d{LIo5qs
zSkz!vpUTVlYXaFGC-r-Akb3FMd(2jQg?t$rr;ye<FYixO)>GgeK;(&ISgW8>i+d>+
zYqXm0v{)$dxnr@Of0CpCnh?m7qfWZGOT|_&<w3>cVK16+#mg0Kw)eGK)|0rj8^(W!
z90P|qBXIi)<_umAQ<VbQ?B}IVq!ytbmFNh?=ow?9VD{~#<LxLX%iDnYD{yX;=B$3i
zN%z!-^xtnfzS3ks?*-X5`Xo03v@`0u;^3O0oJt8!x=6++?f>hYikxBS10$PPN7rZ5
zVc?5?Z#BZ_+jf6Hr$<Fa@E?=9k$v6Z_^R>0dr|N(u7ZT=TLnnWMAcdMT0#W<%}uw-
zUWAhlo?jH$JpF%e(=(DjHZdXOv@h#e(;T0ZLy;a68>^Aglhg;i1_nOk;$}1kuYRz;
zzq;aczufePhI@H^9na@c`0?Y1y}iAsXN$-4K-WJpF|nJQoAK4gh$OC~v$NNJT>U6K
zHVOuYNV&e{YU9DZ(Uj8mo+R09As>JVz{khmx7p%`M?!i&F0J%^+)F8t%Xqu&MS~6O
zZrh;|nLJymcXD&%vD?7w=;#piyoE<ZWVhR(S6|o#ev9AjT({P29EFg3^I1hjrPb}C
z!)l)1wHj2|JkcA9cCf!+gH$L=*5CT?@v(S{05};guDR9G55xP@Wh7kYzF>zlNI<Ss
z?Dh_RP)!ZH6AD%oPOjUKxRDWs*X+zp6(0*rB^Ir`qJM8V+VjIjV-#AULUutAVpJ7k
zf73gdR>AQzHwOm?AEdW;2h!|RA~dMHF+0maO&u&}Rg*FTp-~e#uy^r!x-|^`#$z${
z$M^NA*s*TJh0Qq%GecJZH-;`@wivOj2r-Z8CoC+i>&e3S`ugv9B`uQaST@=3-|6Y-
z48P$es}#x`4xG|6GWO*)TW9dtk$iP$)n;#SC)Cse*KwJSByRPF?yy#ow?xt`mTC1e
z^9$N<cIo@Q)`P$_tBrR0jkd%tymZk1A!nzjP1;bW1JQ(PDi825!xE97_jY%qhy{`}
z1FkIRil$T9jN>w!Ll7X`I}05?&-^aOQ3PCw*7gn#hBpV<ek8yHSgtj%?$7pp3P-=%
zi50F1U*4*+Eb+M6XVR`K(rIMA7Z)f~SprTfNus}8s!_?T*J5w*?b`=BPV>K?S{z>f
zImpHpXgB;^?)39(DQx-cG?h0)-q45Vn3kWPkBv&mU1q&lfs89EVO&%V+^%x%dI}KT
zmoHs#7^*srw&VJ!=DSG^8Wp<3XTVrtQP>HPgEKM+XY%97t!4|xEA(2Y(EK{zo~%PE
z9CijWF)l2RN6U?U<YI{UFhd0`XQ-HA1vXdW@SC*?<+BE2NfpRUtD62B=RoR^OIBuP
ziF)}+@K#bNDscoBd!vipAI|Ur8rjsT1{<9jIM{NrP}C+XV47IOrl%5+Wc5X9fop3y
zj=xJw8?baB!xcifPsBoy$uGLTr*fey;m^RL5EQ}WY1Nt`b1_s@RD^k7thb*^6hXrx
zcfs%>kq5Vbql5@R#jLbZenX2Q7a5zL#&Fp>1bwUGrwZD_K){2;#FAB_L+R=5#h@)l
zJb?ivhBVKhR>K^zt2Z$z^TENv!6tW$G)5iAQ%ZS0oR6nEWi%0IhV}B;tOU8u!d@m<
zchFpc#9wX>Cb3>qnDrvY8f@3TBj5(27}|Uz+k4U|)9k*xSgH<mcIyuKG?yvt*TG)n
z1;-?x17iFzuQc>ZV_%GjxZ91Qe4>d*0|g_SWWxSyG?|H#!7%GzxM2K(k(Ehv0c8{l
zCg~KdSzZBx)4>GwE+$bJ34{)nwx2qloIW8ueqko<x1g7!l=O@$<r6Ih#rCRQ=UxvX
z_s^kE$^m>B3t<tuH1ZLUgp(ddC4w}9C-RJM(m~(pcjorTGk9E%RY$^0hwwP|yRrn_
z9Lf02Zz5Sb$dbB3@cEHb|A^Mo7n3JrhTf&N=75+(?wE8M42Y1?OL_@0p4f2J<V4Pc
zxMVYV;}IiqS<GA~Ofw$VI5e#=r7Fy9HLNffCv<<|K+zeZNX6iq7bSJ!nPXz9NbD3*
zeAOj!%`HeL61`P)Qne~Uz?`otcdS(>)BZ0-0V7w;*cpi4>40=xygQK{^c7as*lh?U
zhJbc-<4AAl)I<XRO{S7*u%pgAueG|V4C#@vl9}a$qVNj`d<=>0f-j}_I^N&BM)3tW
zSU8JGrmH8!zqvItXfe=nG1bIi#AS6{k1+H(p9@xF5K>UmT5p#~-=-NZl&D2I@{0&5
zHanW$m$;r2Uyhilm`GVMmve?gISiKsKvj<AeNdsKR#EQrW1FKdUuv)+#QFL2C*HT3
z%6jWX`gmjJ`}_M{%Q0Ftx$kqv$eH{NVLZF&wlH37H0nUlF$JaaJ>i=vB+p8tL?bi~
z#O_>XpybZqhM5xnh=FErh)05Gg3A^tV_Y{)<&WBrN!X-Zk&Z6Pu5f9BhmTm1?w$8N
ziC!EvJvt_a1~Z{{iU3PS_nV0cl^e{miYT87G@_hOvkO3ZGKPoe?C&(Ydvh;N@;4HN
z8}UPoGugsFyLLemsts5)CW3SXKerZ=C5duBK0c<RlE?`XQ(I55t9`oe?NLPHE^K2j
z=vB1N{#&k98-n=HH%6_8h6HmD&o7flMXI1!6VC}I=^Tnf*%gE7G4gnhD&RAX!f#nT
za%+jMx?wHV%3HMakWq~jT^ie%I&d{L<z9;-&2=u(#eiC_SW*hx?<I2TKCyuy%(_8x
zAmN)4XPDrrr7E=+g&0k9q>)kY{`$$T*f(=`vN$*}P?FvlmBdA-imv$qOnoyDEfQv6
zHnb*TtcinP<`MeGP8{q8+w`8{*cBv>dbCtcSskNTOfrn<29pC4nZo@)ZTv!LMn^_w
zW@mGAb9;Mwcvalp-GPT_W>(<QXzzuMjZH;OEg>lx5)uLn2glI^8%R!0zBTcrp(Y5<
z$|A<a#l^trhBxljbhNUv>i03zsZJM<#tW^itSl@njEs!T&D}X)YqhbldGy-s@&^Le
z@;#0Y0tNY+SJa`jcY6BM&Tg`+2MAaQ1k%>t9vBcXhpQE=6R6pPN5bdWH$R`GWcsuE
zhrvx>IF_{JYizYk@i)2s{r%rUJ_KUjM)s_{glaMG`?}^6nIieRyFk6LdoNvnAnTL-
zO5E#py2N&knv?Gldi3l+JUonC78nS<5EwYfm;QjjBMAZ_lyr$ZxWeE-8CzP??L{#e
z4s2{>{|Vs5h@F4O&&}Zs_Zl!dJw2^>zwq<*^=)-M<99xcE707M3=0qMwz*hsRCtzZ
zE)A&d9dyFQGrx<*+LHW2Pv4Vkm<H2(A})%leGXORchdM7CkI5a`}X<_%66=Y4p;G2
zTE0p}dKPsA*hr!mr+b+FrqKPTz8_!Mo``1xId!MI1K~{HoB|C#?&4Arj5xiM%d)Vs
z=(dWF68cLIl|^8vznA&>D4tH|N)4;e;X0QE+;I(46AO9c9mHpudPnSJtMXduUypM1
zyt7jj&3t(O{`$gza{JyHFJd<llj_RK#X0|PV`k3T-u^3~fAo)MTo7EkY5t0hokT%Y
z7J0HVHqPy+FlEN9fZgfUJcBgf47`Km|3omdx!0L6w+NP1g4)<U8ptW4REN2!E^hi^
z#WgLZzvUbHCxz&1YZjXP@yk-1{sC+3j*Nt`UvzkAF&}2nbgAq0aNZuA8L&F$zfhCW
zinFgcM&91uKEBE$>FLR@;zpG3@qAxZLz7m=%J(upiWIwpm-;+#YM)ESG;h(2jAC*T
zibR1LbfDt*?z?l6YO>-)97iE?z3^2-ULF-o2GSWcV%<Fy6dcUQ&%YjUfQXDNo}8?(
zVvEmUolv$iKhMR?&d6GR8@Z>H1gj?%_i;cmoDuF5rzS2|k{$su$@clV?`!Di2i`G+
z_O>?LM>Z}M#h#xMUpqPl3=G2K%qM?y*=-;f7Z=;w+QJXF`TPfnL_|a;n3?mN=@{hq
zUu^IakiM`;)FUIiJIVj!Da|2C!&A1bdiSA(a)aAX*)2#&)Y&UJSO5C;D-;xzEnkwf
zv@{v~5aqeGe?=H#<9%HS_Q32c7E@ZI9W;aW_3hCt+=Ex1*?~)gOv&70WgGT9JL_gM
zogtyTY5Co-x230Me)q?ur$>~HlmtD+&EswF^O;u3U<UHXw)jy0#Q@$an^kU)&YSu!
zbGEd$dbnub@B3gP+w~3<AS){8)()aw+>d(Lrh|Tdi91cidDDh>93LL@>2BsqmP|iE
zMs>GQ|F>0?lMA<I$K=!`wNz~^1+i%Z6SOY3dDMFEJ2R#76gT=q2&lrx?#Brm{gb#n
zw)?_s*MBgy&%OyViwj!&xQkxuIQ5Vc;r>kAAbUS33@PVAs5#yq+8}*LMsWXWbZFaI
zhShmCILm5{S<yE+i6*f%I&SQ9gZ>c!ZH~utbWV{ydqhAYSYCcy`0ekISXs#eX1Tey
zF))>zVX{+bT(%7fr3u03;^W=SPcuC6VV7#5d3TZCoCS*xX<+0%LSvp?O~(Ctmq*q2
z;vIR86ZqRD(gbVr8&aU-Yd<18GcXY18U|Y;(v7L3qq7g@YrLI#2nc`*ssrZO|2~bR
zloYAJA$R}V3)U=!oCEtNOD}Y2D-9eiuKcC6NG7ug{0xO?iK%_p4F_e)>5YJ=!Nysi
ze=CWd-35TzOBQF=ptiQQ@S<Og2kH$vqVa6cOdHbD(nv^1)YCk)w7>(U{7rr-tq*R5
zSPXX$JjXU)=&Zky4))!?C}%GrWivK?6)nl{d}k2=pFvPb1x`Ii(Vi|o*=x$n%kTMq
z--Q*4fbs9@`t}I(Pn%WzU@}`ud;cuM-$FdEe&jt@M+<DfKbEHQo4MCD^lf7beLGJp
zxfjY0g848%QtD&G$GB<NE4tqj?B#XJXYM)QXwURrMkdXURM_|Bvoj6>!FO94G`&g%
zphwAduD!r#W@Nm*z3tlrrYPEpb%HZw)c7LR#kO)Hyo^&5Ykf~apDCr=pOi7;cf<7E
z5;>a3-WDk)Dd}Y9rCBr$1B1*f;gj5J%Bdjy-|M;J|7oF$y_v|!3=Sr;7M^&VPpmPw
zjdIS2vi$TMPXC5)C56DIphc~SKE`bh(u6+fT$~;5CZPMZvcz>rby)y?mD3Js#3uFd
zU@FM5c3h&T-modmy|10{WeR?am!Dtz%IOYqno2x4^k=n`ZT-JXzk#@>5PZtKe0D9K
z<RC%riO!wtji0Up{gNRWvDk0$Mr%NGlcvee_tNWEW%4^PxVfcer1Jv8JGPXSm4%k-
zo4Kg#%oUbDCXA8yR8D2Bq?8`??@*c+ckzdeo<8xx>twtvqZmC3N;xNtPe{#MW&B6G
z7-4=B>V+B>^81>N0rWR?6HuM1J{%7o@={zrZ)8LSI|qlcv2iudOjRHp+DP7}nc;^u
z2n47)c;<<q>q@~&$p|3lU|?W`B_pc8Pu3#NQSI)V!2RZLnZEjVFu%Sr#(R6k`+z2S
z_H2^rwU!pzQYqLmJ}r0{^$_g+*qERLqeD*T;^5HjiB7w)b8_PKbZdED6cNqqWn13d
zU=Jn}6&4l_Nr^Z4imxWQG&l%HI{1sDK^BgFn*j@_6eJ<?L*7~Q&qa7IZ5t$(*naQg
z5iDiY6Nq@-@1gT?Z2NS%cFgbod~Nir3bh`s!tbc?@c39kThakmcJ}M0qm=h4+Q6vi
z-iNgnT4kP|?7tupbX%h7JhDTi|F<@gh;zHsLodyp`Q!YF{5Oin$sAf~xMlArY*G|A
z1FeOb(J9&8=;tK#;$Vq<Q|=C}Y$k5+TK19*n->KgqxDQ;?j=4t@@LOZNzbLY&PxkV
z)d9Je&7<GHGP4`|JS89t8FObZHP8u&<Aed1odu$t9-Q>=;9!h#p20rzG>N7$f!8E_
zLzuCggwpqOHw!Dn^1b+^mfx$c%%i%u=2y$xVdLg+r(ndM`XY2Wd4bfYtAMasht9&p
z{(M}oQ~9EHc6#2uV+_j}jTOS$9uh*VB})xa2sJep#{scCVLOjyolJt&naNmi`1x?6
z?1OCdFyplhqvlpt%<pBKcy)2gIbCNepDcxfc0X5Fk)z@zBtivqTOlytoxuq9gUR5p
zOvXs;l{j_Icl(t{uoyvQEdEI{k(t$?Ag5cK^|i&~?h%}F#aN?4pRVQw81xK&D3raC
zru)JyfcIO#%<kGbHnA*VgW=+Koa7{dbD7dqU-~?FyR?;Dq=_CUXSiD)1pPpjoTO(K
zIoifi!pwb&);?kvWU`yWxrRR5&;9%5e#@cz-j@%XW*_^#g`;AiW{6wISjR4c&tyo<
zK)*cf<)?`F$$0e_B82fv*>X-sgT=?wf2Z4|+ym-*Mi%XSA+@RmM3+}RVMDh$!*I&)
z>|Zy9jRVtdqdaV^4rjq)se2`0(QnG#K<h+1_{pbZY0A}$=*`GabDe=h)S8*SZk^zH
z^RO#MV8^(Yc{E?@LgsC>>KEJ~>}wU>e%e)c`x)kOS;UjC%`KL3;L`=@`v}{cP-vjv
zJ%@@YVOf-?wfYj$tf-iZ9R(q75aRUilFzVB!ywJUk9%l#4z&DvT@nwWEBelqL+sR>
zrJ&7vS`OqR3DOBP(kj~Os=P4){`bGtB9wZ57n4Knprnw0?`Hq>RA<o&goMbKC^_wV
zi^tvxF%CEFuy2l<0%G^2{)`=t<uw1Wd?&(LTIT+p>CxzS4{Z$9n9Y=3u%JgAT%rY<
zpsT1E`Zkhf8R0IgPD+F&z9CybCd-%lo${3!ODlUbUb(oFl-|^5w`2EN63$a<4=x`Y
z^K!765DDxQsh^D_DLqM7_jbdyWt%U`d4!SvJds(ojvDTf@^hMjqH=&8+K6&lg*sVw
zJ^SgUZYo!4K#EKA#=5p=qEAnHjQPBZ<1M(Dyxnb}74{&trtfQxe*3)AZqTtq{0!9|
z{7(6@;n33DdVdEhLZ7Vi#&W1~b|&_zr6;_2khkY|__V^3T#-|?;MGY}K@Ps%Z%Y^P
zFDFUyl=n0T+Fv5No;N_<LTm%#o+JK=v{5GmVEJ3titMOiT6|x3Z+o;>_m&_FOY{qS
z6|{;VuS_8SgHE<{Eh{IGDIbAAu*tKY0U(LCU1WQSB|Fp4I-w_hN~qP<J`9{vX7(4;
zs?PFkHhT#(Y`IJ6x1aL=WM;*t`KW({w8;zX=%;_4G4moaMF03j4%Jn@tc`42H-Hb`
ztx@Kmvr^E^t{*L|035zCvF}##FuAy@niRC0Er;OFvLj98?!Cd%g@VJhiSVHKe*V4<
zn1(bP?-bv*jKk6o@#MJp!rculWXv-5%5?VEp?jQLym1vniq>nTzw&0dD$@$F=dKuC
zu3$GwRxs{*yKX9U;8Qy{$7vcJ`9mziaUH{(xU=s-FeXhza=iJ@kt}2DdPET_w<P7c
z72*5D*wpWPgmg^i#Kd+19`DT63t}BV{@R(i4+S=*3MPMsp|?DM+4kb3ioR{aa>JuM
zrSMtu&pqL^NjXk@QDo9#RL;Xeuv=~9LDWwYnhJSThmNmq?Hx3+QU}=)t(VtPQ(Qv$
z1;+vQvw(5QB&q!rYdsa8+e$y7-7iK*n)#-^+`Q(vBEqVb(sug|`;DZ7lQwFU{>@d6
z^Jp*a-^M{&E+pZd|LccHeQ!>mRFxUcMHA(P@xoeEseP2y49+p?qYUbh3!VWOT3mLu
zQXu>r^|@!~-1dVw^ojQ~Roz@TpQxTNq-j0yGK^?Iwa;Qs??UYM{a4pkmNn#0Th$`B
zX-!r;8NqOt)#T~5Uj?}8_L4P?>YINf>__|IlWdY0A+J#Cf;BZ1%0u{R9VqhWh3*mD
zBPs-TEKUBcQ?(d=RYtc(KCuSCaTJevaJk@P>k;ii@}G8<YFzk0yr)T>ofj6tBN12&
zyZ$TZ(bz9Bl6$c$DQ&l!PrMI_t~$nAMc{Oe8WyUQpsKa|rHWOfS6QZ0v{B-n<WuYK
zT4|h^#;Z1wrdAK*BSR~t6qK`(=);<gyT43~gD>kubCyA~s#BPSU772xSkkp>l?_?r
z$4$|-eRnR>vdu4SI8C7hgmXe%hFNA>g?43xGtt*OZJ9-Z#qqA(4u%DY0rr7FpVAj(
zMrb@|3_=;~BBBBN5Mx>~Mwitr89X+dN}#9cy)2xv?)xY6;|2+QVz73cJsOi5gk!ns
zU=*f$J=sb9*OmHb{XYE6W*h$3KJh}Y0KH$P*EM=!ANd66Vhpjg{wq7HRu0%+%E(mi
zchqpUD{B(xe49@=kfh7aYZIIzfIfGwFl=GZz?}rE2X%Fa|1|8Rnn8#{uE4%0E8^||
z96$y^{Xel2|37%INoizcL_U+((AZc-S=orWC7`YCtCyFTxaoR_2T+gzj!-s@omxm}
zz0F2#B3oG4^>hi~*wY%z2LbgV1clIy6>n@+BQ80a+j1t4%X(pVcQ-ZioT8}+pjr9(
z_>z*7(<7PVGcp8Rj^_X~BlhRd>5=E&Q&j46jdmOJr5gHb$pCLPn!-}p1JEDi5<IbY
zTu1x+3xL$XZL{+7)2Qp$M*u$V`z#g!6#V4Zo3S(9VVA1<dY{W~IG&$N2I~zZE+-4+
zs>L$^?=Zfqflfg1)Y$n7u;Eq+2nhQ*tzmtA;uSGEy1KeQnOnq_m1kZbHs0q{6xMtu
z4*y;40Fpzqa<YYGe*{ju=N-S(epK^ea#aTnz-vFn`n}`=SGyzUeLF2xZ#7S$oaUw<
z7(*=3@qFG2a4P#}r5Jd4(oF)6yI~&BA;1Mp0)%Um&$BDgeO3KjW+yTPsHm0O%gfDm
zgLJE#?=`ixppO9FjD#}<j{vfYtb&4u*M)Ne7!0U(!vG_qUkpOFUTv@e*qRo{MZFLB
zfYq?xDv3shdT71fYr|I;V5vc7LT~?eE-&rto1G5iU-kk%A<gaAH(|(;2zmdj9wY(C
z|E&K;1KeOFmNo+%IZV8h`O?A6?lvDVr!6EkwHWjy4<{#d)rVy~5XEM<A!AWvlJ%l1
zF$6GN#qEuOcU*i{b46%E|Gs6k5d%6#G|ze}pHsmK42_0K$+wkq(4sO}7q3+{3lO#>
zB_)-^8mt$}9=o8?fNP*lB;~d5a)$Ir6Y{*>&MG82pRLS0{*bb;T5I9j1D;Ac@K~QO
zI%8M4FKWrYd@1sKe;eSax9CRKF-rwhC-D#Syssill#)?o-64|E1i;V4*h@h&*o-CB
z)fdXNYI%`rrCb<usHHZe0GSIJUM%Vnm4NfG`QUeN7{E63djGSZ7$v8pqdP`7kQ8*-
z?qkTckd>9~^nF#O1r(l2QRcq>{%J8578d#L3Vq+lPoXZRx<;Q(jEw^;>uPI_GmD4A
zzihO7@qm$RRKy5hY}Z<nGPa!f>q}))n4`F}4kCC3D8<Od#$lA_O=OGOJZ{VuK%enY
z&aoF|>XVstl5eJ|*sU^;)&bFNEWhPocNn}xyBNUEMp6ooN&i*eF>pHXJ8zn{Y%1$t
zK()c+9MH)Bo&?bMrOO5RG@&Sj_iJt&N*}+N;KKSGPLYpY#Y>S`uGG=(<(;Ok0LoeC
z<9-IYScqZ(<-e;z(zMR$05EvAw6fy~nAR#WcPa<KyMq+VYN#QYD%`&<xBF7`eVYO9
ziXMYnVZd4F`IMt9S`P@k!L~~pyN<_w9lQ2^{Io1bzPhn_2`MQKKi{XL!g}m1r)jn0
z9RX>qL)z;2yp&Ooy(A5ES|i(;JOsmyjSYR`o-no}>V1Rm67lZSe33xd-FK_0!w)IN
zu!!9|c|ZJKU0yI+@$j*?x3`tg!;vxoLBecZr`}3!AUhpR@KzBBuXHZ!0o@P0EFo&D
zs^X^Jq_{FXiWtTK5wF8Uceq?ji~1>l8qCu1FTg83J$<BWCg1gJWtuU4*GP>b(CvBB
z?@bKh1S0e_-0vt^vK96Adf~@_3kovS6nec?adBCKX0kTU@$>ff#?z4u@iJs?u>qJr
zm(i2C;=t7%b#hh>4GovhW|S|3-Q6PdRM!TB$Dg&WFdwO@snbeysk#zeONyi$e!W_5
zp>C;F=%y{FuTYV3G#auP?#f_k&k?X1bZxx9J(OBuB2A2stDW@m|4gsy<<EV2xtSCY
z5Gd8t47WlNG~kI!r<Y<nOb+XA7nup7REwbl=VA_ip{-!nsu54heYfj;RTsP`d&^aD
zE~OGjHk=vFVpV$~&Jkp?sI|ys%jzpTa<#X=teq4ZjdQ$M3Km`Wx)3zG-cyx(c9*1i
zlnqfs*cQ(ba6MJbaK;%2<5tP1&ioz*IK*u&X^*gWK+OV7#i8|Lmp+*>yu<DP>BVZy
zx%}TS{aa05^HY9MWGc(o7ykA{)GyfAzJ+s(vNj`bR_<`WGFtdJd3V2Rw{tzxj3bDJ
zj&7fU<}zaFBe$*J{IM^47)<;A(D~kvh=hnZ$2_2IYOBfZeK)V6IgkeeFXeL<_v7>M
z@Fd_LqdT&R>`MJ@Z55C#V|V{%$!keLPw|(Ap^n?<$+<>-qErpK?L&iC`6E?ysgvOs
z&M+E;q_FIxj}4|3&ImL?eLQ^y+|8dkL1DT3i~4@!{RtkJ6hFMq>Vayo6^^GXBR4a@
zQg6+G@G*4OCW&=NTv~B-I9v~gA!Kewk`IZWikA`@Hgu|RuN3~b>xiJ!_7adsIj#?b
z<mh)+uE@RzL5SOE7b_k`C^%w%eH7vDYXOLiZSgq7b~PN%Iqw8nahq)#RcRJFy6QQq
zdHXV6B(-SkUCh)#d#ko}pNF-<I7fbiJ^lA5Trp1#A^a8*dU`iCmDVH%4WXyQTr1^|
zny`|wladu(vdG42BKnpIzN~IWzM@cK1R&zmUpl4RYJ74DRnzXVB!a5eefZkF##_$S
zs@`oSurOArb5LclU~1)pSfMBBETlk141~pBI@1(Y)Ee`7-%}l!#gP+!Tr00AaabuR
zOrBUI)S+Bq1tE~_c2U8X=!!{50Ic9mLpUIBCxt~&0>%MjmfoTn^g1a|Q9nlW{%?HD
z300Lj`1=zyM>**X6vzqQu=?Xa=XXBXQb6}qvG(xN(S*9=>smFV5n>QFBP>@YpwFwq
zEio2?_{XwlO4v}NaJDl6jlD*Lgs4D1D}rTbUGE6xg808UQ%RCwKg46p=yT(qruy+-
zLaIS8xBWaEGgW^7#qMY(zey8^cG%_We8oxQ{7MZhSSN*~9fEwaSV?<fRA92+0TT}n
z8-W4Y<e(?ff<@Zj-=3GAl9K)5)37Zi?TSH+zjFZstyes;qxehE7$essV1Ah^)rcKc
z&A?+I@h_&URfk3N%Nyac2%3vI`emwML0TEAujqg&psuWx{$Gq%mVm4PAO0t@v&K29
z2Y4K%kHM^KT*T(csj|#?=ul*j<)05Z6KU|j0W-|M)T#!ks>$iQJ!z&tSL(v0pF>HL
z)>Kr>Xbj)qUXl5$F-E^Z|I=fdA08duNoL(K(zC=A&}p(KUq*_L?pa#WJZDoE<sYG;
z37`oN9SD?*MXAOslXF@hO5&r9-V6i{sPa<$j+2XDSXo^ywIYyJPctup^U)NxB9B$>
zjzA!Hyt}+)RpV@dzMDf7!8EMfRUD^HqWP#ImM{LbLOUsOc6U<veJpBJnM0RX%CLqv
z*HKB@pVGLJ;3Ju7S7(`C>u08|qp~8<HkFg3q|T`IQ0e@yxJXRoc@>6wq+D_wBO>W9
zwsPRic(dxS1vqjU++5sNMgXdUSlkQ<h6DNxXRJjo3WFt%2sDUw0fJm0nHLYBuKuR9
zM+1hDKWWnrcG52afq`_iyo&ye@pCbMLSKq{x5m7e`a)Pe+Zdtt2RK;r*}>UB3U}b;
z0yRp{E7I)YeLmU-s+ONAbA(*(m#9E13xvsN3HBsY++iv>pfqKiLaF*(?}A3yzC#cN
z`_R+)jRNKn09Q-B`HO~txO||tYeWf~^%)k_3skaRt(hDkiUkB^7O!-^zuL(y?RDX@
zPE)w_*&iX~27N`xY?YoPb>IBxh*%$f-$bN6t8D#g?@M+%y_g6dF~4(H>(=#B9~2&G
zNaQ1xsL@ZpPkzmmnel{$FO=0;{~o8r&>U2LeUn3Ae;X8jW3%7<M$LVVH2;x%euwl9
zf^)=PHAY@<1!0^BWB6;=^dW%B#?d8_(sJyV)dS<gB9+7B#6(Q1^*Xm;u1>?xw8loB
zlRil^DVU<8*}}<mE*U}}Rq<xe1`rL0-<vl*`hz0;@*lHp0AkAGF6W#5<<;INsS`u6
zG0H6=*t`b#W*NS4hFW%IEu6y<|NGP##pu4IX3}y?*m2N*J_Y8@h)a0vglI7I<ZnU3
z;Dg=WxW(z3l}|;9V`;8+VNydq_{DR?hpZ{XTQK}*PSR1SO%8j52?Uy*3s?n*`!h0y
zJD62Jxrgoabak6x&Y)#K?M1<I&ENc>uMN*oA$6Rhet~N5!CvYscBtjW$Q_KP^kg`K
z!bu$i&p_vXM?g(+*o-Mftt#g4qOlDyu4Zx}qniP^>3XXs)euz>_7Ic>80?5O|8?)j
zz*9Q5En-h)dhq(F0vC*oIQZRIyV3UbZc#ra<0Ik&d(QAXzKOMLPO5jpX)ziH%tzn|
zjyQ_hLZ9dRw8l@}K^DsBx5599Y?8RrQd18%H>)6h0LlX#Tqv-;HKwCwcN_+bwB+Q5
z8Aoo?_4*gn@F*yHt*+%685#EsN`6AL@|k$-Cenau#w^vBBsKvk!DysHnF&DM0fdP*
zNa+dSuwe&mM-y2BlUV{h!ot~vdGrs5)43XzKLTM<R;mmG_x8rpI6_C(T3mL%*QaPX
zQnmnr1K@d}HYIDmR9q&~sWjMa`~Z3yZEb$To*=+FG{rb|3UmT>X3Hmgd-e8PqGu^F
zjQGF_0q)-_S<C|HO@4E78Fc+(@H3BaiY69N_Y%{0b#(>u*U{x>cVNASDg(ggA7QQ)
z)R*ftmWZAo0k)wpTXBZHA%-<2FXz1@>BxwP+d=?_A6Z?^a0MqM0K&VL#szK%>c@{C
z1>DY6S&loj0DW+-GS?vkn0b+ZQ@pzA@(K!`{{6Ghl8}(lJODa|iZYeIn=F79%?eC)
z-2ou}J1u8vOajX*f3&A#a)uyicQEkL(Ch=aRjb9hxV#*oo8*ADv)cgB;!{Qd=b9w9
zTB&+}2iF<-CeUTtF4ugD=d_wTocb#^6mI<A8Y-#?7K@Dz!5y)2YMEq%1%2<UPc#!`
zf6!s$(m6+~6M>=WSbuH@91#V8-zeF(;?JKCJXa@`oeM=u(8MJpQTAE<E{ep_ynK9G
z9pPxr+aZS^qJb!l<d|V3iNGS~<DV^%BOGlE%FoOD16t9lHj;RKx|@$Yb~p!`M4-VT
z&@&~PtIU8T0ptZ|Uy-HonCs4FlvFf9zVFGo+17+ZlgAEhm*f?JZnMX;!p9x!>6~Cs
zKQ`D<AuTjiRCN((zv(6i<Iz#Tj;04#h~`U6rK0fsx3sm%y%5TeX+hW!q4BGFo7H4U
z5Yp*Vb?(!h8uomhrHZOlRgc8>8xTN(z!E`6E$HtB#+;_>+?I|v`{SGzkKZi__`LtI
z(jf@W!9<OId*35a{llX@fbt47YLTCrdbGYdI@ZjPYrLK{ZfLhiuV@sG4iEobB^u&S
zLxr|j@k>!5Pu~qmYh?Km6&BV7W$&0uc8)bml|exg5*%FJLu^!8TFOum$a0_wSS$7>
z{8uG4|DaZ6LD#be>`-kg%A2Cn3dv^iC;bxJkK*m^?JfR>O#Uf{-I4>e0^mtvV&Wrc
zpIo7HBCUjHB{_)?6ildivs+OscBh&cGxFOB>|AxzZ5~deJeRpx$l4NKpR`T@u&Ej$
z^ImN>x*;UWx9hc3;qmMkCVhN%fmeNx=qh>zI4|n4vE#whn&06cl|l`bnv1qe(p5L*
z!t6NAC+4=P{$^}07b=k631ntkKiwXsw^Fq<Sj|Te+AIs9ui~R1I<P^cWI`v-ES9SN
zwh-gV?u{gYqK4g@txJ0J!jrhdIVfee)^l_EBXP0dhNuvJ0de2MTP1TkHamL*h~Qrk
zRVe+t<x1Q(0fa~3?-2HMhqPIcfDDc?`Vkf<AWps}(E^XWrIgkS3gxziNEdaNW0HOu
z{DJX7L&B#|_S3am57faPdzxFkC!1fdJqE3LA%U5A=+OtGKj~Mu>cMoM*VNBLbmQTT
zi@)`KyHu4I7eUBUP4B+@596%ZF_2k8{keCF-y=h^SgaskoZx-=w-Zb6p7TSOq)<^<
z;a7x(znmNxKFWWO@mLCxt0EWl@@cug0EB~lL`bP$`9p9bCbH~DJHHmPQaoax$I2on
zNI{W|z^r1_ClBV#=YH8d6E$~tp{f*UF;^69F{GQz|H+xP!6&Vjk6Z`=NKls&I-(!C
z1I#9Ye2C}*wDS{dYgtyQxbo@CiDto4u_XEF_r|;g?o!IQ%3QaytXtf(zI;5xM^zu{
zI~@1E6EPLUhD>Ji1#WFqej#V4M7Xoo=QZPuGF3!rEeuUv1TwQlHtH-KlcEkro^3H`
z`}Yi$kc414-9xWHUO{rYcrSABibR<4VFf?wzEP{o$-q!9TL`vXiP`inkoEBW=KUGC
z!gDUeooCn`d!ntC15aW39C(z71r3eLu5TREcfW8(u?*<2(e*nvQP_UOQt}*a7xU$e
z$tu!Un<3LDyW00nYrNp6r*f;86%OP34$iYeZg;d37nS^M!+Hq8Nd)*S(NV#&odH(8
zt@S_D$f}<tZ4>s|kcPCIVe93O^B2Os;A8pFcw$$hEVq-?K8Sx9($u1zhtC82XE2jG
zUOmo%ajaPAs`iwL@!pv6O*!&e{L|*6v_y!z{_07X(%12EPcGkML=iN6V&psn#_CLx
zoVYA!g382gW}pt#Xj@8X!Yd%eIJ2C#BH%9(is49K+?4h>i@WOrK)Lq}p2_yZyIX);
zv;GuE+1#EL`sQ9wD%c`He7enMCaD0VZlAeNT##|Fxykx-i8W99lk9gHRqQ^oQ`mkZ
zbRrq4YVsPDsHK^#T)`kY>oP0=mR=#jpkQ+EbKt=-f19Q1_`sl{MYJYX2XTopVmuV4
z8B(koZTa&8a683g=nh6BnK9?_Or?m3ZD<_`XreyY5<k9?(-CFm37zPY#Vg9_A}~fF
z&)YKusT(EIYZy#X9R$%a*8+Ka1-T)UrnrlV@}DNnWQ5KXRbvg{W91d#67Hi*j0FF5
z{E_fUE&Fn42uR}&xy1^652Av|y>2_TP2bd1x>2az+9L}S)fe)f7{#fJ5OrC8V5v~5
z83(&dlZPW79nR#-;M+!Fswk$D`#8F~?wgewr`aUf#+Nx#R?FPgeYn}i#!l#5US1|=
zvPB~gMxZYMjj59Ovku7?C}a!i5@uw^7tGm78+C;Fca6e?oJh^QK0j#Gat%O@R)jrL
zaYtWQdr_DGKGVdnQwSis6iI$W<WEpV>g5FCAB;tn7l8tE{Y|`xrv017#~ZZ_>6E8a
zYG$9CaUM?5oflIBe94I(Iz=c+S=b`T=RY~><=WABY@&kKe>1&d{4K|=bfv(zaRXOm
zL@{H!dV0<1p3eZ#b_&GvBMRE{PLOLuCNRrt=cRdpx>F+d&3qm@D^kjZRqsBdIWc1q
z3Ko#&D>Nto%-5coiINph9!G0{J!V+ikTkjR^XMO!H}=D_qQM7COG|eZs!-`fsH?C(
z^zXcoYkag&ML0ol0$r`5NUSKmu~RB;Ifmsl{oPgN3a#bU)zv?E9K?Szqx7hoRcxM+
zAbu`3*Q@P*`ktwF#B>EHAAq0B2Aq7KE765fgV8^h*++{@Gt1!<xxt7Pc6h?%{6Wpo
z)|S?m_o;}nz1Zl~w~ojt>A@9>|IFA<MTR+$?W#%;o?{P+GHm{d1!OX3(f72y64s%J
zrz;Q?F{La*`7}?3w%Q-zD87dnmvrjag3`G`ts<QerjjR3DBKCP)3sKO`NCe^KP9n~
z?d-od<be9^Ml?olKAtWCTU4g<WzdBaurEH;(Ofm<N=8#iTm4o00+()*{9jqZ&k>IH
z(gy3YFJm9+H-|<Cz*^D{Q-z-=S(Yn`Ku(%V$qrHeZ@LB;tl4R3%z%CjFbcBSy@vzl
zW8b%z$Gsm&IhXhMzj^F_-`8)x;{dA*0Jiqu<3aXd6n<`pnZxm1v5?P`;tb$V2LinK
z0^bVoM>+$)1K=kt8d*jCyC8fHGsT&|Vxh)^F-fJufa}|}-g4G#I!9t<)pIT-$qzu{
z?OqSszN9w)F1LVhGH|y$rQIz62$5qtUna$JwxF0L3(9M4Z4D@Vo_lWJ0aFNI<?cHx
zz;KE`@~UD`FZ=Tec~sZrKd%Kq0`7lj+E^CZQ_7W8S^|8w&~T`!GAts`$I&_^tDH>+
z-B1<zz)+6c-Q5^~g$qd+_)Qp7$hqF-xYc^0mzS4-%X!voVRm*leow7)KP5A>>_-p|
zF0Rz;dpPfv`qC`0+EsBSR`{*SY@C46ajPd7m{Nr%LviFolI;#shOBsipT5~)NAjNA
zdLhbIC0l7*6BQp=Bd}8IUCEa4o7W)+U{e9FBO#YnpVE*e0KNdTJ}^++lKs=;(yk`j
z1%T@2vxV^HMOMX<3Qs7(p^@wk_yBhaFikIXd<r00sL&e)F?E(oC@2zZ=U}KaZoK-Z
zTF;mKhtEbe+<`>|fB5H2&CP+z<>dV_xVgFcA5_o?=t})q??>{K&PuUfE4Sco6hJoT
z6W(I6O#KmozUzr-#RP1CAx)s;GoXM1hSSTw>H>`_2sY3P?#OTaE9IZM1RQSfw1(cj
zAt*3xF42H{i-rQ=bFJ<6C=38?rtjKCyeMTUe|@Qo%c%8>{q9iw@tTS_)2XtT{>Q$-
z!BV>iXeGDh8q*=@tXffoH+aMUyza(6K0bh-CysM%YWr`1=6CFxHVlndd5++yzkr#)
zW^TP1xvc7ORzX;4qsA1FjS%PSfz>L+vA+h;apVuQd9wbq*WUuEhf;={FWGuabD`OF
zC7Z)Mrg&RVI@me^b4;dP*#)==db|WTwhjQ1Idl2rl5+pVqcM71Z~67>Lk*eBpYrnZ
zmfWSQr@NEpt4*LE^SnFuFL1-!5oktUq1CODZ&Hum{I%Q%vmA^;hJ5TqasDup#88cs
zgoXK~Nb)OrmF`hhc@NMXgv%Vy)81y<|7|xwMI{x|t;hq!2kimr1GbH@FnAcrdl^by
zMgsMV{w7SA$xquQ@ChqkV$uot=6C8ChjYbP_|f@}an=v#YxoqScHkdsV8jxw4yUwn
zpcPdDV}6AX4wCvx_DFkW-xr2KKfC`K>l_mc3)JIve+uHUSEK(+jjbYwkA^dp)9iqZ
zl#z;Z#NYVaWgy6`c=$;V6l{%|ORFJH1z}BK*vEN$d;5aOBBR+Q2j%)pURs9H?rU-(
zYF>e7KCwSkcn;Ay!;~Q^c?el~RTb-4x{eG%8{n3_CgL0u91v=%R5iw}J_LjZh&+|Z
zXr4(}nj|moiHV{~h&Z|2<ig(5h3@~N?k$6=Uck7)i+~~^aR6!QLw5*BNOw2Vozg8J
z2m;b6rF0{b0#ZtMNsA~*OGpcX?8E!ce%YCKXJ==2cK3^SygG6?oc|NQdStP8dLn@>
z3)tYnq<_;@lFN4}wHUi5t!g=t#Lz9w^7Bu1(3(Z*dBna^v0gvw`w~UM*$H}|w8#?s
zq_hL{7_M^x?pR))f1pL=xy0JgoNkKhk136dr@rkEYFJ@m1g=}6)jj$yG!H{09d%m?
z@Aer6Nh8#ueDfLm`@v!HmRD7)WBta71O$wpkp>Az)JnQd9t$a`%@)DiZBc2tv^d%P
zj`vTlE-#zD0~h!K8<~CrTd($DgyICrD+>bjd|@goD%~cI1#{vk*1fbJ1#eLgh|36M
zOFuD}j>Yz|k>G26)xFJbpDBI4@aXjxd1&{9T}Dag;hP~ArNV0~3VK4T^zLWbiKnPE
zWMLNFmA4DCk!}xTdK>r@66g=do2*yE$S3IWlZ;Zd#&X1S+}-byZNyLvjdU6V-4xlT
zn0y>zGU0(qN}#1gY>!4t&{a0Zu3jt|h@4|ly_NRD^MEXyko${{PSBaga;Av;D#lxc
zk35Y)2)CQ!i_g_S5ju4a3`FHI2CfOD9F0?iYD@}UKD<Lq6Q@(oJIf_HLiefsywGri
zbJw!P*YqEP-abdH8f)4u-az9>VekNp#gyTLk)wqr`)_2a%sHj-%V~>eRts~qQX%K%
z4rKC?zw_T#j<<oyXVNdf!aon0y9&l512IJjZIVX+aJEw4d{Gy=v!DLcUF215*+_h%
z&aU?c$g1BFnXA2SJ5XU*^r|jzn5fS004-*>KCe@cz1@5YY}f?hM7lkO=w~5!@6=$;
zQHrpCr4qScb;`AA%rqf9Wve77sftx@_}#|gf%;CT08=w7aF%za(=+}4uE^}6G{!E=
zYX1?~-3a7Du8T;sbU(jLH%ZH)q)A0D{vJk~<VwAcAR*~D7I9k%EB~(_JGRWHBIl70
zP7h09(hk13f>!GD=0wF|ecX`OzK$YutDJ)9&PfL=vlAlcn&?r<LgvtzNvLM<8Qt@F
zNjSc+>qtnbHR-QL)IHYNR$vRYLJmaYGi-Jw-SZF%#npS&L*R|~;q<N7y<#gPN=8~6
zgewV$PMqOybYI~j1+s3xhNs^QReac++mS+OoR9xXi$5hm_5JY)<wEN5&lszP>^D)U
z57G1TSu0~zEodk@2@3!&@r?RK8&ApaKxof?;x@iW-5b)<D+81pE^5OL37zbW+4=A}
zN7qHBG<FQ<(-;L2^MnEN1vBHK+|7vWd(re`5($Oo$3K9ZrjX=$`Fr?Y20{c=D50ea
zXH|BRdb@}@HPqtC@ZShrs<`KFIoV`GKlG=D6v_&C9zH``uW*-fu;3dunG2WUNiK9F
zdIDO^{$e)MVh5S2<hzps&&1<$q*Ek4Lw{HM#*nu;^M5wNKhmKhQqP!^e^8Nx!9hjt
zJX1-UT4O0oUKR|5&T0fx2GN3sid(GROZ7@sjgFwe*1Y?uqz~y;D2o&>@td*hB#6@3
zo8yp)6yGd|bwsB0!9;gru#8t_4ZTSFhe_^Z;TKuz55rSJl+?qw8y~to2HKUOgqPnk
zED8K|b&}7mKa3USd2j2Di%#CvouMDWw~dt7C(1N`^EIZY;7(<NmYKt%(y3-=fB96j
zWMu?G$tM!u10%d!4M&@RW<f7pIYZm}smMExh;xz>tuZ3*TTdA$P#rA^esvd5H*ey;
zS__><W?BhEFX(7xM`~4@;L|fQ5{SCu8Tt=A=Dr}?W@)0Beps2-FV&Q*S1y*pxb+`{
zwl0mfu~?wZe*@Ioj~)kAO=@$bU8ITMMM)Q=dt9ej<iz8N@#NlX2B?ZHo8sSoxOya(
zF@IF~SvgJ?__N$#!?o&79J6iVkK1k`f>`|2p6QPqh2Gmx*o6=o{<tNSJ)u>%)<Ob0
z`O#Z{dxO7!Q#})q@Kxr<DA#k)ET!HvR^cH4E`;hR=M`3r4~kvVYVzgzV7>1D{G$*W
zPL_wnh(U=-`NOC{ql_6$qHfVQEtsJ=_$rv8?Rfux|D{t!-O$hw<S0u`x3&Lt3C~LK
zl@T}1_w@8wTU)R1Dyd5f1&n-s?UB`J+Qi(11#ZEgeer6_%6!De5>{5LfV%AN?t(Ex
z4c(y@`r|$V9UWcIFw1NJ=yR}4j=bS=G3^9+2IiJ;Z2^sbUvIsvhsX9i(0N|U($yTW
zsN4X2Lhe?Ynn}(5x1{+jx+9sjimhyHGNYfq1ySAycYxhsgKZ0nf>8tL-YlPA4`|19
zq;$i1p8fevZ2D|sc6PQk@Gc``$sMX^t^nk&J7aAw%TWa$f4)Nn3WSX4s^?fJM=#Cp
zArOcJh6UCQOxS!<sq1QMhh-YWPWYqp#^06X1o?M{-9>r5IrHx8<@wPFzbCFqHSE5i
z$zR_U4+n|C4NdYtlqgEDyqrZbzMZSLPX-JOBqcR5zY5=XTplU`-s$1)KKwP5zezK#
z|4v<ou$P0k_Xn0{>&o{7M69~4zdNx2ARHPSdq`~D8mXc$>*2kYN!`IuoRP1kp@FaZ
zMyw{<^R*<Q>UO}p%=#{q86BGGdKIOqt+}F+L4A#Thp&yb)msE9ZTsTxiuJ`)%?{dY
zdA(@Ui_I}a$C+TUvt2f18_WO9U^fy+%Deuqap_|kvhnG+@|WSVRYi}<^xhr3PMhyG
z*Q?NtUA<3Sbz)R;drdY~h5yInD|fnq;$aCs^@1d87%coSSz)kk50tn?=c1z0+uf}V
zpfMm%vxBd>A_0Pf?{?^Y#-H^p7s0lVBjgXCuFm053P1b1+qh$akh#?gs|DcArp^xp
zT^~>1gsbV922O*J30mCcw4P~Eke%ITXE;__FB0i{x?}KVKBlB#9&(VvjNi8&VxqoI
zOq6H_53K=AyF(v6w>qm{oA}!wZ%)iHSzf@W>1sp#x_Q6-?{79xI{{JEnRTPLNh>>F
zj-Ue1mmz;u2><oPulM!uGc8`lyEC1gp8ngZ8{7N@8%wG8JrXWzetsRw9=ry-2}%CH
zYp+fJ0f^_hRh~(|rQhPsK3hb#Yy`@dot15e>2iLnemwf_3qU}Zg8n*hj}y!UK6~ac
zQ|Whob$0#t`*m?4Fm&=MRdHneubwOOn_aq{mzVty*1YM_amG-gwGEXaS#STdgC1gE
zR#}BqjDB~ZRAGUv)(z8!#g~JFgJeF5L23Bw>lgXevk?#cBRl4V>j8D9{;{_=YEqe}
zS)`aA-PR`B(*Ez_S07a{Ma4H*;5$0R4-4qo*kUrVQTP+rV7ENo{~nJbdNQR2TC2~P
z#>U3n{3*rta-GV*4LX8EqnHTle3ty~e3yMlK}mV@%Ec~!cXd;Z%Eb8p2)RQ+LBVCv
z8<IS^4nqkoEiFkdXk|RMVI~Ai-`W26oIm!hBv>F}n*fJT)tkEEH;-PA`uh88s-C?C
zJrX=|+Q#@L>#qcy=00)oJ^!;sz7%2%&hTEfJkc2ym47&|$M7a_3JO17^wY(&=~q9N
z83Ow@Osc1aG?8gXlVoQ}6+eyivAbllEA`$#2t;ZlZj+MY^tDV7dgw8TBg`^01>I;1
z6bH(*O6<@a3mPe`w|itN!%%^)Q61BX`i~{52h~t10X#nzq)n@iDnZr8Y`AqZN%^3*
z(#Xjjy8x)^`n0hFA618oLOe(WDS6DR(<;yRDKwr!s8g7Gm+Jb@oddbu?ZswZexJR?
zG69g$$jn8>#L)YjnGb)#@YLtZ>ZY|o>P06_Sbc8~)KQZk7=H%q_*5&_m|VB+1!Lth
z@+A&sIp1@G*F&4nC0Fjosz)fVx1B8&h)qWxjftL7jJP|LYjhg8N@;)ipVGR-HU|_b
z#vOu;jDQNnz0{V|U$bhz902@owjz3eBk!?#DUomsPf{mG;tl@x%)976I*Z7_$EVnl
z3+T6BpfJ2QY<SgM!;V19PFX18cm`FB<(`e^;JCen$+%hRJ0^Ls%FVueayDlf&t1gl
zVmb<S6nGjL6_Mxfrrw)&Ks`<;OABF~aSFwYNVL~gdgcpQ^IbAP7;ET>j8U2q|26y$
zZ%gV#zkQqbuF-$xkB8?t?#tFM?`QDZ;ye(MPoNhrlX{MpF3lkzkmglMaZt*Kh~8Of
z_{9q%!o8M#e?LEF>onA429<ZPaoa9W6-G0m<sl4(#(5m6Ns+BTjqcndla4G%UZ)H`
zj_Iqd2x|vigUQcTwu-opy1<4~$HQUhINc;ssA52bI~z0eX~@v>$A0;;$A_J5mZy2%
zd74R9*_m!j8Cgn#49%&q7~XsY!qXRiFLy!r>bi_Am5=0d$>JN}i&}jZ1Ry(E*0=>*
zW_Q25;54!ZpE4=4HV(-jcq^0M6EAEUX}?PD(kk(ZCWPK48~psb{b2-LO@)Q@Q<B~h
z$VR96d>oXE=Z4zlFOf9?Di8GOHHiB{KBa3JpSz(a=CnJ1{Sd2_&~DK_Ob*Hit1${(
zl_Y!KfWmgaz7ab_a0uNOJ_QQhpiG+sM_<vWD6E^YF{mm@0jw(d!i(9(!jFBWy>2m=
zwNDlvDq`Z|;u>~wdG9a9&ekn5Xj8z*7DwtxN5NggO`P#btm$g_J=deXw&vp%nHYq)
z3U;@DzwwZLQbyi=#tC}A*To7>-!zl^A4ezKCDj3x^?-Th7WC4hL3Z<PeGc%`BVz|m
zqC~py5Ovr0Kj(oYhRtPw`L&~DQ(1HXzZp=k9c7DCw=YvzA1Eiw9RQ^#%>xni0p3KT
zR9>->O#ZG3BUYb=Y@A$$e19Poo<j$hXU{}t5C8q$_qZ?6TuK%6M<Po1B%%To6-jAn
zva435Tf1QBV*g2>Yh{BHBOq07{R2`JtW_k{)$!8g7U$XnA3fChTp!j=WB{=X*xZ$-
z9VV%CX6{Nn3OMxq7GebtLjH@ouS$7Ps-jtYQwUM5-^g;=6{(R3x>9!{1GKYtzc$_s
z(`s*o!}AL66*~(E2yA<H=YwEY{Z5(q?@y=;F@&4ErzI<euLed(N0mA4(`2h{B!%^)
ze>BwFqvzq?`}_B=2j;qQ@cEGGCXMds&g&otEsI<vug)!1X=yal6Zo>qW~)q>Q&PC1
z-RLIgF?~Hf;VCBM_x}L7HxQDFR2bF3(uk9w&YUpcW2#9MeE)AEjG2$Iv*U->T)0>>
zU&@$5a&q$Be@(n6oOc%KdQAgLQL(8d86*+x8O)`A?dlVtkWYB~R?Kr#eNS{jed^s4
zy&g0+)L%3S<?bTFq{W8^!;%vv0y*@p3A*Nq4g}FOn`J_)O>RF0(}opyI}`QZ8J++r
z;ZO$+dyX_&c1DPjcETTG11=aDklRVlnQ>f`KzoM9ze3!8kq4g$&zF07&uSfOC2$z~
zhqHwUYRaVe<S{o{UMf*u3>a)8rpI|1Kso$yw#7HGI3Za$IzAp3Ux#u!Uncs4^H<sr
ztUu{vwdBa}Q%{2CGzG6ucw>9If>=}g`nI%Iu9%hvzKKft!Bc=Tk%svuan{KWF^n21
z0c!j#KZ%=G-S4t|WbjS$aa9|UkwgdL6K%m7r*~B`WUP0q+!&3*`L#dh`^VyiPqy#o
zEvzyvXk^V1*qeuJQQc*mrGW?+Z;Va{g1VoNos(mf9#Q(enG_!}e2azgDAy~=D@9>E
z*G5qh(>%7zenU~>7D^azxv*!}g=dr`%NI4p;S=SNTD?cn-h|;sgux9@9bGflJ}UAr
zXe1S&SH1RdYx2&>)}BW5b`!LvAt{%NOxP}b{HUC4{1$&hJG1(uWDlD=dTp+Gw53cc
zm_BzvZ$jhKBbw0|{z{II*@&|9kslku56~0X&%gT3NS#Sobt}UGrm=Jno<8JOYRRKu
zWWK^OODQQ2fwo`$(FR>6AzC2K{}aDx&}6c)vI50C(BI!bJPeUK9B2NW*X-fNrk=Ap
zuhBjuz*6ZU4jNw2{UTK|`GC}pB4G3n2>2z33L!H&q5&V)zP6)F=)t%GnJ9pN!^Zgt
zv^iCGK@dmz$h)wx5Kja$cJ96fYIOgao#(2R+sfKnL)F~Pt){$SpeZ-^IjYW&A_<&{
znTE46jSK;RmhI&lDpzRmDnfo0CUkuG@Bx+!@qkmd*wW0<T-M6Uf$?#5ivmaou-OAp
zS@My9fHz=fpro$Behc_KjRU^+`6JKGahNsp%=x;67j*a8d^|m^_Tgg*>#m#%Ie8W&
z`^3Y`8%$va<wU*OBcrYuQr^g6I=MIzze9Qk!Ek6|qgfB*rQj)Ou;{@|QOJUU=O)Z1
z!ezczrfta-&odmz=Lx!I*5Kn?Uii5%#P()Hy5Qj8L`FdVp|~yx^2qS<Ltd$4eUxbf
z(|6<sY(Er^06ez^_@u}Rt?Yd75LZN=7d8MgL2y@ylI)THG1H2VySwDadRevGI23~L
z-K3|J;Nr%EcE^Lmf(^4I0&q#A=57Uv2zbZs?13-;ADf6$E^SI~kTvNoRMaT@{urWF
zX<R0ezzaT<UFda{fB*cct_ost1emv9?dtT)>F!s1aWS#CC(x7d?+)kzcVIs<JNvpj
zwJ_y2KJNxCGDkf4Z6-_+dF524i;XT+D7q#eI5+PD1Rfc7VoJ)WK}K5kD&W((yy<{;
zDso!wX`a-~^q71;6=BiL1pRr*MH?eRPqJu|@r(9ghCawfd;mu0lW&!Ap^(QM(U~xG
zb>-sMptjY^EadU3IwlLvB>+?Tp;Z0y&Q7Ih9*rY|flO@o#~aQ>Qd6!R)F6uXN%hH+
zMG8dZ(8zpC`N}*?dz5Dy1W5@Ar5y&h1o@MdX$9U*i18~}^Q-X8GFZsT%GPpV2zL)=
zTD|-LcI^E7!V0`0VmE0sYz7*n$nbt_b1p`!<nzKoy$S4JiaAUkH>hz?zUZyoi;-R^
zO8L%3V_?6iew&&3>IXj8>%0dw<!aIc8ultOPWiNTT1DRcT5CrBe}8D>5kd#1R$6zL
zk0VU%2oqfQO<_zAa?Y76!pzvhA4wqiwY_09E&MszYdwe8X4vfIzy-|GX>10a%axA=
z1=);0YQOvX^=sYRl$35#QBl!}65*|zE$I1M`&jz4Od~SV_ZO-9hjXxC(JA@uv1}5+
zbBRa3yPn0w#AK$Gnyl{-UXCV|=vuy!Gi$iPG^0Z|YuG44$4X&0e=A_<U4>YwB|N0s
zkw|ojCTr>B&|J>{^Iza0>+I}YTr@hFZ=+tU15e57+FFK=TQYp=K*nVJ)S`@fv4YK@
z)(Tu3+v1HbD6Ec?v$H<%4#J8-%7Agk0=Yr3GVQVlcYPkr6al3X7yw{mF=m55GcYiS
zii)yPSQG(=r)a=wdL#Ps5~>EMdD0)=toMbmiTgdl+Y>!JJWNV<F_r@(Pc_f~!Oi0n
zh4k?7ARr*viuL=8fPYd!L19}3jAU}Iwsy5mO(X*o8Yi0BtTl~|E?+;e8*{suT0lY<
zP+-LdN2hIy5WXNODXF26==Wrt+vg>c`5Kl)7-fj=-?!oTNCA08r!b;|)}{t9S6E{I
zTwG)}?(2|z0*`@vJS_8Z&Afcg)<bEq4h6%43#JiX;*8v1At52~Ps8df9l)ZRmYUkr
z*QfP>jO?T9awnj{hP?w&Xw%cvFE5`pD7cf8lPghhFf+q4v0D1$huNfY!$Uf{7sXSK
zhfPyWO@h7AUZYt_Ns?E<kL)t|zsk<07*zrm$$bmLPjouD5-lqn>cRX2E+D22&*O+0
zeMU<4_gz1kXvu9i^w**^wY17UeO&u{D3~UBQQ0<^RM5m^xNbO=<+O#6S^#PbG~$B{
zhTGYX9w(DrL9u}6quy!079Ls0Z})I<ZR<en5KG2?0i0%w=T^Q+yK+RoWe2!#Y+%lV
zzYAPDpdZ_KuI}#Tu$|2e2n%P6__+h(p}{=Q8GEySqXGpO3}Fn)!5}*(EdMSo7<Bmu
zP=NP1PyvI1(!8-IwfMNy+d9pnh34?tBd(TP?H*szFM)Ol93}F$?SLu(Ps(I~L&B9?
za98*Xype#WFF%64=kE|_M=m!Dz(Fsjp4W|sz=Q$JbnxY$15a3i9KhzF`LUC8{EiXP
z@$Of>w(oDGz%(T*^eq<`D*w{b5+7J*a@23+fM3t4@R!wo;EdBFBS{v&eG?TC(LXpo
zE=>5u<9}?olV1HC!R3ZcMuV@+^$Ua!6TGz8EA+N?mneu^SVX#2MhZ?badH2^{o%8}
zw7b6_@1!qL)O{bDEDu2slNSs{SSORVY~%_%UmN4SgrlM=Ond5L4580RTi!&qWqW3x
zLL}M?F%a8G4S-k?j3(sTBQ&KS0c#M%qNQQ}1p0fG$}WCB`$;Pxh?TQo83inA1i0Ly
zk`j2!TOiV?``O+M0B{p5asL^tJcX@uaP5mNCMX+63=+Nr+S0SD{>vAw^*_oVic#5w
znSWU}iP{_yN5-wb+}sJ&&%N@~pf_69G9~xF_*UT{-3*hPnctk~nquQ~dckfUAM}_9
z21%@d-#jO>$pVOUf94%InJ$rhDsx|GMjWj@<Z*EjG2)|Mv7J5eToKyHeB@JQ?JiHv
zFz3JkrXms{cY0b<K07>C`V7KJvVY-Lsb0@M19jTW3e}<$r3|CP>z8i*tDk0X+9&SG
zX7AN>Vo=*qTj#2L3?pADFT0z4t5L?Rn>Fv!aikaBIL}9gR%SIM!$Rk=uIy7;CmIut
zs;i4Plk_Mfkj)XMuB3}kl(oj^cf6^A{aX5U{|k9_3`yEDt!Aom4D*PY^kR^jDT>k_
z9vn#QDkg*fjCN}pS%jHS>!$EGkEZ8+$G`2B6@Wo~6S1}?3hs<r1Cza(psq}lS(xqG
zC!9&&@0dB|*)RNh>;lTb*6qC)71T(Ak5Q}LkA;VIsGWL4Ds*v6C+OQ>k`F&ukNqp1
zm+Ns{rC@7oo20q!n@-6^M>}$Kcu1?5d%wG&{GEPHsJ!H3%Ox4BpYK_6K*u<pV*Mnv
zh88t6{Z&2MePx3RS*E@5Jk)cV&c`;2$&s=4<jj2FJMgm<Qn@8@m$bsm!pz)!8FW>Q
z%ITlDG$g6l9w(^@xS^~TWg<b7;Gv_!vXReM_Avr!VA~yaRGH#|@@eh8aSJGUn$cK1
z;<YIy#x@O;rMY5KyHoMP5>c8BU}^v;L-Fya#e*v#+pSDytBfDjmj}g=df`X+TLPLi
z!KFCUS$un*TA;kBAuRVMaF0GCbJ)<pwAu`%gzi4S-T3nX#<k;B03J0RN^qS_$_5|@
zF+pu%VIe=~;AfvlN^&wmUd#YQS#b+j@|YJ&meQNm#wA5vE9Q7cjgJ`5!ve_hxEVFm
z+Sn_VFU!ja@vDg_j==yD7W1XA9MLFqyFA}|y~Nn)B+PuI4V?y>N?1h1kcZxz0!Ni3
zQHz#^LJf)kKI3WNzm%W*yb^^y$30MZp}~$!CZRP??oh6YR616ptdJOj*Jbs(n02+U
zS@6|uXmxKgGs_1j{%fXvS!EG-p`sMJ3dp1OG3y=f`wggXv<b8c!wK!fcv&QFJw>0d
z5GuUj=4=piTah+GWlyFj5ZA%N$nxSRm)5Iv#0|g~7)ffH6iZA-aLkX6s@l7Qgrw;<
z|Na`AQO|P})YayS(TRY)i-?pAE*E{*ckbvOBFY&Fc1!KuI`JPJmc5#4|D`hMO7r8a
z?>c(Cm=3#U_i07C+%NVk^aHevVUra5wnrKD=F0%pWGHOP>KPsm_7Iiv3Vt7&>+yfy
z@&8}=)8irqaq$iqg!Y!&zP7SsoIL;|s_^70;CQ`plo0rZ@(~6J<kr>}boQHJL3hUL
z@#9Z0nb+3VZYEPNX3>Kv2Pgpsw<DNKzyu6?)Bm1RMpQ9Sf0;y=c&<Szv+fLurjf6v
z3msiYA<&_iN*SV<ZVxmwM9>}mtcwOLC~|~N%&Fh@{mszf%A%XRm)8uA|EyoBHcRas
zG|b^o^P27b^z>#&j|{HgkhE_5zJ!qj3%5jEfX27PCC%^2S$1SIUV^r|k)h4f{ji}j
zSCw{e%S`2A=BKS<#hUMrJ_OCL=MT-3XCJK`k9&!&QE|T)O+3Gx8viycs2K6=!`%2c
z0SQ88Bdj(%_pO@aS=;b`j&`5$HVR`dH9fX^qF)~8e`_}o*r+XjpzP--yZKTn6I+$J
z{*faa)poWtQ@dtznI8j(gpjtYNX|Q+rIba)#$(H<Z|6If6Xy)Y@-qFx50Zna+2Y-|
zwLDq&LPxfgjUG$X)ZE(jB|Us*!C5`K{LK5YW?ryn$cx|)FHBF*yF)t>bxln5{3l1%
zG-~0Wc-@Fq`-}zg(j0$gtx+VryHy}(x0l7+1=jopR~BAT(?jQF7O>;Q%dB;9vpUV!
zcpjbd_j9s1*NIlGrOlc8^osH`cQbJ5rOFi&Pd}kNnJi4$j;0mMruw%z_ley$CQ~}W
zlq3FGpoRQN5B~lbR<O5wq~#~;OfdWJ)w2G3BeYEMXZ-hbXWKfSL#2;%$kL?Q;s`Nb
z2CJhC$VRE%Yaw_*PIcT_KVBYv4>um`tq*lkNucCO^YZlrg8JX`{w5k_PvrN05`^ZY
z6KXojO!5AF5#_FPpS1LH>Q8R`eQ9cY)xPh8Se@T9@nwIGsbS4~iD97!H41EpGt)E`
zmPcb>Q>=Gf`rdx$wM2BCgCAn_b3+MRVj#S{G1M%IpFbnT5?kf#n3c1*qlxUUQt!Wo
zr}1ADrx0)bGlUSzZ!;-s4}E(<X%yqz8h|PAMo<5h;`cY?K^&j$&Im*_{|R*m_cd3>
zU@@G`NSlAbx9{z1zM>$w=4SiE%+)uQl)-#Qll9)c>WAoKZ#L?#5Lh#BhkebI@!XP<
zs;4Azf?Z5}t^6nCXIDFL52$|Gv~F{JI7s!s*u&-b57T|}^KBN{%4=;`HlFL|vb@a%
zvz8O58F9JWGX|70k#yr%j@k)NB5NdS_bwds4`0P3Ru5cks;Q(tagJ>Z*8ddRB^x~T
z8TmlxZzczt^O=`C+qozaUf57|F;Za~!-xMqnFAX?C)0MjMhK@G?zCde5aLC_wKXDh
zE93My1uveffaGNpecpX54<6+8JTuKu>j<t_cBs2a2I+^P*>rO;0q*qil0iMnF~}r4
zKexJ*)ij7jJDSCpy9x0V2cZ~z?*;k-3Pr@(Q?zmwip#{fiJ5lR5<Y$O@f7<d>dn|H
z$bPJRi7t5+%=ohDHu<9+)!}TC*0DmV#vj?&s@O~9DN>4;ON+lX0+N3dAD7P@_S=@c
z#6x}J5_{$3X60GT?fjsPGh>iZ+4kJRzzVk|tP+b>ad}(YY0sa2GQEXE$iHndHT~#l
zW=^gTU1c#xlG@>;*g6&6tqh;MdzynIB_jm#Pdc0goX2b-#74Fv;MQ=ti8~*vSLzq5
z3g?=8vod{|$GLVc1bWU<5=EI@19ah^y!cpxQyh6l9>nr(Csd|-N%#9dY(XmwnkgJ$
zM7}IdXyKeIRk)+|Hij&5zCFPxl#5^?e&c1bs-CGsX&Y^Ag|noE_kmiLrI>*o1~0lt
z%5`_)kL1^U^Nx*nnoUT^T`D|@81wbMu)(MQo<&sbbn%NQQTZ!!Pfb>1I*sh(SBBNB
zw++MM+1}UvpN!k*rNvh!f43>HT+yM4a<Nn|KC6v?p_!r)0##?KHOXynKurxtgS)!4
zzVcg~;CdR(KzP^LQUWq{{rwcZMAnHKvCQxR%QdM}f!BoIv{ge<;;<K|C^;hR5DLQe
z?`Bqs+LI4WeT-<=He4(c+;a?3F=xJ>|J?UIi^JP?RvzXILXOHu&F@FQRK|?&2r=lA
z-RBw>iaK=BmDM5Jaq;oXUWCFq7&AWF5_3oQ2}MZKK*jgB1WO|``aE;Y2LlQ;!(P#f
zgX2q5KSSGS4+YD+Mg?brc}Zr!?nMSzJ^NiY_e|hgh^K!&n_I^lv;X{S|8wJw*k5t~
z=7Xt7&GubH_Um6TD`zn_F}Mi5X<pMtW^g4{w6Pq5hJvO{Rt0A+`FKnNWeM33+(4Vu
z&MuPV{Z7pyJRtkJ1}UY9sWB=)OK)SnPOB`=RRT}WmAT)R9|P(seNe;P?;Z;&(>`g7
zV*mes5(J=JO&MCS?RPLH%AgA??Ob_mzl+M3++9nIPzm+H8gQ-`dx^lI|A-J_Hu7hC
zGhl0$bdd1{(eTut;^U^>#rsD;X(ut~o!a<S8-iI*Z`psq{2<1C{_aEX+eq#lpU?os
zksf?gw%Ed}^Nu2-v=kMg1j(G~J}$`n`>=F>sHe7l_)*)^b}8p;ncFZJEjz#u$2bO8
zQnL6#b?5cW-A+--9*0Ba%W$Y2+bB`g7!Tq1ns{MZ5H|k*!3gmGWhQz4Eq+oes$iI{
zz;QL{4>)79HeT2-xRo_LFaS}`*Fg6Xa~OftH57KpU6?)0xYB*FLS4b04!gNBtmIRh
zJ3G(7lLe3;KmhNIn%!aDf^`uf&UJsig!J_O5T^Nw32um_OPyO-;4p2^?)tg1qRoF#
z5nN%afvPDvIXP)*A3*B>_`ppP2Ivof@?38Pwdwi-F((8?_=4`5Pe$lOCl7KnUlFki
z(hCaer!s*x4U#0QaQZsN+3sjMgZ>p<2$0}bP6o-8e!jkiB_&yn?7xqXt<dT{C}9he
zea@<=+CC`gA$y^#uKr2*p1W7J4+Q=K2C>!~%R7l9x`EeFQCaB(an9wgC)?8?nJ+JP
z?K8JlNlQsFBgFt^^UD!P4o_&Qm0a!qz|^5>h$$@yD>-P|PxilGLsmrJF|%|&d<*1)
zu4Z7g0)c@VPbCZLV96?Y#PWhbt3gRYVPR<rtHL8NxB+$OHWjen_RxBeu)OR70Fm-m
zcq;%u2ErdZ93V^p9-YA-#tw@r82LgZFJevw>0)`2DdVJ>U<KU-;~Ss}|A5gib4Q<*
zi2xPs$XDdJc<dBx{tyUKZeTZ4IS--%5s(%`_5tW@D<pe>=`J;`(0vEd-%OwB1XTO{
zZh#7aGM+e)oV&4uPNA6jBI+=e4I&7>09lQBW9o{~Obvg8!|I4&hIEx2>H>kg%)Xut
zarrms+`yELP^3&cTd)C0W>sN7#Ylp|Ix#UZr8+brJ3Cw1D>nC8O0Mb+E)L(iV==BY
zeWg}2Dmr_%u-7Xh>>B_R<M|2f=jQF*41}HYK09+EZY@nsW(NQ)O7E_vy!iQe5<Gxu
z8qo!K0*3-FS=4$Z_)|ls9AOCQQ0n(<Nx#LWoR(UJj5RZ-gw+ZGmE;hUab}6kb_mx}
zOXmt{Nl!}ZTxRLT^x*>tvN#^ekNU077WXd6N6ls?g)*>2F6iJCzYz=~3RdS?FFG!x
z#-u@n=7AEh2j*ymR7#ZPI0&rADNwu>Ds#!xqAD167@`=2F2Vm<<Eta+``hd|_u}p*
z#d+!%`Yj*WtOmEX!M+tkA(ZsHg3k}q09Qyj%m5354@DopdgMN}9|sEyk4{HF5xyil
zfu*aLm-AF9J}J*HK|$Kq(@!y2-Q3G`b|FKI!;{X3-l^yqK1}e+g~+!xZ=?M^-KFc2
zelVywPS2bHFZ@uMO@Aa*zIUPCzN^N8IQKD+{tz>jALRiJCuh9Z0{s~Ml~zmB16msI
z_X0y90;QEn4xUv#&W7ahc!6?gf#Ts)im0k0<iLaX*h#LGDoJ|)ee2mLag8d+BNp$K
z)siIuAy6R2{<)Z^O5zKB^M7^L9M1re8tlO1B4wD_5=rg_i4PB@I%4g#M)fb>sF!_+
zcGFLw&bb>PYzAO*6K4bsKK6FL+h{!mk+7$--$_<bQi0@hvS_O}DK6)SYb1_B-{XZq
zAE9BNBv3Y{;Xv%(iJvf3rlJ(tX4P!>;+#EyjY&x*|4tEAlV&p7v!pRlT_2q?JXKF7
ztB<k)H;d{<qw`l;5-Y2zD)&qyP;6u=BQwU!g@=us(ei0=>_GprBUuIMiS?JIclnbd
zcvTWaPH}qRMnZr8jcmoHe9e*!P&$B~sg(iHj4%eELsQKy{b7C@l(-~@a*EnTCroup
z6lu|OYH$1t`78suF1rD!6xzRhxYYCc=9woo{pdtLd-JQ5dlJ7ZA7SNJSWv*s?cs~f
znx@w`sbl~@Q*MN5;0e+BGjsF2=1qhV+t$MrkH`I~L(3-Vjp2_l;Ss|~f@_KrdJCRa
zg@tIz#?9^w{!M9lc#;|XiJG;e%jtwOYW^={9fVP0aN8jL<e~kfwCJvMqki5bqsJ&%
zY`GM8bvooZ6xE>CK*(-?1Xvh#gz%Czc!aGeNiTtC9p0PbU@B4I8FO6gdRU<lCao4Z
z?fE=cF6B$NO_{>bYVx1qlNDWgVONGl_T7TlfS%<k3~9O63|B?v82%yJV*|q+q3>!x
zzRmM20q4$jGXOiJZy(lI1Vxr`kzngvfr$`+o`_OVI7Aj9Xdw5a3C=ha>qJHjuuMWC
zKiO@$ggl-I^`$Z`#$6QLyX*qx_VJE?Zzy0~`}_Bj^}bB4^h9rAFXXyFU!c7w8-zjb
zs4It}iqcbF(r)JH__f-+3*OVu3I8g5Bme3Hya%+EpdLILsdw^JhR*3z8^$CziOxlg
zix>&Z^WYr715&Xn%mxn``qKW?b~oY)0h9Ps`!FqiVV>pD&WlVmD}@gV{R_<=jG^?6
z(yGCB4D^j!#mYArTm&9L`cv~gt1Qf082E@9?jg+_g5Sh68aV{^+@D8AVpVnzm_u-|
z)|sR$I+<1Ofr*+;TU4xwhaHcIU0e~xrY_q!dRv;&Xjn&lpeYV%Pw}}_fv4;bD53yk
z6|fm5snXW@#6NECydr1quFbEo1f{9Au;Oys0!g40+MHQmhZVRmH&<$$l05cB%tRre
z7r7V(EX6)En1>{q(4~_bhjgyv<?x=8POR=qA{7+<*1B{gn)v^(q7}zQ1AJcssy5XX
z6rxzTNw9&P^ZE5?A0Ec#?d|e^G`e_%7n7^NuHER?0O_<d?T7mj_KQv2!PDzr7`V7{
zZQI|BuAhJ|%B7kd-nH|!$*d+ci9Ak~swa(A(A1!lO`BW-2^TVL@@p3@t*NEuq2tUB
z(Cq8G*OcP_{uEr$Zc^34umLQ>*5`PP3kkVQNSy+V`Wh(18?TyWFZM~QU6I1c{hZv~
zTo8!W_yA9_{Wqdp2OJ#&fC=-0{1KvpZvOJZFLNR{H#eXcvf=f@M-fWH`p=&Q?NU4I
z>jHj<R)#=*sskIMuTK(Z))z;)X$7ZC79O5~@_`>%m<y@Cso9au;T!&m6GT5?wb?=h
zY>Z@;m|($Er3E1l99A$T7~LxP2>Dr~wVqp=yGl!|6@XKNApi{81*OcHglrRu$i!}F
zz%e#>M0uKR4AS<9d1+~BU{P(r*<x1=_8DpILViH{S#-*=$@nm$sd%jV0e_a6Gna+v
zL{3hZ$wGzi!Pi%S{ocVQ`3>R_c!{Y4EcYe}C5sxsr%u}s9eW1QAn-U%y@$_vEifm?
zXJ;h_qmm7fsp17j5RjyTV2=9p18}U6@^2f~SfJPLjOTR$lcB*gc)b$M30@VM*WlQB
z1fX2X*fP*ROSRTm<?B;0j^y!XNB&~qY}%gX2@kkWX^$Y~>aYkG!{2jqb~a$VpQivR
z%pe@G{MDaSDu0)Ut`)RxjbPo{j=r4phbMA+_6>hOO(JPu?E`Z1=-ZL1;K&13nSMe>
zwO+Oks0&wb@27LsG_UfJHF1}`f`YzahysVYWN)|mHt&Rtm)-jt*REbY6te_VP>u;D
zVy13_a<f`_SUN2mU0k!p+ZovwsnzC+=6c7MYNF6A%7ibfifax0Uj@pCpCG&_t(D`^
zBl4oWPr#DDH)>A$%>(8r!q6&tIk+-&SHj8tUj5^#eB^wkgSxq`Z3GF-DJ24c4s(Gk
z27acwRgi&|=;1ENP#=%8_1quzIfUF30grru4|Bl}rt%5ydX?9Bh&LMVU(pqw?aULX
zNj&=p9s?3N%v1t%^w%N#)MdK1G+7MdeUx_lDAey5@(tUgl<<!86%eYOgvqSK#2C^{
z33eWkBVxUxyb<ZX)?O?xt7uUsd0*>M>P5LRCNj2EvP~{RFlv2**Fz&rF+tmla9Bww
z(O*wksC<$>A6#@=&98Y7T?)F>g(<4#ww=H`xGc3c`zzd8(B<r0{OHB{xo*+%vt34Y
z<qTldi-1sH;-7sQ7*G%+#D7ej*?m8XR~f4zr-ep_o>>M#@-UzF1wRS4G|4c~m0MOX
zw##snh1UZHQwR`<^uq?Hd4!k!kpkvj>EZdvQsrfsMOB*$vW3GejQ)G)cE46mk?i5q
z$|)rgX(wg73^fE}RG4-FI#HN{7(66pVS^mCy4e_^R>I{=ehPK;AG<$61cjD?2OpaA
zdgE#h++tw#okZGxR>@Vkc&W5<-?hm#zJOST7Ijx;1XB$X>GbrpC8jh79xyX$;QT~p
zXm_|hwy9WhwH5C4#TZ~eVb5uSg9?yeg+_Yg5tDCv`b~Ip6s{nxSFoHgR7fX7USGEZ
zKfjFO!UaUy>AX_H0=Eq2R{3J;e{qHO5ebp2Q>+_;VaMbuh)?#f=IMmETxIzNA_<PB
z%M=3LIE=)IB|F*NH2-T`tqQ)S{FRK)&Xw*uh#KQsYA;A7DTQbEruO)J50tBNJV)qB
zjMMmZAP4Tk1UR-DOQE@z7Mg3jm$#^cw}<h6wNU?m?C-f2q@<?$1q9rD$VyB5jXcqX
zgoGeq1JcX+T)vCs4;%t@*#V0PFe5xJ*UdL&518<q?ao<3Eq4GmPte>3gPRWu)Vd~C
zlN+Qv<cD^2bTn_SLlmpU40Hxd0s@%l#crYt``&zlj=`!^UJusDqtl$BqcQRCAl$02
z=R5k4E3TR&7Q3CsVQi?H=I7@JM#sIcjqhQ_{GUOIa314((BEB9T#X87G`p{XLMQX=
z+g-HVx1sigOmM;LYlZkG-<soNPx#lA_zWBrDv|v#W$L&O0dQ_^ZqDy8^#=+tTu~%A
zJ2}z$)k#I0*{U^eH6Y9)nQ#-(7$^}62IQ$zU^jEX?dtb66pW+Tq&%xY(K_%lGv8>i
zp}AH9YYtWUYhRx&{0DerTEAZ~C;R#~l`D{eYqJU3B{Y}lHn5R`&_%OF9s#Dpz7&5D
z;_R#_GC`_^ndcn6$6N7WF^{J@z>@4mPzB{?w=PUfBsQaj!)V_1LVXUXRQ`xXFoj0^
zR8+o08mI_gtn5Ensbb&?*jip*9*7TsWEKpxBzA^{F>OLSfZcqL8**A8?Z*SNI2u@C
zG7(=_b@c?lvz}=9IZm%9tnn#yKLzK_uE%uRSpbBY7*VdlbtYCidk&(1MhOg!NmdC@
zVknnJDJH=S%EQ1=1f+}dtLmwk7;KNSyQ>GA1@TW8>LD?!i`c~19J*j7@Ac(=@b%x(
zNBh-6K6^$^$8cZ_(yPjntYNIo_;Hh<38%ko_n|GGEP9N=366B*$fLZ72c1}@sP;$D
z8KKSb2Y%vA;O#hD3b>gCi|gu+TK3y32JH>}V&OY(1^WSXK(jgk8K9!);T2s$4xf*Q
zhvgNpfY7U)q5s5o-S{5hi!%wq=f_QmLd<(d-+N*mLhUMqu#{Z6Z$yotT#x!mT_bmN
zeKFesAu_`)oF;_^m!X+bEGp%BPk_q1+L+ul0WFRljnKTWkNTgR<U-TYzw@>^Zbvci
zFs`wn%|;I)^X*hGPitzCG(0@+aJ9t_n-w_yq~c-Vl{+rBD?oYakjzG$p%LP>^S5Ev
z<YqQ*P=9{D1O>(JrI+*}gooZstYDHB=Qhf}!%mPkVGEOTN{u9-3sCn>_4P{y2KF<?
z5kgy&tnXV9l$0toadZG;K+?l%`rYcdf6TVlQ>7Z<8lZQuYJ;}`d;#_MzmlE-Sdmd2
z*#?VJp+proH+P~j#n77P)+7Tjua?ftW6MZa=;;p0V&V|YDXr9S_qYRsxL5?-?Qc9B
zy1Mrp(HI+ouKaZvAu;I7vgsy!yAudr%Cqs4BkHf8^ru%6(GWq@6xRWRMS=t3^G!zS
zP2rb+))9xy@!u|kh?NTC$GXo?D)1r*XwmXe8n8goES+mc9r-HT0!D*!5dncyc=Q>)
z^YlZ>%P4K>dl3;2U6w9~dB>hX^uXTUUO5jo2w=~FQvJj;m8&4!m77rPE*Qwf%*?&t
z;#&iNLpR4Z*!AK(&ERswIwdh@lJd<RsGA#gfl)cZ|48GzPRdo>eO3JfRcvf+dBy!!
z6Xn{kPM>tL%}PGKgv8Ysc2Q@ax3~n43v+WHH&8FCz(h{Ol&rlAm;m$}x)4WL_tTLc
z;tj9oPCzr`klC%gF`QB0jq>L6v4VwxTr$Px?(REplsX=S#(EB+*y)_5a<BF|01h`s
z3GCOEYBla_gHZbrgBYd`wTkuTPmAB`7Eqlce%bAU<)(94L%u2!39HujuU|^<VQ05>
z_=@e8-byC1VmDqm7(!&1rL6ho?d{A}!+OHU_L^%;n6(FxBI4)^QHu(*BYL%FDBN&K
z9>-1Jh&Tg-<2ilkU^(UTUhXaaGB}F`ijP%2nB5s{zi0}wy=5x2pv$C>G!J(mPWVxy
zCpxwLr3ClRq*4P`|BsAW{Jv@@zOr%@H^eX75AOut(?jqSz-ybQP?*MVk+Iw;hVn?-
z5>t58q<B4}&=BF{U6YfVIt2YTcY9)p2=4OPZ^@0*x75pNk=Z4&X@8-ol~WbOXt*ng
zo~fhIUaVmF50W$sCbud&pZ^dmtpo6^A}EM`F%K#;ee!B)diz45aiL6F_(XMd43<!t
zG4z&y9oK)wt-oMAcYVb&H5}Wl1>L2z(o?=z@t=Yd-vfwrfbsr;|7ISv0#G0UY^d*$
zR0p{OyAyI$(`d@CpbiUIU}+fsmA{QL&U%agsbsPuRBMdt?9B04<n%Ly-%lLKw$i2q
zXO+b)cu+9@hHXCi0$_i4mZ!G$ThE>E*Z+I~5aUzfxt30D!d{Optn?i4T$HJ`+rzh1
zGOUQR_MKP-#}s>=<FabsU?x2g{Q(`b^(d<Ht~}xN3&mj!kG}4KrnzZoTN`f!o`POy
zM>5%}<fdW)GT5SD2AMa!YA46H%yZQcB3j8O_{vZ;0cD+oyHA(19sj0zLg+Wm_gq>J
zUX~AsFx`J=v1#?LJi(7mF*l)%Y@?_U6iR5UMQxBue0`L2tvzOpe;c0&r2=(}>$8z)
zkHjwI>;3>obBrzjXRkcb)c>AHcE+@5Bs-uF+**+RR3Ejy*Kr->S@E_dUuwOGC7xl3
zA)kkAdk5qV%vUu2T5^;_Tk`%5&p8(<;YYQaJWO*pHCmbLi<X)o5dgM345QV*psCAi
z7?ckhYwW<HH6Q*ej!L`=2c_0@Jpgpmwul~+Vx5ILmC#=3Qk!iH+S0PJi2q_s9_r|B
zQE90N7hpnTt4I=+Y-A}^l8d9z$k9(qLEtvvUTxkik5eHaEuQ%2^1=q}cI-LNlU<Tu
zJ5WV9jMsvk!jQ)$D_5HQ4h)m|RsOm$rn&8>izEg&-+?cRmp3$OFSa)uRb`o-#!}&9
zj4o(=3ddS%2JZ_&y~NpejL7G4!Rj=QHQ`g}eFQ<FN2hDK3Yy~p7iEH2uS%9UlU@q?
z(BG-WLq%cloj=h0@*(SzdU1MFGI@9e7UuUS-xWaD1n8y>hXat}Eo8=!5{LGGH-h7T
zmD~~iYT9ae^v&O2v)AwJzZ9@P@#lB)tyX>GtEYD)CV^Kai|)X4bm<ol1C>#k=BKH$
z68|$3y|Sb(k1>XCUhk(fc2gJJY@hjNp6|wAOMS>5aA@Ec5cpN=lm9v;&1-?^yStK;
z!(PsT$$HFX(&?iWU5YU#4*vFZt;8qV!gE4p11~o(^S^&*;xvLwAy%6!J><|o3&62W
ziEszITP)Ho&BWiMj3Gz?-MO)ETHmg;W^UZca`=GcD63;1!_X<t&%&a=Y>s^UsI$vn
zbeF(_=iRB+Eu}bX&pIV}fi34S$HTya&|Arz<jb|S(Qx+b3~hat_=+Rx6&-iWpJlht
z-+cOrQ!j%)=1<m2;rpHbn@^J@s*;hhPoi$_kd1Y|zGNJ5sC@J7^zZ)nC(S(J>)-DG
z>0Z}+;$YWE_w;WDTbk^ze7(0#I}xm2ssUL|vo<f^#C8n6|7@ZFOst;mOR~uk&Zq5x
zc&pK0q>|lZX>&Fc4_6BlO0g^WgRtl~2s^mgJ#*_0&aT6rz|Aw#k9LWeNg3_!a)$N#
zre%{gra=m>KJnjMUNelXtZn{!#sgvfW<TwZDn=}MqA}?D@(-UpjrGFj>d<=jdAYvo
z!@<FPPf7xlcU|<gx3g!g48E1MxxFj_++JvVZ)sus_0P7_J$_=jVUd(fzt8DNl{4kt
z-Go11*5}^qN?$M%T_6cB>lr>=NJ_m6#}})yA%d$d7i*o7pfym}^R$^b*u1>|#KMt{
zM>~gD;-NNWtlJ*5sk)z=^pOhp;034s<R8=r0`2o&dU6v}4_OOnRRXq1-Z(X|e^@{4
zr+V1e$|rjKPa`CCBOEgNvon1Rc!c~-5%#y(gWE)SXueX&{}n>29x21=fR_T~Rne-=
zBG(lAiHE?0lU-VwcRwyEL{U{3Q@gi@ccJcBW}d6H5^iB>WML)y5xGG`Hv7aSx<d8(
zH5myldomk4>rW1@AEG{t<6|zf((`Y}_MCInEu->)!xJrTc^vj6koM=$TH<lo>1_6}
zdSZe*!V=ToBRjy|Q+DF3M`z1i?`;0MB&t}Xa5#f?%oCT0u*FWzEDr;Afxgj0#Uf^5
zg}xY3P_}VBZ4Hd36WrPi)K!|<lZHb!89_m41G{J6h+AycI@<#Sz+<@){O{*wFFA)x
zoAuc+ZzS(S+D@aBm7b<b3yYr>T9R=x*Bt*jt+Y=_c(lfd=b<?Jbc>0z^YKBh`0}x$
z)Fl-umB^LZ_V5elcopp47|iG)|9M93?F~Jz8uM=h!`@$49*_|$clL(B*&FR`kDyYe
z$*QCI4w=<y6Vj83%is6JGVbZg1#)p-KC?ji5Sib*ue9XHF~m;)u%w!>;>uH_d;2G;
zfNd?GGt<sxZ3PFn^0yqxH9ecKtB<^56}k1%#v<(0e_kv%hhgkQwNZ`6m)5ahPLMqk
zn7h96!yjt<^5%s**BNn1`0!u$T|4b|M2yAczZ9UX$HY=z4NP()BJ{O_{+?!62jiTW
zdeV=qJIxRzhqlZi3)ikWl=e3-;U^?6&TlnP<H;%Ypd`rEX}nHLDt(mSgjnT4%Mv5O
zli*+z-*-eBMoQv+VIViD6n$Is<>4>w9d!0&t5Km(%!xtm{H!rS?T;Q_!d(uyp;q;K
z)YrpX|AgW8akifJs{(_K<eDod<ZG!nt(}@=f6TRphj=9$vq$;L{gs@24JSObq)f8!
zf4nlfZ|QrznLF`Rc3%swTc~h<&3315&<yT?n-}lJQxzDSQ{l*kTkao&TVhg;f8-Ym
z2tqfgR3BbxcDKog+wp{DtX^MHEwHk4a14&BJ_-`Knksv4|HWu2V64KRF03tJXoRKf
z3nuxyD1Yx~t_3F(wgfRKeKgb?0|PYC@tMIhIpi<#T{~V=DP4b!e15PuFqj?mjkNFE
zJtcOE=7(FRU8oP=^4$I!gH_a^EB()bz*ODoS?j@OdM*KXZ-RVv&y@FH(%^U8E!8Qv
zxkrKm5H;k4)=r~n<$oQlr*x=f$H$)2Tb?}^JRe<jU12%u0;v>w2_cTVqQA3ldeT9h
zhe3QCt{7Q{cxYTK=Azfqr6mno&LCEoo0Nmr&o;m1Ch~>{NrsWAAWwN^CvIv{`jP9F
znuO5u+S*p0`D<}yT9F_wagnP~jZzG9g75w_zEyLT7A!ssq&aDNhdn$}1t;7otpao@
zTz0~HJmag?Z3>_WTfukmv<jpo7(X?CF(HFke49a$l>J1RlD#f{Ib-l!)EG-Iv52r3
zhEMLGlor;2_1iayP<5SwlHPPD?7!kqU-f*kHet%}<~r#hcySg%swTbANlChs-Tg);
zVMkLA-~GTYTf=$D5&U1Iwxhn<6(6cJ8D`_fPoI7jup7;;{Pby)@==iEf~V=)V9CYt
z0PodvKcQ-pfbToEf8~GAzVFY*vac?^6wDaT)-0J!^118h3(Bhzp<Q1e%R|`@QCl5c
zqA^4|szFcu%%v^7xic?aCBlO9HRNApBlhWBvZ*xgO~W0fS-fjdUnP(>UdP(!#m@AE
z6_Shu!p#zT4L_SXrdfLIg{h_e%9DZ0X13Y|i>{wPL(AECq^${ARovOMRw88Y1h!J&
zqG=O-)H<miyfO!Zlk_*&3=GL3bb0Ra<~U(%_-26wK{<)KPspMSvQ`Nd6wBym&E+UQ
zllGJgzcM)mjr?FTqi>-IKeIH*B$qE;KT5|)CVzhyt2)Lhg#SkE@N!_$HAPtrru7*$
zmd`q@2e@tu^yAjVB(ryf$Y+z?hn)pXsIJaCBlSwc#e|sC*`8-p6dBZ8WvjLGu@i>Z
zsUi+WUddBr7a<v`<nwULc}93z_SzrOur*+C{ywebdWl0S&Lv#h%k#pz?u>9|)~dYm
zZ0p}up#Ry@-+zCzSalA!=8v?$w?BFiy!dm7GZ_Bow|McOO0QqpKg>LKha_b9Uz29K
z#5J4^`8j(3skO9GNkVbReD=(u`iemX$4%AWU9*3y39HLE$>a^uUZDMjZ8jeVe*(VO
zqP?;-*g+pRs;S^)tR_lY4A*jU$%$4;r{QeW;j>Keb2UFVxPRbW=t1j1wU$}AUi1p!
z!~XdC`6bRQ`>{SOx@skMRd0~4^$v3(6Zqn0sn^X`0x1yVUo!;jmd5Ed@A5>MzTiv!
zFJO{zn23J4DYX)-h(C=iW`%F9!nu*0v8tO^M{eSa*g;z}gk{>O@Q@vco#bm;4i0*%
z+9webt7wj5`@uL7il`f*_<~K4g3QSx%e0$(AZ%rlnPOR~rWzfFH~sec&i;&S!~D}{
zgtOMRB5}9n#-}+#B&wA=C+Nx6nZP_$H~5}&b~Oc+85@H@iKW}>ej5)RVIv|_v)}Hl
zM$K$9ox17v#@pr^TN@t+_zAd~m`ErpW)~E6eNm$-HU4|q<c2dQQkSR6@b4v?{_iKr
zNSMd;x*+~xp|I@Ve3Q;e>Fof2OK%eI7{TB<k{9ynA!f3RLdrt4ZFbE*z1R0}Kh;^t
zqTRRQk;*1${tPmne;(BxTDck(aM~?C7WeJ-6EcFNnXeXijaZc3c2F%twP!pT3eFg~
zu})rbm6$)yoOLz!%pc$*`u;8|DA0xkQ(=I)SbTpZI&ze4&phY%_HcFXYG=(;XoMKd
zub+6=DSevZS3xv3-}kCXd)CI2<ofRI#myn7n!BGthPwJx=e`VIOQFK?@9mhw%$-)&
zkfs!~Nkrx|i<SLM>55&IO#1aHQ_6Q_dOxZi*rKNtNrq`S6vkA!9o=(1Ry?$ZGk4;V
zwqd>2#K}t6fmYOI%;9`WHgWxd1X#as5iG`bAoUG(1-|hT-8nmq;fl*gQ{j2ZqWZ6z
z`7~L{4e{AAlm2sW8R=xS;H%Gh>ZJ+i^l;H``1JD~+=q^`4_b;e8OHoi7R$AT^jl6t
z3>#*&%L(}cJ~S`&L@(lIZ#oi4Vc>A8V*ayhKaXN6J|EMN*dM{Z^37X*--XJ;8A;t`
zu=nQQVhUb1AL*!4a;Uh0mAaP1y1kkjMsdRYtW?3RgA0~+{;woQ(0Y%G7gI|kC70e3
zsJ<zWju|t<LnIHEW6kl2aEtj)B=Xgo=6g<`FNaCwe^>qPG(_RD{h83|;Dylg{^&j4
z;?G!gkwp3k-YSm+bnc8EyFcs;rdCcl*}MW@{={rd-2Gg_G13jgy|3N>R^500v%!XK
z-*;Or(rVEbwMj+ny-RH|qKcwo6*X$lBB<5cl-faUYExTKYR2BHl-SfBwV&&LzPz8F
zKj6)$e9AA$FS)K`oX2_C3^t6&D%Kkw&yI1I|4tP(+36?7xA;bo2uO|z^yP|>o}#}Y
zVtZkA4o^kzaV@NOGt&1GZ#KiqSGRA~=aHF`z&LFHhj?1L6dSZqr6bP>)9Pz~rAH~v
zIzu0yhXl)H+LFSU=!Cq)pUfb7h0-4W;JH-k=3EfMii&R?$anOn^E;ig?JnLyh)bo=
z?{&8lDo`iL{lv4nnLqyGQ{A<D8l&_!?cPMY11A-Qaz`Bu@2C|+ld5qzn*F<4d@=D<
z{LYF5FZ?h62(4Uq;ZFWQTagO5*Qao})1wL7tG)X(igb?X1%d`edRLE4&SoNViRMeU
zgX_!r{yTKR)75>bF*#l9jI2^#E5}0|i4q$tuX)(yzZ$qJv=HLAi7XwFHK-t_Db?C?
z%2W)+Hkb1~E`SDzHVLt#uNDLv4yOA572SxxS&c;IH}Wyu+-KS-+al^^Bs^z%IO(`?
zFvaC3s(brRebCbM>06Ec6vly<(I37=80_OZ9!#kmGTX{R<@RYtwjd$fL|qzx$k#-;
z6WpM~jTAh}B|%zLd-}O(2g!^N@uJZriD6uZ*#}?P_jvd)YdyX}CgVM<j*k`amRgc8
zv!ZGIG#!*Q5L9#vD4BnC6eGWK#e*E&Bdu4LS`#X))hJl3j=E(XLBnN*o(KjvamD^z
z5J#JF6BC5|X56nq(<-BhBAAdtn0b;$;0f}dn~Tvntp7`G`z?dnl}&iLDGziMsX!p=
zN84%@J&RyB0wOKVkKbY&XzkCqv1TWK@j~|{9Nd1lK!_BiJR!Zis_m(TG-EMz4djN&
zbZ#vD7p(FRwozc{tYUarRjN7g<{h&8biG2)aPa;<wP$V|Ci6{l_oKe!J0bRXoy}Yt
zrPGQ07Tes;%XpV*s_Uht2izlgFX`H>g8Wl60@74H7ZE<AXWUg#XioG)F5Ds&i0Ea^
znj}9AY@qwU$n*be(fp4_FLgwejD7PMFI*j~-Miv$1_3HTy8*g`riP&Ib4{OVGX3q%
zC&DUGzlZ=ml7GGP?Af(GaVQRqq!*V946mTZb9`NziO4F#Hj5)S>=GOxopS_QAR&)T
zcRT-!FOFji;xI(J?f!O+V-v+5zwRkF1zZ#piv5ocD^|8iB~u$(Xpb&*iLV<iJy_C=
zl|dSu35_2mIr3EfiLA}Pi=W`;*bBk_rb^4ZEWJoYB9iu`R!%-GE6ndg8Wt-;%l|#P
zoeOC<55H~dq^?}SBuFJ;KlicuqP;=()7ICoS;hMH0^ah4-)kF1>B4%hEv4mz8v?zh
zMN6bbrEEj$Dx310D|d>$Y~%OZWmaq#$d(Af8Ev@kz2hUV0;nw_+U0tylJ;aieQlc#
zYuZ_TzC8n~gL2c;J!%NRl;xGT*>5rWgFdAm_}kOI=y_v<!;*sz_tloW1Eb?Jiw-$o
zzE9Ge<Blg^volGhkt>A1G}=g7wnFbYf-&JZ3OO_%42|)s@U-m&#c#(#dlBREItDho
zf<6XalQzqu3+esDnmZ|eM0DNhy(EPa+!w3G<r+!yhNK?%#uaqZs0{%O`;2QIxh0E<
z72%F+HXzU0*Uss7&OI3~mWtCe)q{4v0_UqeS&}Pj98yS+{$QO+w#{`2(9z3@u9g~$
zprOcRmFROZ=wjSUCzZEeRGTB@VkmRzpSPkO;wWfaF50Z-?SrkFrY4QYp57jA^ob;j
zTMhKCo{YBf%rdh-zxDcseFC(f$If&%1}ATfx|z@d5Ho&;lC>KI0jlA-dESd)Xx_k<
zyaJ+Z@jlnPk;i}U!o>70sm%{ky!%fu!)sj{`sN=gJxX3ch>o4ZltV7S4eVXX7YZqD
zX8HELC_G4i+*%*?2FYvXv3yF(k<Q6C*logv0O^Nkf7F61+mh{gn(975t{r^-N`1W3
z$OF&rbHkq?>u}#&N-+Mz$cDuTK;C`pB%ET`FF$Ho)(KW$r$H6Y@lz(nHBaUv-6vjX
zB;QRFPhjw9^ga)FUiEo5Y$ltd9H`6^J5*iG>*nU6p|Rqb%l%Yn{^7wz;P0CY&5)LU
z?(-{NX=h*l=9-er$Xbd#>NZ>}bH~Z}rTd$%VbgW?$Q&tAc=kyD`<JPbBt&s%X{%{}
zj&a-O3A?{V4o>RI`jx%Woeg>K16P=;x#ORdi7H-ir31ME+z6_(LFS#qMoFY%Cohr}
zl}c*Xai0K7ex?6rayjJ>9p>F>mFeVqN;^EB4v{BF(z(L3R^mov$;VLOV5HO!N=D0|
z$(aPbPnn9lCd+?Zty#=W70uuEP#aftt`~&y4f4ctIX8gask(1k&P*%AxgTU+c^$OY
zq~p#!<(DdT&>?l_+kwimHzX4&qzOno+}(6z@9{SDn`5Q8X(j^Xyu_gw7N}^?f#p#A
z`uzyVG&RQbG*s;MSG|-<J-Z)uJH7Wh8!}oJhr{lN6P@h@8iNZ08c}<@q`hO}uX#VH
zy%9CNe;x?vVAr`9pK9|~f5ReB3%-vCr!acDSrZyoMaeE6^Z%E-ne|nFvl2vxS{l)m
z*$r1!wKP+IPEtvB%(sGKaW^q?=;xZ}@btH&3gxt@NW)M{wD1mzi%BsRM<?GUu*k0A
z9w5vi*yfO21AV%mS`S)Bh<E5|4+kfI57~7WV)=C!9v4CyA)rM!H(eBOm=oI9d`-Kv
zk-WCDa&fllrY^B?v66x;ZLHV~fkjqX#Zr4r&5YC{IEC9K1clZ%<1}W;loNGOn^;$0
zdQzT0#^3nLftqDMKmucmm`yosQ95w1bs|=&y9Dj72CRJbpe&i7K<8KQp0c-_az1t)
z>#9ePLs=eSKW@A#XS4Ucor3!v2S0-ZTVf68*L2;0*ViVRcMU4g_P;(n3nA1FF*%>&
z;Nv}-t3Ow~BX&FSrVsZy5EcTBPU#No3p1N^A0wDP_(?t!H8U#Pd)EiL&FP;|XJa{$
zLleBDUfSG=n|0!QenWmrsjjVC<gqfKRMw2jzL%JKJ^AO;=ob%sIhqyP5{(x(;))$4
zhyJdJpykGchF5cgGKICTjzU>)l{TrUr2@6^TTNw59IKQ$TI$zmG=QG({eaLw4jqFi
zE6IZ243a)Ss&KfeH)3P(`n_<Llf#2qWo<)u*HJI$Hoc6gguG8+K{REPz_W+8%>5G<
zA2ZxEe}yS#?K}3F9zTuEU|0ciont48W#I&8uH!*JPpcecIV=%tGg0!rtV{$3!_B9|
z%?B}}C2{QZR%2{aBL_Wt=E{cM8D*$eP)O{5|KloMXjfb7_mgqgn)mj<m;v|Y!ZL@A
z9u{=3oQz{F_vY$BI*DJg9W@AL-|&_Qz{Ffx^-{O-j<AI>ZPPC{<57?K-Ze^|<scZV
z;uTYcu^mpJB(><c7|sYN|ERbX2jdH0Q05v?w-6Ox*W<NGmwh?4K;L`c*HvNC=pz9p
zn765hWJa62KcEmi;Sdb@XY{6S=3o{+U@VMBaB%5hMCOfZ&km3=7js-kuUZ8T{Gi=}
zYQ@?{)(kIJU;m{@aqgfn(=(h9cWw=q4}ZiMY#Bg&5Y{7!p+G{R+&MBP2)*Ug1yrtQ
z>GPRCj`aQat}P8kLV5?Wh+uM!s$X{KIFeRo9K*n<K!Kr8r%}uw5cGjt#Og-WEORxA
zi(h2$N~d!PG;Im<Wv#VaWfVqI=kX-71jIl{H|k?oP8>(NYgQ?Z3UQXrW@z$+y+7~2
zpC0ve6*e&+khGsAtBQNXBtg43=1%5e?~c+1LdvL`JgY3Qo+b3&E)`xUm@*#cF?NQr
z0zhu2!mvjD4bH8CYR8k84J`Dq=6!xZR5Y3Fu523ju&$-OcSq**Pw*?cG%&i+eXMIB
zNksw3Gkk_tzNg;jQ!SyLIU*ilmc!eH5N*gm;wQ--+&9hxDY^N3o=bB}K(3D2rn@@;
zIz=mHy*BG7JDLT>ZSV!EPhjc_(W=8dYPgeejXP@bDvCc|#zJc*nSyTV3s{{>g82J@
z+C3t{szIFO-f01&Nv;*=9Vey=^YJ=`TM7?M2a)XtWoQrHxIK~SC}xLp`#uub{sR?w
zdc{0t=ipL<a~r4x)-EMwlxUK~{q=N}q4ID7YTq_v9hY>6oOhYZOLV+OtdxBO^BHNC
z&!ia|o|KD7W@F=R>Z4W6%AKzZGT&N!AcIvg?q3ay;Eu{hS;YkR)#oC<pG=1jCZ(;w
z@1C{;QP*pR8dngmk{JzWUq8`dmy4ZX`SUZxnOOlt#b>s2hu)?@Yh5c{Qu0@Wz1LdC
zWtBCp)zF)htSGvxD=((Jx@xP9;M9T%U6Te~=qa?OxqXH5Ep2VbO%sm+b?g?_wO4ze
zSS2J>F1*~Xn<BKQi~5?k%LuFPfmOeq8}3xr{z^YW-CGN@<a6z16YU(WH?Yhw97Aqh
zdjGc8C!*IMAF|kFzm&V(IwbDgHkU#{8dsoY2F|OWm+&Yg;VX(vY30+RcCSrBN!^s=
z+fO2<*|WZJ3tCq+7~FXDg$2=0Pp4xT3v~*Xwu+gJdk9p8n?OSN_VOKyTIX`3mq#Yn
zb38}m^{eBlMM5q)^SJ!wpn{GOM%ZnSOfTYfHfLPNrm0fK7(V@TN%!>=T7f~)kZoQ+
z9c5itCj5_b>44M-$C%lw<;RsQDYoI4T@PU)Gj~-0Kd{b&!MHEEG{=L;v?AKfQ=J$3
zgA0qY+VWU}RE0!?*20-CAUZw2O3O!EWEi&tT9h<dV^w_YlnJ>)oCLa2vWrVctaT0<
ztnBRLKYm<=zyO;XcR#dzC8Yh$?0PBo$H6MS-5ln-(3>M`XWO?ddhNwE?N}b6V4^vY
zK`i9t#qcjjXA6Uv;>Gl6^!-)ESz)%ao;R|(uSu2LKJxUquLeF7mrR_@e1o(<4_svl
zGQPJnKy*IP^#MT#-$0lG<3iQ`LRGB0_J!CWoQU}=3FHZ(5?i7->(S+u%||IAF3Y~|
zySD}{y${bRdm0^BK6%~n^%c8Oi4EV`^)dBijkvI|c>w_3h&U3@`xVe*N~5s8a>`8W
z=Jk)1HjpffH|Vorj6<sWZO5ysZbs-Z{P9R*X}sbq0~?0VEYW1QZ>nYf@?_bZH}yx#
z8Ra5c_klDntC}gltBxdowfE^J0$(MpS6vgLsHFPu=uE!AWQ!~*dM?>&Yl#`($30<I
zD}rv+ukbw3c5q@GX$Clybd1P7pWt+XHOXPo{Q+a@#l+fk8D1H0=U0^Q!eOZ4)@9wo
zTK2geUR~&GI#AxVpDe0Zw?-IKTxRQFa3abFt#yxQ?^u`#h)ghN-SnM%61GG++}}X9
zOY+{(pY2W)f9%{7-&p@16dwh$r_WO+l2=}*9xML8>INN8%dyn;X|bbejk?s+*L2o{
zE%-2Qu$f_9qj-8+IWAE@c{Az1yzs+h6$$7k==sZ6fq{hFX(n}0KeN2QPPy#)H?E%@
zyhw(fn!Klrc@d|!Qw%W`a$?{(31(FHs-s@#YQ;4l29kIBa<HX~aRkb(h|d1HnXBpi
zaHY!++L9ZCLR!O>7$%<CZoQl{8By7ExFcduBT;9Uww|!GyD3mO-I-_^q0-i#4}Ade
zgjIYJKj`?<W*mG-p>)TxPdMWrd~WoEPQ4!QaKHY6r>GYLHU;R@vz-Aa-zhr9#wxUE
z@zd~bX-!yF0xJHC;gZ8eR{R>%-Jfl(!5JlpbImm#3#lh@>Kn*eyo>|WVbVJjjA-N#
zv5Fvx2wuULbyWr_w_52y7|@$Z!!^-9WrYdTCdtq4{d@cQc5AmT{t<8Xw67rV<;ruh
z@J=mzXg26|fa`YNpcISKo23P#B;?N|jvEh$BbzV#jx#=C480-<*AIKxS39FlF18!`
zz$jA5C%Vw;a$X%QBG)TdQi4nA9LpI&*O88fjBsqx-7&xl!is?H>Jrwy%h}fW;meVs
zPaQs8m0+nPC`c0PWnZKff{qh4OO8?pc5L;1sja^k2X0YPcIRtZtBMh9N=@yRst2l1
zt!5qjFNXXTgiU)WzFktcJcIlQg~m=L@2w-Zf^c9xpv)RINQP=1V1b0xOYDWQs&3z0
z2nq$2X&mgFeMI-wkM<DauF99F`~1DV2dkP`><ALmwSQt!U0^+TLscuWu3$AMK3elL
zJWl0cTTO`;u~mxx?uGwq_EMTmWm@!Mnqs8&9ODICYZMKFcKWjap9SqQ1(Ni2lMRef
zx^Orrf5IzDOvcyREp?I43|azU4yu0gJ=+1uZI`M+yloXG4`OA<Pt6if3=&#nDi-x0
zjddqNj5xw(-Gp$B-nLu?6OC{}PtbApa}l^vUM}d}!+?Secu+<`5Y`O_P_p1o6Bm}2
zY~?Ec?OZLwhkxlm<2lH^-s5~46WsK|yWoc?YbRJEAO>E;<!+aUsoSJn)I<L?HaHt6
zj$J_U=?yIaV0$4Qfv@5$QLJnL(s=^l@n|$-G=n9D#{Ap9xImh=@vMqn(J@^}udny3
z$qn+358*~#ytFt&SLjiJ0^?JppD4(}8oDwCxZ+R=#NQ&#Pq<JU4oK;O$8CBGy8odv
zT`hZ@$a)S}k~L8)C#W<>&ZY04^_Bt3Rb;xDM4?O^+MBzTpgZVb(5pfoV3hj!?5fe>
z&b19h9)<b+`C{kCRa7{HY5f^xS_6z{HH(0>6nW3v%1J4pYA6rSmAIJ%$ew{~`9d+3
zNvYaB+j>S8j^bTa)W69nXTAU-U<F^iH@W3yl=Nidce-ph@TbP&DS_0QUnQ{*q<dd_
zy4|Ipzqu0>(;_diQ(O&;n?<2aflk8!h<koqWvtZu^m0Cx`f9wWEFmut*lMaccIl3r
zm>9$4$35CFuK$QG0B~MV*AJ`gVH!ceKtJg|2e;Y-JCN^j!szcO;FvCBiFJ+MLodg=
z83&?BP-p>KYT7awKvfyltCg*q5b>FgW?-Wm*J{*<erb$Rc$al90+q{tBzntCN{Z7A
z<e~-tTvp5{K03baNL=e>avlq#I0#kl4juSunCQrJl+?`#G`pLz#6wHt;O#Q)>n3?J
zJi;D1t6n(x{7kBaVCsjBuK~5q<O_Af;5>b-yIPs8ipX#GaT+#u!LP(7eP^glPk_`Q
zGln9N21NNoZv7NXBOm|6iRY|W1GT^J<?$7ad+MWdq<w(8GN(bYw#2vNVofp|8~j&Y
zFW=yQKW$9WQSp?CSxiyhYJzdC+Js`1n~G$@a~ephCxg89j0?+VK{w+&b;IMW)r3Fg
zvB%Wx43x*2s@jsHPuItiOoG*HZ~U+>(%%PSvr#grOeggVMCBl;=ZoSx`M0Sb{cZj7
zKxPl3DN9d7?E>YqFVkdt0#Oz63~l>(0etQ0(<JH%hB=|v6sZ{f*0b*c1p~-?j9N~a
zfXg%sgJ30s5in-7P}4uDzC7GaKohjaoYcV?UGC-`lnzO=UGW!VeO;p6zc}8ywea}A
zU9jh75|X@>8vm8cZCNMqba0+(%?2e{1oj{CCD=>GB8(Y}3e?&M^i4ar_|v?v?5&hq
z_hMKSYgu9o&UEGI7U`1yn8?oEPVdcwecBRB&#`jq9y+wh3$zhUrApDpL>q*6gevzC
z;soQVZm1?-a5C+TQDuk^B>2kAn8~UF#9`&pG4<PJVAOr(BVG}#Psrkd)_ss<5Gu(`
z@V)_m_XTd*aBKNRFv}`!Zd-;6GfQO``X$0JNFM~<8ejZ$Vc+}AE1jZlK?WN+Q1+R7
zBK-3yk%>!9n6K^INxw1_@wpfakNQDm6G!4#!~MCz(M;?QQFT>fmh0@5jNL|Ii%*PX
zxF|$${#XJf&=QFn<318RIJ`jyL42&ibng@Pd4nXm)6U^V=F9k2vK3DX@yVasdNe-*
z<4xfOKu(&ox1yr(@wK@rWf#dPLNDN2y1l{b8S_P7MvZTGwsqL3x?Pfog-{JC8hthy
zXgu0A=2{hYJyZ6f?enQBLwYLNw6psS|D|lz><EiTf%>gI$+yCtCg-yAI&Nddn8RHn
zzsJI9mQ~BGxx&zP=-on1*$^i%>$5Bwf%y}6wmZqtnyRSF#drt~+)=cT%<g?^)7F;}
zb(tNg8|z=9b#gxfTigH9Y76G~l1y$SHTa&svb@j!s*W$n3-YO9nU2;F_$j)cqWzi8
zJ!p=ENIeSjt$eG(LV~mUXH06-Ggx?Rldv#m?NiB_2sGxO5t65etM6ST&w$f$T!&yR
zMc%(ehb%1YN%w}<MVD`PckM41bT~o#Tqb5q7-pg1I(WePhA)(9Bm$Bl>&@jKLav{w
zwj3h5d}s+R%@>et5Mj#-Zkxi12^OTgW?bY!PUX!7sLic0a-Yux5@PiI#f`aBpd}ky
zKVNDk8@x!4*U3zcQLCp&(Nk5^zR?TQ>+dl5%_>+JNMrpL*eX46WFNZ*MXN^0RQsM@
zdu3zd$?ZazHbp2dJaq!;xt_%!U8@HsUEG=Ojmuxx!iAXUi#p!<F#szyCTFOA4gAB-
zI#Sw78FUGTvXkQVO=tcDtMqdU*&7AWHtB)2AyOjVuAYgGo;IFB@8)2H<Ie@GSVj)7
z#eDO*TbV<6sRYB~7m58J{hxgRwW_hvi7{4l%!IAi{@^h$NM*t!*Ul10=)c>{EGRfu
tgs5U6^rs7sh$uEA!T2+*`Grwj(+|JN(=)@AM*IUF2zjJjiHx!T{{YFcx1s<5

diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 38cebf0d09..86bb15de0d 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -72,8 +72,8 @@ The context of the rule lets you tailor the queue to ensure that only alerts you
 
 
 ### Suppress an alert and create a new suppression rule:
+Create custom rules to control when alerts are suppressed, or resolved. You can control the context for when an alert is suppressed by specifying the alert title, Indicator of compromise, and the conditions. After specifying the context, you’ll be able to configure the action and scope on the alert. 
 
-[JOEY: ADD SCREENSHOT WHEN READY IN STAGING!!!]
 1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
 
 2. Scroll down to the **Supression rules** section.

From 9128c3b9084a649551a3615fd3891c2afb02f93d Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 5 Jul 2017 12:00:53 -0700
Subject: [PATCH 29/49] update suppression rules

---
 .../images/atp-create-suppression-rule.png      | Bin 0 -> 23222 bytes
 .../images/atp-new-suppression-rule.png         | Bin 0 -> 44552 bytes
 ...ndows-defender-advanced-threat-protection.md |   9 ++++++++-
 3 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png
 create mode 100644 windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png

diff --git a/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png b/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png
new file mode 100644
index 0000000000000000000000000000000000000000..116c89500d4c96b51c5e91f581d19e431ab24224
GIT binary patch
literal 23222
zcmce;2UJvDvn|?yf=Uumf*>HMh$KOB7RewIl$->~Ip?5=fFPifkt|7akPMBI6hv~8
z3=*3RO_O=m-@X4E<K8jOIsd)mz2iWI-FvUScdc5rs^*+UsEV>I@ulmR5C{aZyquI8
z0)cZMfxvxx0UwUkN)q_Oe-|C(w4D(Mk{0Y=oETOT8aPPcBL7&LV20p4IpS(mNbuG_
zhorS!9=f_%*gGNeihjw#AtDzzBxUMs;$-RIVrg%OAisE%365XF9)D!-;OS&(ZsCF`
zApIo-M@jxU>SX#Hdn$vArL8G~7ejgxKDmhfMBU!Z#r?UHDMH`j40}4^KZ9F3o7g;u
zQ=Jf1O%;)F_yYE@=5r@IOFMH!6U{;}93%K2*Sk8Im?F?;fvA6-_Q>AW*3`}gvG*$$
z3CHlUr#-cFu`xyDuJ<t`5DW-;sfSNJKCMppt6bI0;6LW%YNHP|xr}=%p-m){aE?eI
zQfBead&h})jb`8KLbVPHn!J4re24BmCVI+;vcBrOZN~q=dO)YVs(!Llp`*rVo5RZ_
z_HWtE#1}lZt0fZW{L`+IJ-s0Jnu<$i;UsXad}1f;VKza8kNC5vf+usk%PGqnpPXxx
zN${p6L)f&-&IOawlMF6|EOEGZOK1j!EGY*)OA*>Q<X%mGSwujlnp%2ZMyk&^fb4w*
zm66mfc6=%_`7oS+=Mc(3l<=&p+y52Ku(0p%$WVS`^umO@-f3)V7Jea{d!2z!Xzow-
z(&HdogT;+5T|&gei3OFX)h6W1XXppN;?YmUB3=DgyL7{37e5=XKj=o+70l7shp97*
zQEYhHr;_!h+Tm!Zl@Rh5xij9G3?XQX=>KIcpdSji+j2SlBFy1GtjNk`KBLB_^R)>1
z3~e=Gk2y;2p1u?j8%9|&zZOYQd)@tWRriJECsl}ip*{2PTL19&P`{$>bJ!<nX`$h=
zUHIf@JNGR&l&*gq>FC~2q2|*w!2X@x-aj1sC~x{>7*%4HCp%P&>$n$(_fhS^TyEo!
z7$pV^ztI=#h1GP6EN;EihgUK-|J5>Xp7Kck8^@=+?D&Y{LeeZ#T#0k&nhx?2`=i?k
zqk$8X&28i<Wk5>ox8Ni9ureJEgQnW4bxfTvMu_#O0hJXK&*vPGJJ#{ZFbpHFZ=Thf
zKe<<(8*1>x3eCM@%hK-B*{#;#M_ohjjDR7t%uaIpG-pt;iU@|4Y%xBomARZr{(0v#
zAC6RI!}(HLL@BARU+i0Wmx6=v{d-4x^A~AFwF2yg8`}nB6~!XSCaCpsl`MU`w5tb9
zCVK<VBYKL5C=p;xk|SH>z^Al^K^C_*rN}gali}``;6jJ?J1|)&)ybkb4MxjJQeNf}
zL-Esg&d$??MRBt9ET1TERN2!TN99wovdzm1kq7?AC)UO~GZByPj+b8SG#q(DirE-i
zeZ=6mvy&Q9rf|v4a<4A$H2lJTCIMlK{JO!Sa}4ulT%YmdrMRoBeY82)A7@S{5^Y%w
z?{S`?{4E=e2HYAduAChs`QO^YIp4v2?Vo}aRbc|!BD{ahbxP=y&X44-Rh_7j>tJus
zxP+bQu11zKjfih6U3FV?G1k6*lgBX=TAEB^^xiu|v-<=a_*sgILd3JIg`61s0k~_A
zmL_@h&~Qb9GuDf?nnoN)w#%Q=o=xi`JH@GZ$#TvP6WW~~n4Nsg?JO9$ZBggboB12O
z^l<e{O1=mVVir%(c7YcB%e$~U_o&?n-1LMaGrSx}l=(xS&M1ua=@ezYzwqZ7cFgdw
z#JhVpqqe9_Q=`k2qbcUbB8ppm=FcS`{c<)w%p<2~!Ww&i;8{u&%v;8%w%Y4@b%!zS
z++15STVB0iT>aXmuW9OXperh2y1~X2DC`^(=dh}}u68H-KJ(WW6Jox`PRVJ};ViD~
zoa#xExlYeCiKH$+l`lV@tp92}*05Z-8t;+0@1yiKi9;uR!2hBB%b*N&RwXQ60ZmU_
ztS$YJg9~CiwAjBe3u^t04*V;pTo3b;#1$y*v99TM)9`foOcItrZ-du;tBm3G_AS!M
zR*U99-^s>eI}OA0N3)@cNK9_k<@%2%8Q>Lpi(y-9k<ye=_&I4+O_IHbPQzXY85dGu
zsXqc2LY!HA%`H4y^TV1*N3Nqx;z^Ut<CHJj2BN2P@3;+Fo{V<G5)A%v@gpz05V|rT
zMdf6x<11a^`PPhQsQVBZcm`9y!Ln=y!_DgI>&uwvzl$$gmpuH_=$(wm#bPJ)CE`T;
z0lVJ<Ezi*4zJ9lF!iQJ-IKJ|5!zFY)xR~U?-@K4yF7@)_mAP&3O|VaqcK69XODeH_
zYO8&be(Q*%sCao1-Mx@c_eZVukJR=il&K>wNX2Ac#RfoD;>C3j?}xT8gUZnJeqnF8
zduqX?8Hx`$tTF_&2LfjmKAwUHG8%t>!4)qG2Zx7R#LqU~{j<Q0bl2wnPdFdDKS~e>
zhkAUlQWWilm}n5e;5^T|y$!z1+aKc?BS;wcc6p^J3c1F5^m(ABinTUOqYy<+qaO3s
zYsc;vc6l2PFt39<Z^9+5+%GGShfds(OOyAGt_hpm!J44pEGhL&>h&hfRbs8@SX_)C
za?eX|f+cXDSs{$K-R93PLD9J=fBF{W$FdE#k95jShLQCfu58+c9jb574&7<m+S^Qg
zRx5-j4OHk?wqUSx2obTgj*EHb?sLj_HB;9sk34*c!>0<PV-pRk22`eUn}3cSOpYBl
zUeF<AiyG2|nOPXqu`LOrA)83JwIhjW@;|BT%DheSYZLd?2=30{A@1}}pP&AqypKOh
z_zh*R{twZDS2qkKqI8T-bqoVAibt@Tx$8sLjaOnvbc>Its{f2%9e|5nuJsMa$Qte~
z6kgN3MQtGEUJS$kN<8yV&nl&B-k>4d-D#N8mz(EUa#ST3wR@;?R(0)sbC|`FO6|M3
z3})ir6!A{>J>WsuILPC_j_JBzAM%C-9Y4%za7KFk*U-r!E1hHds0Ej7VC*hps!Hjf
z&kgbRzR~?4Jxt!8w9~q=v?+A@tuAq33f-rGJX`j(pVTS!fzX&J{2lMWKThgV0y0X0
zo0G^&kuBGK*86Bf67Pn=<nCfs<C~QmLsBm<d=8r55G!rGWED_T)woN<iS{RUI(zba
z{p@S&@P<ILQ16a4MTadN*uYqA+yxsT_K^-9e7_-TV56kH-zm9caZ=S(JFbYod$>ie
zg^(eQ3P$B(DU<&(UJ=iyy16sus}%@md*9`WZM7-g?9+F*(e}<PJ|_|V{mc106U~*K
zl%?QLy$yO5R>>D0V05J-{5OmCC)m<*biIxP-M3sjZx<tlWq7Xc&Lf>~Cs4j+s8fGP
zc;6Mp`gB6ZRT0%IC~Be(p@)1kvh{J2Ac24VWGF;i6^JjT56tlE*I>J)JL6q}EzRS;
z6(fYg9a&U}B*R^tY&+i@qFR?fY#u_o(YI)L6MYAECWwd<>L&?eXKHVX2~^K**O^E`
z;HtTlSJ7DXl`q()$>79Wv13Dz1=;!6FQx~~gd>Xl?giU_<J$fo)CNC`$@6vCxOew`
zIe9TtH<&V}QSOAWBjQLb4%^<W`y*g7B<^{VoR8h=A+DabH=T^pAD!IDv3#(Yc5d@v
z&Ux#>q7iZ}&iJw+7baoR%dcv3?HkpkpL=-7F4-=Pc4&xX(36EbjFwzYA#yrI_ZdG>
z;Dv{LZbdNt$A>VuO&?x!;pvkyW{8;({#R%Jdt?4Lo|O@hEa;3+O-(J}yr3k}savRF
zGg>BHbx8CUp<7~v6D~6+p&1zB#pQeG^1{q)c0SH<owubxgVoB)>Mv=@+qaiq2L(O<
z_Ue542rb#N#nx=AR=L@`smto$S;fT-hihNoYI0j24}JamTy#v#a&2-(1|wX6&JQmr
zC=j+HzWz?;g{djpdQ7TplhQc-5+{Qcj@$m`bDPO}>WddIj?}tZ-{q5+6563KPAB3-
zNX+N$aEM-`pr~bJWYpt`>x@ZAU^y)`E7j72vlA^nJv})Pvz(lq-6jUlpQjTBure}!
zH!aoT>BMsoOja&-brMQWoR7AZm6Ec^&PT0?6_=FsSZgEnD8i%*GK;F5h{iF4!+fDH
zHcyW>>iYWn^pg1P-AqkQgIvaHtD5#!M*|ZcnByXbiVY(xEBUToyLO<@%*skw=eG8$
za~}KEzudCWl_WaU+1VM`IWK8#%_?@d#B`N{0yjX5Q&4c!`hbOn#aKVCGibEj91o$R
ztNT770c##rj-GyA{jwLKT4J1>q@8h`1c+PA%+2#oH*em=Nk~X=sL|VB%8bMn6MO&u
zy|E|^a9c6<Ts=pxQCdaI_3PIqhqn)fC-A_mMAkzEI6cl~%(reCb*G5>4UbmY(<>+{
zwxa(2eWArh5sBX0n3`HVeERe$0+Hgor_HrS>c1a2<;u;?&C^+bxRQ_PvA#@@QCLVE
zM!|lmnnNnEceXX`5uHK6Z=6b3l!la)6ay2}BPHENpPH#}KDV!`si|G2pty6|(b3^>
zux;8^)~KU(diQ4HhYx)@-@N8=Uv5*fQG}g`my&();zdu#t?Tz(h)eYA+|mmRA3M+5
z!(=18Zv1i=O3u*DIvyMtIG1I>%gYO|Y+-46acPevvo~bEGtPSD3LCxeE}0$&WkyB@
z+_CLwCgf0}3c-5so}{jB(lA4r7MpQ>#{^TP2rfdvd#}LY897*3RZA<Rtc<(&>uz>s
zrG~npe`jr-!_2D%bZZ!81Ba%%I$lnH=$}7-(p(;gzQLWqwE?Ti$;oa0>C!DXBet@(
zZoq%ZJ()%Hfwiox%uBR1W^<=XPgV8(f*<?*cClJ_o_bD3W#y1b!-o%7wl-o|HNAeN
z-hYm(oFbB!Q2FBLmDRDTC*`)Tn3{|X$^JuiN!?LW#+4wtD%HDH6tJca^<-+$-{!ad
zXo8Mx$yN?JY_Cq{4)3_p1XYdEjmN3mC8*e0s@M$&tWaFawaaqg)EwoE>zr4Rlj~Ux
zJhHvI?y4FmFLnA)m8ih2OssEwh3x##wEgaJDJl0?|5j!A@70h0(OG@$O%M>2?tC;$
zY@P{dHSV?kcs1bDC)$y<y_ZG!6F0+JaX<dNb^3~3SXlUOYUJvwjR0)~!@v)5eO)8`
zK%CLhQ7^k!7IIuvM0YtkWj#Fw7rIl$|8{fg<Jt6PNL$$3V-l9!>hyg+e$L6k>+!?W
zD%9Y*fzY*o7@M5TuG4Yn<IlyT=#-QQ7&vl%)lJyR$;pU2p(XUQ!S9p5YRKUg%rnoz
zdgP=SWrtIT%lw$Wr|4C28d!%gG-dJNM%Lkox3J9VB(tfXvU0@2*FmfEX}<IWsnl7n
zR2>*e3|GncxZdhS-LOe*^GwrAJc5=gc@GZ(c;|2#rccVuh_vi%{2MoJAiTr|U{o(n
z_aBY|wD2zNzmtU>r<-t!J9+r{zFY8Q)YsF}@Y(d#r^-gqK7<$D-q~p-Fz|dbHa5mf
ze;6K46df05GFoP8VPi88jkFo%hM;+HtT(de_BuE?Y}u@wT2N3h;}<ydjmW;~r#d=s
z_xC*zqKmSRAHQ1|VKuzJ-u`3i=(ARX7w^i-N(<`E8~ncu3yi|TG@Y^R<f+v2<x$DW
z@1moxV(&9nX`5SAMACY*N4)8m*#lU_JeDMg_J|vgOiVK6wpUiHc=-95`1v)Rr{OcB
zs<9atA!;L`A6;GNdv?SQu8@;6#p;$CpGSmH^c)}Tv^u%Ex@uKBq<b{LgAWW0AeJt&
zxKeX*aV2iYIQjZ=7@L@=>gyK@_GV;esy=;s^+RdwH~97uElp<cg`_Tggo98rJP^gs
zbsC!9fq}nhssr!TtMJZXS_c8z5}m@?acc{UroFYX=iCV;ekWeNO&0KTUzTEPZD?p{
zEgeB?L;6Tamswz|@z#a3mKLeMi;Ld+?RHg6jEuN2GuRvC=abu05Q~(LhQE39CLoTV
ziU@}jg>qIkFyN>a6Lw#hva{oGa(0%EGre2!od`eBBCp60Y2d?x5H-9r`TM=Fs0<7w
z;I>Ky8(@hS+KS6}@prNTa`V{t;>zt8RjLIB4LbeO3H<gc-DYM!J|ZNv0s&y~0<BWX
ze#XomYa5%ZQ_~vxgXUDN?d_Qr6;JEM9HtTANC7G2Pb@`8*W4acs&!2*;v&E~-p9v>
zn6yWPT6V|_M(Y@ZE#QywvBE(HM%p+0xZ#PFVjM?M^NfVIcin}YkrAz{l$73VG&D4<
zUfLwVOfU3*L{&5eq}V;Ow9K<`x@RA7s8;e}75f5Ce?yiu?soP!g@lHF%YK~H;;m_5
zu<k0D)OANkPU1<Jgyl`}9OIKi^j!$9N=o6`gn0`nXUEkMF4*-#5AV)#b%b*JpB~@D
zQ2*@elJ@cv!Y;e=(P<YU-uB0qrM2`-<)f=RzG@GWx?t)O=Mqy>Iq^|1{VQU3c6OvO
zgGTpX7Z6fwc&^m5{uJQ7MZ+YRm6J0!{VnhzYqwq19IUg4>>uA`M}37!R<AmTm?{*=
zXf*mK!8#+9|KAZX*1wuJ?WY>w?JRcBeGekEu(g%e)TBfh{fg%b2@h}i`|~3iC1vnT
zb8v92)c|Q>VPUny3@$jD<H@0`&rTOV)dMpkI*(}_rTF_e;Ii>NmVFYM9}gwoIP<>H
zyjfRQx7A8%m{wMHWv)F^*2aeIj#7NUdnVagaK>t%1MbGd6;@a+bAP^Cdu;z?CZnOr
z_io7bPfScyF))ar;kRQD6QfhlR{FNoo5|(1YoXWRb<NNheGPV<o{^D|=gn`PLvrC`
zNFbQ-dob#p7CgJy@#drPYDc`hyu6Tzh`l-=XXgiEr~4*Sva%+V^`2B*#;=RenT@FR
z^|nxQW|e2pg0#!cZr;9q9y31YEtOGMNAv92GXc--TXdd($wbft>V9!KFK>?3eDMx|
zg*wxd{wSW?^paV3$~(CG`HIQ4u`0*yzw)2N{ppsMmp!Im61e0up&z@u^Pe6siqEYK
z=I_st`iK1Z@grck!3%v4o7arHPx*T6jha&%2Zn?%ekn>#SzovF*`Emp`(0W1olLWd
zgA;&#x%KgycrFwCf8MFlSGPS;&G3_eBd%t#LF*I$!+x<KN<=sfKZ*Fs@)O6SJzF2J
zq0nH|p@N`hj#2{SV9gin0AHAarPbAzPlC=o{e~jruiD)PnoH){z8eU>E74TOeoHr|
z8c9i7WfA*WUjAF5Zk39vYP$I|7Kz7?ALoAg@*T3AW?{PehQ$=`sKms#<>uWPjg4YI
zcs~ncCwIE-9ZkHb_uh>-uFH#G>~P%RIUq%1;N^Yh)1&xXPxcqeb!4Xct$G)KuV=X~
z+mvTHO-`b{aq!$dV}s&HKNC=**N%^Z8)|E>^V?4j<kwzJ>lQzwEjR00aqjHYhYcge
zWA@@{>W_!h;54}f1yT?}Qgsa0@n`i0*_&2SsIBQh(zl9>_P&!5;b%6I>g||@qOpN3
zQSQ_7i*Rtqd#bm$7kr^Dh>&vk3&;8C?fK4X$j5s8sQFn~E@H-=NjVG~X`{E7eh&-}
zn;h?NHIR%DFb-hfW~ir!p)m_yqdh;XFp)yjUdY~UZm>_I_exkqgqgcZfPTFP+1A$9
z!y6u{e74t-@%UPg9z9aA54<p6^F=qn_XIucv6K!tJ5ub=n@W2;nvpOnQKIJHARNS>
z#)fx>^tN~iDH)kraFfHQvA9l<1}Y_R-_A9KENFDGxLnP`2Zo5h|6H=CgYcgrC#oGE
zRWwETdorcDGRlxPk9FQLUL&6|PAs!?ap7q^*&CbIjK&=r9S!ZxlqLA86!<LwHCzne
ztR%sDGWz@D{X<sHXzaV~O}J0ZK*HW07Od-ls>~mrkJ-cxsA4S&U9PgL+nk-DaHPCX
z{OR}a-)U2G4{S#68+@WRN={CGc(NgpE~4p5SORe&Ge4j3x1xT^&grD|)7)m1IRS^K
z3x9H4ZO`D~U@_~h0e@1FO^F_)HpGI1GXsJVJW`R%15Fp<UB>(u=mec^L8gggA^xdb
zln+02PImgtXZ($Bm43sUxQv<_>P*?lwhjL??}jf*4KRf=nwpv_b?+7O*Tqlg#7C~s
zFp!av?eC4*bD8~$Pm9j^l%Jla8}JU61UoxBq5>(Qay01fVQ$)8A<B$wL!LNyPp2a{
zalQQ37(_&9&vyJzpI}E8@H-X&N8+*@uTG2cT<*IaPA_h-6QFmgFjDOBLRVK8l=t&`
z#OEh!qdqb}k%8(&?T!@z!4ux878Bu>t(8}DJdJ%jTDz0qSxsl<e9(iM``<|Y(llLJ
z5ZK@ae%CW`V}I>_gP`*Q(d^t@pava!0%GgYZq)4L>uszb&(6;F{Q2|N@RT&JJwEP=
z@on=W%yk2Bl;?Bgn6%PTGDk;8uV-<%Y2(p)&z@b2-iG|z5jDh~+8y$_CnPMaInL1U
z0CO|-)Y8_Lc)8{aiowsxi5naEM7TzGuB_!PB*}T#l@1>@FDO$7G08?uZ?)5tY9kYU
z9waD1xO;)z*jZj(ece3MBN7sW|K?C{?Fp(DqM>Xg-9O{`FDNT1wQSBbzo$F7#wg=$
z5VN$l_co-rxx{9hcf8S;=7IU|f&9b)0(el5zwc!?du8b-wt^dA2q*+Y-n}!;_llB(
zAw)6bP&jzDn?8N^Z02YKNeWME9Y9ROM+9Zl_eaTJwM0*J!>P&k7uv$B39PTw8d;ps
zq<Ah+8(7gxrFgBdV56si$0oy{v9Y5HJ9Bg9N$(BOYCR5;aZ<*P8gQqu?d@$bUqM%Q
z_c?q2BbqPy`H%dH-u$K1MjkBC_-uY7aPT`poc4%Zi$iYtJKPa*AT4VjW?Ft(y!Gor
zx6$fIY3)$tVG%rds?YYt-zlPD%qbqY^78TxMe4e`gu%@(A!GQJDxPYn5E$iDRIA7F
zIXiprFrNvwM@SGZ*iAKxGAvsC@FPDPD%8bBELT@vg+_1Mm>Zb6K7J0L9sMW#+b@s4
zUl#pBBX839ZI&#?<9Mr`3y=iA9|SdrhhDVeezZ(7;Y}@}<Yd>b1^xIT7k)#SVq#*V
z+HLJRcKba&_8hNuCA{-7bfWE{vTqUW5Y1Sh3&5UACwjfgZUS3GCnhEJ_VvBuL>@ay
zbPq<IkI#VRibkVzi;LR_^EG=12ZLbe!Co*kGxN{&)ztzdBZ{Bl<taH0q#ixO<It~t
z4b}YYm_4!;y9*n)T!7U<2Qjby&s}P2*meo1$W%)<LofXwk!t@@QS|Q-bhZ3fX;=iE
zZ`9moukJe#m6@b@Q?#Kk_dqPb|7`iSij9GXS9e@)^*~Srd*o}EI;qd36S_vQq~`oj
zwzwCR=t74c_xJ28h)f#rk;!uSge_wD&+93Vu;y&-rf?oTi_5gmUZOB~Ui@h&OOJ8;
zF$Qsj?&Z4`L7#4E%bw^b?uYrfwZH$p>aL)3!!UQs)YNPFH{M(FCske=F(J1yy(zbS
z#@zR-{P$Mxalq->5i}8JV(vG>vZpqx!siSpn|4C+>(wV-!fj`gV?MUjW51c;6v9E6
z$c!`TXmJ$}r{~RiBbwA5GaX&Ju8K4)DpvS<(-_uYUMyYD>}A?SzZ>%q>kZ(KlL|G(
znSQ$S7|}$y;OOBjADwN7-3Y%1C*tf@e7{4zE<MKz40LmB`BMGpnkv70_lEuVEl&IC
zZ>r5Lm3qb9Pz<Bc)QPSG>|*w4#_N|PxkENs(`1M@e0Q(|Wk+mmEqu89E1COJJF-4K
z0kck-?9d>FS2S!M5`eX`hr_^qu9Kxi7P|RHk80_1yYG)Mp(QGxtQtdK2d`tt_PA%q
zGnu!(d3TZW$?Gr&#|E)SuQeenkV_Fzix!{%HWT96@O#mZ&((*s5^b@2;dO)4^={_t
zEhxxT!c2*Ef6vymw>6;;iRz8$f^S6RH_*vu)V*KF*>h;|6>G1($Kg67+kafu`1Xs?
z7F>>K5@uz_ny()1S!YI#8Af2O<=4qxSQn8qD-$-nQSj-tJicw<ZtoIV#@D#_JZ((V
zKAxx@H<$6%p>vCroGl0X{vT!xN(<oynr}5XWIT)6?C~}BHxL=eZ4U8nDYNGY{SL=H
zwj2~CT$yT<mgtO-K0>(kDRo7H-xMHOfL-Ceh~tamiT1aO`dU<Hk*0L-=w4=gNwJ&a
zOu5hwQ>EpdOAY=-@z4!BzXDcNkdLjE5AMLD$|VStA?p?gYld|1hj02>Gz8fi@)*<w
z!Bmj#by#juT9jOwuyvuw)8#qw`zs<ya<(|fSFi6#%(OxLs1rTracf(wSYP-nq;zRJ
zX8djfMOL-)CQoNJVIJ#iZe8M}v-|evQP+Me`3!=gtp=O@VJ$su^={bC(!l-LxBd$<
zTbcx;9jk^EzV^Va+U(Oii@W^|=l3|zrc76bh9b_BMz(c-XrDchqATVW|Cbg3&o9;n
zfe^6~jr{OnxHVNcD=8<OiNzlwQmfR6UrJ6_+l|_-QI`qD@kujhXedv`$*w5!+maF>
zVp{JV-`g6A@any`9tkduojf<{&@^Yl)z)Tqfu}pfuugleHMb5<9`A2B4{y1(@_tsn
zQK-F8*gfX><=~E6j<k0{oQUIRDizJDUn$-;L;)!!Dn$!8DVm!BDO|<a*UR^el!@G=
z!b640X383^rJEfi>8sMWVmx>nuaLs>$T&8tOoV|<;G@!w(;|l}6J6i$JxO-IO`Wr%
z=JB`E*`V1PC0n>p&y|TlhzmPh%u|=OwtGi)_YJ%G7RsD%#hpJgMDkG;#R%k6_x*k~
zh!HHG4byXGqP!{9aw24Yjm&sGV=_{3kDQUdMLL1Ix~s`g#^n`1>{-kaat`s-uqM=9
zL;1V!S$9IzR7hT9=rtq$a5<S;x0|6MyDh2xH~(WS{l5|S{&ycjp3La^^XC9WqXKNa
zQA34LO%ffry^~=Imobs()Oh-oXo>5CJVSdPXS-i6HZ1}a)nVaRLO^VlPT@$IX_y_l
zm$!+LiHVGYBKrU!^_MA0w-|3cP8GWWsIJGse4IBiSN`DJ#Kh~Kcti-;@u!_?S`4+d
z6V`9?sT5`lU!$g8?!A|rm-i6L7zq^fKcMi;pr+xqen1TXk$k1ybu$z0epjd7gKMZj
zdyc;)db6Xud-yBI%?-(g`T2Cfiw2TzXE1F41F;(+a95#34te{wPf5Ma0e8*J%+&Ni
zZ_<LtcxR!@!rGdAXK(=JNwawW`a5I4w8Cnrr1o^|0Pt+*?x+CR8w<{ZO)>_rQd0x^
zo>HU|p$(tj%>jH<skpGPwbA#eWh*p1eAi2_A!e<3a=l$$pA;SS(7q5^P{7u^?ILcs
zf*Bqwbt!%#EgjU(z1~c@-kCdPj<L;+Y&b-}I!|~!)Oq6UP!%cfMOdoxh7yssJ>VH<
zfCc>l;-CH6zwCnJ05rf`%b=hj4g^O|f1Wnyg9qyM_-QQ6H*Y>HzkxY`6N^GZE_88E
zRwhS9O#?KXIJ{C8<2v5yv}iz&Ib58d_q5R!ojMVyi31FNxs({qW8Z%N=FM-JB<n}%
z1&d+DUinp7v`lE8EIqW>dbHC(yP@FF`bNW%UvA_xGqdb=znZwDxH#sO?15)_NoxKW
zO!LXtBlBOrH!xlvNA(khlm2JEnmRg()?n8nK<1<DbTJ5ZvHOj$7~nQ@e_h2#$Hhg~
z0UK{881mHx5@P42b4>+vN!4YCn)+0R21n9QlPgoY0W8dc-alAT=dKtjhz>AEA35%5
zaALT}J2h4o4E*iKG}UpHx{OObk{602*4x|QyVnhg-kTm{Z>kW^#er3rk(2U%-HDAm
z8^|-iAI+WfPBoHzAsa42y+cC_y#+;uh1VvS=btR&9%imH0_2F+iR|c5=*?0)jpZ~X
zNz0*ms;2e|Yzc&f^-z+KtChr2-ueeDtgXa(?;b8f<Y=`VCuZ(3B<feLTq$v0R8}<u
zJl?EF>@vXq-g~QL#ho1;01nl2=&Gu|1Q#kWL{6GazP?EA0FXmh#d3d+H=Fy`tTYlG
z8WPe|pCaOk9Z4j%&gY<P;cIPv?1v8-37Xp4p}?9PO%zpO27GDO?>tFa<tog|I^QHd
zIR_Y9*J3^xdDv-#B8-xgM88V)_6rlEpFe;8=<IC9k}?Z5hIvm<>s7_-VI7lqYO}=#
ztVF@gy9z5<)I@fjm!xJ&6!osW3!c<(B8V|s%?HvUtY@U${7KVML8V#Obw?aixD>d7
zCHDqNc5dz~K>S>3|Fi7k#YVmqr(6OYQ)D+qvDpgi=fM5q#>0Eyu{?o4p|%6KNwUe5
zR@Cb%%yR$Xg}=HS_wIGrhZ(I5<mDC?qH9I{6%-VrqM`!Ck7r1Y6TO51=|h}uvHRv2
z_@bW;3=IM0fg2MOBc`i-nu~JUT~h7EMc)w=q=vygHX1M@3;ICE3~NNtMQc0<xG&yq
zZ&kaC8;Y4#v?yVvES+bIwZ5GHP2{B-Z;TyGawxgiM6K&cm3`{MIhe(5?`w*_G;NUR
zi@q{H++Bt^(68tDr{41cusS^YBf#{LWh*dzDdw=9sO3#t&+|HxmX@YN0incZ*r=yY
zk3NN;&%5+#vr!c2)m%|kRc)yJRPVZjF#7r7HrS99#_?KvRis-*0%`bAJ-@cLHoW=Z
zIk()rN3Lssz9xDCarF=a-@?A#MC~9dro%{HS(##^R7XQY1BtB8rA)8Cln2J|AsV`;
zSvTNs<v?>w!;n@5UtxkkF~&BxQw_gv(0?7Tc*T<<tQB=0$M6VGg2=$T&MKEfS5&T`
zD2{t#3{hM5>4*!>7gF3Plq<&9u`59kH!+nYQM7)qy=4m0585ra@o|Fr2~_`BW8LuR
z*p~Cuo2rLC7|eIwlbEo}E8V!utOXE`G(R{RwGmku0iBs%QljF*68hqHtN%jwv?~4v
zwSf!2Q2;R)xW~4z$CF#+_#>Co$8&%T`XDwXF2kcWA>4B<t!Mf~&V}Fj|3A*S_WVft
zqu{8IA2Sc|yi$HOIL^s5@Qs<11mgjXAmFkT)omK>3sl9;g3;u1ox=MGO7QjL_iu{+
zHMhEWJMILZ^~hrM%apmSU*%eC2E$cAuTjtYY61@v=IK^9VWR)>=ehjBm9K1uu4;Si
zqM{R+hg)iHX|8Ja%`dnQKCPoX%*@ThwtWY=n3;2i4?j|Ri6$HY#9IVg3Vv3>)XBPg
z5%!;lEZCT2;I*9PS9q3hc+!C$HBUXC$M+5Ue~npJ;%$SR?Ce_LEjOHMDvnOtXzZ(j
zojt5*<nEqo+?YZdvcU&DoygrjMF_NPrFvFYU$i(_Svz^HhuE+o81;^Sa#Pz64iB%v
z`BSLVT@5!K9i67s;ED>Ku2R*NOeKt~-oX6PAMq@|0sd9VNz=DsVO;*FK3hTns%B+n
zArJtLXLl#@lL8^(tAnhrrh+wkKdDQs3TfPW35)R8M}&qxgjy5PwCrMxUKunNL}avn
zOihj4-gZJBnSIp(U>N0oG`W9I*ODtQG7M?k-rnx5#L3Fq{4J2+q$r<59B^X5X%Y{B
z6-zWxeo1&>GI;6Ir5-4Lfl=Gq*xPdprxm=C#Ao}x(ss;Y?GG<PLQU<8kg%|-p&@Bn
zPC|prvRW6x$c#f;b+uM~1OO_4Nw-?NQZD>tPHo9a^}ClH380XRy)7RNpWS!}1XLz=
zc4CPq?iefpD(ud2x|<_D^L5yu8Gd%$S$GVbLME`v`uh6uV!lEeg*sWINX!208Nhu!
z*1itA2z{6Yi0nDgR<o`O3YUQJm@d@=BM{*~N*w}DS597@Y$EqyXA$GI?e5~jz{jWY
zI_R(=?A<$Qb#?WoqXh?nsH7yC&Fuyj4h|U~pZXDc!1^F(L5S)PLvbIL#?HcmjSIsZ
zpZV8Otbmyt@mz1UzTKp*rlz8)IlSR}-3s_*>*1nM1hudm8=vi;zoox`hn2c}?dnyd
zfm~I(&b7$~8U)X`&oEtyA0=;S!2-Yn_0kMD65t&d*xdVbp0w9EFSek7QF#tBhD6io
z%ewU*rMb?Eied3nJw1r9)>lJA8XE+rQ6r7M!k}sxT|~pPNLkBJKX4M4zXme~uljP-
zW*xJi?v#P~iXKb?d@AJR=kMP#Zf<<Q=kRu7mrksSKTwzzRaMrK9!Gm?Konwx_hcHE
zuNyT=D%t{UJNxKhvzavW%a==a?i+j8H5x~3`1ER=q#vvSYELEXR&b}@tK4ev9$7#z
z$&K$n-ZOcN9t@zWtGEx#)>KNz)@DD~kgt#na&h&V6LuJv8Uc&?(3&eIHWpvB9$`^y
zM@Y$WweWG)?bweW1A#zHy}1@v)+kxCnYM11os(nI{D#<F&GxYFAuqleUy^jE+_Ldr
zn_2mDFl5Q74bD5$T{C#dyLaz4fx)6+<LwawtPK0})af37OIzDs9mxq99UVzdKZ}8I
zvND&O$yXgL4~m?bxAzVF#?V%N%$1-tQfZrXryiI`At50iLwsUl;&^_01Bs)-o}SAC
z>r4nBIx-6jyEeFiEd2&tOUpAUgkQ0M*T<9;5Cr5}jsjN(ys9yn5W*IAP5@ByH5k3U
zf&VOkWvEC$?DOYay}UHQ>;N7*<9xtn(uN4Qvk8F%yKaiBWW%YrzAq9u{Hd@69udo-
zbyEz0HF@=0+Ufmi;eo1MmOoGt3cD=z1dMZ(!4@8g(5ZD{2}p6Iwa5Dnob)Gw)1k=7
z$l>suXPTN=S|$<g?BwJ_vdetu&f6`8x(SlNZ<kf_6}0(AAOi^oPIXKBE<5|R=eDI<
zz^DT2Sag6F07<_As<6PmY7DHlPS(h(QP2}z_q-XurKQEAV*Cd(igfl!T}36}%a?mw
zI+m&|`ik~}`~BIEo3ZN|e||8QL;vmUtTC5Ead>c0aBwDsruImBO!X5MSlY}_Qd$6i
z^Br;qI%$8m|A{JaMURvCzS;0$*EIlUCt~;~Um=7EBrEsos07Q)$_BSHRCrUiO&#(j
zJsy9MRbb7R#9LSfi5sn;(>d7ZjdhHT8L<Q<kb3JV+{+I9m3evcaVBsc$WvaTQNv+g
z_?g#=hXw{-!%KHLY8tYoonFirah;5L@kyu$9W@Ez%cxY#g*qpF5+;&Xz#(l|_xjR0
z_uaavGS%8VBF>DS>reINs97+DEOSy)SA|w3ue`4q3A**~R&M{RhARsdXj^4FmaVz<
zP*p``dMohFI{sLo2i`Y=F)w~9dYhz=ALn+oR1x?`aGu@7ijc>q(PgWFGa+B#w~7o;
zRx}^xg&FJ{={^ZWf2*{w-+Hq^^(&EA(Rnr39lKfl>l4teXjNFekLQP-qig3vt~=hg
zkuG{;GCy@J*G`gCzxFDi$XN7K>||HHm^2ivIRtxji~S7i&H(Ax#|jGHM@mg#hR#E{
zfhp}Gumzre_TnSp0U$URc`!&TE0X}ou3~6dJes|ItbnL?oNEhkxwvmM)<pb<VC;)D
ztefoY1!Z@0xl5h_EKk;Oyd<+BmRMR^!t#|<Q0V)`pVS4bkLJUN5A|X<e`snecz6oe
zL=!mPMco|}1P%dqoDzsH0<<J9uCC7qzdW0jm+c765lN?6x>(TGCZoESr5LyQ$GX_^
zl}*WPpshF2-#}Zai6Mn;LBXgv{%ol>_<xzR_+f{EY!7$IbDtd{B`uu}&jB%Or62Ek
zL(CvBpVigXVuO~j0yB6qRmhXB4fW8gk>aNU*i8s$>EfgLpMt)gckOexzE$er9T<&)
z5(A_KAsYI|#>S~A@qr*8BAdCkcR<|n+3?Y%_-xB_`NH$Ui_UIYzVtCUx`$H!oRyUh
za51DkaUA-W?!JbQ^S!y*ajEC#Ct-IISVkz#8?RoHRuYd(h>d8Zhj+7Vgch&g_T*;>
z+y`$)1UN7L_WU(gVM*Q=NgoLeGaf?b-Sr^YZ_s%K@$pnZwt4GU=I3{sYm+l8?;iQc
zmXEUOc)!JNlH)bbi3Bt2lMTX4-IPRE>1}ALU;3033fD~(DauW)xvWVV)VXz;82Qb%
zgx-bi&(X1T;b8?|60v5H9!^jHwWn=W(M9vH6N}<+`Nm|4#OOBIf>r|L3s|l+@uAOG
zY^Z8&ZH0N=u6Y7tfop;L@MO|DI@e))r&5V~aP=S0*bTIeS+Ac}u0ubfPF1*iZt{DK
zWEg4XjYJQ6EpgZ;m->VlGA6;yCuw>(H*&W)GSVaT<v;*g7xmwWhyQ!1`TxaP=U0Cv
zJOJ*x39H}JnY8+942qcA!C)M|*RUSHS@0ZwGJN{<bxFy6;C%PlnW45Lq+q+?hPJqz
z2w4yJg9lsNot&8K#v1w8V2N)Nj6kLI52Q0kkRqoH1!r3#ul4bp_$vkn2M4u7^9K5g
z1Rzm+17$N%I$bXQQ^)S)pksr4YYt09OK3{-1J8oPDSS1eU8Tfh%NWtr$%zb~I$q$1
zJgYXI^2;W!i``4=cQR0771M75KqSil7^ILxR|ri#a1dBXZy73&p7RXT^W;~q=pkAR
z0hBOnY&CYged|^=JaQ{H6q~=CQ?ogSjY}<JRXa57`+dDR;uOo-5k=p>OLAeAlINS|
zU4$Aq=EU^%`7xd#qx6e>EG6~2+v{%oXv44idJ*LO-S)nzO5d0@zk>0qMZa;_u8!$Q
z?NQakih`30$yihdE;B&UlabAA2{N42pPe2RK~_BsTb@2tc{e92fq)+SnV#)KH8?Il
zt$<)*j&za)8DYpr*@SGdgy<->?7Sz4+ZUoOSBz9})zifi^o#sIsX%F)=<7ymd;9J<
zrt9Q2CJXAU2Zp0X-VFo&12bP7#Ped%xEJr+o90Kxc=?Z`7F~oyCrRxMl_w*T4oB|I
zdwD+@i0%&Xnv(bb7xK}^)fBDq#C}|S^Ad(M2efKFY5E-9q&3`+eP4MT#qLqWPrm9&
zuC=khIpb6#qHKpbJU4ev-M(3Ozjh<C*kqNiZylFKH!pI#wu+O(u)P^zh@)kcN8NB1
zr{Skt;`;4PK*5irxPfg90u@sH=?|tz#8ORkF&1uPd+_}GxnG|I`%NamVZ7LKD1Z|K
zhwv_NpZR_s(d50+K!BjrRJOLZ7VS`0R^GeYJ~clNs?A%sZZX`xeS4aax?_!~BbC2n
zYr9e$ZXqox`KtZ+=SOCO3SWQII$flnDA1|kmT&&S?Dk;5U~oVXU3&Zq3ki{smk%{d
zJlZlSdvWm+Az>@3IhfQ0u&D;SxOEaJ7W<!wzx(q?r{OK>MGzQnVSxEW*NubYfd^Mq
zRP1^whW1*tfa-wPwVHhWW>FkG8hixmRxEOOfsnA@=i>RKEAdU@jjQ!RHz$%^2um~#
zeXmJ$cYQb&Ioa(84skc$4}b{--p=!<92YTec;^0JD=RZfN-o1P6svlstDA56d|W;m
zi|wGPQbjz=x=qjDV`9SNh$93n2|zuuIB(dIvB;Gx64LJyi(W?Ln5s^NZk3(1y!^#j
zHtoKR+K(a-St;PTrW$<>bg2|D@)w0L>jUuU0QKdWqkTGl{E(28#HHZS%S~uB`u0kU
z;0K^lJP$#b_W7b~R^4(T>lYRGOpPMF(VR6r(ZXoReY%dKVq&rs2}e(;0Bh0iKXewS
z19+)Kiw*Mr-e?n^>+hqYF85H5z-_RaQ>=ACK=p8h@Iz1$PPPxBriO-BI5RuIC2Yfg
z{@klo?=Unlm<*U))lydv%+0+US<3AHaPD1~8M%ohM4u+mvA*&>+6(0dK?zY#|FX01
zyrM*dkKt{=fR|k|3JR3UIlX)yDy4`}gQhESEw^rBz5P*wJqVuLy}rM`h%?2yzmi`J
z;#3NNV|@Mm<?Nov<ovGt5Ux&8ODA=5g_=6l6*Uw}Axcbq+&z9v)O0gthIjXVlbjbA
znzo)kgUaYu;dw%ekS*@h#m#hijA152pW^-XpG-CX*IkJJHDNm8PmWAWLx6l~7QMeU
z_a5*IjG1dWz*dMRC}s(&??`>N4j8rJgA%IQtUS~bs-!odJRP+ea_*PnIk&X;V*ODt
z$-fFzAC5T(0Tn$xHiLX!^YiD=V>N@hs+kV+9oG<|FRN|G`1I=B9@lHwj8~IE6-Zgw
z0NgQT-qWxgt`!d!-f``8XbB<9NP*kHM$C_pu)#nrEd@KQ4PR1xc8anT-lHlmfIWXd
z2jI*v4$9cJk59xdVzqSE3Y5f%BK^8IFuhR4k=X(LKKoUu2{8@(5o9S^P)>ki0}{S0
z&ou`D#O~{S?ryX4n<655>O)Y%wz$pB&Pw$_5MbcoAb~Oqu7T7TCtEiF1T=WC-=hVw
z#sXQ|@av}4(Q-%h%Cjvm;QqC~T3tgh+`D%Pn-g@(N=t{ve(>@|KmiQWv2&25@f7QV
zVg-9cQUqwV!T?&>@`A$7xDFDqYKtwh-sub!RXma$Szb<_Df4bS9_suo^B8zW>u1km
z7L31#kTJPTagd#lv%{gFp$P-EY3fdUICWrbEJfrpl)eM`3g5xfmqCxHqb+rd8DuB<
z8ikS|ZiD1MJHZarf(`=ML=%eJ^N<!^*#WgsD2NgozTARjaRyA}Uf<|F920{7rbz$C
zuz@!*)Fb`R!otGHt5nz^mxjbAku@mY;##53*MExTTulayo9OBO95$JPOu1O{3i163
zyG#bgKAJODvVXT#R<Y_#p~8Mjtl{k)#*3zAX7~+C`e&SfL1?$jmJ)JnYe?6AS*>WD
z6y1|QD|IUvQsRk@1*-q56Zi9l5&&_!@C3$9&CQ#wzP>4uk>a5u(h7hAC|>CfRxkYp
z_xz6;hbH4vA{X8e5%>tIcE&q*@Cit0sdDdKe*YJrtqF7>j+@gDv6|u;2a5$kS`xT;
zYf;&<AwlU5l06Xa0WgDgHs~qC*0Tq#25n>~h`WCO9&*tIT+d9mV;dyX<`_O<VcqD$
zqF}GupD+4Wk+2sIurf2tmLpeewF@<{BXp?m^$wR}p+AhKC2`&Guw4~4pe-#e1^j#=
z>E>41J@@#k72XviNQyu-i3kA6Eucl#3&n;=IuJTbfW#Tw{eeY6JR$uatFp&RqM_=I
z09+@tw)PLo4NBK92mV^{>AQFDKwBI%VJEAqO4iZY+3NQ8?c2kFEZ2Xu)WKb5JMnR#
zUIsT+ZQQ;;g|*}^ka0jI7?i`Z3N@P|r4>l?EF`Ii>7aTi0~%*0E-tb=A1`9X&&7i;
z0XT@j(gdepI{(zU7w2l4m@t7{T%$niWwNmQccc4hpwEWv4Tqkdv4L1F01WFW$*EU;
zSvg1jm-=_x*0<LX2*|tv$_hKcrrb(OS5d`UrMMtIHmEY;OCkeFw9a)<P?LAY!n8q;
zMENQxqj_DIyUI*EeSYT`70KAy6?qgMj{#+%6d4-Ydu|aFbJEEmG#-iAu1!yW$VLN$
zbUe8JF44rC=X&qtBuUz0JiullCA>*pSlLmjNxPIb)P&?`pkrF?FJ-uX;U?*QSJn#w
z0;AF7)u1&4NsHL9y|r~<uLY5ZH;9HIVKp8D(B~WiBBn{-XL*B8(x)~y1;fi=cKpDH
zuM2db<R4xJf)U3aqs+s@6JnRPy_i3*aEoxlU%5TGPv3<;6|e-b0PE!&H`sAyVgJRZ
zwg?F+sdFIC;oXVRc*9>)Q)B!o4<y~^%sf1*hkI1)7nKvb%v@YtJd(}tQ}M8?1XbN9
z&V~g}MTGxPKhTW~l}nz4zm{FzZn2~HKlWV*2#5~+TRQ9)xVFwE?6&5}P&YA&+91At
z=Z^8lWCIpX?1z0j1X_u<{>(T`17d@Xq6h{dA)Wr971W>_W{cT$Q}p(2=?5NmUv+rD
zeWAR4e`D8A(D0=aPn6^zTy<qS%*SWc`5ixhzU(r4BqM`gX+ISK0@!Aw`xb3Y26FQe
z2n4ky_V)sSbKn4sh2LmmZ0r;9k_B#j7yoo{o`;v$Qs));_+@4<n9}O&m(sfDOu%_&
ztr!rhvJm=<uHOSE#^b0G2jT<z5qQ4c_)!^yX@9|elZ)#;-T{xrYiwUXwqwKV8(>(?
z5M1zEIm>hkHK6XM74dLL%a`Q&3#<HX9m%W5Z_gA43?T<JAov|BXXox3z{3B!t*y<<
zPM;y8?$M88$v0}CTn`Le;&9WfY6@9eZ~M=h*8cm6cFc<Qez6~#72ap1<|5<u@Bh*y
zkhqA3gdB$dQ)~Xe&2~XNO(0Tv6+euUtdVD|4V!RfFPW6w2Hk{*jjZnlYbhzO_jj7G
z(%&46k6_PW)Z6Es+Mts;f@U>2ezkKWJ4Z?Pe>!lA<(;{K8KnY4iulX$JF$A911UTZ
z@if5+o4-5c6AwW30D4{;#OBj+i%4{{fgt<onr-7B?B^g6n*9pGAA=lm%m~##>Jld7
z-TP1VRwNg@?3B32!`d`wTis$nnKQJwhE>9V_){ht^U9O<Q(Uc-1QK*USY?xKYrR1*
zs9vN`B8w6jv%5iq1QHvLJ;S`>vNcdRZFQ11O18(!9<TGi56AZ<Tm?BuF9?4p^{xbg
z&}3#mj-O}81VqN$E${!QW+`n}EzYbFURng6jBCn}Rrw-|>F6RI4PKhL-eXZ;cO9O|
zlMHf@$dIA@)Xv!bPJTVYUV4MS4y(N>^=a?26G0;7%M1S$H<FKmu=x^V7LAPaXOH!^
zkrkz*<yBJmN4rg(WT@M?gNCTL%MGpuRafAIWiJtDt@UyruJ@Khm;g(IYE{V96^*w#
zs?V4~9E5}LFrUALl|ErrSB4^F9N!-|Od{jyT7(C0WYBeZy@iJigq!Z@6oZ27a(b3Q
zam9MA*&*nOWMPO;UrKyHXNA?%AdET!o3YB0czzI9S=9LHmKSmwgy11Qi-}y{@atvK
zdDdaw3WCs#XIVC~4HGahQzeRhI&|Hv_S{I4Vg`>sLn~-lHkDn2htsyRX4NQ9TX)ku
zPC#6B^_lA|sJQ0zQ0z+F`;$R!)>Zf6COG!_b7uT%^n0tue!g>j#%*4){d;S+k(S>+
z6E)Ql_}NbwWuzOcM80hBs6L;}Usu}f_^dyJ=0QfzqA<IYfY7PfUZzF8o8qys*{VY%
zMX0x;T-W_sx=+>(^IRvORO6YyH&DnXdOREIP#`)`VEK})SDa{ttE8_M1?sX2sx#Ho
zfD{MyTIH27RxuHG{o|vq+o~2T`vwnA|JoDTtVgRRZZT(#2W?@jYhAGhezJm;mg%F4
z<bL&7w8)jY{ycZ@gmF)0)8t|O4XirdU8kbG{%<JLma;1W)}0K+cP<anSy4<BfVDC$
zT^s&~6fN<fv8`!RTkztOjRQ5d{EA)dxnL6>{Tj+&b5a2-c_1*Ns{Ax)<L$2FA~B|%
zB5*~RR&#4(-q4vLbzR}+iD0rYH69b=wyBCc=zM^~zK%s}asQLX+5i3+^q<|))&4G@
z8c1%D$Mc-fW^fLnl*C6Ye%Ko+S!xLZXn7Ks6$lRh(?$Q;x{bz1N=ihqzhjYfz-QB;
zIGl#|7i`-Zd;#IglnsrvToW(2(U!gd^=WG!l#i{^q4F2uaF<9}D<d{*D@J`8R^=={
zhGfvY!2GLDgEFbiXyXup54|;SaP!UBQjn~80;?nzc}-OXyI1seg0e<WBmY_bDeyzQ
zXOp$A`T5z|*~3m)W>n$v<7>s{U5WFDtL5F;=2&!}B4_9_XT$CXR#w*hC#X8kxY*bQ
zt`nd_FL(N5VQuIb3H1boCW8bEXq%k?bvj(2U9JaEaS{KdNAu!oR(7^mVK<F^{fw*s
zE7i(kG@hsibfgrW9AU!BqD|5a3<WhNhnO$nPv{tZ{rVN!tNMKcQw1C)kB?-<56Q4S
zUm6-i*4n_IVqtNQWawxDSQ`-lMQ%UvcRiDnlR4-?Y?qX2XRN1EH)MdLHu#A6E;Gmx
zdi%aWLzpY1h0@TI79aP&GO4T`q)+`j_rCfuw0GEH_iiI>h86%S_3z6rxCm&zfy#q0
zZBeVWr6nyrJ^jg%%+<S~SL5_QAk0=um~~HhmamZxNy~5<G|=9+pA^~p15J9sIhoXC
zXWxOAyQ$tog{8a9S>nL>Lg7?0wg&A|y}wYXizp~uywEEFaT|n~GIolv;q}r)q)Ao*
zh-%2_={aMyp)n44Ed&C95%QxA2LWjFq3YqfT}xg|JnQb}=JjbDScdNa{UZ=yZA1XH
zAP|^(Lp}!VN<*cB&uE>yy+mQ!?yd`<H{-p0<1EknhKGhF;?^QZZQ3%V!&*H4z9FWO
zto6OF<I-?x6iPEsc*=K>`*vZm5VW^2WaW@BxYHU)Jkh)_E<Uxv4Y@F+EEjabGNAFS
zDqu^)jbXyoKN=mgp1}`{C|3Kmfo<gqXws>a^3BqvbOL0)+G8uj><^Yjrtj&uy3T9$
zwAhrI2%lEiO{u;pFYjfq#kn5m?|{nhiwd3;lI~V$Kx?3HQL&yQD<|jhr;yUpQo5Jp
zaUANv2}5Tco=#=)dd2Ew#I>Fs>8F~S%m(>&egCs{Fy5RmNmWPZ&!X4m^O9AFquxlr
z*U;=SjXXO-`f}_*)$Q?#b`pG}YwaR%&a;1Agpv((m4S%Uo5WO!_4MmF76*HsG<ajY
z)-JIG4s;aaLaUwq<=Qy=`&77aW1pBCKcJ+=PLyA%<isCBQqtjbvCu#VU?dU~`h!Nl
zE~;A;Lp$k<(Z?30P_AC-zd=GEcJP;6DUnA$Jm}zKQc@T|Vv&y5KtLZ6K@xd{gc^ss
z=kP65CUDNr#XV@}EcHEdvzcntS4tB17XxO3gihqb$DgkuXQd)~6HsT_$RTj<k$=bf
znidP6%}4+cW_U|AYI(2q{QMfLDIX`~G^#0GRr(iN<2oi`Ys(IKWY73`IC#n&fX`IC
zR#&ka#2MabDA&OJyFz@jJWrQT4MRaX1xlhcj9G}qg;{^>?=x7Q1m3KVQ1{>eg;9C9
zN}g|{jz0S1dU}zfkKGcBbBM@(%6&mN3njxM*gBMm5WZ=>dEo6s+pEH;A27eLaCjnb
z!gyUsa{I-)k&2(`Q_q5g2|LU|e;33sXzaxA*$MRO*suhF(C5#ev1z-Uva$?lh7eOo
zSNpFz0KMJn04BBxz=4+H$S=B*9fuwE9$%}f!cvno&NTcPT*peD<3Yo11g#+B&{&N#
z^DndVk?fx@uAuT!%cq%d0qqvyvN%0Hz`0?~s4drztA1uvik#B!{`vDE)G3gTOFQKH
z%V>K}w;)f(kT(HVgwl-;=}LM$$0Cbu{)B=xTqg4ZZW=RHwCDW%{0P*E@tXSj?;tp(
zLv;wJ8;`T})D}Y32T%lC-23-8J2Z#D(PjPo#Gsg@B?;DY1HRqZ8=B~_rOM90OAz@)
zWuMRXvr>Udq1!R7wpIwTV5<fAEd(I}mv*Vcu|2oO#u*p7fZd9Yjz;XaKhb6t&nr;j
z;J5`m@)~deFu&uf69b(GhlRd?1gd6l2Vj>vlnE+I=7izvd}`<7w|j^%Jy1Uwq}G!c
z$fh26Qw0@IAvMK&+mj?vX50x<RjSLehZ)CW$SNTa1%F<W6rv@8=n_&C)mP|*OvXh(
zOAqk$F9SM~p??qBQha}_yVn$G<S$9yE9Abdg*O;in^!g0m<lx`NJqPTREJd?^xWL|
z?DH6wi4PI#bWb)W`<(nM;v_9Y|G^~KmjY6P3-3*EV%pzfZ3g5Sr766Ng$@stu#Z4B
z8ec5ZG?>~rz|O^`$~JfUIvuJ*DCz0IXXwy82}+C=<ES4Tw<c_%I`mBw8IKLY4}Lg>
zOT$)HUfwz_Kt@cWMl?%$6)hduC{hs{A{mIYKu{MZ6-e{{9dC7Vwl;37^i-1$f3y8n
zI74_~by^@>OoUECA<INTsoZLxi)HzHxsY1=M4S6Q7HZb#>QslMLOUzDx-=A3%GTce
z2u|$!6Dv_7KfE6MV|Ln&yuFc#^Q{&I^>a3oR}7ics|0&=8x78!_KrQ7-JF)(4>12v
zDc2d))V4-*;R4b{1*GN@1j&;sT?`;ikc$+l0trn4LysUG5kr+CRXPGDbV5gZi>L?z
z0}=_niy#IFz1-uUcjx`Nb7$VKGjq;9-?#T#>)SKC%*sI#1bo1!D>mZ)(%S9sO;yOs
zmQzBA0q#@&`%m3uN1V>>9+Wgn605G2_)@vNi>VxDS?4BnlR<V)`4uDb@s%yv3oC0o
zJ0MQ;p!1#ObM}U`{e(bpOu%rjtTQJmGcGiEhx{1SbvnTYQn$);{HzLmt~qjQ^#>zk
z)c1n;z^iS$<9-G2HXKEiXwB&EnsO?Ecjcm&F*Ntesx$I!SwJP;N0^EZATcSVRv@aW
zGP3g~-|3dyC8r5v%Z<!9=*5@6FBj7gEf5h+{e4If4*#j2tX!I<D(?Yi^R$lN;9H-U
z^~I;xVmXw*F#^GG55H<O-}z!6=FX6y@HkEZh-GkO9qtV}zrkD%0~&xplvduPCEV*!
zXC2)oY<^T$AY;*vVsgMLvL4R&B}c8PC;oJ<)hn%n)~j>gbU7CYO_%A{i!_<&NXvyJ
zklneA^?p=us5cD6t=yX*9+i38RC~`TeMLGaD)8os{EB(=$f!&KPbY370%hS5i~4p{
z)^9d}k%-}1SaiO^Ywo3kssj2MiieEA!#rSA!q@eiJNxH?=rGkCl8@QDc?Dv4o7l%B
zrBolS%WODu@x~G*PJU)M_nOtR0q}a)zqU4Yvtr}Rc_RtBsHk%{@L9>?{c2W6V8mri
zIsVsF==`$jfMIi}-jUuPsC$|JGMd&`05guMS7~#X&$>bHbzCuyn;IlL&L4jqgbCc{
zYtdGt%0nMbs(SN-e6CH-zw!}28mKc)Us3l!TgxW?;43ODgc*$sRpAkNzYr%O$l=UW
zn)9-C!$x6<kIicV{tPq@f(JY?N>iUb1KSUk3D4_B(EvJqgravFvd00#3&QKa`7IZM
z@trLQ+p*10=lKpY+4y$bb|33fm-t#Do};(1{3=&rx7w<dXQITT44%VJhFH88QkRtF
zI%75z;*>Dh=UAU@v6B}b&&z1AE=?g30yXL99>c*h{1&A*obR-cnj=!?pC}t5C;U$R
ztx-0%9Pm}a&-Da7Lv`dP&fjw<S1jB?=M3-zx`nZoWp5pXEE}86_EmQ67k4|D<L@r-
zTS?J-CdPD-6-hOKisWp!2>#;9w=FZ0&|`uu@d=JA2r}r;NxKIDY;9pJ%=x*Sy{l6}
zmJb^)?{0uQRF?Mr$R`~qy-!90-AOy8se#|*cxHxk_4-Fp=`DZu8Ue|)JkWfA`W_zt
zp%D_#L>;WIHW|CcgNzyGZ{@t)|088XXaELU4fPbBe<B}!q9>BmPWv0hwj^VbsScq~
z$Le;HgDu}aJm*38PBYX4nJ$?#=6@v$M{n5z;{rI>ELzxK56(YVtrj{RBOb*{!1m2;
zZ-#2wH{8A_wA7hY{PqJz*nTdU2orNIWp>ps#Iu$lB1=WyX}j)vi59K*LQ#fai7pf7
znHE4lhfKJEdEn(`Zu!arbFuD*kccVVGYZ@9cJT^lFW=pV{EQl8BffdNb<(%_=;_o$
zjx?lM_(cGy;&oRR#+klmF#}HQD>p&e8kekv;*%?);)bQ)M!3F+ECS^#Hh`MlqH@$s
zs!%qO?+Lnn=pRBPhvfxBYYX&xjM!4=X_KpcL;nu6xR!zxm62rX(mJ<#P1Ls`so}a{
z<#;5v{Yjyz?h#T2W8(qcHr+F`K!+WSk0tGX)TCc(Hj#mj1{q+j4{LxLBcib4a65lC
zSW%f2@<E$D84wTYo~dbTTgs55=moB!{<qf@@j-PbvLdMmsfQmf>|&D;4O8mh8|;sL
zs1C==MV=g&TcgIur8EJQ!N*0++SSGLLzdFT`CF+*0uF0fx4^?CHm@^R%TOH%Fy#P(
z*Q^lHKt-f4DI0BUJ<8MYgM&xJ8$JzXr{p~?Vx3Z&7-nr9bZ9v?R{KCJn)egBa_UTG
zm01ywk|_3^NOtj_bQ4@VO@aBM(kdeAM&BGHq+(MJH!H;nuLJIs*US6(lOL_CewECN
zyeprWSu&Fuo(hZ4LXK{3Lq`Yf&?B`Og5d2AiVa(pfgv-Q5h&=(?LqAB?Y&}wBAgP_
z)-D?Yk>yST(`r-by^j6gkQx2+15;}3WPYbN$2{l}qS8se&3RZ%&;9U_F+W-af=A1A
z@#dxW<p1O;ESopak${sV60E{jFmC27P+JLmODnMyM^73cNb1bYWoW484?6llAniCQ
zV4>fGK2!TwHd+6)_WnnIt^fZ=PM#kZ+ji`^d8=PU?|t~9Ycth!eG;2%@}LeZg4mb#
z_oDXZF>wr<SYE>|ZNfFq-YY$e`VxKSHo{TIi-hZar_GyMH&r;Ymv9dw5&wWZm+5NE
zTMd`EK{LaRbyXejyb8&x#7PKcx9Z@0D}6sJqz#6ymwe~kRIG~b&QvtfoPdsvw<Vh^
zrHJo$D6v`_?#vQ5>9w;9EAUFSP-yX{+XUV!?}GjSki18h(b%Q!`ZJazn&$Q*2T7gn
zhV;gTF|!&6acZ(vXO3!P0CYN7MiBI~PB{1H4qe~g>~2D=@}>N>UIqh2t<Krk@<Q8J
z10f*`Z~0lG7N1DcC%*NF-t%Udct#>$=$q!E@a#7J9=8@G@7@?3Jmz)Nx3lmNK6vC<
z#dmAneI$pVYaHS!eUKYhXgC?(m_&%^w(}b3w}{|7JC0~(qssWI2?Md@HU_I)f4v^+
z&A=n6uYNs(P7Y$%g0$5Nui9EFQlzLe9Mx%$G)ghChE$=iyrrd)a9hqebA;VTZ^GUS
zhlSY7l+!`(1>=CB#K<8I<B<|8eX`7@W(K=L$aUUoXRkl&2pA7VGm+9Jsh}AD%1%+L
za*iGsNWEO@sf7i8x-*YT5j*H%0J*I4cN@*-VGucJ_QaT{(vm{?deJ=@8IjJDQbG^?
zvX4QyVB^&#OMSBOJ~Ll}+Z_!`scP`nM!_w^?WOM#1vW&0nHsmrz{1-X-E>eEVgnB$
zpP9(jTe6<TJw)y<eXt*opjs`I5f<SnraE?2_2>w1?JpD%ZhxdSaIeH|mlg!qg%^C)
zFLT@NC2~tol4+i%F&cyHcuNi`qT9=Hl)^08ZACNP(8H;M<*Zbunz!Fi4=y-B<ht(%
z3`xPAvG^_`_xbU=T6<_;MxLAX^j|*v4Q}0T-%$am_8X<fvaU%GtPC_)v5f~L<MFtU
zsL)_UPGq@agMNo&b_Vb608Xkap#}a+arz4F!r94Q9nPk*)9EV}`-@bk-d#ZOM1x?^
zDwv1c(cOkaxavcu6GwjeiqCSqsd(64GKLVw@Pp>nxi)|YZ`O|#FS9tU>zRA;D?VQC
zH!`lW$2QapM8WmtCgZXtACw-69d}EO6uoHePAn)pW0}o71NeDwLpp<U7#N&Afe&3_
z&WP3`c8Od8j#~A9-5>k!p8o&d$NanI&uGPa4o}yDDRY25Ge}SSu2z+X-Lt;{mFh@Y

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png b/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png
new file mode 100644
index 0000000000000000000000000000000000000000..9742cbe0647e51a1d9f241c1661d39cbc8003867
GIT binary patch
literal 44552
zcmcG$2UJvRlP=uK5m1yMS)v%=NCwFW27-!!fMfy5lA4^OB9cKw0YN|;0m+h~iIS59
zk=Qg*Bs5KwoNl$>_szO%*3A4f_x|@R&k}a;z57j7_0&^O8TwE~@!XjUXAlU)xqElz
z)Dei2CI|$P4=FKR**|QlguhNZ+|_kPAjq2t|DSlvP0j=tNnGwJ%acrzoH{Rcs`W0%
z**}-$bzE+_x;(XaLS*H4-GxhMUEq?OxwEO0m4l0wJrY5E`r;+Heui-Uj=h7Yla=LD
z7ep>amn2*z|8v#J+?a4HyNi{bIYMNc;xv46n(&E+y@iXrv6DH%z~Pv1JK3L?TREHB
z8pEwli1PZ9Xt+#DxU6mLgtS6hBI=ob1;aIxe?0H%WNMDsJPySD>$W@gc6R1S7sOUq
zTpe5^CfxSO%Ei_k@p<_>Cj!BaxF>h(k;nTbtp7u1Z4>^z0^U4<vg@Q5i4<nO=y=!_
zvsTmhjB-Z~M`S*Cn=Kc-W6l4`L06MnBYWVIx#*`Xv()>vE3*rBWfr%e=Y&jObEyov
zKX%iH$QEDhmi{=72idN5RnCIOwxHMg@5on^r!OjOar~?}IAWixsLGrp5x5h$<Cpy?
z{oRr4o=eYf_ihR77|EnFW%{so?K<tjqIO*onn9^$UEh*7o<(PWmJ{{1bgljw(azxt
zNiH7=6%|z<+PQAv6gvk8hh70gQwaRW)4;AECnsk{MJxzcIl=`(;5I7V7q=qd!#0ky
zCh(ygoiXJl_^^mHkO4l7k^he$wS6$xq3TxqY+Gf!C3((#mVa$WxF@rif$)YLb-lph
zws-!wf8Ei4xbssOy)Bzk6S_LgwbXp&tTEhBf=uTPNnY|Ha!ws<*`U=NE<YB*mTa*N
z5+VGCs$>n4I0=K^{4T2SpyVavo#E!~2~!)wXsEu^G|AcMEG$oiCvNrlCL@L~lo{5n
zW%AEN%KDBhnl!m?S=vu+Y8%$WBgJSgIXRbTB_&FIyFBB9y7iNW{<Ek0t)@{*gfV<q
zXKm7Qwn<<}QW*5a7pP2@)=3(>3c^Zg1-&6D92mTCReE=c^+l_KW6?$=?Sv>{HQv1$
z7s;y8_};cSD6mEv3A0xSk`uN+Sm>;f5V>en=XXHAen?`cueMEZhxUwIsX6K(+ZpWK
z9NxsQB<34oSQ2-8=?+FF4*x=|&aBkD_>Qg1<er&0{$~8ZV7Juvp7pWu4L_#JpaShj
zQ*)fP!x>xT1K}%m!PL)WTgwgeTkGC0zuiY+<J=4?qh(%F9B;A=hb#T`D>?qcI#sA9
zQLy&TzHsZ7t^RPFK6~d8;Tsw_Q@^tL)#+*z<K0TkDfeZMruKI--0P73)Hec`2}=bV
zz#y@qny~*<w06_!MvJVEk#_v(`c=J&=(_Fmzho-y^rB(CWZuJuY4iJks#0kdLZ!4!
z${tZXs@sxWCu0*!=1k``3Ds*vOv+96%qH;S>yG!MYlEmZU9N>w&r;M)M05q0U0y;R
ztZf_KUQUai+MKDY$F=%D<4nZ{viYxELDbLmNEeWuqo44n5X-zO;ENCQSy}2CCmbP@
zmtP3C5H_RIZ^n7>wWG83$zvz9cK*z6*tKeRG`*$&RvfZ6HT7xZ5O?-Z9|VfHGyK)o
z-kMPxwNh7_L7nL1X3U=@+(@+hC9|i~b?7mpYSi+(l-p^1DEjzh|4_c%TgT;C4EnH?
zK7Nudn)RNJ>Pqr*GaIw?3%G&f*V^3{TtRgJY!_#F>PA~y&QS&t2gm&y7OB*R&9%Z8
zx+ZcrB2$^kCU0Q|6E2>;YfKp~Cc4y8%I&c}azpLd2``Tbh%_2~5pSsZa54L?rlZMT
zhP!NoX`0$IdGV25Vj;FsluhAo<BFIm3`2asxZJFbrZc+cm=$aWy?u086GZ091LiV#
ziXLC~`YoIygPiW#!vbS{<O%rHX#SUXE$Tk~&DsTQbdm-&TIyuvzBd?yF=19Eb@s<L
zZ9Y%KmqsH?DNJgb6XVi#_T34#^6ST6N0XBmvHSiGs}CPBo|xa-cCXnN+-}Fea2J)?
zT}m-`4>~@aV18LsA-7F5<F33I6B4rQo1TBB`gituv4~L0I3u0+UuJpC4Pp!706ZBg
zuVWgxaPds#>x&QGm>)E5uWeA<W$<2xlk)-wmf@~GzSk3%W><NN;ds?|X>ZHjaqVz>
zbu;YR!M=Chs}*IVDw7L$PkB3@_VYuXt6Rc7cG}j0Q-B)p^!+VJu#)APyvkGPp{m+L
zgM$M(CgkHP4x%tegBiBk=t@;&(%{#nZ^!)0GSWv~8(;<jU^+vt_YxW5+iW{|L(bfv
z-W=XvY351$fTa-D#jr+6@ak%4`>|}izgyzV!GYcm=~|C9Jpm?VNMA-r-4H-?s?fu<
z(d2Je&0L)wp*`56nbryK(|Fn3R_)a2+KQ`ZC`ap^;Y<=nG`80>7(=jF7)mQka0dR!
z`|vIOd1TL-(3YFc7!th4mmwq1i`HF3dM^A+L{wDiQMwHJwxmSrG))TK2h;&UgRkq3
zlN!-hEyyg~4E>t@v5$IL?i-)Oq`1F?1XsPC2Su^_NyTLgE#B`uw}Ms(76%UM+z7Ak
zLDz=IiVJ_sxIYEvY~I7d>Md=~pEuWvWxbWkdPC7vGAT8TrMV2(^F>@|hty^YAxerP
zYUgDl#SE|6U>Y-UMqM(9`qV?LssrI@%yEu7sP&_-(8%nbl{px4M-5sH*1Wsl;#(Cn
z=^^_R6E>lMOi$+l*WhN=I6QGQ8SUV_zKFWb@anms2}<NFg7A>bam0yfvpJ@x$5U)G
zHT^YCDgFml$0UC|ri`CsrM&JNgNY-)6dyO$N0gK^Un34{N1u&E%Wg=6Nj#4cK7PR>
zuiCa<HcR*9XP0a<J{!Gr<c)R>r~Gm#+xmvFv3(@9CcR4HCU~zhzTZc1Qd_=dotEBj
zaCh0LaYt)!@4+<8JR;;HNQB81=nH1>jf5w-<4K=exEA3s6U}8~Cp|B{SdCVU{)89g
z?5SO4>GE~b-)4w4I+|mtDGXVA(!$2boU1A)2Zvr7cO)x7TN}Y|*P-LG(q5$Bw1xNo
z_B+}uxK+V5I-6k1<5Jjgf~m{yj2{Q7YoE%GHfpMpJvORXUFLV-SS6~?J>XhSK9zM9
z%@xUexq$6h{zv~#BsQNzz-rq-`Xq;;QaAWQ{uO3g@WwS~S^RenEk>{;JT9>WbNpOr
zgc?w;Vs+I1GzbA<=-bB6V(-^ziOHU$WzHfSwJKYo{Z+6yv=u+MKcll$!QsGZ>=9o^
zgc2b@cS=2wzk3Mr2;FLuz`Iej9-p!QKu!*a3GupcEV*;cF=Y56DONkJCE|+H#4{oi
znPWf`>RRl5%IPc`&b|j6qy9Ush=Ajr-^d>xOnts@yUA8-<fQkx$18;J&P{O}!^9A|
zg)Et=%iai@{Ow;<I})gWj89damX)aq2j};MpYN83?W3X6QdoNV{2EfQ+SJ8qN{FrL
z?{(+z|LUVt`1_nmi>&Eo*4}HxsqyG*4<VFh7~ATPM|~m*p@tiEuNZa?nKbI$4@@W%
zc|fDCbhb^5%+!5uPF<G<z8&>ODP!MJ(3r>k)&tB1(QQXL`iA?pN6Lu$CoA;snT(CY
zrJZ%JRYx;-7LQQ8Q_iid{=at3k9FDL+3!_e3xS_n0zw70Fl~7isxR;AQc~v`OR*Tm
zUtCJprqxX#_$?-h%>Dk`qXMGa?RE$86TX6)%@^U}`<1@?MoM1nepxvuVcA0~RA1a}
zCo+(?(E<1M;pn&j$(uh?d9(fSuJ1_?5VEp;Fa0I3;bV$yjo4j@-PK1k6LOc~HRz%A
z%ORnIUkDE5028wt6g^`;tH`i~Z`ui7=?sqhH5$IEyyEv#0PfXuS3hF@gXQk4bfjJ)
zfIGSN{}z7xchGNpqS_U+C`8zYJf&@W47&MWzc8Jclu{LpfDfqhu18V*H=yCad-eYW
zRsO$zbWomh!$bNZP4l9Oj)JD9c(RI%t83o8Ta6*VG;2>7Qo}(qd3D#vY9eX~XApyL
zO5+MM->hbqNu@9>7+N&BYhYjicRbV_SVZOOwMd?y;0>)cYIgFg^S=^yuOuT^hf?2~
zVbw!gkl&?{uk4^VGrni8SlXv|aeC8h=tne*yqcCKX?6V0;gQI0V?f(Arv91}@@fL&
z;uSw<$;im4&IF;x>7RAmj;^i>AU<SeS+!%*hb=5DUL_|dJJiB|v|N#uPXwNhlntfb
zy=>x2MQ85iHM+<#M*Wyi`-i2Slar8j?dYi9kHNwGM};ASZ%WET&XJR&GBSuGBO{gc
zYEh_@2$bIUm%+it#Ul?g;o?_hIlq-R;oxvz!Sk9-4}Di}<s29sM5U*nYHVyo8$B{L
zHRa;wZd_e;_)+2@ezqLLQp#tFd#{@lI)sxKXBJJ)%*i3+<>h^9XV*N{7;MfR&^UEd
zQBiU1kh0Udw5+UQ)+yZ=TgZS*D=btSOv}!G`t<2dQ`1YM7z|aY-0C-bKkB-JS^g6|
zKMMO7UVO7?tgjDP*z=WPgNeKFnzrl>Ap3KDU@V_=a$@&6qk{Vvetgr{&`7g6vFRZV
zL%YLH`D%qRUXaxv?^1<j9Y9&;S{6HZJwVN*<>69NSaoGB%muhD9UUDTghEWGoGN><
z*mH>WVa85NY4-!ay2lE=e)-Ksfq{XrxoWdp9@1z!;h91q<iyf@fw+r(k|qNz9|~mG
z{AVgZ@H*%AJV9+VS4^~c4X8wKOME{+7Z&GMvljJsa?>j&IXUw6>+{%ZiwQ=HRP9Td
z{eMRXyQRt<mXwv943KUuZ5`ZUG1H<jIZR7SD<WyKm6<`0A<LIHR7>>oLci|0Rk6To
zua{<LlLj{uW@c>s5t&Hpqp7Khb`7C;D!?EozyM1We&G^Fi%5tkGkNfWPVmc@#Mi~d
zE-{=%6&6x`e8@HBQ3A7uuUs7T-C3QYH7JkknQNS!{O~vf4g&0y8qr$}24n82r>94G
zme{x)Gvy!-Kg6OvNKv(=m<I}~s?m>$b#@x^va<T}GOMbjmf3AG`%jl+@^UWSiZJ@2
z5-rDpc66A&U4UI49!^;1pe;CPXHJcaqkE*SO&CaNDJ{IydhBig!W&n%v&3qTAHR1Q
z@)u`rnV<iRWV^vi0lPmFhyU3g>x33Rn${T{9PH?c{VZ$8?kJhe#l!Qa^8)|RDF+>Q
z9~N@OM^80rPGPawB621sraml|R~9!td|gzuW3ve-NslSS;L#iR@BU_d@XKcnHt$gM
zrJHF@f-f7RtE=nBj~{QjlUonj<Z>3KT8Oc~xP1{@`J^0^7F7ku_wxBZ7O9y+!3zuw
z0T}$tZx*qg&3m_=9+02kd~)#hF9duk*WZ7K>P~RH2wmVfpvpUC!x2*Xm=AkurR$yW
zml4~~d3o~p?u8-~=ZmiU?cm+2mWTRkefKHJgJ<dAptwR{ox<-bDw1%-+<iouos|`X
zE6B?W!Xi~YGBu5iQu80c5aA}Z&U9z&ZEbD(+aF&oqlSO{_^S#VwYBAjtu{9|KdnFb
znwC7+6=!X2eP0}T`FyBc<R;l)C(+x9iHT2&M;v~2G4{JA1UcK01y8I*OUf=TE>fNe
zGGi$#FK?W3m@i9OVyG~Sj>h2QHsSP7I*9-DP<%4gU|u}pVoveb$?(OOLwq>5DzL_f
z+S;5GIiEj=TuTzP)rMbaZ-OB%xm6*PN=r-CS~c{eQ9RSanc3OQ;~x$mi!+n|{{0)V
zGc8<jBmR6TM{Df7aKgNgnkH?`T{-d`1YK0DPUeWCt+n-SapowDbMN>#IpGk=78(|N
z!4hv(iX!XK=nHT+a$;rs5;J*PWu<PnhQ5B13%3J@#l)@phDw+r$}fOH)*D%_FDBz*
zYx`h(reoHrP$Xh7LWHWxZDsu2WH|p^U!NKc9o=F^DF3U%LO}`T&SBqT(^hh<%?yby
zY?NA{YO`pN8F4<5(ZOps$>bt$V;>)%=0V;BgNmjyf~#41`}XaX(nGUh{MHLzZ3T;u
zdf>^OQZL1XEU+6RoMcT)&tD+oKzNczMn@+Z>Xh!ki7<<bF3fj!a&jqXZEaPKRunRb
zwJ`tI*-3=JdVav#^Ez@CfdS-kghrWi(cEX4jx-nQ=5Ht!te*Y(vyJadQBl!ny4SOW
zlj~Aj@tAMewk#n}(V|r?cV%%PC!-UB(?!_q(%)o-i>GzOWg}YqcUY`^Zb(X=0Y6uo
znzbhrvdMC}1BIVO1Q7g=jpOo}=H}*mo2-<13RY~F;?7Km+qt;V)Hl#q&ks6PKK_Ei
zi~H_fx3;lSuDcvddnV{XQnSXbh-Atcfvy&>+@EN|Y-=+%t_IiE%6QZm>Wa>Yr<(2h
z$as>6%u-|dz?98jAyBQ2F7ED%k$HkbWIOG5XA8v)1GJtyGQS;3DA$RQ^@!6a=5;KN
zsz@j=DY?vCo^UO+JO0_T6T5d#gs^U3ZRzLLs$LOQW6OHI6kVTw-`tbvS-?^vetB8N
z+LpJ^y720A284uwQHhV0e<>Y3ee3%&hK0S=y+c2VL6g#4?<;&-7II>5cE0~bx1B(x
zsc9bHVqzam?|Ql6gJ?uESrBSgvBZr>Av@YPSF6rNjmBJe?tU&^O7s0k{-dpzAm)2W
zr<9~jv>${}VzzgEget;>_*~g5v$F+zzCMz@-83wjVx7fT@L6^3&eypO!HB-ZFIUl5
zpYfyFR8nPF2F&;}Hh=$45Y6Ol%-xmIyvoU$=6Be9p{L|Lj&8H`2WLp;bbJv5=CYnd
z?3JjPGS~YqELW9Y+)`5w?YP*@iTB_w#LAhbt9vfliRwR!kJPPHxAO9m%s#Nd2-{%q
zTKJf9w0tCKe+tLk!;h)Tm)^8+&JG-it!PrNSaE*2oLm47j~7WsGS_~jwW&~$mXMIh
znA=+D&!px{dXSU1LoOthKQl9P&%Hc}%5>!WrmxBy>o^iYd9~NpD0(9~h!2Z*u4M!@
zPF?X2fQ4TWk9{QVi`hv}%eHPnesRgyKYLR&>YX~xl`Jwt6_xJSwLc?VnaG3FTKq1X
zxZS$%68uzKJAV13xvfNAe!eJ+5$eVkvYZKmCwlK*i2-|QtKr$#L*!;#0Hb^pvMU%B
zUL@w{^YvF<FD@=lYY5WyjBMqga_oOz$o*qwyK|E(3`J&8h#c<g=<HNld`To6+D)&i
z>AKJ3#}%@s3EnZoz3J*+zMvFIb8WbnP}JAoyFL&c!;y^V^OQz~b`SmfNuDy{hYK$m
zQ_@Y`YMHrKRz5s<d&a#}y@4}ElV>IIaTj$y3pojR)`fsRkN(%@%!+?qKF<B@0ahR=
zEgb<-Yqz<7bTsj`pox+}IYWWD51qP@QNXjCHwXJo(0LK2t8tPF55^P<So}?^xx3oL
zGZZnrSuCcXk`=ub;~4@`d6sKq1s<@ak)|I5f;Rf`Zkc(Sxmj7K2~oaUH0j%KL1LH*
z;GW(ain(QFbU{Hu>%PW?(RB0k^8r0`{dtWZ<5oD~cg{ud5T|NN#4dB8$7>0r2-Er!
zg9W~Lr4*u;o;%XdZX*2ZjNJJ~Y(;n9;o(v6_Sxa-ZsAOI6nHmp_2@5za0J1dM=^H>
zJ2XVUc?Zx1f0mM`g@r;nYZO&l>Cajs5^|rTUrF|Q2IP=Ipj=zm^Y0OU*bMtWpn?Bi
z1NQ%ze9pZ~X@f*6uv3P39ru2`^H5VH4}-L^Y5aI6_(A68_BI3&i98H}L=H2Te?FWn
z<t`vB99y*6Oy<zy0AV-!l42AB@kle0v4cR1Yw3*!>R4KGo;h;{fOceecejgu6kLD$
z4WP}ri0J6Fk`fw(fRNC6XBkb+J`9H2NLy3$>#Wnq;$mtI4UL3%@4gaINC!x{FF*0~
zW38#FVPIgW2Pix%ba;5kaN)v91XmbGxs-@VkU^DO`zCkTa}<hW81H7lI66A&u)A)K
zxT&QThr|+4cvjpXdq(!P<*~}Zj*k0?`by`y582lU@V**e?8N*oI~(5qYQvz;&wyC?
z$w!;@W_qItz3AcYwziP7YA9NjuKg{HeP@2h(UD)JEllgzuU}?_FX|l`2|e83&irtd
zFlkh}NJz4*KkKPer`BC>-8#{oD$7RuL5^LWrrG7j?(S~J6z^Mriw=i-t_F<j8yo#-
zWkSL^@%=*6)vH$pWMvD;#26VFGdA*H=GTA!u3i=Z8Dd}9J<Jo|z7AT_zg&(>`d`2d
zy1Kg+YS=mn>%%05Oi;np`bxp%OeMd~IvM-<jl1X}k$f_H^J$;TfMSt*bH>Vss>)*x
zm9MYP#l=<M98RA$&d<-^+S~hz*)}ybm903(2~%bVtNK0i6r?@$<9_>g*eAYuxw$<3
zU-$O6R}|SPd+my=s~<;65wg|$rTgT};;Xw!_O({75`?J_vK)mHKKZ{Yfc(3YZ?&H`
z0j|{`=PF^9T$#yRQStZmDTxSS*>?EL#pEPHA*N_do$14{$UT_oe^!Lqh9Uy?U&;4&
z>J9I~fBVJK(o)}mK(L@(7mi3+J?j7MlZi^_)<vODZ?m%@gPC7k43kP7!Ugrr>3>v@
ziD{j=w<w-Y0GHCNs-xvlW2s|P$#j-4E2U|Fzx{71tqU5(#jTYpC%2ur&+4}`)svZ#
zp<X-vkc(!ceGl$>YGoBufJKU(e0H;=^QKK8iYp-{ML|)qHO#gE5<om259jjkE}B;U
zM1ZEZjJGr^BqfcrPQ0EhkUw9!a^)$YSL1eA{<4Q$C7)y+U5@h&s=hybKP*Q|MjW`#
zmS^AJ-{02WUWg`Ck+_$S4h{}zv6BNi+K{2Ru7nN}74uz+ZcW4GJ4q(5r+OH5r6pet
z$-l>2FvLAajTJI1pa<{R4LSQlSy#s=uCRP>#VWtP+a{OMx$jjnk*TKmU`NJ+Au_nX
zb82JP1tXNxsk48{&}N9mrfO8Ed6YzWRI)F>5x2=fbH>=gLBN7OMf~M->O2RK254Wp
zf>LZ>;a2<IDnEQRinV#ScVK{4lhtv2$4BNYIeCZg!s6odiIt(eo{HS9YN`$Eo*Q@x
z#sZbdeM{-+Cbvs5q!%t+__=m|uBPz4Ng|31?R<~9V0jr?X*jdXw!*CPtN4~&NlNYx
zkwH>oA|w#;*I7Gpn~=LJlzoDPyu)f#OB9mtjRxGGM3Z-p7c!H?)|G8j4-cL0{^8+}
zxVX3kQ?n8p`M$h~-0=IFnt;+eJ>}@ZXTa{=vazxG;Rl#<A<nV#F~rb&1595i)#b3E
zhke%e_VGCK;6|a(5KyshHrCb;IyH237&a32d}IugE3imU;}sk(uyG2~q^J?e(ca#G
zmKKG|!^U6=B1B?RlAyRaSEsIy&gYyJ$UO~mY;wu!%8*UfqrRbX90>NF%JFeS&xi|u
z(zkO6LfC_BWFK`y_S@DKhO;I<K99Be93M2-rbv5!FX_t8Mpabk<a3@6ZR@?Nmt1O2
zgDV-a1%e@RF^)D>2`|A4fTY{Vv0BcTu}XX<xv||x6b=@XQc5l$R6$|k;!j4+v9Ylk
zE8zhMo{}%`f@m}~sUU?ijp=Hs{G1(zMoaFZArO-X6Iph@zn2{$EG&HQo8?(I@Uae6
z*!AfQY;=F7Y9rna*I{R?8<7qtTr^2}*~ZR}7qX#z&0NS+jwYrYp1|72sp*%Suw<&H
z4%QfHYX`5bIrig&Z(lS>4kvRE`Z~C>4M|wr!%Jla1V2tch7|LWVMA9{xwbx#;zvNj
zY-(%EV}00yrs`zemS?(f@>zhi0_w5S2>p|f<0Z327`&6dva&K{i5WPz%ExFSS~|Lp
zo|od<CFTz-9wY$SVsBrNpBqlQ!c6@7*p`wikDe)S)WOJz4bjFYx+d8tG`%c2gE(f9
za+CXJUmXDH3n#51M-1s1GP1PsXxfvdC!Zl;NbglRVQLG0klsRWjr#cU1fq9z^h|tb
z(87Whq|N<&=y&fJA3b_>d93zbj&=bDGdcgla?Rb#&#_hRNpV0E=$8?n2mp2>QB_m3
zfBRX`Obi$M0~M8)T<RwuYj3bdFHiF`7=_32=E2hqOS)d8p5HoF);t~z(f9oP`DsC?
zqB&pjA&q<)>B(2Oe6!~6%gdkg^72CPFqcC{D_?MFT;hF~WnjqDn!*En<*m)lc0Q`&
zRnzMN0s&71LZ+ss5@syr5W<EbK&8c^=K&@44<=VvOH15HiHaisEAW<?rDf|<eokKA
zTdV@dD?$#2<em9;c4TCv!fP`d$pVK}Y}mIoiUranHJk`eQaG$DWv}{QS^!OYxD&lB
zZAYII*Et)eJJ-&<0<VY6_H$9VX%5#J!03Fh5-Q<c3yzpV(_kxZ<!aL<7fCg3?eh5~
z<@NP-fg3k!KHD`<Z|uTPyqzEHYJ{Y;U#scsbL&q6MW8+xtXA#JaCiA1uE2wGWB(A%
zC%EPx-+6_9bad@ryJ1r^zvmO<>R8?Ku+G`%-z@rFgA-jN(U18`%FA&b43PG3Yr46K
zLaM@>*?Q)L#Y|5`34Il0niaV3WipJotNi?`Zk#9g_5dmlMDFXIH8lv?y9S;_!mqsz
z$O1kzhxC<xgEH@JBw^2&B{Vg`wnHEt9FfmTzflJ0^g1?$lx_6k%J#mRmKI(4<LLw8
zeZePmWdT9?Ef2XqNs&V=Q1W~8LevMWVD~sIEbOzhyuN=S`qi_b!}}J;rlsVqQo*IK
zcL`^egnL|M1o)23{wyY*@zK$1$3_|&fq=<NN=oWsJbGj$*jsK@24eY{;1b+|n{Zpb
zZuTd8Bdfm0IXXG157nS}O%)Y`m!kyAF}(b>GO4QWYS(Q91!WYKBTBRL@|q!lxMEzz
znZfDY)X<=YkTrWfxbY*-!p_?IJNDwDTb1kATp+B@ojd1LC7Q&WHTRSecbl1_STbx=
zx&ls)XZe^(**Q7)nUhA$6F|1<x<hIZC6Sw*{d&V1cWKbMfS8zg(nZqT!%>{sk>qt1
z7OBf>I$4mNef!QGA_zUqmkZ3L$=5n)RSgW1$D#_EE#_i|6?AnOfq*lSQOpBY7FapQ
z&da}m{6hE0=h}rki@)n3rt0%@{!@nW-}ok`Q9JEH;i4=O-5Q8Sqp!H8=bA&r8yFbC
zA?v7tae?7i_fi7{(_JSr=zmBDIDzB-$$yGCc)We&ucgn}6X&0*KAd>pIcrjW83_H;
zw*MVM-?rKl=QgS(BPp3!=1Qo*<he4H+hJeF(elqO6hW+(!=0|W8Vbnj|3`tzzr$Dm
zlPUs1o0622q^74A*3r=+&pR|YNR0SgP@o84SV2L7lJu|dYE5ro$-vnozASboo(U#r
zxeXY25r>Pf$uBDt9jo@F4yIrey<rKl^qaj_9b{fZ1x7<P%S%g5ifq0wAc5eiih!9f
zd|AV~Pn4q1I^rkl{M$RTv%|_K{JiD)nk;)#<gKh0iaM&|J{76(8`aug$d{|&<>!z8
znhSYD7;65PJtQ#}78yR^E=x*FKi1Y75*KYcJ%-G~uJX7gl1VFmDn&p{EEu3|PI%!j
z7dJN!S=kAf(fazEk8s0Bhx=;ajP;eJq@-frz00x@ajtw^l)k*y%GSEG<8fg-0A92p
z>bJL$$zAmECVRlx*yD(Z2m}J0fy2(KvBV+dP6?^0BnTQ>+V<`J{e3|pA&xm(gSUuR
zF)`0ziXZaw&c*W^#dSW?)I1TebnOw%DS3H$biT?h%qRyM!)H{R>un@}iRzra?d&XU
zVQDFN{rV^FoH(~*xlUbwf7zEWU;dOHr7QjQ%L1smj-t5u_?hYE@S=TX%-#keNpT9_
zqrTN-n_6Pt#~R$-t@1!w*%*l=2d1E{r>Au$T9&W#DNicty-~0Bo}T!RcYlNzKG1`V
ztL@vjNG~=7e50~{5d^K=cnG?0;^GqdC=kHnp(O!@>nV%+Ehri36-HXMda+2lkU}o@
zIX73%*|`{59Yd<3VA2&`$fV@`Yz6joq}bA&q1R10>|y3PK{yt}kflJZ4hV|lEk+g*
zM)u%An-#oa9*++K-!D;iPuyjmGR0&1w87_xnzVQB+!5*uJ*0Czd2`tYjv37Sp`PBg
zs#&=qCIn+Pg!C~^O-<$PcAX(ON(5$MXcISN{zQXDo)0rI5$!zJEssyi&PIDtK`@5E
z?D|z%|LR3UB@+dOmkaxta{E@uVqFSm+S}R$upmW>8CX_zp;EeH*D3GjR%XllE;)H1
z=<i}mVxE!|>9r>6jD8yVXMiyW`O+N3bM?z%i~Rg#_zcjOCorWp+Ul5mSPJmod;9yQ
zND3X&Yd3%Elq<#aU6hqIq9+HJO<=Hbb1B~Bh%e4_DrRP8ZLU9m{W3u!Rl4J2VlLwN
z`yiNj4doj^_8U{Mv9V!J+11hUx;3|`NS#=QSM3Nk9lH;(ih+?arq$fdO-uV~p3dBd
zkuAg|9Bq%uXCyG4zHZQBl_c68w20LjyE2-T`CL{~qZui>j2@yhl`ySRXE7_c9eMqF
zlgA=8j_FYpv&3^qYk@PuCH^SeYNqDC3;g&y@)C;R#^EwMCd3m+4J$m>OvW~C^n1V|
zX~k-8Fc-r9?fT=zdGf#le17*SX7o3mGLjO&%sMUTX~OYAVzaZS_cn3&ZWuOJ;Nc6#
zDxEovdnx-%_epq4oCv9QS;7gj{TkS&7v_SAsj2b2&TtqUxBuqmRw8#Hp<CXf`Dh_=
zjhkCdQ}c@cP*HKQ<JQv1i%xS3i;g(8G{}#^^5*qez*HR}-yg}=1{MN0RDj#MHzx9T
zS5Hr|{%aU*dWno8k1l`h4u_Ywx4F{&-28UP*wgazl)E{JaW?wK5$=;P;RRw`Pj~m?
z@)v5NeQH4@)7>LaW5p=u7z3Aj`oMAfv5IE|w5@T=({uOr$vX-P#NhRQe)tXeBVmJ8
z#)kpi-S>eZr<79}zJ7^r7;r^pL<vLMNF=h04mR<=?L;jL7=hD-kdV-W)-<c~E8S#I
zE+(uawZN?MmZcmf>*wricQXcNKU~pkw@gnDU#onQb$NMk)){n$Pet@Z3}Q?CXlZHX
z&uys&!RmK)bqTxxdLX;>8v3f0uTpdBJ)uSfl&f=C0*5cmIaP{NCc}e~CPNUF{!`82
ze;E?m5`8|{aM2W@NeKZ-l04Y7uQRuuz0A0gm|zdXUyK6><OyYZJ*P`l{}<8f`_@hE
z{pc14k#)9ky<hwJc00J0pBY(%FO|z7)Bl&wGVXG8E0LyV9v?AG2z%$BJeG+SWv8bD
z(NWtwb8{*J6~Pl*_H{4xr*y@Mf`fRTk{YSlbyulmmEGgS#0%F&M7}P#5Nfwjg<AJT
zpobs}aFX~_FD6Ae0Msa-Tl1g{m2<(V(GY621YQW&U%Ta11IZl%QI3hc$^K;w3%(E~
z((;;4(2jKfcX5vf8c9|0{44wOuOE<!P-r9$1g=@m-CYcTk!!)Jx{2tiDdWnh_wSh*
zOCqWb`5}ZtZLn{2Gz@Z8NS$u7Ba*%m*G*6$7?_#gT<n_LxF{v1pYQMBKnX0t-+3g2
zH9q{#+T=DYI-TRmxb7->Ct+eG7>gV#wS9M32U!;a%1oKwyu>p(*<rr>TkW%QpM})_
z)Qrk3Ap3x-(t8PK1!O^06%$YgQ1;=YKNHm3*LTqfpw(Fl3Vz>KKpRh$?|TpZ9BA`@
zGPGiL5|KY~6kQS|fJk`%Ue3{Rt!RikRPKxS_VSAjNO&%t51mKfKJnqxr@!iN3s7HF
z`iq}xE28sh-~|Glq2Lx$Sjr<SU&CgWe?aYgB)q1rv$GKpW6_Xl@rZzo3^^e131M6!
z4-XI2Ut<lT6tc5TV9HRj1v-VWG081R4Z_s@wQM7X_34qBA}>ym89e*=@NQJOx~67S
zpI*fDv<aZ}&LJ?k4B$t04*eLjP3#(h2LHN0D)`i`>V|bP9HWw>-1#SmE-wW>0xAVy
z2%HX3$MsPxQgk)sf>*m1TsrvViUmy&0+9K@rbrYdOw4VZ2(UfnEY1uyD?|XGbyy}`
z+*G3pEYx7?zcFC%)@d_0?3JUUqNYPRQ|e!yV~W$0hEb#5oDRBun$6w(s-0<5gRIWc
z2T#IPZ^q*$SfKwei!_r@$xXFR_1)6FpYnmg;+dt3FgC@lzyHH954<#pC0NIQPgwk4
z8u@>%N&YV%Z95dR$Cjbb5=MgieuybU7XI^>^Z&6ouq{C&I{Sb#jftT`+yo~I!N<fg
zlx_u36EKrEeSK>N<nM)LXM619%N>8VQGsoM+kF!spH@^PWIbM5W)EM*ZTF415F!e&
z$d@Qd+lC-&WITH!q8~n`=1}<<{;azKbh@vkG%Kjnxep$(<ouv5Wm0l-bD16HC$5yP
zp5P|n5(YvN1O>u?ASB>2PMtgf@wj8Vv;Z?Yia=0PQ~!Z-fYb=YbX^_WrAwFEy1JSG
zW}HBzr>8sJ2t$4N{F(F*o+HrFIe1imE&ne&B(h~`DHmDOqIDVX1jO%pY2nx!+JpcH
z0nO!5AkcW5crlE<nnfYLGoGIa0pP#|qfT=QP)xq})2F0!-N}tHmlV~D>_?a90ID*}
z_zb(G63!h;L`r93*6AW8>10~8%ySeMF!c-O0EHvyjeMv82mzWTIIVsFaxqCs;eb)s
z*PR$omH-9<^hM4h`64^}+FvJ6z@PV0?kXz$yu5E$svh$Zkg%|@My=)9==z3)Yj`JT
zXJ?^L44sGdL=+#2i-oOOpkD79LP-ZaG=?8G3qaq3A3ZJY)Y3>Xg6?^5Q`3w52NvXP
zG7&If*s>(zru1bDFzAn8UIa1xvWSgn$Y}_vw=^|r39CLak@`ajMq5;x2`Ihn{0Xu=
zK90+pT3Q?c0Ll#oS08I?LKIIcFQ*Sf-BhE2pYLdD5&)B#nOyl;ce0ctfk@x!J%3A`
zsTa1}apRYAzmq+t>|D9M;<4rnaOVTorx1XbhD&YYk+LTEax60b84z)2RHfHmyjQJ?
zGUK(JAVBx|-jDM3vEcuBb&3sQ_4wk+;`t03fGCeI@qs`;wg6}`y7Ij)E}E3)+qZAP
zl)uLMz+HBBc0jHS%`&P&wfnsHm+PTh`fU*HJGWv-%7Mp&0ds{l5Q;(Qx!e)DLdb&*
z+<*S~@uvEVrG<qFu(vAIGbt}ZLr?D>!%i(N+3tD)tjjNlY{q?gtPjh`6|&uhCJBOf
zU6Pe$gHgR+85kOZ>d7PRS{)n{BjYUs#Mn#%!G@D`ycPi0CFEapi>g%<g=Q8Oi)hPI
zoIsK`rsFD)`-GfW$q1Toh>9X@HlzK9hKBB_(fr=pI;q2Oz>7ZDd|i-18n9})ExhHu
zh3x=@sRoRF9q*7nY+3PHz)+~AM4C<l+<}AoQnqh4lf{MHM=-z;*A{aL?F5J6%7Ar-
zrmk-2$cQeseh1>3yjt(r7_;V}93+CSoq%7AEi77G4EwHl!<v7NYe-*Ca+8J4qwWSL
zR}weoK3V^)XToPgIj6JGq=|vII5;A#ie%(ao?!UK-`teX6QYajKXX@I_kZ}ooKydX
z68`($7;OqUWM4*sk;w_a`S-MgIGu=Ww6Bv+ft=hgy8S~^fsl8=;d}*up36tf+o;Ze
zB)zp(Xc!vO#k;v5^MBxf&6IB_F4eO6RLq;p9QVaqah-;#^sN`l|EpExZ>UNEwK34l
zj=HkAuyD)Y-@j`CsI$i2-rh5DT&_UeIV}Fjy29&yu;W-c5xV#^Z+>M(QB_qHZi{9!
za`I&ix_yyZ%8lpO?~flZGRyi&U%{YCZIoS=_4589C|fVZ;GxKOw;c_7AzM+Vy}dp4
zA{o>GAI+JmWcTry0<tq_9_s35CC%-u&Ft*VM4v!FG5j-Br48JAQf{0+Zoy<}WI8N-
zPnYK{W@y=DllGv5M6JSM>h_Q7wXNBO%v1$WPtP$smK$C_Tnw~?mi>kHWA3V|Qe<Ri
zo<Jmt+BM`9)Sf}y8^9HswmNJt8zAbzk_+8e#?9Y0&kq-x4wqO_8+y*ZeUqo*U2C%~
zmR#am?YUurJqmH|Un;I-XmNhri&U*zX~A3dxZm_gTEz?NyYW`cJs;NI5PG#SNqn%r
zZm)qhq-p>(=A)|i#=JmVjRuMd4R|+Tg>6T0m-M)yN^-UF)eee0=(Z3ui>x0rp`d(w
zyIX3djekZXQ)LRWmD6_y^7P9cRwr*E?s~m5OO|v!qn-aa21gH7^|XezzBI+P9~!DB
zcBW63COi}ezg|TNlcs^y=p?_<DIzA8nKNN@xTxKEO@oW(HsqX-Enyj84<7<!^~KQJ
z%j=7ICqdkml%n4W-Y^=x01XWd`}t5FZ(qI9jYHT0*j`ne&y>7@EgM?4$II9%sO9Kx
zxiN!&3(F?ucGl=<J>FabQi`9oNy+^d<}~V5dwDLZrwR*xnNMZ~i%kIn)2Ll0aKp%Q
z+_-SrODp{@W^xiqNl65ci-G9%>utNBfa?A6<C8w<oGdBRT;(yhL1yN#JSH)Qb|piY
zxhIUs&;Q8M7_Rm#K9~ktx?o9?X2nYXP7}YGT~6P4jdz-#InkcckcH9msCfzfOK$D_
z$;!DDrHUR1%n;RI(Wg_$>>!|$8^K7~r8g2`K3eT53>DO$Hg-0B8Olkp3~>p#>t*Pt
znResVBP9<C7w>xKvU>icGN_E?<rt;Q*5Q5I625&YTKf6K!7s54bD=@p!9jI(n-rj0
zS%1S6{pV#@+H#v8c#~TN77h2n2EHQ}H0_LvSsVNDeefgb9}f<Ey38ZZ2UC(pXE>gx
zv3Fx0a=jo>0Jg5wAGx%|kkv&AzDFf0$&x|5`ekiGDypicaNeD~fWjgimd;A6{;T~$
zh<aFnLRZ{iLVxMz>!`TCM-`UObtLaFARx2&_y=3767!@%xdy0l#%drHAL{Fe1B3zP
zAZRw*zkm)W&##5g3M8V%+!FF~tLKfn#O%ib|MvTahJ{aouLQ;$xvQKc+AiR<G%N^t
zqk;R^>zI_aPG1v~+lKXW34Je9$msdn!gYWSiei(E(l+#zH{^n1Gk>E(?s5zqBZGh{
z-+fWSvGB95vX;BqS0+U83_b^ItxoS?;)KW1=l3u2J%ZDUcD2@j7ttSa;_r8o=lu?G
zMmRln!e5GS@AZ~F+S=ZpIoRFE`1<?Tx1=_R=3W!IhIXP!%eRk!6vK5$+_(`5G)jxD
zV3o_lYn~MoJ=I8Fsg^Y(a7aVRNht6Bu1F@a)wcyc%`Up8@1j|xuHJdMRsq30iFL(h
zDBpO03ol6YSUR-h_54Qse6SLbcV{chk=O=UX>*Cl)VwP9m1%HIU!_*6sRv5Ee$V%P
z?yb9!*Zy_Ss9ZMSJ&9P`&;q&fZ2^X+uCBA-KCQ|>Rd4~I0WrYi8ZX-V+d1)_vnLUt
z-#w}G^h#RkN641GJ`q@CyED8_Fnz^n)@FOZ4JIuA#_q1Cr{fKeRd$dqfCW^(zzN&j
z6W%}NGu3bkD^IS&V04-9_U!B|!4{AKN8q?-kGZ+I&2w78Q>?;zT;k`aAfaGwO1a@J
zASg&BQejjw`V?E^t!>Cf!73dBQ|UOd21PWqo%MEFW+n;YyFrcMazgGecB%{DSX`gY
zkCxh?U1c_ZXjJ&_m%Y#6ogkQ)Ui0~ZK5#j+r!+7pb-_V%Q-7g+6|rH5DN`={^c09{
zV-u4G7oPXJHDNRUzvtCPHgihBZR(~%ISxFyP{oPf()`d}InSAQDJgN-G{kCYfv@tB
z(O<Xml~&Rus>za9aI0Xp{R0EA@UumuLg8$*sP`>1sJvpBT!&T}2ta_bdjeJ=4lCrg
zJZ2@i+|8w?8?ciq+jk-3Tv?KseG3Vj54(|3rIY+o9jFETWXNIGgai5Ey9!b5)34OL
zbEEizmO+6hk!2ytb)wOG_GU9Xb>BGrJ6mW^8$Yku@v1TOs2Tsn-@+QrIXiPYWKePq
z2Pz*@SgC<S=%siJ>+J|<;01kSWo6~(d~x1By(gmMO}VA=nAvzJrimE5QS`p(BF?-s
z8A#y(kPurfh8z>HJJoAg!RGs04T@(cbx5tErPo6i{GO8R+4yhv05OWsc$b>mnywV@
zlE;pcw*X@A*VYR;*H3mMl3u?*=cklnHT7DMN~UCLV0BPd>Jq$dvFQZ{Dh)ad^s{|n
z?P6P>{@pq{TxwOu25~NI#K{den3sU9d0yzf5=bF)6XZ&da$bFL#c6eY`!)qktSH`^
z1Z8jA8+VIo^c#A|6t7ra)U<zaf=pIGuDo!ygS%i70wP+A-?Tgz7{l&_)@d7~{ltT>
z7K2W;dU@^aTML${X?QH-5C2O{QzNR{JTI&^H#dRdxH?cY>mu1VJj|uvxbr!@G{_)!
zLEF$U3bv?Y^?VN58J&u|VP7~xdYxd1pRI1A$k2VT?aKUZ_4Fqmj6Ho7^0ZXI@Y77B
z??{Q2MniaA<5YdA&CpLDkf)$;p1A3LtFx``rlDbqRcF9Rk;T_`acpiBP<69u{DkOu
zyR2gJLf~3&FQwmRj#2w&Q<d?ZF8f?<N9mINo%yurmb^~66QX_Mm!C}OFsz*Yfpmsp
zsBK#1+UEg1s`4@nPFzcMxYN_8T-i!00^@Q{i$DI}-G$sMg3)dI-lI63RN2Y!!Ry5z
zG7XFX{xs~VTn3mwHD_6>6KfD#Pj76Sej5l9MUd6`@E-A_nW_H<{WI?4pM@}H{!3a=
z@FM?W^o=bB5Z?ThFNNF=mgXhQ5{zvP47n5e3Zh7RxTB}1#PWDe4h~Ie;0xy{WdHLC
ze1HY?fj$4o!gchOgsqKFHn{N_!C&J6N<L6kohfW(jok<rv{xX+m)(uISsa8!cJK^{
zSMl+gWLHcMTfC~AX2Z_r1GCycfB_lK^579nc@gbfQU=5+6SW(_yw8)A1yLol=P?6@
z51Nl7XIx5*A7O3)(0Bp7XNCK@#DN?bFYKDDK?cF4ILO|(!J?@+I+>Ao311oC2L9T0
z^TQ3xru9+FLaTCTSVDt$vOAMRx?(1}#eyo}$Iv~2F=c+G7p+#tYe0E2=o{6v_s`{h
zGPQHnT2RV$kp?+Y%Nwoe?_amv+70$$)`^D!BlYKcQd_t180Bq#nlpK$f+jXa@(*@^
z3)8kGRMvrCLC3{_0{v5*E7bn;+aJl4Lw40qu1@mX{d#B|t03vn4%q>~#g-s4db9ZO
zvbVSaZKHum&CyEd%!4b)C6zv8@rMuWzYJm!E@Bi6`s@G-X|bZIetT9}%Nro!b!|l$
zl`vaXnaO!>En~T>b^`eMKI@kw2i|H(dFYn#Sd;MEw1zMaWf}Ov^qiI$zx3LfFWnE<
zRs?1}LrgnlR_<NN?BAe+`s4jYg9r{zRaKEi81H2|fCCr4O2C5~mpC~U>F1rCoCug`
z<heQXoeY+y+Jrez#-2cke2Wc(&OJAR-N!u@#SC7gDYAOXX<N)lSV$K<<6oSps6%z3
zs?_xBMzy|pq^5aHzinRH-~?pVS(2{gZJAkE3+HyW^3ot@!}MUDz9S*f99cyd7aFEO
zk?GTxeLD7k%ZOs$yxq}{{rHd+q(8vE-kE-9HK5la9O$t`ZCZ1l>Ye^#@#5g4aE9Xm
zF-R@2N`p%bgia<@Y1IEfhZrNW$z1qWNK(?;m8y+HdTZgU*A)(-R(6Ye*;^%kYr~l&
zxVIr(qW{Rm{*M~n|2I-e$$atMzq9~^e)$7xMdFVS+ZH(<hVg8v;#P+_gE#NXnIZr7
z{~md(OYYvi)1tP+Ph16`GRAqW%@syR|M@g)B6=zDGOEOs^b%pD|AQ1T(JN}$S9Zst
zuhZu!jkEvZdBSqdnuh<QPaoED*m@R(1;WCC!2fZDJqOu_i;Ihn0T0TR(4uqW#*KL#
z?oU^|<T2iV;->1nDDs;xF`{kQgRSEX>k~@-vrvWiwkyZ<4Gp#S60%sq!*<oo4^hW-
zN4}NA+f8@Y50Aa37i;L7Y7^t10i2nPkM~cC+bsV_mybC?!RTTyvD?SF(@s+Em}SL@
zn6#fr{@ToxI$cl~8}9Gn*;+&U=iyA&@fYQMV}^ZrP#FFE`IDWJR8ASUxOiJhDcpzU
zEb&Y}BtU1U92f#*K=CWHOCoP4$^><G1VO%*oy`H9vkC=q;Hp;*w5;2CNwdmv08OW?
zd=7dd;;L8VlxDa039TYVB!OSeQ+tr*QoptyY0BTZ6X?S$W5gOw0(F%2jT~PV8%7S4
z+2QsiZv~sTz^~ul7GG*LFY>U0(DVEE=YxY<0FFWa1aUrLg92Kqpj+YV6DW=mfye>9
z06)SX(WG->s5X%K2;9Ga|EH5mrbanyY7gh!rdJK2i3hrNY;3qe@$)g;deQxe_4~lU
zsmy-HP5$x1Pdjp?)N?M%%8~EOer!m963W9v{Ff-xg$un956j)5Op5^WN|>00#Jm#9
zg63S|rDv(siZY-lw=Ck^`X;QbiN|!5PtDc9;UPQ)``lN4H|r~RbYPy<ls1j8-T|J6
z;qQ`30{dvRX#wgZkUgJ30J*`y#undSGSeFt9xe!C6eA4YZ6sS$UHxPgmTyQyUHv%#
z6a?8<0T5w@M}XD@9QZq7%h%(_o1e?dv<&A<kHy)279MF11o7MDESYrAL7~wmG(RUt
z7@Goof8*3E92HJmlNP8a5Qqbj4`mD|mbJKx9QOwUjnMqdzePqwJdZ}D7wcjoXO2a~
z4|tihORm@o8c>4}kTmGFTHrx^!*JvbupKo~P~es0i21z!=FJ<PDj&IUXjUPx`{sG3
zK0eIAoM(A*a&pf2(GfjENQ2TSSOaAq67qU&U)8Q<qSl-H*YC)cy5plWbetkGhfB^-
zX$b^4cS(AGA$u|EM@M`6GYnpoMXHP;4D|%0_fe5l(QP`p4Gp)kJ3{xP9N(w1FDIrq
z7mwJ&su>M><iIBqq7MkNp@nMT5P-fDTyfB%IRzpyH?^z9ut!2iJ%AVe4{$t3xX_%P
z;CS~*Fahq&<b!$YF<A)-E912|l^2Br7a9;Ba&sSSH`g+QylDM+t>tUeB|a~|I@v4c
zdi=v8@4P_&Ek-P)Cgz{($`F6UbN$mn-5;SR)SUsOD{#>W;k6!V(t-pZ>^s)r4Pu(_
zj$8@D++tlsma0r+zrQnM!BK(DPHd`*u~94S!J2Bm=?ui;Jidw7zI!8cTJ#t5p=l5j
z5Y3^|!Z$|41bK@RHBKiRnl{9fyFXVAglMUQbOw4IW+m*3N8(CSpt>u8q}Hh*8|D%J
zhhS`RIe>;YkszX}PTa};JM8&Qc1mZkt>(QsqPoCXHs9wO^s=|ij)a%?k{`VPeIsnY
z7P|iY{h%D0(;5FC1dB64x5LSErME(POAX^UW}XoU&qa4^OLcYibsEkaJ0#UW56&Ap
z9SiqJo4PXo;mOlQcK`IlqP$Q1m;ZdpKfSt{@=@Q43lj@VDVo%bigo`toH{Lf_$Eyg
zO5sWB`XPR}_5`9;bITu*{C}nxu3VW4W;^n+w(eMT`qM)zwG9e!-G7R8L;uCU{j<9H
zF9GnsqSAlz@jw5O7D62&NBK`>^9=`-HPtpY{uO8nC!!I730eP;7=K+f=@sJHobEAY
zV}qdAHl|+3HUd&(t5!+{IkW#!P>qD6q!oYBYWr}qQ64hQ=#&R{?h)2EZsiD0oZdg@
zWi?|OeZ#_)aoH2xDI^S_C=*Fuc9EnyORQb-Xbq0QzakI~>J8MT2)>Y=Qs;M37z$DU
zI_?U`$$;anI{OctE==XWWQY)Ew$&8orzj?mpiUMZUgid^I#}6)Asg2i^_IDfuPfX7
z250pMiX7hzxye2i=-pB4l=#!ayD+}tRin0H9nZ$Vpfhl*V`aPbKxGZIb6$GgmIJs=
zg#m+XLN}8F$cK|Gqz9ivqiJ@w)!!6-)@z)y$qlNq2MiG5NRK}-OtI0-sQ0TN>JLHi
zQ(obbwK-6I)~9&>Ye`-ml;i&4@O^!KtuW+$HQl&P6Yv&(DNs)Z&d_xO3Kjiz6Tck9
z1*D~Oz4@8R!8<+P9v>cNfXJY3v~wLq(6^z1@5~j5Vj!jaG0+dnNBQ)K0uZ;w^;r}z
zJcs6@lJ~#ds?6u1nHA(FrP*zAR_^O*s;jXS$eG87@r5g)!K>vf-IJ<*lBW=V9Lo{Z
zsKUb&B#pjx)@xAMH}LZxyET{NLE~JvHGSC7-)&=i0zrp<*yXnik#e_lIQMP++{P_6
z8f<|&o__-Ra|{@puNMr31K+Z|y!^SyrW5|Pn!b{wkd4tDQw5ix{X@SI6wuBny#Sbq
zfT-wIBX?I<Aclwnr2REDp$%98{6j!cPqcXOHyQ5H4MR|X4l?1ly7bn8SaRXLWg>(3
z3-8G<d#l8w0lE{~``}E}KrigATCx<n@|S7lw+^mfAmad`a^G8}eTgBz@({1{6Zbfz
zn-^(&%fz7(4EMa$Edi<&v>Y)Z2X%svsIf{%-m7$D(alJ9v?VbvoN{Y02*X`#2PJZ0
z;Y<Gbfge9U0Jogw8Oe(PtsF#rLbcn@PTt+UeEH->KgQMzRU#m6TwJt<C{GZ*rl-rR
zNcrxS<VQewN6_)Tgg`GMA_9*=sSZJR^x6lSJr7QC|1z?VpfB+*wDC&M$_@i{>Zf0M
zpFfA}8TbGA0ks^S30df}gAx{mY)9zML=YmUnYeJ;VJ;N6vAfuR$ftKDevBLBXI}#u
zpiABi7~Sgrp%e4xvd0KB1TzZ@G?tzQ$O40X?DymeBEXX?3nYc$?hpI4w6tDA!{aU*
z3QjOY1ge9S$E9Z!?^bDl^SAr=ot+B4F+$^aWhEn=SZJ?|vZ5_8b&Vybph!cZ8eB$U
zJkVE(KtOO7O^THLJ)a`7*>3s8-1b!g|M(6~BenZa+<x6g@`{dHzWFZt@WfB)oo1Ch
zGg6zUPeb--rKP2L{9TF2=ubmMey>>wPJ0!?iU=AIK&HH|o&E<dyrQQ=442y*jjc;C
zlY0sh1gCHBROLbB=`{MZHh5)AX`jrkCJQdRlEF&u5_)90qqQ_NV$X86I9viwY<C30
zZ7Wd8=4~hFZmU)cegQE+eiaIJ+sy|00pSh_Xe0TGck7&mD&3S@)hq=a;xlyFKD*0A
z3@w>(#k}GI8{3etHpBM47x(b)!61YJ_6?fZA8}WbS~WoTGT#A1mGw7<x;n@ZGs)aX
zeR+9!ehkP%>vew8BTUE8*qE(X;A_&4qjp-_+MT`kT?#x`mA0FcYaN3+V$|mfzNH;8
zjffxF7q?BU9~ZkH7uvl)?RP9&i4B~o(w7V?it4sdF}gH*p^qiffG=iG+JW2Qqx^e2
z<LvoRQVJvfkTZrKj!@R8&U1CIehqmgd*-~gCi{tMD)!ufndg!;C3Tg0^%v+o1X`+W
z99*9<a&78b)xW%tZ_;ZXt187-$=CYNOQ~AyD9Q3zFYO$je4ZfO=$W#6u{*eDqiZ!s
zYV^FQgv7!wB5siH+GhV{D^Jf#W4$~r8_#XCbalZAaqO7s<E@p6i84QcXLh*0+@w>h
zchc3Z_T2j;%yqBPoJpDG?fgDHjXEtHXWm}KGrQqg4DKdIc?bvVWk)my6~ul=%bc8?
z*Mmof$zD*G4r(<1*4>>rq+-z8((<6Qa^Kn9!Qmm41Fd)7J3P0#eqjJ!2kz2bH*U9R
z0E5Bp`n-Gp{s(l11Hl1SIJoYdsg)yAGAWg3o%B{E^M=7!P$Q-A2Q054k)d+ap>~d~
z@e_4E3){a3dt_`Rj>}nFZ@oTVP3qbF)uXlP?{5=rkBvb-yZK=u;fuw`EI-}tI&W`p
zXiB=EXE-*&ES95{V|9FVXt5O1uPG=YQ90`>V>O>R<~QZwp~1_(;G(xlkt*Z#GvwOa
zuroo=8>YUzV?9f(oYSWen1b2pk)04Qt3L!dU$yXL7hI>t(EW52R4qD+c&?m3t(l`~
zQ1ic-dk?56vvpe(b3|;jBA|$1ASfU?v{{s(2uMcBsmM7RK^p}X0m&)?5(*?0QiM`b
z5Q?B=D4;|n7D0(Z5#Frs-RJCk@7d$tJ>I)#yfGMdLqXO5uYav?eczn(o6D<l^N*Nt
zE%!anNmmYqg?B4sF3J<HhMR$ly1>qSXQdR48~*U&6m=5grMBI?@Ht2HQ3Zt&t4A03
zLv{7_#cyOAO6|65n_nw8vM}5wJYQq4n5Z}tly~OQ;+)9TV5Zu_jhA^h<|xO+#lKt3
zld9I3_yr!Z8eaCH!{A|ssV>Q9a%##e+|_@bi|{TEXB#rpxF@~bfFt?7`I5Oy#ha=2
zE-H44eRiK_qg7)Z7~JWjuXu7tW2jKh$FbElHzxzHBpJjH@0NBt)#KFa!qG+=UZVg2
z{?N9dxT~SHeewo3Yqn=VBl?tFTV3rrIAA#?-Nl_7e?C#ptf2gglF@QXV&eW|OgZ<m
zs|5vm6&U~g#AAm-D?G>=Xe?4LAQ5a_UGoTUO+G7>RAt1@QYI?si)Z{Nj1(FuGxm#m
zi(Q!tU$O>5CKl%?`P`%QsJTG8&xre0KB9pJb`<3cN(%AzGemp%U$`iq;e8Y!91KL<
zdD=KlmejU$#|}$f4vV5lvCIX|MK~Y)@sYQ7;$85;u=BbG29q(2VcpkJ>}}X?*p0km
ztn_?s@0jWQQQqBK^IpuN#-r?XLE+X|ukvn3H7<~jawl0bN%_fid$R}S-ElH+PF4U_
zN=`SA7g6nZsZ66V#CC6p_EeoFj<<@+%Xc{JCW$&MfMqt1Kh66ax@4n74u_pT-DsWn
zT(iJWaQCgLpJr3d0*k*#ns{$*ncUjQJ$J@`ZdKvr@!8Yzu4CV!b&ZwnbDx(m74WmE
zE4cjQu+dEA>^eo`#}zLz?RW+PwML#e6%-9P3Wtnm(GTi%Wa@D_Yl!T6V2zgc3kJa<
z(b|GZ=!Xb5DIAQ*6J$IOI4ZYRH1ht=#g%e)q*<M5ZT6<VRYf-h^rUt-H8eDA{_TSx
zwQgu=h<scyg6bI;F(q{&xjspAK}o9Y`oz-}N7>X!0x5aTzN?H6XK5=pT5H0kLRKTK
z#=F7KeS5$7&6bGO)iZBH?{J>EUQRcW*XChk`|5aR<1#k3A8U@oAM&lh@}uxrjNb?!
zNj9JN2B9i~!osr#D}LQJq3;}tU%iyg=f)l_i^4dz;Bt=g60w#{w$Hl^Lh;KAd+#n`
zWBYY`4+{UUo6#7~c3o{XY%2c`UkIho_E=EH3OC>{)LzoPrXn+E3|8Sy1UCJD@%I1I
z1rhgc3pyC7>}J~W#Zn_hBXu9c4X6a>z(?aOc1k&kfdB1rlCJd<jZ_v$?SG`qzxCcJ
z8N(XYU!sJdgiwDDwjX?h9vg$sB=E0Cu^YI7yXIpxX_%0Dtxx)$c`{>n(8n!n?`Rwf
zb6J?1;SyphZGLdZo$u9Bwi11rT_4m_o<Jg&q@MB;UlkQfTZ29Zt~Kd#(s_6F;++%M
zIBnW=!p?t;a7t@T#dP*P=$(cbta&JGE~6|7b2Gpygh66sbE~-`TQFuT!SE#LgadEM
zef|1%;$))w!4<cT>x3sFE)2io#Q@sl6G^o9?{Bg`(?y2pqmZdDoP3J6ONW2ggG0MF
zTzLG)#}|<b5)!>S65E1O($X$~VXf>NH%9_`MJCoxw?wQawIo_3wBkT~tqmGE!p%H;
z_lGKlQO%U<`ui>GMR7mL8P&R%+8K`;a?{Nj)V^{2eVnLC*3;C+R2_vaYtcAQ9w4_l
zl4#Wi)93hJpj=hk6Y|kGwb2?H-Dz9e;9x4K#!QVviFfX-5ThSV&^Y8-rq`Hx<*`#i
z3^p4%s-Tb%t}ShNs*$2*UE<FOIeuWvSd3y#iQ5#ys?>`wuaZ{~{q!VqswbOd`D;k3
zs;Yx<{z&4kuDM~(blzu6ljtM!typ>^!1tn}Th07*!K3c1ND6&+)^^fo)pgaDpYLYD
z0<B%XG}_NdIN~x<s~%b@KBDhav>8hnkhBG@&CEW!+$-yLR8dy;SQ&r8rXz+#i0&yX
zD|><l&fv)`!3%gg*U}>hG*rYYx4xi0z>A23%I6aw_nqik&Y!#id)>9GzJl8>V^629
zU%%c%Sa34CHND^$-d8R1i)F)Q!xRnm0{za0tA18OL(*OKI%>Gl`*+seIf3kRtSD2L
zn5vcLIdv^j{gRQ95p4`PcAv+#pwqQKU4%PprozwfhZ50qsl{Q4^Vw;vq_$Rcvixl;
zWx$1e%_zU{(^=l%u;)m)G)r=_Q930g#Uv&BQcRBQu=TQq8PG8W1-lxiQ^An*Xg*mn
z_H(zN5xUkaN;ZG)p!I$-6^(lO6o{90=}bu&g|08$d@<gsp#5jGDcjWqH}ShzG-1@9
za3SeoeX>i1%Z2lGU%y_hzsRTb?&@dfqsqzkYggW4e<!qYwTEv0rhB(fJikb_Qxm9q
zQ=Z&PB3kFAzI*ph#Xj`%75BsCP;$u8!YWKPh+3>`3a>EFVLhCZr!UnHvR1*iVk{la
zv_@Bvu?;kmrr@@%A?5PrPF`NRSVm|)c>EG-zS=vo5!8b_)*srqx*tv*<_3AXD%cze
zRG0VZxo*25_lMHnGzr|o!7Xb&PmG+gzbNIuP-GzseU{v{FVZU~i89dyO(p(Ne0JQl
zPPp04i}M9V7`4kr<p|tKT@}7VxDlvAlIMscYJG3W^uEqcW&VVV2fj=9)eq!av12*F
zwdO~zp+!z>l2MVw*fh;nHs<0wwvd}#>x^q8hh{lGK1k(os9EKjbDUYNdj&h$u9X^v
zloVMk|L6@xZVmZkEX)UU=XsDz!XSg}zvx%X`1tX(8k;K$S#(s}rlw;TzjNYwz(Ba!
z!HuhJJ%$W(f`|#3nYHaPU#r}gc7kMSK)L{wQAk)g$`uR2wbXNd!8Jcs=30i%jtwhs
zaklX%C-QH)_q6GZg>1~W+Ca?|4dwiT=o~_gA2EKU#qxraaD*7`o6FC}K)GbI)-R2X
zW()I2nDsjLIa+TfOLC?9lyWW_@(d<UF8b*a0>>q%q&hs=zfx_^mfe*$v1xliu`VC5
zb}0M$hT!^jQ43{{HN*!b0ySH(mDDlujU0=3P~Uf{KqQW{v7@7yOS8@404h3NZS9M^
zk1i&ve?fwP))bYrj{qL(*9~gfy2{r)6|&f^KL3>03f=U``6xmRtB=xZF(Y;6-9!oN
z!_4|@K^0Y1YZsT?=fa!@qguLEw8*DVTgDXFuB$RUHaf2iP^==%kqC!(te0?kAhkWx
z{MMB0{zvBk0959FzyuSzL#?(X4eRB#YUOIR<?SMa4Yjhes>oG%Q~1o5riJT*gn`tM
zqMl+q%NvIoo7UJQub6K`=_v8_)@!O)J``pxbHp!=l&zSUx2I=Ftxx*q$b4a^SFDIM
zEpg!t7n{cumpN%;&Vo;Q-7Xg5%&V$=n^elH8#p#bH0jn1>SaX9({1*3T!hWig$oyu
z>Z=s8Gvt+n)N+I)iIBjJw@>ytkR2r2vin>Vj}@j|!`0;!<F}CjU?s#2)Z~1%&TBhq
z#1}hnM3)(iksWR?@hyDrnpqO`y3x;>c5dA@dwcu(ZTiU<GD->^a-up`=Y(zR4s4B|
zjLCXXpkL#1BY#(4liiye^`}Qko%B)j!uBO^Ik?!3tKX{?YaD8vvbY+<(W6CF?Q(e2
z#j8Wql3&&uTJh34Pq&n~n5SFqoUeN*Og&H6ApefJrR6zX7ZO;`+1?Ss%l<d$t1TY7
z%|DGc6)hMzDqJ(woN43YqVfEqW$BGi*@BRm)Tj1jT+Y*-Twmk%-YHT2r<^`1GgIxO
zv16&pn<lX%M?O1Txi%jgQhmGhTBG%`aRnNQlT6VYmYgowyn1=nn|!U9Xtwsz9D*Li
zw^)iE{aSkja%Ic;BB%t<i?dqO7W|<<i^`?@Vx1YF#@XF1$@Kd4c5FrnZ9jIteng?0
zlm{P6uO$)ulGeQ4mylo(ia3H?!RoV9SrD<g=d$278tEb+)yU*Y+3m`GGnYo3qVp=H
z8LlGDBQyFNsM%ZAuas;QlE$@8L>h7)RaCSmd$haKEAJF)96Goyh%h^&F^OFs@orb#
z_C{O9X+&uKbERFc|M>Wg971e)Wh;@Uaj0h}$Dd`_Zvw%mc%NgdtYyX=Rkcf0PwCq6
zhNqB)WkDBln)gw7ZHg0lD2iwyOU_3S0w$x<0S_5$M<j6t>on$N>)oL}3IcTlxhN?!
z@i%H;U0D&<{L}F?S1E)j#!&O@B-TwvAs5^0&2h8MrJ2495i<|uNnahm%6)b%zS<?X
z(J76?&8KDB#KLyM=WX{LiXxlQHp=9Xn9+FQhLG4mU$-4@W#;82OW0o5yUkV18m+`+
z#0JoQZ*nyvDm%wZE-tPfsU>XORw0e{Dznv|+-+_Oylk`t3WaiQ_h+p#)}MyP$#{-^
z?}K=GypWrf9quOcBh&Ob@vpMh|GO^?o!iLC!*fL<x`Q-XT~#GFG0W=UrIDg*E+nc)
zMMiqQnzVmHpq)=tCp&b#4}O9imYd6{<KBr8IwcdP7o(>x38Bw{0dcyF-`p=U)y~4w
zmOt!#q^KbEv6&8+5C<EZT$D^FuY{Ob0(vfx^w^Z^g3e^)Ud3hq8zzB_OaDW@0dzsd
zd9qsB-`!eOJt6Ns)sJlFag%N$XlsV2n(u{1P~a{-m0N2k%!Q2LGeq{D&dAU&cma9T
zzyrz7hkU+2-mO9`dHfPaGb}A$l3`}aY^oqtT_T#LQQQ^oh)%7hFSd~yhs+jyq5d%_
zaQdh`IxukQP}o@RLuuM~bk;pojgk7|;(rYCb2bkj7xBB;$8nd@7hQ(ij<u482mZhn
z^WTn9@YMw;&F`TP(~K&rc}}HyPTW;zC{7K~v$b7V|MSo8^6ICVvm@oG>%`eDRa+;o
zRsKm_LmNoAV&>cYqR=lz<2)2QlTSSHcWOUU=|+%FenEw&lPu;}rBm+ZirOP2B-l-*
zggH{!mTw>LS!_>ND8@H&W=IfcrZHBN6$0^3n^iAF@y-9_S<C`b#90aOwy`=|QpFSK
z1!qS5Ws;c=^io$!zs`4;hcJL@F@kqGFMT0<+u)7Eac}gCeSRul4pGuGNb=NPqs!`g
zYU5x41N9R(4`L#Z|6G>B+>eu+)mi`gLLWz<=YRqWA7|0;0agO4F-MjRv!psiE852a
zUX?_3FZ2yZ*U*c-^R2QNw=;c*ZMbwqP?TLMzxi}rYNf!lH@E&^USc2FmW^IC>{L<B
zs1WA7{rn7T6_~d5*(^j15h5caBYd(I?*es6VIo1=@!RcSZuwM}pi`w!_IQP_*v<N=
zrlG7YMBQvdpP#2YAQ=!FE#**b2ofoIljyaK?fO~0^0K=fMV|HbLIc1A;|I<^d5LR}
z6fVXz@gR@E#f{KA+?tcz^L7FfhiJ?oXqhajvr@|z)#4QhD;b%|eqZN4f4*2MO8-?R
z$(n*<zd8ws`gcyeOE29i($v_Pc;fl9_=Sn&xDjP)wo6|P*VeTw#1<I+UlQaxm$F?K
zNl8|Xlbe}=h|T9<yRW;keDVc{eFhHzMZk!r-4Uk^{E+&kKKJ2^n*VIQ3VR(Ena7r)
zPoa~tA3blELS#YmeW<|3_IvV7+tcxY6Mt&~j<NobkE!mWvJ{If_}?f`|EK!#KP%nP
z%#l-jaa|DI133U6hm8UMA_<FC9X+*`+X@9H8a&SPZSuRaf{ktHS@5bXWQXX_06u#T
z^r<<SK*Jb%^@Lp!mzGYswTgpepoYCNOB;o0o6Ag4P*7ZU{PM+K%Dny7#lFnRuRMwo
zeDXQW!@Gu<2J?OXS<QV>xSq3TZ)x*~UP{rh-j(}jB!TnZE-o$u$@@S_4<G{$JAW{`
z+AX^+q}ZgMN9nP`IZA)z!r8^1lk*iuf((&G7Ya`!hQ(Dz;>-~GKFK~a*@ph}lcXhw
zAD!#}(N*e&?ioGdP-@SX)yu`P(Xe)(BJ7c-qE?195)m$^y?`816{2=F6Wy6pf}boP
zCJIr5&m>fuiv9sxjF{Q!LTsB!3>E&+xak&B$3-n%v*0!x?f9HHw;q{=QX}6NMvJ9=
zQ5Q<C8d4^6G?nVS7Z<K~E>0{yZ3aAHgp65n;b({|>@r;ockdrSn+W?7>M+nc<UwL4
zudrhW3_h$jM==1?JXGLMRFlnUBo<zY(fzCBHqNp<p(}<?6pTq!T%4W9B8*Jes3E$b
zFV4JJm1=M(tPT}vBzH*pF&UY*i>flQT1Y=`=b}Qfm7tOIYfE%zz30pQJ3E~80!|v$
z%Z@H~1WW-;=}!+{ku^>CHxi-DjRiz3&Nfprg0_oD#9k4O00PLTv^KDm>@rXn&d@xt
z1%4QNsM%Gy9&#D*0t_FOb{o>BPFv*Y0Gbr@cg@Snv$}Teo%7`r_;{3OyAGUu{tz(d
z%e-ybFy?vg#1-Gcd=Shv*CA55@T<hGb7s}}Y%OIxM#~Q#<TM-?;-*@DvjsD1VlXY!
z&SPe~p~rDn?^o#rW+2RImwrO*tn3*JXXIsPzvzqiFS+KG!`9P6SqwU=iCP#CqDtZF
zoYr)}cw6qBk|Sy&liNJEn@Xj!*F)%#2h%_+VzjG+gF}Z?hnw$YN;qw=lC$K3VWEF?
zayZu7f&P}Qo)9q#>Ai`XfkbbjN~~5~IiH}{Xx(_5Bl$w@z<Jwksci!zBTd7!e9k0L
zRfJ#j%a$!mivBWF3$X(cPYlSdSd!qz)#6;6dpCHn5+7Y6KPtYoMrHRQuO6BA%($lb
zxzi?Zo#&d<C>kF0dd@a2Hnz_?m@6X16OW;^CUx~F&QH__Y!er_-540+A!m298eRGF
zLZ-+_*cop5ZphtIv<1CxUQ&pc6jEcX2`t6kGlZMz^ij_c@AbOK5O1e@VSm6(#xsl-
zo@T8Wzgf!2z$De3Ps!hRjH7DbVMB_~S)Pvhv)tE~u)W>)!XzZqV>qu_Tt+4po?7X$
zR~Io~<34vijfxUAdD)KiYiy<n2nQ-iRvk(n1dbCW%z5wBmXLDb>Bj)d>=fh)DVLl(
z(un)+=`mAlzItFw9gqb;i~?I^gtS_1o7#`*C}u{!dv}}#Oq7M?9nSBhEe=kH#W7F$
zPbw~`YK@MbdpuN`xnC*L<n|G4Qd`yL8C}f^i`2QYkrVBLebUCm+}9pad&J?#^E{Aj
z?A$rqn(CM3V|2s7=!;|=lQ2&!<z)CFe#v&HgbJwn`9a1Uy!ESJ_5z3Bk7Z&Vp4kiD
zqs3=e14mSQ8NB%6l1yw9&=bhl6MYouKlDQ7_G59#rMP`RONosaLzsEH-Q(Goe-|U<
z@_d#?pg}jJ4&K8fyM!4?%*PtWDmf1Iol2iTs1i)&>@VmbTcRa)AFrC%3;i?1j_ZYH
z7LA>!(WCBvG*(%r2WA7t3+4X&1N6E4MdG)`xjgQ<?!Lz_E!_N1-}0rTv9No$bY)Co
z(|*g1R8vuWjLNO>@tm^-`l>Js4EfIC&lA0H?(qbm;MxhrSrMK=wFP4x|Cwaw{HtvM
zLLc|H?8w4H?;q=-dd*KZ(^jVA38LeQF`Q5DbkaezsW7c8s_Ah;U}SxrNnod1h(?me
z_YWw}H44m5D*9v;d|%f)si&wH##cN&%F#cswix2c&c^n7>pz7-_B^Lpd2cP$Q#ADq
zj1KS_Fx5bu0AXkdM^w)N?E~ibSLj3euXfj2|L^FP9n<x>d7_5tpD)D9oz#;4Mf8F@
zw#vHjaU;-CWZUN#VKs(S70G5hyc#3@2kQ2J>~<XYLI+*g`NV7T{|HM4<6d3eOtNPm
zPZdLPvBp_<X3}1w$QRFMlC{Sm7xS8IydqgNw@#$!8Pb^afg%sNPM6nyVu(G1qoejZ
zH3-63Aoz;h22LoPHrbfm*5p1?Mz@)^AD=+V`P!B1!lpvEVe8iSjaBgbcxe&m+54Od
zi&9oVk+0XfLfJuu^-3a^JeeQ6QGL1L?P+-;7@D5&p1<P-hk+5E^!GvSjot%^5y)Kg
z*hLnhBDG6hK@5Xf$~fx)jkKTmU=8>vb3cey(Pz?RP;0a>;5R?v-%-zqzye#C{m%3B
ztX7fVOt1o(86x+dm18^!c2y~vYO}#k+=z~aCa%~1Q$srN^duaV1jK-ei^=r(<<%qo
zJNJdFCc84HSkSW=;p)|A138~M7p_n;C)x#O(-wcaXM6ddeQbKgPe`e9_rBXp*sceT
zH&lcQC@Q*-=%3XZkvp5-u}=`O1U-Y?6@7Q5|BE$j;CBTXkk1;V=}MgfjK#036pz%$
z3NR?so!%iXtkv89<iA?Iv2&ihSgU7SgXjA5$DPmM5&l}r!Mef!iZ%GZTYvq<O#I8w
z7;9ABj=F0Ft5zxM%&`cmiIL6`VyGsnqvBw%C(yK>U;K=g2iLh@KM4odv9Vn(bQQmg
zLav`xP`!RqZ4R)pB=Lyb?1WYE>|k29VA`-#xEZk!$^CV@OxrO}w1;A|@Js^Iu4E%*
zhOtn~4$iy#kJ7-ZO>}Z7r#4lWc>ZxG8V;4}%6a_L(Y;}bZP2Uxf#j}EXS_AqL4Ln;
zf)%xrPFGvGhQ2%*xMASKz0Hq{I>P^|)$B?|HzXgf?<&eH(QAy1t2Re}5HVnYL}0*}
zg;m?IY73=0oc-VeS$9&;dUp0NPOI47ZcYa}0qu{S%sflhuQ2m{^Y|<>eDUX|P`IE5
zW532K|18^%&7cxG5M4d^{?0nG+pz9Q9lY39?Cnm=_>Au2fS;zStJ8RHO~HY55c+lV
zS?J_Z>Jr{}BctFW-Vqb<Xe9|zvo#KEk$X<?^NR!X^Vg?Ok963`%wM6*h6%jnl5%*v
z{INy6uNGytF;hZ6puUk+y=}hP{&)S6TXbw3BQ{tWb~u|rQ^pdLarpXsX*SDh-nIYp
z-to3I_iMb}huh3_-=a8$X{rL`=Ji{n&nG@PpNLOaKFo#mU(_}I^bnfc_}d%uXBz?|
zRh?FjP-c4ZTk0x>{IOqMFzRY)jpkIxRnqw=m!B@$H*+O`tNPjeWm^`jwkbQMWOP5d
zt<q#a$~3Ev0%wa0uF|f9Pte``eP9!Dx{TA_5`8Kt>u&<?-PzYOh0BgQYE`G({JmaH
zkzlCk@#Af-A8R6@)2I#wEhd>G`g9_qSv%dAFGr1&Rb%Tgi~|Z!UdF}63FWVqHn<D*
z68(ov`>mP%#|Xnt9K9&8kM8}6qBD++R1gh<=dr~rXHp8TVg`}@=E*z1vs!V)Mo}%1
zA^4AMuCMRbQN$2r%l#)ODPOWBrjS3nV-gGgVo1EyKdn`+MPh}(8b#uAHa3Y{+y05}
z`<ILAfAc~`@Lbc&zxU-!dp2GqYF&oYznRYY<a*gl$QrJnRV~;10A91Kyd0VPwd&eh
z2HL+s{eWO%1?ow3rSzldh|MV53<eg|+^oTav*?(<%(v+gfu?78R(zMHa0IPP*LQDd
zg`8XY5up0J9*|;qf<AH=5|&<9?Y9j2tNf|M=7;{E{zwa*a7-8Bh<X-BWwsmpHnvCt
z70DZlF_k{x6wu|2%lt`Bd4=kYf3N6qih?;0dMoBLD#Je-A7$s@$d{AkJNW2aZfwZ#
zv{d|Mw%4&TO}uX1W$XqeK029{1uyFL{X~Q196So?aFZ(R5yfZB7SoyX2=Pga0OoVo
zTdS^yh5*H!I=<Z9r%&1=6?$7bs2$W2;y-7?rQq|1u-Z8WH7h|ffNwt3e@so6q?>Ca
z<Xn~rz9GphM`wH#oEg{-F~vybRJixG+G<5ApCJ*_{zO49Jw_pMwR2RkFgF*7>menW
zH;PRn(a9FPFymtgHUwQ2_Li|}BIsYcFh**_4wF;lJ#Uw#UDfdJU|J*+1R#LpWQ{|S
z11yB@&)j#mDZeC<G80WX+EWO>HULz<_14V3-d>>Fay`eo4X?nx75$Pg^THc_6zs!;
z%Dc^NujQD09jdn!NBB#^TOuFL6{NMgCCg1aIyA%D!-JH$;9Da)IT~s@$m<zGyzJk%
z+byC8)&f5o@;js(?Bb#e+jWWNH9M2rXPsX)DmYHvV#Y+p#E37t@yJd~e~;mW=mV(}
zGK9ybm9G?QCC4Oz`6M6!7cVX_y=HnMkWe&J7F-RAJRE6^t_>^ny7b#)n{th_`gg9=
z5ZrbQr7LnFIM3IvP<o8i0+~|5s|Ufs*3btgsw@5U(1+3Fqg=Ol5Fi}uk=i~8iXPcR
zl4K#9^tCTKNm^+KLo37$?9dsPyI}(uys02r!Q%NT8ixJyksWx@*1O(gu5a76O}U_E
zs<2!aWib#x;9x8wD(w8Rj@lHB%A5>f%1XM0pJbVz2YPGz#)VjnW*xftU*=uhynbc%
zLg)JAqTlyi9o)V4j@<J_RJeFBy?L9bVzOhV!Lz|7va0HE1eJY~hlfY93uLZWaDi<9
zd1CGJ$=*iiO4pjmb9{AEyRAuTF&lehE<*`mK7;21+DNQeTadIn5H)Edoo-)4MPI#G
zZLwn1{DUQLyVFgM{};L0K38<I;hcd8-bbI3R;^wIG0bX+H-6~fM^U=w?7dSbSPb7I
z*L-tR(Vewps%gQ_j!ri(7Nc7!pO|2#6DKnTMB7&lyDy4utG&RQ`7LFlR%B?|(wfi!
z>KS{E50tsf<e;XQ5O+xQ7<3LWW2$!rdg0O3GZYQWtApGj-lV*R9iUC0`pQU2y*i&*
zmt6y$!=rPj9-Vt>CgmQ&GXxZXcnk`?IH$v5f56?V%Eo=QBe^OuZ~j|}tkjP6)}EfN
zMd;8r=aKFU_V%2f%9jmnlBEn5)ZRgITw9>)zag(p02-*Vbb&|bp8DfX$4ij8|Gww*
zSPOcwF4G}YbT;gDl7=8iEVGrqgH5hRrs-ILO|vj-&Xrypf`x{4tNhHDvpfUE)1Bi!
z7u?bst-X+0wq?*ewr+WFM&97?@NzKGRyC*3sn`EB9|;-)b7j8(xR(F`MNKlOv>-?v
z%Z2R6V#O`R+eqFQt%rEiM{Ar0J5qg8W=N#VX^jmy8{~*@@z)k>gKAwSkjy;)#f5-@
z5tG+DId}3I(zotfdj}i!^^}x@;Ma1gg<S5<hVs+WxkW|oF7YyLu_uRn<<qs8rmn7<
z7%`e*oQbEW4!G5QwB;ZtQ42&EdMRPop*d`1PSmSK!?&J)QkF6<3*_2^HeFj)bs)4N
zovEJ<`SAFwC4G9c=IID|Tth}_jZrICSqVMKD>SKJ!>V-<Yi_S}kI>8^xaiKr2xn;#
z|CF(nwwp@}?Vh~$flEO$M;N>fz`@3zHKbtG4u?nQ6Jag+eZbHqumnjsAVWCDu?N1^
z7BnXZ$2Jp(=oHHH6;v);TI|UynTErkxZVv<DW!Gi7_ek=ZdLo(<VNsdX4-5r2P_ns
ztpRbrxgq(k)#faR2M5SaiHQfWML7o`h`rvqAjTp+h(L=AkNJJivlGv+_BQ70YNTn_
zvwy3?2?_;z&tsf)+4)#vGax49+B9pD2wxuIpyR4gEg_Mb-{-0=8x0N-T{p{gXT8kx
zH4u)-pLp2mAT=bdTC?LNYIC&<_W|@llx6Zdu6pGifEweYvz*5<LvfQR*RoTFUEZe<
zXzU&DAe}n_fFwtxy*#}`I`_-C&0*c)(An<p_OICnG4sc-@Ld;4L&W2f^SDT#sd1m^
z^IzyA@USZQiJbWPD(B>|ZdThHdMlfJ1D<xr&*%6z9T9qT?f_zh@HPa3q+|PHRY9^f
zxU7*e5Dvb2<P|Ff{N6HeXhmH2xr0z=ckzvx4g%VEdt<K;Ept@YWh#(qS9tYE%fvTD
zQBh;karIJ(H`5=-#<G)3hIKE-WW3Spcrh~4FzaQnB@wMD8adIP*PL22S^kWxFGJJf
z?c$liuKRmKcTFdn=>S3@oOCRPdlfbah)ND`T>X?_^Ks|Hk(eBWUm%`Ib6R~D3q3g!
zIuxwjeCh^VXpUad#{l55wrojl|7LzHy8qyX7}`s)9l|fC33!&@k6S!XktU~IJkXET
zXTv;lMNyhQqG#}_J%s$W+a`x2<H4DPT|0Mn{k9f0RMSs-6l4i9c&;!}R}Q+)%;#To
z^at%Px;+26Su?|LCEHc8zmW^>{i^P-nMc<ROLctE8wMou%&@$W#YcVCFCU3QO7*+<
zKP#yIx0%!Oqcl<&<V6q8Km}B_7#kndni}Z47`o@rENH|Mk`UI8a+d0|8@h+n310{X
z7JQq!MuFm(a4p{3Hyz?v=zpec=F2D=_RXk@v$3^(`-$^$X0iaK@qk&Oj&oKiTA;(+
ze?1MnBmMa<`A+UBcTEDV3EE;gX1>NDdD}ebv<Ck<g<=h(N3XQvFW+w;)?jxWM0Tck
zs2gAgL2r4?Mo3lv0j5HQE)<3w@1HXx&yJ=HgiOjjjnW9KmyXZI4nM!0p8pZ3Xgga1
z{OJ5+Xv$S=uH=MgL6Q0Up06`s9Nnc6#nEwU?k5_l0VOp=G1x>wujB9?2$cA&u3mjx
zMAvb%vQh$j{1`N7(kb4(N`L&@X-=EfC03>f5J_scR+e@{e#xZJd^LUU!9jZKh?c7h
zL|vF2mv|ppl0({QL*a-*Kt~%JHG#?^<Rf>D=ApS6%F<}Cx|z}@7fe6*UTm<>&++e|
z?F4KG$tAP0n4_Z{-2*UetEzI3=&_{(vFr0_%uH_0a*5b^?^IPuCcSrdlB`!1)BP>I
zyjXDw+d}_;W`rIm4T51y+KA?*(g{E#%5}PLXVn%56s_Q54Ffso*z2&m`ILBke%!!V
zvV1{UFmrk-*B_+!1+S!uRv(Qofw!*`*%q{mn_DYIV@&@#SIvs{f*m3MORCf4^@dEg
zu5?_g3SE*Mw`6_vog)H*GSmj^yd>gn%%lHIbuJLK#Avf{1hql7gv>Hgy<&O2xvPGN
zHxGDv$Y}EPN&3RkX5gBkOG3I|ZDTPMX{H0|lISR4G_b!aC$+_QO%9z@igR=x8HUmU
z6<XY|zP|oM`Y4hdb3-|9`<6KDSz;7jqF2p!R<m=pC@^6#_mF{DdJ1m7cN_N%m9Xvz
z(^NDCp|sYEQT`Ia#A9k%H}x-;08L~ihJG_WKyoHC{fn(0K7I-5?;u*{S)NkxvC1Qp
zQ{CylS8x}Kb6p&+uw=pG-P}HiCk&z4g-7R1>z6g-Mv@!NF!wg^`sYNai)+V@Ba1br
zqH#U3+vETa`Tn+g5OR+~0#~e^;aQfLVtUKk73|1VUO%oj=hQW8;w*1S4IY--d-5@$
zbL>94!i-Ku^rt{8mQ;fO>gwn`$|a3LG1uyj5Qt$y`Lk!^kKFL2`hftMH~HQ`i}37w
zU48o<DcFe4l`8Dy;hDBo%MsZ*GK)Ov>6oOKVD!NVY8+Xb;W+guw`s5!27~N-H?zIY
zVeN!p-z{Td8k~j;ceWc^?tIDO{!t2_oBhU1E-FfgNZ9rlXR-4Qr;*Nf%LwH?8!eyq
z-d>`lQXUOA+-QHr#kuibdcHkft3ZFsB~%*lHQKnr{Cpb_m4RxCrNQ%l&7zCRYWwZk
zT$&3tXVk|D9p|{_H~p2`>4Z0KJi+1*FoCU~j%-kyq!}PpAjy&Q+5)4|ztOYCuC6TD
zOrA#4<E9|J6MwmsZLT?MTNcja$g}OT?nQ1@hc>c$7elDh;=D(smFmza&5||EckwJd
zk0kA^`PgQarz_&qpr@l_CEG&zOG2*FCy%RVjkV3Enc9vMkW+5i5GZdD00;&-IV47w
zyX2r)LBB@TEM#f*V~~v>gIwd{f_ZLg0uQUNlSZ<#vNeYu9hCv$X-TJ}dp>XDB5h|x
zPy5|$%?eZXE{B%Qk0rbW8Mx2vyzKmZcdF}hHWw|hFc(CMP0Jh!AClw!+Ok&=u{mw0
z{JO(8!1@=Qj^D3Ro+zu~?@rQc9$5rE@GSZ<5U1gl$iDTT-QJY{k{ZYHaaBI<)H|0|
z)0&>(S-sL1_7)z3=%p*Eo@Q{dqwBRFXFJ2S*?pg`LAzd~qX0ziki$UkW$obbdRTPC
zc~59XF3}%yLP5H%a`fi77-x$dAcn{sqe%`V+3;a<048}dLmov+JJhNkxi0B8V|mSn
zVj+pz_HP$pzDqOQf$LCa;Pl{mf|AYguQd7s39E^gA^T^35oHmqWYcXL6LcAsJsJfD
z?9%LSK*NQ~`q-@>9iw4Q<Ol5?8pFCzk>I1Jqc20LFXPSZ$bsa<j|C>5bx5tT&%u|P
zbMocco>t=9q-$t6h0;*05flk)gU)~TGRbw~GUU*RjkJspkdmXEb>09eA<3i*3K|vn
z*ST)ZFE`&s@qb{8uDelYx$ml%`?y2$<-@_s?pW_N5|y6mF1Sr>)OQORPE^DHq2z9U
z6ee5yn>WCEy?`tf#gUPbNg)Le+y`V(Gh&80mv_N{&pIy($a>YXvyivqc*bTfT2AXM
zjnpxAY2(OQgSR}gj_af3&uwM9KK%L1Dsoc26|N5(XsW^xAO}dLL~j>hHL+9$y{<+^
z^rUjPE^4yQ6-NOSPGvev*koRGD>{O;bcItPOPBapeiZ23L{Ftxf>cp%{tgIfp+98d
z(;O2Z^@!#CPfI86H@ia0^L^JpVP4DFq<C)yTYn665I}vN<^AKo$Np_i_P->(|2tj?
zJuAV2Wi5St+DEMcvbt2U<j!a=2B6kl)CupsPLJ*fs@rBh&5qK41(djtC(#@6dm#^l
z^Y6k%`W!$Ke1Xwb(?8s7My)fWTBq#on)zD`@C&%X?`QQs4ElC+(m%s|v6=xg8?~Lz
zqQ4ZXQy`)FFm7u60dgB$ZI#V5vz-O#qA5!4u?wR~NU82G7}-&5kp-_(0oEziu{1Xj
zz5vpyt>VGSH_#_s&WW29g))K&5cr(#x)`WGEML{S+v<%5Kd_pKb#DNxlTspmG;72U
zk4r6pi))`73})n+Lpge0_J5((VSs-Dg`&R9>d9t-ivVO<Kl}Q2iP|rKy>V908GsFs
zD?eVNS;Iusu#iVwGjGLk;ZoEv4lGM1V28FeyL76W--{mi&M(t;oeg8Mqy0^4e%Xn`
zkWd&YaB&y|jzlMnIv8+#Ml{Kd2ur~;a3o05q*{4eZ}Z_xNlq>o9LHgx^<t_lSjd00
zqp&$QPRYikC1w`dbFe4Wbb%e~2SKnVwX?K9W<r0%wzta2KGTKfwk`N<jaqj~;lQ7t
ztI9PR<w71}4KL!d5V4zu9ouz~d)8dibNweUzc#7a5n>U5=g*!iK$PO!KMNj2pd3x$
z@DzChbef1(`1;CRXq?!Kr&;(noYA;t{>1l@z$VE$fgQQf#j+&welg01w3TLZw)}4K
z+!!_Pr>>gfd~T=jw1JXMhi}cZUtTP0LR>{-_F*S679>1AN+f-jUN(gh;U+^~^0gu_
z!Ci%0(N7;{TMcOC1J{rM@C%hHrV@563{~;~6M+tn9ssJVVnZPw`hu)mLUZBXW&su?
zU7y_q_;%+$(oXxLp8-3Wy$&36cof>Tm(g@OHwVW!zh>|<U+;~7TKMoAfWru`|Fuu!
zUsf4)U%>M8pH&?EK8O;9dnbKyVOnxN4jj*yTK|P{)$RD{*R=djFPjUav`6%)cIzH2
zA#T@3Ygg*1+5LaFiQ~T`F8mLlF=L&)?pKZ?Qw(AN)$JIkA1wox8<`8!6naG?zLjh0
zXVql?Ei6^V755hpaTE;$#Afd#Dp5gd+r1aEynpI$NCv$W|8CCN&gy7cjeWQxsX@z)
z5Tt?wVtIUHGE`02N-(uoWw{9#lBhG&?zXhdK^Ah}@*fj{OJ@di4DFNhd(#d7(&z!)
zvT4PMf~@4#07AOQE{F(NgMYGL3Rn_+R#?3dCLu;hFd(~QwOAs8Roh6qUx<|zOj19{
zvQ&JMV^PZ;EA3pi{6e5uac7~4iLPHC*YIM*qB=e1X-oeID=<C9D#H~|kJ9Zq-~Sy6
z{|d6Wg|X#aN@U0G0F-TjG$znxKgc4~nn`JS1K8@?pyI<zSdHLpT>fNrxIUmf$b&vF
zCj*)`?<QBo&C8j%P!=JTEl5q@7hNsEel6c`Y_kw$JeU>W!|9%9@qMV!=t&G=PgB+&
zH&!@+vV#yY16xT{(bbI20;+%0G?7zdRFMmhu>hd~VSQ>X1BQW5&8CN1O>VLr(DHEK
zaBFKXDnSf=DRSaPeU!OQIIeO69!yVNS;=xQ9l;MB7o2S)aif0C_t}|vhJ!OB?vfJ-
z0YAPE^zX<*kjsx<{QB-zlF7%Ij1Q{Ntp#(-c_0e(MB<%0gTp~Ieq~)QOYm6erUJp^
z5u*B}+i=@{U|#QApjea9#E!yBW$`+TpzF7k#!?)1nUFTd#?cUV_=+4$02l431#i20
z0Pm5K5QwrqdA%L&;~GDZcY20_)v*upNqb#$ZN|VR_Nt!j+i+?isBk-+*b>nyG{CDr
zI-^hP!TVo46xOERihG0j3`C5*%vI15SNF-x{(^9bEw@Z<H)6xT)y_50A3Etjk-+2X
zG|AeB?~nQ~GNb*}&fa>;H$T^>IO>A%#a80QAm)=MN`hA%wPJ)}iF!1!B=(dDxMcqy
z_llMC-(_i>$AJ!r@9KC5S7kOiIip+JC|?D)jpwXwd4{r3nZMip7;ZuRrw~h&3gjDK
z`oeuz@IyAAoPCOp4a$%*NbL^iGa$Pt-8=REPkIFu$z!N+c6EYUs#04k9zBXiX%?fx
zsQnW)sKe0nfqTM~P<o6MJ<^Uwf+0KhEjcsY@I*9NA@+xbZACXBSP-vpXDNn*)a0vp
z?zMNsVcwzy@GG03#}b+`FC;#;@a`}>op1?QzVeJu=TH!EP8Jm-6I~tEBNlmIr>VHO
zX6l@1kIbZNrEmllZB-yco|x$fO=EVn?4av@0L_3x2HG-H;kjUZG=Pe*^ZW6&dE;)B
zB&-iw0FX{~f>Z;)Tg3p79?7-?4Qd+#tGy6SBpWqBw1F0Bm$;2%##1y7Svfh?RXMAP
zgq=^-IE3ol+%Hd86RHO=C3q9m^#=vEtOZBsRf+S&#LTt?okkb27xE+_E1}!H<DRus
z<YusSDg`Lok@tu3;rK#B*sBBEOH{wN5j3&H&;56$4ITmK{3|6d<3agq>EY2*<fa?6
z8=Y_{0eW50e5TWcmJflunul1Y=0s*(a<@TO)kKot8!>ci<bIb%s>70?*z1I&J^)^1
zLFRjK|Gvk2(<3{?X$=r>9ZaTBj8M+UWyknl(+S4|Yjv+-oKNJ%rK05u`gzYfT}#(W
zu3fvlUhy17M!*=~f44v{@nzoIueojK)FFA<>41s0XJd;)+Wj1Ez;)D~DsPYrIA4z{
zD)9nu-cy7J4&{-gG6n96WH@#v$#x{f<^o}W@&?=;t3>9;d&|~ho~vFlo!@s5{b)p~
z8cOT{nge#72rAS}j{F<s-kMX>+1VN11@V3--VCCU;edf!#l<4X_&JmE*WRH)6i&VG
zh}E+|`?-y!Cxx1??4a}_Fc>Ilm2CD_bZAPWn$|gcWXHsPf>W7jo+!Lz(ISMA+<YSD
zZ69|u3w2z3r;5R%n1CEhG-^tUi#Hrm0Hp-&Y8r~mku9-NQEiVLub?3iPntHyj9zhp
zrMZ#i{s09`R6sCr?X5wlk^1GKDjGPEHu_B#I6!4jb|l5{u4Deq#!L$+7}G6WT^q%?
z38tnWTzW874((WP=OK$`b<}@YI%usFKYH|9W&EF=*0&Ez?%ptZ?yx3Ak2tfw=M3*}
zY8wgV(h9(1N)7T+&=miNI9MiojAy?8?Ceafe+H76w0#WvedJ$gdJi|L#VRMg&?VZX
zW|a+R&D=`}>~ay=^d1>h!iW4-<dH3XH;5yB9td)BYfC1MS9v<gv0m%F_h-i7vE{cv
zJ7E81X7&H)7b>pE8oZ64Z;emUCAyJWNnE+=*;_5sl*M_~475;u%{tS}hoAmC{ki``
z+V%gg)%U-6E7P+#S!fp;PQmjFZmU0>S@gnG^dODo{^HkJRs0Mc2Zg&3iq7+g`dvv#
zFwT04#ZGTLf?y;)%F`={7){e5hGU)bZEDRLBb6q28Ok#2IDnoP=x6L>0I4%C9L)dX
zTQd66RCMN?PZ_COfgkZPOWT&p_&Kf{1zq!lGrouY_W=;G@B4PfC$D}5U#QYN6ueCo
zru(95xLM=?L<CUh%+|P<B)G_QxN(gr4uLxv@2hoBFOg*(k~(_m>u*1#Vpf5V`03%(
zLAhi#%<I!z6<Kavs9Rww3d4W~#INv9o(E^J?d?iJ=Q@|P)Aws>)8`<T;FM7$)t7Q7
zpRJBCla;VZRuDr}gDK%zs>crW6+k_r4%DkAPM&r|1fpyf^n&%nV*SEp5B>vf_HUr{
zuo>|~hK}4|x^Pzrd*98+kao(-GG^+2z4GH+^))ki1z3kXAbyf`pL(%*^nRGPA!~I-
zuPBIWNp|C!RT17uF^?@mZOdZcg$Nib*iJx0_1FFdyb@g2<CkdU9bfos!&5@nYB*o5
zq`!p$L=cZleqDFXuPIn&EE*}!z?l`joT@oJ3140TJBcc}^4KC8&k%`Odwa}G67<$l
z!(#z5At50w&LXEMr^K9o6_gxg+kY0`^a;JZhu}YQGCM~9+J^rE@5PzV8x?GlG}B(?
zjDSuDR&rsCyKk1@Y#-{pLHuyDL7ca5je?=BE?UpRzRPpOn9!^h$$7FIgVTZDoj9F~
zI?qR(@3<cv9MwGHdW>0U=_(iN3zOaF;KLyQfULiAe7Lc7rG<2#FLp3&ON3fQi^a@8
zH}|L>38xHchEwqI!tgO=ev=v;<8pOybSMajG-zA|<D3v2(|(X<pqk@slhf{RF&yk%
zNLiEYhrK?AW5l^tdR3dRR{9myd5hD?UBGm-E+BrPYKJq0CW&C5n*2V6-qO+%Fm-3*
zW8Vv=bD3{Ulp~Z7^pwksfzq`SUhGzrI$gabZc4;jon(Cr=1D-8GKKO(7C`nAo8oOI
z&17gpyPf-r=6fY6DZsm%1xI)LyGs)nG9<^OhitDvbAT4zQj2CUX5xZZqY@YAKAf58
zGSre4FhFN^PRnH?P>(JyjIwlR>{O&USC72uS+MA1`zy^r{I8X|=Twl6Zd?2WEn|n`
zYrRYI(2<O}6n$$un5~d<R(iy<2de_RWzz1xQoe0Lkv%Lq=B-E=QH-+O8iHQ&{j*Sl
zMA(|1IerG28%s!{s)|&EMFHK{Ifq`{z|y2(qQYwySSt!+M={lME?%4>Q|bojBHW~)
zo!K$dooO@;_Y!I05sr0d(LD+zefJ`I7SMGnAsAg@3IfTzCdfFe#la9Kut>(N+92?w
zakSj6Z8&7svnJ60aLtOEV&Q4&?uEj;<=xo+Y{+rYjes1^%F1#T$wux1wu;piOt~@n
zgld)}l9)%?*{5$aB{|^m{$<XCJYC|z4B92o9A51N;dq>LvMw>I_Byz7sAVxZoa2(!
z55kQra$3=Lb?8gXxEx<tc*KN8&qO;+z0(@Z{o;fbf}1#)rc1O&PiK)^xaW>Z=6fCc
z!rG5$L~w|SvYK`$8}zlF$=Exra5&1!y~bR0CyNU3#A;P3e9uMu**ai3J=2+5WlkG<
zB6;js<Bv$}_Hwl55oe2HUs*}X=CK^heazFd-@F>FAS(tquR<wUWN~#*n>sp(fKrYb
z)PjRqq)d%S<`Ty{m;I8oX%`n#Aa-x8Kd&6r*O_OSdo$_xtTO`3pNk182OL{D9QM}q
zGxJ1r)=JN=3!{@k8~ED2UY`hfm&yNdnz!Ug_nqrUOGR(3HZZ0aEIP$noy&K&GdL!|
zXrF8KGJ4uq;T&8eEt9>UM_|Tp&((oB?;7X0aXHGkT<xWeYwy6(F*>g5l~vU9$B;~C
z=dW(Lck`pl?t7<j_EA=LHgCi#*dKfWkZu{p->k;B2~JJfoAL^GN=Qm_)oULLTfbFF
zCRSo-dy8k~rU7gl*`m2Gk_vWi7co2~zAKDoo}<%xb(v+$uVrPP8<6+BYP1gM8O%Ep
zKaE5*eL}O>XO-I+kaucrR8obB-U@x#JiYIsMl8{uCZ#gB)6raS8D%bIcx1;DYIP4=
zOM&5_blQw%`9a0=iJK6)4@XF^kd9O?Lwgd=TRZw>CxtGOd0HkmAcGOd9*r}7Bb!b<
zXESIvYfB$d+PmrAj!JMquZx;-grDsjZp0r~v*a&x{La#yhrhhJyQ<ncZ|&Q8`Ms~q
zUhK3BK`ZQ@ao7~Bz_u6OgPatoxB-`uS<N~}Vn;*JgO-kDqM(Ic+s0(_`#&y63T;^%
zup!u1Vx3C8;B<W@d9$THMUSg~Fy=G|nJf9NdgB3mqRh?oy44MR>#m2(xfC=uNgLB4
z4AakK0{*Xdi<F7ku_2JF@RX+33JvxHXcHL>Pm|OEdplRCOMIc8qFpixBs;61;GTn&
zZU33L=;)Jz+fGXDCJm1@x^{><YzlMEX%Lq*v9VcaV`CHEhm!Udv{wBJBxCNj3FiEm
z{dgXFO*8sxQ=^M@iMoaY`I2eYFz&`K%;vUKEji#6SMZUXN|Q-1o$3@+vcXHTFZ=bA
zM`lxOot^7NeG4lx=bstUoC?+(G&3r%qKN4s^*-N}whG*0fRBPmpdp)yPOi;|+qM!x
zrlPpY_Nnc6+B-L&0QbdkJmrZY(l#<G2V~~}cmlI(roce=l86ij@{mP!?%rPU7RN(5
z<cvbUfrKzufv@_MwDMdVffdPKM;@Jfrc10Gj%}OmXec#~Ju_4H%Fr^8w89t$n_y-&
zmt_|h52tPyh_0@T-*+y#Uc~~&#^EN<)YBSm?a##5_G$l?_Rd(2JA#o?8pYdj2oH&K
zKuh_dU6Mt5VIj@Y@48gHhg>kC5qT2H(9qg#@v&Yy;wq(ZD=HO-S1WaXsQ1io#d<H8
z-XL(D<d0H**H1fhvRid?TgQejsh+@s`%*nN(9@cYo;iFd+?;d4+}nKFjo&+bcE}p<
zcxSDB99kSRS%EsCpI_mCf-l-sKs3$!{dxRNnjynHWb@iPud}mnVkl4X-cV1ujW6_H
zHSLXdYY6(LKsYPCIi_vnF?Q9M%Jlx&E8`!9Ut61X43PZXtpz%!$U*rIVv*~S1~9B7
z?2KTqQIdO}7Ql}kbN5Q8F(63a=BMfTvFY}49H2{0&26Frz;Rc)Hr|UhHu$1>Fr0&(
zy`pC@=C;0Y;Q2&jy=wxS)|4&`wM=HW95cqQaHJ1>mw4l{y1PkMPK)1m57%{xEB+4W
zO=r3A&;3d3mM?`nwVg-NDc(zxBKtxshP<>-J-MJ#znhcyQkheMzQO6_-q3RqUd5od
zdg$mQ$>490>A|7(M`9?KOA_m?N{jYoEg1HVvB`QSGsx}v2ht9WTjcks4H*qJvrj&+
z^ch`;2tsoHI@H2`I+Z=$V~^GT{OQ|U<7+KGElZvkcaFJufX~R1&CM$eTOo~8NOICR
zVXsLcGdHX!{Ss&0tBlv*G|ZW^v+J8{Qr45mBQBRIg#-ajw;QGjag>hlMD66TnYy(E
z#%~w+Ha(4vB{Eiso~@+(`Y6J3dDk9+;Btqb;Kr6n|9zr3t8QP|`HH>Aop1F`Gmpy3
z9xl8Lw-0u9b(pLHRuo(f<!5joI(E=Bw|`n7F15;_*;sK<PkK;)X_(B!-Zxxct|yD$
zp%bKQnkiHmdSh1j+Sdg=<-sGd9igT&v1M?WX;;{>UPkN5phNQ2X}8L6-+1B3HIxeT
z-$HJRT5|oE%3)dP%y918hwtC{=KTB(65xx&m5C!3<Ml_}q^JiK0ndNmDEZo%qh$s6
z@4nJd>IgAolc5xfl!U(Up`>wKh|KL_(%hO}8+L6v$F~Q{c||&xlG#_Q%ERAe7v!$t
zk0vKwPa5Wrb&A{c#vQ@Pyg?^pd(%L5n|W~PIldz>bbXqzR!Z?<-iZXSFFvv9mHG9)
zZK+O8uh^|Lu4rR98*7{^u2DVim^N5rKImTPR`*9i4bDuF)DMOHh$cSFZ+}ONbdc!K
z4|LuLa_{FtvWq`TIiOc#9i&4J72LA+7YtMH3B>zk3mMG6U^Ha><}y35)XU?T7m@PY
zxJ|ElZ~V(WF9I(oNW8pcaJ+E(bq|3Cq#n3+IUFci+MBO9_3a_GWNz#Ng#BFtiZe>G
zp}(7cb$j&?=SeB%&Qqk8j;NW6Y*~9Cg8FO3okDBi3_In$-|Kz5YTbTb-Zl;bR}>#?
zr+K{z-ZnU~^6uT3qZ{|(`?1x_Snl1tAxHk5Z{;rDfV}#+9QU-$&O($E*o7}a_m4w?
zwmIjOTp74u-VJXUrk}ouhhxT14<JvQ-q!eQ3of9)DT7*eYtQZt`F!^4?ks)Z<*-hD
z!U46=Dt@D))U+tqhhz6Q#F17SLzcD!f-_rh5p<8XeqQoB@1x(dv`?X)o6d!Ux(Nz{
zu|;i+Er-EA+pXyWp%rKOKjpx@CJ>xYX6P5UkH){j;$~nNA!r%%S$=%ofH;Ih%@tCg
zs|ef2@5jhplsC?mC1>DxH;>r+z6p%keLOBWE9usA!VPWF$PaaOo5I7xac9VnU>EUX
z>*CNZ<-*|`vB~U(!zNkUrM}Ci1Gzp>^o0c|o2|Cc(#kK#Kdok7Y_9Da*VfYurAG()
zSJ6_7EsPD0WyW}|9G*(tKt$0}dh~;%dde0TgUkyj3-n2H7Rhr*F4rEPI2YOMzDw7^
zdv^{@LBEfCmb+GY^4Dz)`ncXqCFWL?;o)JKD}^pH!&i!p8n|maHUy?lKhZt&xPq^&
ztZZXQIs5b@a_o+6+ZWU8?DB|FJcDlEIyX`q3F%`eV{*JUXo*IyXE}GKXbg@>PVTOn
zz9<@*Ymk&pE*boB<f7u1wgZbFW`fMD=Zz!O+y?RvTWAePL=ck6%IORZi|FZuCd!NZ
zk+sxd-EED-4dezZ@4~VEhKyI#566z>8&rSS$(dA?|JAmQMXl}G^?-NRgBRL@@P*tH
zLERf)o1iU-Z*daYT2wmOqIqrHY=^?uUXSex#8N(ai!-GBx3zcHGfCEO*4|l)u|XBv
zLr%rQl`eWzVG3y4G-}DG=x?Yv&?$K$OZx+q1j-jAqCfulaRj{=!$<CU%^7Fibt<rZ
z)9PXnF|dP+>tkKrV}c=V_%K|s#nn_)8rd&E|A2FfkJpO>p)4Ik-dz9)llL%B^4#m}
z*RL<;+e=2t2g4Z%*Dtfu-Z~BiAIqbf4Ou2Gfo(|R?l+mcwSE-3Tl}z8Gpe%Eyu4j)
zaLUn!REN2APwh1rm8um#FVNqBur~G!DNF#<)yirOq+4M<E<jOV&!Zcmy~#(#IBN&A
z0z&y6ZEcTfAZSjWOk~Kg?HF7kFyq4wSCRwUf{>_&_Z)~-#YEo%&sof7kSoGCU@&a*
zw$}ny2P+k2)*SlusmCdR!AjhZRNuV3u%wJBzHzlwZ|G$&Vr3-FMKYCI<vN96+%26p
zX)lK9g0#$31~dEnGE&=!w#pYaw>FMT+&IglA>)Jb(Sme5D^R+mVQc={sFcNlclnto
zLm{Rt`|;!T94oJWaK<d5D}X*45%%)UB`je)GK@JD(9821>Y${5gMzAa&!cl69CC1m
z#3#zSJ2$(=Ar)~%#>6JOB*JpX$0<AhU=${$KR+J*=(ptedhyn0*sPH#?|e;eZMI{b
z*-W|hZVz(wB~pEXVQ_&m;G(p4KSl2YZSQ&KxRjm)Th>-|KRLhuRKg_`TQjXz!A6BO
zD6wSh=ybZst&f;Hc&T81c2<Vf@s;MXMAl4=uyNjxvRB?(fq&B)oZ)#=T61*TR^l*c
zkG}9KP5y$NY;5ZzlujMjP^tf3QcX*JXNyx<0A%hpuzuF?3AbNl2U+=m_sQjd-rWMk
zZVx3{Pg>^by=Sj<+-3w`^_ZjSF<jG?^Z6wVzfOWnVTym1D=C8!Jo(Z~wHjeT><Onc
z?OT%Fw#gXs1A{`|%G9WGyPM@&O^Xu_QbqBrAPxU9<Ks%VClH1`aR#H#hO89WJ_&_b
zOcp<rAdxdnFpqxZW=#F@0gdyATdS*8T-@E8eJRnE<S?dF!X>|_ItHU|yUQy-d{~Ya
z6N8>N1qBBKA5;T6lIw*?@S$ol3_H-W$;x1{nY40ea`lnlyt(Tjb>ByUb%reU54hI;
zJ|&8Q#reOVoPhvmcs+;#`jt*3>Iml?^0vNZ7bbA$#1bekH!RbIe3H~`STEjeWiMdR
zjBRf{eZ{SJ<jGC<mP5TJ*KE#Dp!LMRN~kK19rU%Y5lEiU4HJ_busb`S6TLm^)I&32
zwJ(-i9-Ui`-p8?am`n<W9F>$52;7<Q<p4-R941ZFa&M#+(Oo6De3-lLqDIzHaMjsb
zX%2xNCJk-aRv~VtqC7as3N=)gZPoj(BdiD_nx82!Ju#uJAU&FN!>XsG-Jvq%Ow<~U
zDW~1XC*DN$jR1PvvtxbRhP^9q9iN$i3==2JBY|CN&}<;Ni70pF3tK?xwO>9Z<Vj3!
zALDK8w{Y4Ee`u?-G#~($WxJK7_!YHgSDN$o2WEVmju+@-S>*2?0Vd}3^oozdUBye!
ztabsk(hs}mA|sS6gY^afL@cl5l)#I}7Sl1p<&2I4#aca8hdNT-nicJ6D;-tcj@$7*
zdRT7)AH89(Z*w1Z69KEy+)l6emaw5PY-N76DTt?NiK8v$Xw?9U9Bo})ry(;3y-W8v
zzf_xkhh_!lcoose1X|sgQ<Ia|+}xVnj9zr*$Ygj*oknTl>P&z#%6*cr<qzLu<9tmA
z6k}i;rg3O%>8Y<ByU!{wxSo`2OqG`bUxOK&Lp;SgQ&d(q2&Yr9$@aLxU^gY1t`(bB
znR52x(8-AjVDdO#_mgu=5DZY*WT(?SEtO*nc}JEUyQooX<K?A0^_Fkb8oWP^sY-Y<
zCAQk8*KqY;>9+MEK4i=uDe!>^EoL@VF^z!q8oR+%jA5EnQj%U{CAo@KU|jR~GN6zZ
zy_oF8yecr_n(PKkt_BtViy`*SZh5k`{qO3Vez%2sf5Q^=!r;>Y;!q`zf4F_RaH(Zy
z$s=^Ru(s6vT(%wLRGjyKt&qUkiYgD-95sI*fXMd1nKc5js?_J()1p1FQvuC!iihdc
z6^d_ev+q4mkq4c#n_|XFtFs#9Y?>Xbs+?7;n(1>%-`>8(X7-0|!>KzA@fbo=s<S4A
zF*uk_ICtXtM%D{QR;^t5j6pUj9V$Z<?2$)9sbTZEvk8|XOMDcJnw>v4Hw#2GTOT_q
z^0J`)kNnmTa=ep8)3@4khWS6oM@AkeYUTLWt6rr0p(x0fL+FC#bwO3?bos%>>#^MX
zj>X6H)<`Edr^d7<($d3RBXxitpu(Z6a%@8@!-25#uJ-;>bUDqwj+BOc9-F)<xmC$-
zAB&Xba>cC++afI{zDm2Ge?L=L|IJrdnY;Z<LY4V(00)8gtK9hisqIQ*n#!W^Lr{o9
zmBGjk3gaM|3>8Hb+FBfnC@P>pU=*nhqreC)r7R*y0a-K()j<J8WN8F976B>9QjkUC
zC<RfA>`*o-P$<w+pzWOUW0LtZi9aT3(!7_ndGFnG-@WIYZ+U^+jK;sy8zn-Ho-H5{
zHlt*@KP!BN9d)k3mu6&w{hCFv5s9&8X7bPJxc}>LB)A5&qs(#u(^J8Cs8FvMw;#vP
z?%MguiC8C%=N{c|Vp3tbg_+#B*9Duz#|v8aIvUU0npYf4ZllL?Sn|e;M+l)vu)ksx
z{MJ-`&G#Go+HTDr^Lr1wM?gfdD)if_&K~fZW0^Zt<e;+Uh(P*cENl;W9K>R7$y+*F
zTQ>lta@6lcCv4`h$2D=goa>?t>D{%z;N=tUW-%+iImza*1uu&jTxY47aAh1baEL-d
zBj<pc#B=YsY8S;fjh5a+HPQXAO!o1O3KUoVHEvTgfRPeYQ&GAJN)6(AF-{^D3ilk8
zF1Sf-j2Ozu*tjA!oBMbSt<<GERs(1+?--!w2T~}?2srwYy9%AoDoCT3fOS7g74%js
zBkf^^NU(6^Xe9P_5+E<$`5vea8Qlmfe0`CR^%m8;vpb>sc$~-ln6)G&%GVR=1<G=1
zXIhfrGpGBE@z9rPI!K!K(Fhip#hI{ByhKOl$45O~#vu(QF<n>p6KDSHF|w7%t)7`a
z@5Yt~jOg@7N(nbO@a&B)sFG7N)dHu+Jb`Je3Mm78?iY}#R83?SxJFPCI#wJ3Fgsm!
z0I=pWnf7EcfE|b7`G>85On-x$3vMSDuGt7QtxPibuTsIizL`e_dr|{B_zaGgL7#gF
zev#hO4`N0l1BWd?eOZ(|Pi}*up~5X!_lrc8Q-<C?KGqM?)Lw(EAQgN=o2(~ou+L?D
zI=eXwjrXlt^<&q>dFIeJLaeQ;zr3=3HDKO4MpUC8A~7zO8&XvEfqwI*rErdBt@sUR
zv<yPCf#DqXE@=I95o1J*Pcdk!N#u0XLI{L~cH7`M9i$f20Kl%i0U96b6)G<y3d_sg
zM0PlFFRe^l4I%f}UI%O%s=*m~M2-No2$(uOo2i2Gani#wrXyomG`%vP0!1DG{fy2L
zD4!tKDp@Rz9uQgYnFq)qN4+tlt589vZnyf-&KrY(XwfFV<qY?F07$JFXl7`9&H?Ic
zp|`O$i!ASKzj|KO#y3-^wM2K5+{yhMwx{z!^QiK+1zaLKy1slWWx#!?6Qy4%on~BF
z`YIsXVTAi6QcOustP3VkZ3aS9&nDPDEne*bbf<w|!r=NuX*5W8I1WLmA>r|l8F-nO
zC=_U}I&c@z%Rmq?s?!xw_J{f#EeBdPt4%G`Uk|OK3i@%dvB4D6fCPt?E%DNO)?u1n
z0unwGKnCi0fY#B5=0TYKeMY=k=0#I)eXk|ytD0-U&wiL$=DSu$YI{f@k`&YY@o%cu
zTeM)y4KsoYghEKuRl#NL*8CHQm3Yp<8oUAYH!K5#f`-79O(8UjOsV+8pQqDG-xCB`
zUff=NKNuISyG|{$*_kdEMnV2aBkGC5SG>Ays7Z{zr}x~#!op<RjXWk(SpgFyrS>rg
zdvK1oh;`@nuSo{#lPKYMi{x!m3X%45K+6S}B$k)RPA`Lu<~I+_0BePyrP*OBXwW#}
z0~+MJ3j=(8l>sQ^;OA$C_-@bNKtkI4`ckH+gL)x&clSmB;hRhGd0OW>=~}4ujD?}}
zmKx{VhEHYg2rhT(fndnvzam+jd35TwQi0QmMk%cr;C(q~AFYstV}Ef5H*@8w0{Jo;
zCT=Xh*^Qyp_02{rO{gz{K~0kU4)3p|{V{GWFsgPQ>^FHwpn#C3%rzCkyF}5|+<oT~
z%oy-=&S$Z>rN=w1ny}`U*smQOq^@x=-aXB7Ssb@aphWZZy?`@2HBh8YjP58c;*3Ar
zv^5bRaSB>t@kQs7`>lXZvDvCH8rD7clyZ2TIBE`t38Zh_Gw74v<;fjc=!l^Y88x|e
zizoZCZX&aXT@~{ucw$v`0xR6NWF>Zxd*Y`W*|PD12RG5809pO~TW&6U5nW^pRgcRm
z2DV^u?FsNIe@QA{GLn`qND~c|gZBJV@1nq%x6Fx}d*AT}>!dmTId9%LS482=>;0f<
zh^Ug+)`y9cjo-5{gbc>C-$hk&*sH3qWIW%Jv_nzN15j46)q%wL9$oE@5o%ce2b5v*
l>v-)y{%aZi&-HRduEexjQ4&tt%>jx5IqKj{DE{?a{NFTz_kaKZ

literal 0
HcmV?d00001

diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 86bb15de0d..99cdcd7dd9 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -76,9 +76,14 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
 
-2. Scroll down to the **Supression rules** section.
+2. Scroll down to the **Create supression rules** section.
+
+    ![Image of alert status](images/atp-create-suppression-rule.png)
 
 3. Choose the context for suppressing the alert.
+  
+    ![Image of alert status](images/atp-new-suppression-rule.png)
+
   > [!NOTE]
   > You cannot create a custom or blank suppression rule. You must start from an existing alert.
 4. Specify the conditions for when the rule is applied:
@@ -90,6 +95,8 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
     > The SHA1 of the alert cannot be modified
 5. Specify the action and scope on the alert. You can automatically resolve an alert or hide it from the portal. Alerts that are automatically resolved will appear in the resolved section of the alerts queue. You can also specify to suppress the alert on the machine only or the whole organization.
 
+6. Click **Save and close**.
+
 
 **See the list of suppression rules:**
 

From 12b15040d73ab2e9f5ef429f2703c6c1caad17b1 Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 5 Jul 2017 12:13:34 -0700
Subject: [PATCH 30/49] update button label

---
 .../images/atp-create-suppression-rule.png    | Bin 23222 -> 23609 bytes
 .../images/atp-new-suppression-rule.png       | Bin 44552 -> 44437 bytes
 ...ows-defender-advanced-threat-protection.md |   2 +-
 3 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png b/windows/threat-protection/windows-defender-atp/images/atp-create-suppression-rule.png
index 116c89500d4c96b51c5e91f581d19e431ab24224..8c3b8b4debcc769c480a0b122141194268639165 100644
GIT binary patch
literal 23609
zcmd43by!tz*Dksc0VPEg5D)|dkVZ<RQ@SLi1u5z7Pz*xApi@9XDG}+GQo0ui3#4Pw
zu;@5r{oZ%)>)Pj>{e9p5<2%>!GH^2ITyu_RJR|P=9)zl^%99Y%5F!u=5`~8{ng|3A
zHv(}k>;gU<sgfe_hkq_QJ$&qnK#(?L|KP;1k<!9J0yhN}S%N77JPKl(u~&14{~VIl
zbCYy;vvzbrd@1aF2#1K>;E;@ktGSDflbemB1A^ir<4rhDh&?Xt=;ZBUV`c4z$S3O*
zhNGna9CfjHf<5(yn~l8%f`5<fB7El}_B&dRmTsO;Tr3bqPG{KDiT=5{jjOrc6FAic
zQQq()3Jzbu9@c&0;$Y)og=nCie*?z|{&l^(i@5~?a~6#LAE!w>+S^+=xFL2sW9#7<
zKK8UnHg0wnh}^Y)W(48}LP19Ikyr8xD)7-GWV+xn7f&lgsQIOHrxL6ePvaGOgG6Xj
z?l`w5$`!GCC50$C;!U7u#&Qa?LZ8QE*U2?9JO1e$%+1U8^sbFlj5Xx;4j0Jgi?i&#
zmD$&yE^&?~R76Id@do)<)3=>R1fmZXI=S%UuZ?e=<hST|9u)V8S<U-dt&3XCzr=B3
zl8NOqiOiIbdi~5*#_bK!Sh-``Ju$I>T(qRjY<X3caK1@By=Pln+svQl+4Mp(^7oU|
zI5h?X&#PZoG0Di_wjgdY+3+-kJk%%VX8J&h`!?kBe|l&b)yRIVD}F*=Rp{=M!a(8J
zP-X8+V0gNl7Jp7BHcynRP;zjPpm_P<I{m_W&nP$#YToHlg)Lk6F~+<z@yNfZ&4+t;
z!LFfcTSaeUrzDsYJ)1VsXqD66>^gz8effgR8b{|tJ%JHYm>h2IKf`Q2&!7B723e{q
zl2GN*Ft_gQOft{)_<5GCAZgiGdi!IHWZL#M!{>c2QzB*c+5&?^)bHwyZ(i|}B>MK1
zBCs{yx2-Z|apA7oRHuo!oN^7$z(Oa(puk#G;)*~Q=DKH3xNS3$3W{m`ROg!N>C$z+
z<S$pAe^uUl6zPNFe_Y>e(h+HP{E|Q>=&M1nxM2wnQEI^O>h)?Tq)u~pVlbYXc=(57
zQ6X)8Vg$VbgJQ?|pbN{cF*#1XhpvbQ`0S~yz$4tCiP**?g1xZs`kcvattJdRmHtR!
zwximG7XElKtGe8=#C(&m1qCCktd_iq-Iuw)>D8WLc$e*2+uV-Sl<6nm8b;km(ET_y
zEIFn4V!P?yA&a==uEjvhkJ;2(PudbzH;z-wE_62_4H|i~D$eud$iN~I8B+eeM?3ZB
zX465%#3p~?55pawx7MaFE}JT%ZBIX3b=Zz%=q3n~EUiPBF8zrRvOcMtKfju%T3j+;
zf!C5yAHZ&G_o}+gEU+8Dd~3I+0>6anRKoSeN$E<pN$kmxTHq}yC2z*PA&W1<n^tKY
zQLpdCIBW-=jp?@h_-SOI0V}Q}T93QVFrGI`5O}<tBYxQ;W_G=A#Z&9#G5JOt*+Tfo
z@zQSWx^QK+B=&Osp3J<jiv90NurL3Z=ENi8!*X%!3DZIBXP+I{mxb8J&8|0s^_q`w
zv#G=VTh+W8R=XsO$mT|JuY++Y^y|-7^OzQ~p4L^zddAjfiYlw!pGqV#HgT+LcgW8p
zFN!+3PwTX$wtoJzl9D7%v#!2L;d(B7YI<?uof`#3ORn?gV7v;)<MVcBp%<CYb|QP`
z)}s>N-U~b#v9EmWTF<r2i~K=nAIDiSREgHlK^87owre477{3Fzl2@)t?>T&1=}8CA
z+`7QqE=1ew%fwm`18aiyzShYi<Hq0OwZRuPKDLPM-=oi5`KUSkrQghOeP6#*SG5<s
zi7h+O<0~=N)>^7YbF79ol`QQx`FV{)Y$lZ)6cmn^qT&isi>`)`oU`W49Bt9ecWMHi
ziu9~t39W^+Lc!yQSMm<Kwx$m5{4f+MV(q~Qad;g*hKEY_I<@RNsk1x)6Ev3{_3MuE
zY~pVo#$OiH`ax~8ac<%qkt|xterWrFQ{mQ?09Z-?x;*T)?C@vB+c_dz_V2UK+L?1Y
zf+o?N6R_b$JQz)2kv`oDj9N5CG4PL?@6BL0vmWZ?WTLLzK_?LJu!(}-q({SqQRtm{
z2FrM9>0ZQU0dF7P=P|7Y1JiVC|H@~zZj$GFV4r`QQobFuuFvs|HqiePMaG?Q$`9Y!
zduhLEXfX`37tx<>$|Mv;=d3Ke$Vro({rn}7GR4P0!ZG*MsSCe+_=Oo5Ain-7UgC0(
zS>r&@v|@+sW?>;`W^tjMvaTm%t^H(a_bI$9g*NkPegdVql^6~BnP1^Tm9oMqef`9(
zJ2EP}UY$x?dpDjf2ZyBa%a;@_&uqo@n<<ATeR<r2*=H>xQ7dYxH>rKGNkNbJbp38f
zGT)H7(UI0}it4q<4f&YbE562t!5t(E_%*dbWerlJhc2};($}nwFvp~QSqYc;A1AXf
zOFCyM1cLwFFzbKB6EDj6?0egAv-nvN2X_Bini{M^xCqX!PVY>ExRCAVuB#{-w5Fem
z4*J%A`2ajQajCtc9sIx9&0Y5wayQ0bb9o%eT&09`Sh-HC6;tXkX54A={inUjAoJSJ
z{q4;re%fZ<)3RfM)5A}T6L*iUKCmVIs(So5|12-<^x?}5SgOP-?>})6>2|yfjaY;C
za}>k*+w2aL4{B%Lol!S4JRJ3`VkKMJM4GRA(<$lXeUF<aJA2a7JmRJNHbw03>Z?&Z
z0jp0A%bRe+3y5*!Pwf}4b*{Bau%wBhY>=B?wAA%ltQ@7LMw-$mnWW5W3%(}XC(i40
zE`~|*bQP5G;sr&mRWx1IrGHi_9c1{pOCppIh`@caJOd^6OH)~t-zekDhp7-n468`(
zl-6>=`X^rGsON@Fci&B2?WK$_8m9Vtka+?=O>HdW$?dMR(iL~cWoY9-sMn!H{!Wdt
z)_-fU>ol2UnnK|<RbPs2ne)YY&O_!Oe8c9mqM7Fc>d30_vVYXU`g@@7eyuOdF!drQ
zVbI>yJjRUphJ=MS#mr}miKna-NtQQ6+Xh1%ZHC~Of8bi{@Ony?&o8&FCSdnZ;I#Z%
z;;Rl4_W%>-`6xKm&xkj@jy?o?h8NAZJ<QUq1m3ZtpBhy@sk>Lo@xX(`!O87unluxi
ziL??)c9RO*y!kMvz&cL_zT|_$AI@dY3K9lpIJK822avB`3)hHT>vZ%dL9*qC9#8dT
zU4CvCipSSrXkgMv%!SbnHmsjrIUJ&Nte@E#{W4)vqRzQJl2(GFHElV)98=WnITdZ6
zoG0=sqFyY-<YY%aV{Bz<uNbj6dHp60XJTD02CaGVc5~#(sb|HwlS6|EGofBkWm(+|
z)Rv}+LH23HZH%KUYt2dIz{fAP{HUffC8}@WXnnPYRUVla?je<Au!(cC`muy#`3^P!
zAUUW+PuHmXoO;uWT)PA~$t4BUafrCx(QJ=Ua_&m#se@W`E%UYO3wu#5Drxr^>g$I?
zA!(}XdJ{tW*{@y2CKHp0!>TzZ$kT7NvRaP&gflK(co_7>zywmqn_D#jm;naNk?up$
z&=h_G_n4gCM}cLN_0dzSa#v1|*Qm)!j3vZgJ<>PPHAs>cFfBT*y*=ky7(Hp>auVG;
zwl0KITmRDs!d#)J-|FUGQgku5E;jL<)Ws#D*CWX_{*wIT6^KvU=(2bIe}rt;_C!y+
zhscn24UotK1f9-w5_%?`6UD5=6cI(@VpI@NNc96b@i(tRfl#*Ri8gY0JGJE57Q!NQ
z?$Fm%Mkf8!F%8~&r;1F!SrGaAAJnEYw>a>r$rZwJ<o@@E*6@So4xOcq$e5VwV~p0i
zILiLds<r=GP50k>*4Ef)iPihq*w-aiJ%^<=EoP0ot7E}BX=6+clw8Kd!HwL5LpL(S
zI+O2HEG;d0EoH?W67z(&yhu!>Il#@&$T;`p$rHUAFJ~43c^SzccB8yd)lOK2uujFq
z#Ze7by}Z@nu|7dkYfP5ZMLD>7<?2;Nc6K{;i>FVY66f+;b5p;2|DGq;p5pgU-H=yz
zYl1G}jr3*87u$~sEMk0S=jUIWeU!QKG*yZ{dI}HmZPc#Y^e#KQo1Bb{P>O2KJyB7k
z<04Ceq!gc8<9i&;%xxDXj^}1)E4tX=q;pQ#)4D86EWHt`Z<?lxRY~7Smn45*4GFo>
z<>qc=v~ZP@(ubWWXuwV&+<g$E6Zsrn=QDQaJ@JGul<<m*VXk9k_T6vazI|t>^}FCx
zc>`GH&3)H-1VX_6&&#qh0eG7OL*|<|aea4Jo)0X&gx^h54Q2LY<HH@lf5Q<OTU$1<
z{lB<ZC@Iec>2dM!^qC(hC@7d2<qU*+Z_nc(^bHK&r>2tD8gsSd`BZ0j#Bot|EX>ZD
z4t>=|1T{Bf-xBQbIVY!S$!$8AOl;$5Uq((Y43n(N49&&bUX@HaZr1JL-rh@9u}Jar
zq78New8KRvWS{n)BGH%;=s0@ZN$G@w`ujCEg?M<#ElWo2Yl8{McB{p%UcHJ4vP$)q
zQ$9ki2Q0Xz{P@Aw#amRfMTpqB)_iJhYunVHrF2qA)VFFq`rU$&jO)fPoY<tKa4_HJ
ztgKL*Je`8A`|(9Dr8G4!|NQy0IjzgGDN8Aiufxao$w9_TYfVkfdVF*Y*@ftO37(`b
zz0zk_nZQ;$clw;j2N7c>R%Czv{NZCh1$!Yr^)&juX=1F>ZZ}a;QIS~I*3!ZS8^y*_
z)^o0NQxn6*G1;8Yw;Bl;8kXFc?%pK?x2vI#%w>2%X(}r#3s1XEEn`{o_^obbB9A#f
z;_r5kIGN7S%i&=iF#b==lF-5|=F-yA#KS}V;h}@=1^y^5!-~JomEgxhbfkmB!}y<V
z75V7Sb6{7Qpw@W3IH^3~#0S3NLwwGnM(NruUGUi*Z!@;31>4Gu45luOetTQJq9}vk
zh9sO-RiLY>$#iN`Vi_@Ztnl&9)XvgCq75u)+jCq3zA+uoG`72U`3l5u|A;w({d9hY
zmvFBC#m<gfQ3p$$m{3Y8SEf@fyOgL&<=dYW7@t(m%ni5EV6;p7ZHo5WB<*uF>PAvH
zLs?e}=k6ZOxd~%EzJ#nWPNQO2*60qoclNAKe3zwbqH=cc?K|XsH)3L98lUo_=uPJD
zFwtE2Pb1lXE#Cb{XR%r1SQhKOOHR&Duq+>YB9IhZs<0)kqeDqZNcg&nhEKw><l67w
zzo)r+dGFoB-8%f$+4&OXKqe94NA!$HIcI?J-o1PANjGS8+=Q>UcXVhN8%N59Q<5BQ
zv*qHHxh-k_C@=R_*?IBe+@|V>#6&`gBU001y=FIrT`iuTrDe7?D>E~*uYanhme%`(
zgrzb=NlBdV-@n82u&ds}xD+zS9aidy7qy$u9bk5<)MK@>+1A(EXQuZ5JXBPa^7XCu
z$`9ZiYMU6~*}{mhZkK%j&KJc&NrYJ4{uI!~QqZI>MkUFB+tJ<KdU|q%${t(wpc8g`
zSd;Yf&6_5(;s#UhhAAfm;@Pujy?uQ+pY~)^qNA^@ER#O)sJ=coH#bu2D@b}>c-A?g
zwN;Lq7(Y5L&U|~mD{*0aq}ZH=i%Z_vIMu6>t;Yr)WL`E6qVd+2OTJ;{<%o!g#4X)I
z!;48>^B8vxb@iZ)4JRIyH6Ifjn^Lq*$><BOXa}{dtgMizD1u(!fWg5*>&V(I{28CO
zexhn&?&#t4!a`LM2Wx8y4-Wybe6h=%;%1_TF;PN70`|?lz3+Rhj67dnURI}j@s}XJ
z&ss)P^TVAkoWISX6xMcjR}_qmj3VaeEuUIh*^(N<R)_Wc>m)>ND)}xYh2+zo_tu>|
zcjVa1eK5}umpDGbnuX56-M&5jeR<Psu01CA%NLwpTFqr%Gcz;3Ikq_;U!&&M){Lqu
zeb)?GdHKxTT$Wqr9OdDWk)+Oc#Q3=RI&28A<tI3y)7H*TMoa5soB1r-Ta!9M&dtrO
z!J!=N9pYM)o{satb4|v@g%^VHEgEVP5)!>)vsZe8jEs!AZIaHOECObw`rwDCb1aOE
zINsjg^hj0~76}=d^B+EZfHzRr)n!g)r}2@?B!_DQxQYgrj*W-M&>1x~hHn0lv?5kk
z?BK1#IXj%JUoE)__i3Vj*nITTLikK7i=^Dd6_tZfF62CY9#;LE14@|3e{T&%Ke^#o
zdl6sh7iXqkxkE~J_;;r%siLmV{e3TRm<w=)Uae1Qwyaz_a%6;MqLG6#9LXIP6(w(D
z^To?=v6m6N15wMI+V69hg{9YxamcTh6LEu!i|pdXi||=5<Fk{ao4(w(<fDO{eW$f3
zTF}RFu<aLe`*WFD3*pGB2ket@r?7|!S!d_svG2vj#TjuH<zv#ruZR_hh!<A{qGMyj
z?&NHp&lM-s`5?;5da*6?It7Z*!kdPMhlgjR%016(4fdZXr&X!GEYZb9dvX?zmtYCI
zKR+%)pbZHP?SrSPspV8n7J3e0P=mojMDD%@C5JxWit)|S(b0!0DzdQcVIAp6-^^FA
za_At<pYqYvim5#VQ&Wb^x*Be8Z8e*UZW!6#=i*XxGjSI-`c?G~ma5B!H$mz<&j+n%
z&+d{kh|zu90%vnt>`f1fRcKOr{P>#k9j!%uQ@)xn2IqqIbm%k!xf^oTo?EkeAANgm
z&Ao5*@c)66F)}pQyQ3-V_NR%G#RKUJ3JMn2*6<N;X$48&zkeSu?0$E8dYap1_LsVD
z1b%vH>D7gvG<kFLn}tTzuj|iF)~N*@=+>&&#gr5IE`ojHc`e%2bw3_TzINq*iZeVg
z5UeJCas`5IypS^!J!As#(zo=YH02JcpO6bThICD)Rz^#N{15r)1CO1-^Iw1U;gf(I
zhu!tMx>VCMGn*&tfehwtku4AloafrF`eBB2vDsIi!T%-sO*zwv8gD;iM_1mIJjRRP
z*47+q&Q6aOmzRHPsfoT?T(s^wet%P*iIbDm+1VKp1Uof4CT8mRU|X-kiBT?s=4#k8
zP4S(boxg)$v~s_G{W)Ig`aU}PW%XKr<U=SWn0R?L*-f;yU+ql>GTgK5Y@kpRnJN<@
z5gqLw`eYJ1i9$u(l#ew1^TQ@y(2-v5E%g-A2m5kM138;5R3<n0`LFJwJWYC+AD#?=
zHN?*jdMaGz2m>~P8A9G|wZ*XMZa~ido9esPc&|sK=~8vXFSo+Gy3+)hA?*3sPu0p+
zZhV19bS!oQ!EM%jfnDz#qQtW6=h1q7ltH-zUUBvyLyl_7PwcH`7|tq8pb(_EqudY`
zcx*mi<xa#9u>a)Uvxg^H$$10WDj$~(NuCAyA1>uAuB<eJ8TbcGg#Nsc_ZX5cKXH9o
z>xch@EA6?%(Sp}gT~TA9KN*h&U=Ij7PRM|BbLS}rz-E@x*1n2;0b;L>-NNd%7r&qW
zTu2LyJUl!^Am8Cn52%UD!phBeB?<oJeLZbRq925U=YV>OJ3)E+m9fh%jhS&?6X(%Y
zzhOVz6hWWnE%<BW@ixiIcN57@TX&ZGz6Iqk&b*3sb#-T2BWN4Havm&wR1<52wK+m<
zxm=~Ek8Gp&eLERiLxO!na4)#?$usXtnlM*>0ANi_qQE*Per~7p%&QNNitg~a`;9GB
zsa&6ATCGpqm}jo7-@AVOdIWd}IK7zO&~0(UDmUy~5|41rbf=2adZOH^IE|{VyxX!i
zT}GpMoTp{VagLr}z*N%wK-gMaUs~_KZB;ZC)32ivp2vlKd_|i)>re>TCDlC5oQ4%a
z`}_Mrq%~@3VkwTw()sD>jGy8pUv6QI;eUcbdi{M)fI!rXOuQ~bpOUP|zP<kZ{mq{U
zggw%6Dz0q|u@i7B5R${+N3q8)OZ~T%lLR<ES*WH6521@nG_C#M4)J_8nhotlbJzz$
zFE3x_`1aAn<DgWvd4$}{cJ8U27rUXd)^J2*WGe=Z#5K{_GO)5@ZjHQ7+so@Nd>ytg
zWiRiSz^bY$Zl9gSpctxltmSsQ1SkJOb>BiHZ{V~YThcQZvvDq{{BB{`lAz=L&7Xag
z&R4lfQo6glgG^@bfingO-D?(p@BsJF{gZlX9$?n6*D|WBX(Pi?Yul%NvX63`(9CZ*
ztK0>zQ&sn&P@=hN53M&KVAKWGm+bEBZ1@&Quhbo_5n2Dm8t0F0s9Y3%1Qex+KU51P
zQE#PxHf!upTG&^3cZ^zju_h)Z@p!E09q*Rcljy{JA?xewgK$M^EvRWTbg~e5%4}dJ
zeT#|d9J0uyt-^WcoMx&^;cKbhb9O&pUbMEc!TEH8_u@}cUE`RoPtNLt6aLeaG+zQT
z|5sGKN45l0Q&anKfd_G>+6jkFTeAv-NTfMjhr_l#-4YJ*D`OtN@`^r`vpDb=xRj>t
zl{AEsXen5gs}MFHCgxwKJI+7Arytdh(xsHo*qoaf%h<bWtng8OCa<XO=U&}jt*Lh0
zF}M96K5VEJ6+JZ}9f*Url1WTV%ydrUOeICQ)I^YVO^Kyv=o6lvp&=c#KbzZUQ*N}|
zno{|*E2UyhwzDDJcHS$Td;$Vtjtv97>YR#&U%wJQ^oH8K!h1U#=_{jY-Q3bL)xlMN
z-1e^L?~k&w*E@zJ%Qphd%$VBS+c!oY?L}FO+txjgE~h!F5wmOj!6W3cLQU_#)AtUO
z_q%#__Gz-1zfUjnz|F(sr$f1|L$ji^w0|LKwmS+U(o9>_8|?k!Dk&~shQ#pjvs~b-
zkm9v8#T|EVS@1r+`<S~9sH#`c2%gVN93+FV8xI`^w0Xfe^&`GMKBgt3muP7_bTIZz
zP<UW>8Xaj{PzN^nmQM!I_Pg@u;s{^^9qd0cw_!6>Cz@KY{j4j3)}3k?U7c=wLYo?J
zXcI6PK<hmn%Iwr5y7zZus>#~XaUEHel9J*D0e8wx_`Xvhtw#6IpFjFgP41z)zU1T(
z1Rjk|sv8+y-*R=A@$os_HLW9xq`QBaOmyc`VW2aO)_Ub@E(g_y$@)#yR-)Ua(SCi-
zpn3N%qWzq}L*};(;$qgA%u^yFqNcak?)CQfzlah$ya3^U2OZu3_Ge*bZNw!L3Cc<J
z33F5|zcy#c0ZB|ng(M?0^Js;ztgI~K^XKy>{uu3tJws>Pfv04UTVI@o=Z7T;I%a(T
zetBqUh~;2j<B`XBczB>^7<cu0Dz{A3QsatqVB2?%7_Xf^c^<27y1HMEt{4nP$b0J+
zB(PV%KQiBhh7Zy;wRnJtkB^TNW?38jV>+Cxt^tDZ`{d+KhZ%cS|3a~yUg`aby}CEQ
zem#79{Q)I5tV0J5?%W420}kWzuv>eM>ajGXX&59@*Z`Szb@WhPOL}?=!i~9M??FL7
z<2!jo505Tn$_33iy<vqD4pfL0UYkq~;}y@*$RhKVkz#88XIJj1CWk;_7x0HAVeG(A
z`yBghxi+n+58sZD=#GznuAqvf3)0AwQ9vNpleVhq7XbH>g#Q&>=|AeT{zE|Of4z|K
zw?Cs&x3RQ`0uiTYKzN_$oAe_CW=-O~DX=5!l_aXv@x9x3IXyDXkKVp>hzogfbCKiQ
zhZ5w5cwpeg?VLzC^zf3k-+g+=g5<a63q>=P!72f96uVp3L@L)iB!}kq4{aogioV75
zoX;|3+TvWq+3lFIe;6;MIPgbbc-#1RUY<h3<5XC&+ZbK)c7asjN!Xf$pI)G7y!LIT
z-{)(I4rIp!_xA!l*6(trcyrMwb6-C5U!#fbu0dK|W3FHM>3UJP#t8KsuAExs*J`f8
zevzW~00%K6hq|q=$5S+v{$<7h(LmvB?(BEM2T!H+!>In1T3VE=!QRxO#(ou=GF7Q}
zDq>E<>@i{=Vi)4C_ssd4Vi85HazSyMw%0ei5IzP^wA?&1H|M+%K~NSf*7VKj2<rA+
zxBK~<tJ>)-p4`l!8)<2?+j#JYy-RqRGA+l4oP>b!TJs*Iy1CqL?E&0KUaPI#%iQ}4
zr7~?WWGS2Z+HD)=<f5(@+og}0ZeXpv#&AzcS-dVF(V&ux&b}`{FYqrtIb~Q+qNBuF
zgQ!!T0FhdAM9bLFb%(j*m0~AyPWa5wjWF*5($J6c;afQ<@yqbK-l(4JNXM2k`bhd$
zVD`V2=Tp3ne--)^=VJ?+-S^Je8}-mKo5r0ernS9aRK2o;@MW2%FETf}N>#l%=r&nU
zl<`$ngie$Yv9X)TYQ4Nq=@`&o__!6rgYZMScUV<sxg$4Z#`QM$!Q$MqIri_w=tLEN
z?Dktmxe^IEP8@%}eqGRqukm1M+gS{mmQihBrvxt$4`2NFx<fX8b9doYCP!~Xl@j|=
z>lTZ0A1Z<>vTR>lFynzjFYd~Mn%v(LS0o>^-tSRcYz20iIclxsNYA;LR%yE4U>+8Y
z<?Hh5?g`jH#4$ODL_U!m{Ehr+8&a+5#9Z#i%G^C;15p!ClvMw0Uoc8Es=IXJr9<?B
zG@8}!D06dJ1uCKNZ*j&n#R>mI3(ylH9vB?6s7kTJ^DXP%y6o@_#YTO{pADTB?YDIg
zh&hlBPvmAr>8m}S!OBQ3M9@Q(*5~%I^~+DJ<6xH+%ETA&B%38|KXD}9x{7|!qmNqo
zN)<IkQ#3IsvbNvmHDsz1MYmMSo)v(5^<Kbd%Vc2th<u1vOwQ_+MqD$lhcnQGr`?Kd
z1CKtwr9pu3`n81z+kzsnFxnxNH}dl_juV>Ko3?pa+$pMUi6}dQ9Cu%0UBYMK2ClM=
z5!M=ua;U7zm6`WOm<%=%YDe}cDe$=!-ph=?IKF{}|32)R+#GKIO<x^`b=|<U>eo=!
z{M`Ag*ToAf90`tQ>Ztf*%m?dEIPUHpE2HwQIEy4ia|0p`Cln%|JUh{F@9BY>H<|L4
z5zjGgO?{c)rXJoqo%}AqS4S7s8aI<Zc3R0I{;nXqmbGuh>GR{2>LN9v(6y)kZromI
zdd)_<(l@c~1?wC~#q%J7(&(x#3<R6=$H@_2MeX)%cH}Tny9q{xyvWPXC%*HM)$5-}
zH=VAit|je1>zOo>+ACL$r>6^#-@F;DO;XQ_5`9heUIY+6tGcS^A;mXEx_vF2Zy`P%
zZjsc~S`w}u1a`kZmQu#Z<|C?~$nX+AqxulSLLJR{D^T^#e?ctq-wUk&7Zn@-Jj89;
zpjWS6F$xNLJ}gTCi1pX6U+)}|04kYs@0Z%i%C@|tznQS_ntbTG@+JveQE_mPSoNf0
zY`p=AUmYtaC=in*`370<<*QdVr-0kjb*fy}xYYIk0@{1y5+ht(T>iQVw*X*E<P$=o
zooDk2fLWA29zQ=nz%`q;C;vj8Yqr|i%n}<-CFJDfZsgs!+gTVPlkbS-Xgb88{a?pl
zHU>~dvOwuq^}GA`@8`mrVk|>hg8W|T<^Ck1et~!pcq)>Sk-;|*%|jPhop9~iHRCuz
zYT}VHds+Z~oBj9!<!rrAj2|4o?#RX|C|KU(5*`*d9;=ZJwZ;>G-Y*alQ50muTW!|+
zR7u^pgbpnuIV_Bjr?#w&l7N)%QX4ZbZ~u%l=22OZPc^-oyXc@azJKW{FE6i5#{j0{
zOPYyVTYo7Q>2~O-AT_Dr%nV31Do+>NU2Y4f;@W-8g+w-{h}~IYZI-%bj6eX!MjQ+1
zww0=Cq}Pg*P%<JJR>e&J$&+-7pn)kT>tQ7|HL55a>-Ii0CULc*yXW_BXW$sDV>f@;
z17ggV)Row_{5{6qu)}3ep8<IYNPdOAf#@Vgs4^BRiM28k44+z?dJ(dEsL@?K8dI~W
z<A^DXHvgQO9i3;~6Qdb<xX;%12UF>ZBEu9bs;PO7aUoq?U0h^P(N%ZdwU*Zp{VK#f
z{39w0XY|R`ipn1h`L5S4C@Uy9JB*ceCA@!6{=xok<<%X8mNECl3kmq3l$t{3By@ON
z%&47*Z)251hn;|}v6E`f?)lv-=TvhRC_Zx)J|ECMIU?kqd+J2uZE-#Dobs19hc8`3
z9a5L)^k3VKDxwV0>o!Nv6obAbbXi6X_zm@8MgVLs|EB9oLa#QqamBRIePf5Ny3XV9
z>ru*V?cM~@W3T%ulX!Z+@HelM62NMYCl0})W*mJ!W;K#988kYd)HQ4+dY6q&Hcs)t
z0GNTG2?uorg^Nr~Oz-03b04n*Xs}}|K4kO(mw+^630D3euA;TbMMOba`K57D+Zw7`
zHo@NBK2g#)5FTb_tXxf`Y}D?XegS=4L2j;ufdMT5gR=sT{ht*8e)(bfr!(OmDz@5b
z>P63?3@jSG8Z<UOwG;N0N^zVv^m*0K0Gvzo#$q{wj;TGXK0c~O<x|g=2fsKB=<Dkv
z{PyUWZ{M~tHW5fF=y6%U0vmzIs9fXrQ*+bM(9mDMe>Y-@pZUrF%`eB^88u#l4&yAb
z_ma8-h8RUfQ8OOVy)M_2w%_o|@i|V2Xc+tWRE@b5HjbD8jdD4?*l|*<e($mU$suMM
zH+p>Ba1nDTiDVmueOYYPL+_k_o%GEZ?`hrA`NXCvCtv%`fzH2#OE*s0ifUe9=`2$h
zz%{$m#MeEqwM8+!8MPb!A$IH?2m5Jjl*tPq7!3mhw6kwrbaXU$#f)eDQA&LFgsQ$i
zP0;#87Qu3iuCb)OJ;&X<chw(1UMiiN4X@&a8&Pqnt6ip`ASWk(?m6j?w4VS>>(FlQ
zd~p9=b`FlK17c^#u3fyY^PNlE_lbU7yJzW@PlRXkOZ?S%wI`RIK$1{8SRn+K&{}l^
zu)?%7voBmtzq-2IiBc2pS!EOysBHfp0JA~M#Ah@DTbn#v@y1tiqxP;YOrG!8i2x0a
z_hZ7q9DtGf2jy!6H8eB=QrzHx?Qp*2qeqX@IGEK?A_%=Yzx!C)2J2N+Zh)ykkV%@a
z{Qc{fguQ*ioo~`A*T2#V*!6ZA)CY*dbItG1&(HfDf96$(w`+0Dj|CEPQIK<4nnnE8
zBOu(mObfPb;tthFID?y)$q1sKYa$ypEohg&M>jfP($EcgKB=R2yZg_B%1>}^;1`Md
zKg;Db5Pg_m7{`kmKvaECM)P3!LW)k^)cx(EmrhAJtHlIQ{i^clC``sScBVpdX6A)i
z*7eisc2T9>sgY@D0TGhvYB8$R<s!ce=>Z(-PArvIfvZb~EGe|~usrMAH*TP@!Z>fg
zw}T$nls92^pH~nslGm$eBjW)Mu3bEkxKTZgzDx<+4X-cG375`w#O)m&@??w+p`?v)
z2uX~iWIUPv`{?PbKM)UGW-kEa!WSs9o>EzEH+nh0Yc~nyAP-nD^q|x3*DOp{JbW+M
z3OG@Q;{g-&P*qh9h?{t0b@dzBSn>wN;E2YpZBt6H5=as)bQDNx;cee81UUKXHo(B+
z!z!w(uUpJE^<v9~S&w296PHgud9jR53V$hw4sgZ2s(c1G4c7KOowoe^d@-~d{dsiv
z_!}|?4_Isb&-s(b^Mc*jzi?PP0L?e?+ia06I14v9{&}$3#z2rO@EimGK3M2ZVWUq{
zzO&F6OaK(KN4-hli93+NiuJ>~^9O(SfIJPGgKt<KP?`AkLC9r{y_cYDR{8cV@dDs?
zDXgrl-AI!_l<mQtkH2Sj$>>EEodXZ=KDd3mWgRIEr1Ja-3q~W`_W|efR_$t<rubIW
z2ZI%<i6>#<;l<W{Oq)W0M*^XPK;#YG%?6J05+Hde`t=nR)HXIY+%yr!<@La|<Qv!O
zi$sQoN=i%PV)+tNfFRB8BQjb(#>Kq>@+j>H*f@Y8(5^?RUTg+7JYS;1i|j#cTCGw(
zYA58k|E<S;Xb%3LSy}n`p7_0cTCSbH0~zZJ^aBFKAl$u+iMf61=;+wC*q2%Cj@E&W
z7gx8)7!T12=pld*xkW_;y<?rmK)KB0*_DrJ7#gzEx3#o9X?jgEU0g-9y+0E*lNlv;
zd4O3pnWd^+C-163nO$Rz_x8IFAI^O$uO1s3dWA<s`4?c^o5lbc*o}V2gJ2=y?92lk
zc2#vXkL$d0zEQPKN#H<^S{oK`Ud}7RUwY`HqpSM{z~HbpEdAoP_-@Pvy7S&8w-f!z
zDW@B(tO{<Kz(x!%{GROVdp<IvM^3rCz$qX=37~txI@TjSJjy0J_OigDo12?vfj~II
zCk9OvqO07|GQF|U(G8X*-YZf*(^Yj4qDb(AB}H`3iNLbBySoQZ<V@Yk#qj_Lg8T+x
zMQy_c2B_Fdzk}}=vW}1a05@s1udMamI~Q~({)$|thO1^SE*l#gQIz;;#f4jlhYAYh
z&*z@acP0pVt|fc<ZBEOw8<Z)RyuEA&`GmsV!N!Jso0f*gR3NGE&!6RkPvdty*2Y6o
z)t-C4Q1uA(C2F+3HB{4-wY0ngG?pnJ4S{GtZt~)Zy+39S_ye;*;P`+54XvpW>EiwJ
z<x9q#5H;+#)z#I+OB0o@%s}n<N7laglqBJHOwSSk+;=m>Z!!IiI#2-c*gnK;j=<b-
zn$+bdc+CDH2TaJA!r1?DwMW5)1}qV<v)JdK>bLA}XmIUh)Fb!Gl`A11EpH4myGTjB
zKvG7J+O>jc0C(8zE>x&qUO2sOs95&LO!`TRO6*_-u(z@FA6g6lS6hw2Rn-ZJiD3ZX
zkbVBMLsmXS4dmk$j+<HGqf~iAVLaxo4bMss`D6RyLMfP;#Kjq4XEp(sa-z=+WXHk5
z!T#9f>Fbe^5lQ3|?w?JN7KNJ4K||2$z)neoC0p;+_!R)D*X$L`1>pva^X5*?Te+LU
z!oqxx_~0@?kffU&4S{x|ckL!Z2Dr$Ag02N#;KQ1V&D)xDLJ)od(~AngML~_4ZJ`U~
zE3mgK<CPTH+kq`<XlZK$zAL4oba1jqzCFRU>`CRQvV`m-t*aY{oNJ4qB|s!LC@Cm3
z4&?#aK+p4Rkfn&L0bDr~*h^RvV*_=NhY!1vGx+al@bU5e1t8XpedX8to6;_ozdqbn
z8b4><5_T2g)8;HfB18qYrf5SRf)Nupe=ILQV>hf&FA31miA6p?efjb{kMU!5bwrBl
zf^MGTV}V{uPQws5X;YsCGW8RCfg~(@43VLW0f7Y!A3Iu{0GkeQSM{s)<)J+OIfsdw
zYd~>1a0qU3%m(k*%`Plte*LN_qND#v5!pX*;}jGPn|<;Op_1OESJ`wvRaEE^kF(7@
z0bH4dld~0II#i*SBD^iUAdmOf(;`eV_mgvChl@8KX=^`04;Mi20tL?nGBSo89_oCs
z39MPj@C#vOSdwx4bfaqSy5VyDg6Tw73!}`wT$>mu8K<xW`Q5vh2QFW}{0>4J__ebU
z6{5bn7`C(I{W72wAuNsnF`H|3Lx1xb9L+5(9H#TcyusrW`gd#kx{AJktk|5O)6!MF
z)h5>w4-XFlhk9BZUvEnKKfUPE?ut~q+)_4gO^6h_Y+0)PVWor0HD;!a-Y3vges1Et
zMXnI_A4$RfSLE$~YRC#cO^kSeM>XCRyRo&sjSA@P9a{CcX&kuGT9%566fEm%Z{PCC
z|3y}Q6k+e`>Y4)iic}&3-y{bD#>fF=C#D<j7bz!3hEc0N=3|gpj9iK5yHoP+d(2*U
zwDWy49bu0`6$+LWeEHG{JFle%2zZ+{c?o~o542-n1NV&mC*|BJe87vq^c6msyV&)J
z5)8#?4+E9a>^Q}?Jt$b3BI+y98pROx_3K@zrLRy?*&16v@L0LzN&U>m220L0ldwW=
zzeGj#=J3#`OCaV*_nd^TF7ln*MK5!MGZd*{nKm%^aw;la5}sCigx*1{o~t-M(%Asr
zLqde2JYLkd%(AY}x;gUt18(14yC}~KTRO3qjZ;-Q=j7<xh1)$;Q$<1{f<nlr1knTv
zh0=qdQ!((~Wt!D<5#I+lueewv+8+XD&Eaxh;*Dyf&DOHo*ITV+_`x{0Z{MDFR#5o;
zZZcL)Kzi$AKQ`Ay&<Y}UCXOi)(1c>c+dn||>u;&;&p=jSXlPi!%;$gT)|UvF`RV+2
zp-dPMu2%w&XBcpHUZ=Y(B%h8)3l75T6{Ob`+k<)nm_eC5PDaM`Nesi9lo)=QMF(Xk
zL@!8f*ytW#=dr4<SD@p3#1}YGTpPoG3Emvoo7X6Zww7?J6GFz!z7SAv(A{@Aj}2w8
zn+UYuNc@ekKM{-u`?1Wpw!2Oj_$s85{Js(J^yw|cU#KS>w#yt)VGseaXg2}@`2`=+
z@T%@(*r||%_bTi>J<E~b@2I7&Y@bF#!uhd#1)DD`T^INSe?s1HY*^=7<N^l@l=e0^
z&;{3*ytwqhNWJ<U+{c|ZK25}%7fKJv-}#l~1w+qTpmN07@xY7O<jAtEgjXz=^mDXe
z^_<gj9D7#!)0%G@GIplrC6iSM1t2oufvC6Yo(A5-g}*6iHxdNG7s%x;MVwYF;N+*Y
z%d}&6QQj>Q)tIJh>xx$psXt?+!UfB&8+++yAb$7skSU^rLJnJL$4FmnU0hU;@FXYk
zT#>r`-fiU7EvBXa!}*v0|3EtbV^rstBLFqB&}aeeibifhE`~WEGJSt)(<VJRIebVh
z$OC9^0qc;Km3`IYg6;UcHm4<Yqa38~S#<-ABW&!mlqDwJX;%CxJ6rA)(b3f<tEU$~
zAI0Uxbf3eZj2IY+y=!KQULZ8WE9LYgD0M@CIxZw6Bxqo1P<ap29mvc>O^oI51NN#X
zN!+zx0Kzh~Zt<pRlbSS^!vG(Fm3409nVb;9Ctlf>x@s)(&cGD*6|^8TL^avjcjA-o
zWZc*uyi8=_g(FG)4SG3{y!|6cwDk^d{Iq0d`ShvvJeP3|HCzQqj{~X~eBO68k%kzb
z-MB`t<gI3zPg3C+?x#^5Jw58Mu&`#4ECWLgjVb4A7Cz8<f=Kbxmn5{Xf2rKfn>TBR
zrA1Y<jPD2vBCYP9*y9}eI2e{M_>8-_y86?Tsi7-|)$UKUp8_uR)0Eq5oGkM9t4QJI
zGRH~!{*7~p5s<udgJ$vp#;4Y#0|1%|4x$Dd=qJoeMpw@NRR&x|7%F(kKL3)40>A<w
zRhw$gz!xN%e}IsPsKp0>pG2E>a|_>PVb%^12<8kdxy{echPVtK5lfUXfckFmajoOB
za8<W1XiWz@b<5EDTo^u!YgvV=R_i=E3~CmlCOz+qz7Mr2)`}NmT!rWydfuQ<@AecV
z8W$ny46+Q>dO{PoXw=sq;7wvtoX%grE{yI*j}z(#0nE~MaV7#yWIS~^jYXBHehe&~
zGU;Z2QM&{<lg9@iLS;3{MMa~soOe#bDGto#w*KdwUwkQ_V)ZlHYa8S7AhFRsjV>6J
z_Z~;m#+A=ZRgoZ1c06i~(EVwGsvqJ$7)V~ntp-(HS_hqY03B8pdI+HfAu(VCOViJO
z&!+ztz$I<=C?YD(3XUAgt5;uvUbV8o^Yqvo(E#)|k;It2W|erM1@oOdRWUQ@nK{4=
zp>w`<`}P4ULaR!pJ&n12bL)pV7LG73@=OwUUw%|yww`CFn<QW_1zkB3CVl`^paO8=
zp^}no5`6Le!-vaVe8`zvzXKO+yW1uoMc)GOz~MM2>KeenYGMbsp4r+4Yx_L}VQjg0
zVB3x#)VNrot&);bT3j@Ur}Fhn6}8?xcOuy|#Ue%UttU?y;U4n>mQ>b?rspPWN4*K9
ztM1`(G#Go&T}5mN2^H?nepCZ~vfus?bRMLp*2Zt!<$wAcHQd(&;+ut?{biTsc2xl|
zttv$3H{272-M_Y(`yK8q1;ou2foc|>1+wPs?5vm3T7p%oq=7+F+X*};RzK_SAaBzL
z4Jeiw1u-at8%lv*a#f0wl5)D?IWD~cwc?(_MPcOH;8*RucR)6FE_=ts#^To+N8MJ6
zwa$heRWXUf3(KLR4r*f?DWfF^pXIQ-gQ#47+u<GCBMC>gEGS!7wdzfOyfcdG!wPT<
z#E~=a<Kr)sjK2N+`IgFk*ph&A6$yUR&eKW%_U#hZs@W<@=e|+h3jc&3zr|??n2$i}
zk7q-7iw$jU^A=TE0|C*M_9-^UlDioh<E^QFcoEDxdD?F;a=;!3ozSH?a=@CgD6Nwa
zoiS2(;{0I8o-R=Ebfg3TuvnVB*u>|7B?o`7Da%~*sHP{gr~_Dv4h`Da1OI}*SmX*U
z3bGr_(E(#6c1|Vd_fwi>pGzc)ko*JyJ=5QDvx43!`1jN4xJre9_P?S{w);<l-tPc@
zE#xJx%+v5tza80hM<ubD>kXNf<QYF<hUvv-e(zg?|BXn;&SY~>PmjE|c8r$@v`<eh
zEbx3wBuhNkjS&s6NoZeJ+>yC5h$zu70K)#w(6g%pyK5+-Y7}W^A9be+MIZO2e?cXG
z#>TJ>?X&DW15T)ST3TA5ZFY}MON)B_8XueH<G4)lduc<U3~PW=xy8H%A~iSk#C?Cl
z!^5SOm5H&H+@@Zwy?ck#V6H|+s_)(!R+oebSrt3opMg&EIrh_`Y-@I7qM?zb#Ra`2
zon?3Ol54{Bw3!H;19e$OX|`J*;x9A+Az@)J;DRXusLnR^uA3s9c2^!lJ(I6jd=A)n
zkT3L$l#Q(-e44ZqKpRL-PhZH2-kR$$s|E!G)8fC&!-@(axCTafE)nSmLBIUucz@G)
z0e+cJH-{!(!X}|Y!%8OlC<bwQTVx>~0vrH)j@bbSLHjf{i^vdA(r3y={DfAIKgz(s
z0IIP(UNQtFyI#=luE(Yq+{dgMgbBIUo8*0~w{y)+>r{`syH)>by?s1AJ-PGFe-bpz
z`}&oS;m%tc{=17~w=)_bs<wdaG(Ei$ee68bnx2)_Vt)wOMzHqnC!O&;ArTQ*3)q=H
zX!TaTgU6BuJpjmJ(-Ry(LRvmn43(W>o!>S2NILRu)ikjP=sHcc6~JOY0e2&)sk24K
zguIr6nyRSo@NT|NUUnWO6%{jQIw(@{pt#~syYf0i`v=@*1yzkKFg`UL!z^Y-WmHte
zr%7E#;s1mkGw_s`#9cHb<XA^X2mj;m=Az5w?`!@yUB&-xGUdgtb_QUq=ku(YKB$9?
zp`n9#*^?0qZ+A|IKD_K$cVMaBPI9Os`a;{8>4UVnxp{B<JoSGz-17OtxBPteE)pR_
z3rowNX2mbR$;r4qp#F|v0~IaEZUK{f{grT*8C<($RAg}IhReODI6C_JVe#?QAa%9Q
z{VE~zf%ZEhuduLns_9MN$jF6iRAGWu`53@;?5BpT1?3>cN#h8HPx+jk{VY2xJ3DMG
zyTz=}P98<l)!8}dW<W$p$Ty}LtEQ^D`==HTU9reRr>CZZ$b2-gWHkSaE;PTEfkR{8
z_1FO?9D@17%yM%qe7IKBPvcSG2qJLos0L_@Z!t69ymxN^y?KYQl<^`r&}Q(M2ni{v
zbJ+FS7KF0^iO8&}p{w>>Z^iciBGstKln0(>AnFCJW*cBbpsZPSe!!-a-|I)#;ZUAg
zTucsnR~9gbh6XtRD=i+7JP(JmO2<~=3fTMZNpS$hfY)l&x!jw?T5|`|1t@71N*ojv
zLM<oBt_y$m&L^$;pQ`Yipcn#lL9fy!%PXHWd2sNb0J^JdGz_wH*;+sxuw6XF19NyR
zz`Xvg9iMD_!!q*vR>O)%wNQE-`{Q$fgUqu|m0?BMLC|z%$c8r`!=}G=>sAN`>i!6T
z3!=t&Xd*z)OU@BN!K@l$0T~n|#o3QN`Z8n_t9C3vo@czEt*d+U!2<&kol{RJU<S-V
z!`)a3T4xRB6jkQ3Osuf{Qb%iZbI2AHvhyR?i19&xjJqg051=KJU4-0CXxp8pn=fh%
zL*LhY1|sGYVM-Zk##x+f2Rxih%t<ci1O)|eiiu624}r{qNsj=>9&5e~D0J<7e}A}*
z!0vhF1l|_&gHsSSV}wu+<<c-1@=hDQxVRxy`{m2;^;J?CY3bla{JVh@`h_yzFC6wP
zRcKa)7tY)R7*(&9@Z*PK1cGJ-`*Q(&_(7^9`<De6sY~SKI0&ebC0t!gEbIE)H*Udu
zzP;z}<`&XGOh&dxO|!g891U`KdHFYO-cT<NoYVFq9FTygc%_;X4AkkeM~D>bEC)9h
zb1EO4QB$-vo%;C-&<9EmUhs4qR&4HTeGdEN@VGV|EWR>X&j6UE*&jf5)E_;%MUR~#
zc;G<{9)-Z-PqtO+CnrA!-H#Qn`Kc)?_7kTXuv4mh!w<h4k6UZpZE%BvB<o#SL-fZs
z%v0^wuMlxfOZBm%TUa-RmJ<9Sk>}gLah2!m;NV5(reRP=ggg&)zYoYrV(ec~t+s@w
zrlfF)k>K^NZx#cdvT1Vzp&<`wvl#y)K!%Qt)=Z&-h7Du;Vl2&`tw#+uJ1nEnJGJr%
zZs17y5|nYc_Mv(aa$g>_-we-(o(3`)AQ$w@UoVk7fSHBqufY<m|77kDGkG$>+M1fv
z&VQ3bW<BHy;$0+RtRR2BACIZ(-pgaHU+V4M-Ih+|sK&KLN@{Y{=zlHd{eN{9dd-yb
z6kwQh@K%lE=gCRTK?DkNYSXJKGUtP^f^+Ks`GXl=@ikzjBJs#&sY(T=s$i5e$G1AE
zEs#xt)W!dTt&B_~lS<Gl&>*X=9l7M@G5({9012<O5lP0U_e>3`4@O?HR#k64Il-hC
z5|X3jUidKDeo8+6PSkUIal^x%0DD3?Qn{}aX@5oss$2vDWJB%-;vkEe4piG7!hYXV
zZ1qZ1N>SIA&<SWfLVZL)u0n1u|7qGxP}p$?gl`U@=in;K6TuJqw+0HU9LlI!h@kje
zF~V`~@ZS<CJGS{!VUW|XEeC?QipL*xlwN1!{KaRA{xSBBLj7;k&X(BR?9!%O>qDQq
zjg>cG#X%rJo(9#79=AQQYQSh#0>ifcb<p^{1|bwyn*=H({%!X$@ivgYQf&K|PDj7f
zjP-|)2Z(cMa9}T6W(EXaSRHQh+8YcKs~8D_OBXBpf<f;TGWWn?=P#Hu(S9fZ6EV^X
z5^KbzsI$yt+v4$?)yvMH)=E6gD?jSaNinMiRadw}8C*>*xXiht5^Cwycb$#pAIV9`
z$9@X;@Q3LRS-DrW-KRlyga`t&N{)0`fp~g#f7E=6X?zfUV!L(XRb3@LDE(M%bLHlY
z`q7XeJ=%S%gOgl;8Ka0Uw8=gLY0edG_n+y69n90M(^gTha1q%c)&hfvcn_>GgvQ#I
z^Nk(u90(zTmePy876w%NzG~95iP_dM>T9=q431&n-mE(HT<W4KWi-Oq+&em(=(E?9
zHPJ-j+6MKbiARPjt@U>%x#-0~wI!>af_*q4qz{Fb+k|I22%eOy13yoWEm!p64oI&V
zbrw}SFk065-Up#|r3%q43&aHf#?dl91qoF-hI#~K&%NH61l23Ld>mEInLfUC1E6P~
zVK5gDYt0jEIpdj;uPS|LXdv~hO2c!?5Uo<av=?<PomDs8!2++Thn@&4nM;Ii>c3D%
zkIPn2{TkjnY?EP*Y>`AT3;nsSW*X#O&1e7CCnat&o0yw|oT=}vIO`l|Xua-0f$#Q5
z4-f%fw<&3>j3KvPb}o3napjkcXV_R7-Y(YoAk*8;mZ|PiN*1AU)b;!e?zBHQKxW$X
z-m<UD2dtH-gWPVtIAT$sk+5!0yaGbCjoCV`mhXy6>u|1hjgQtqjPHby<auju{yI7`
zP#*D*O(b1jMV3)8M`3;DSpEP>_bcatCUkAsiMe-nb~nsTWn>EfMXfrl1KRtZi;?7;
zV61#GMpg!=3EucWo&^5?DjfZ%>d%5|>Eid$R~^rB1xkV<9$^Z7s@L+D9I0X(2uXOg
zc-R)>?6BzUr{JVtFysgr0?7cF7Wxb<S3Wrh4GrV{``B5%U+wLe2Vg)c9ty7UA`G?|
zL*ESq1knMVw*aZBOQd9!eSUP+BMSW$slior425D<fmN}dh$@-P=)^EV4TCLzHHtG9
zrau$Cft)ptx~d_8{ecAE=!BdaY+!zG1_nS(wgVj;3QMxHvwK`ffi8voGQEkVQW*k|
zivf1QQnj)?CopZ|1}M{xtv_-OMoY)D>rW5SW(QcD{J!U!ArIHho6>_*7^Dd@Kkfbd
zspJQqh4+ATJvc-c`J%)>{+=xsE2=-OYCE}zeYU+ly@Y>}yt0qmdDM%F=-AZI6eO<!
z8L@pnG(4OEV{_Z20n3A|n`hWT8{iQ~?8?MCfY)ll;_Ne!&jBaLML@M5p9%vtySuvq
z1w|e(!3A@B{q{Zp7z5daXt3s!!Va?PxVx9;O2a`Y;aX}S>tZwQxFFP_aA%FWdVGVj
za?Htn9k4E>alKj}euOF1KhRtwf&hPm!J%`DqB;QjT3cH$BJ0QxVBT^!uKpMgW?r@{
zJO7m0_KlB^TRr|aujOUOP2D>@JYQz0r9}bc7{QOa%fjsnOG@(c1n^i;lU$;p$V@;^
zQVctkn*(<oz%|KGXpsc^9+Wx1Nt@zhESD-KX3Sm!H6+a4ArQbPvFuL%Q}*^1nJe;L
zlB8{3Us-W`Q0X{P6AIuu0s+f{K)_eTzjjwV9$<@MyBM#Mz_WmQeM!J+0Oq0X6)<Fd
z(my$jRF7K?hsqRdORrg|N~Ej&X^dYSvOWbod*0d2jSmdPKLDK6{l!&1c1jSg5DV1+
zNoxwDl06n5K7K3)Kq{z|MNvs9n36lSeK)6iE&O|3ztPSuAR3{ToUVkH0Pn9!M{I8W
zi{V$G`4@({l}`y}Pnz&I33kd7Ti;$AuzD<<LJAD^r6}8H&rG?g5j&~epn?-qQ#AoC
zLO~3yauJ#>tpbMGZDI6eM6X<8O)c&V(05Sz2XKs;;Br(Knd9x$k%P89v~9W24b=Bo
z#&iB!gdB|8?N-yvoL<lm62%N^VQ01i&-Ma+jpm!k#N8g;7l8siv4i4kUS7-ZB_|<~
zvSe77=C-4{VFDimwnB`0Q9al$%81e8oqpw`2D9RQVkzX7yKst0$8KEt_mgY5+wS?%
z7$fm~_3~X<Wd7$c=?8Ec&!Rum)~#HlUsh@Ul<PIyq(JAsEwx34EkT(E<5G;-$_Y%Z
zKmC4pcLQS+F;)=<q&SqhV;B=?es*pBWqo}gz&X?IM?g|ynNHxKS+hCxe_Q~r1L{0E
zs0d+oKf%Q0TDJF51LGxpEe~)SSQ1O@oS?)ybBy9IfTKfg`=Y&<)xtv0v36RP+*i4y
z)hnQGU_g}A^%@4%-oj`CNc5Xwd;&~=OjtDaFN{08r}%!xRQA6_qWdPd`_Y(QG^TNa
zn4CoVm{*Wof$f&beD?E;!_3h#o`nAgP>&{FybBd0^1<1@>mL2`$ts_t=QXAe?;qjJ
zI|;#lnAv<yhs$WYaZu$?*XP7!6l7s#b#$y?&O{^j`GB{4i!HO=z6+M9=G4s<_;*-0
zoSoB8sawAKAV|WB5n#*&^hBUh!f7~iL_vfE$S%}{hKA;wc^l~_I&(Sp-S@gJT4S*4
z^g{Mf{m{A^N&tqk-ZVXj`M*#M_9rD|_OX;DK!ZH2iyXknUxgoEP+{H+{oAqdu*~;&
z*?8Hfqh==cC8;qnuR!<(Q6&7Y`q|s>E={3W-;xKS0c!Q}05tvn8mBxgryNZ9LT`5A
z+$TZmXm9K+a(!TZye<s&f`$TSUFo1FGaLUsSyf<MO9KcWdmPM_w(AbF{WFzJ53g%l
zKGyObG;&wRlwh<Iri0^iNM$k}Jm=%!#ux>EFDa>w#0Bq92Y&9JI1`i9`RMvRQ-H?K
z!-L3JTUuFV0`}S9DQ;14{Q0}offEeqO4{|9as!)TDdDcgwXj;g3-UIDgmw~abadX|
zc*2vy!Cf`*kleIg<({E*hgq@LaaX<s>aY{p#Zq%}dU7^7fohd;&vHhb8T66AbiPF8
z_AaYmgRLa7-y%ZR{DF#6QiP1TpTeJ~xKq*}^=Fg>+Y?!wM+LG`&my=+J)~!)yX3|$
zlL##RF}hPFT!m`pu_usW9hN0;oo2bf8`d3Q+Os*)QQM$SAhdI)q#R$lFn%<CZN160
z``Y}o^+j{bPsMZd^X*SEsblrYCwm+zZ}wSdH(%NUP7gwNDIH<xlbFq!D~P`?l}`H`
zQ#h-FqN3OTuTri&9LoKRkJOcvJrYKixHW04qsh{ZAr&JnCRxUAEMqCRB19BpZAg|#
zmMF^%V#Xk{WGtZxrD2L0lUvgeHDkv5d;NKTzvn*BeV*T+-{<{)&-tEnKIfeGIq!K-
z$+^C(kFNLeHdYq~)ytm^AiPwcVZ27c)SHj5x4K#Ad>N|2c#n~QF#*g|hixM@E#h&L
zqskCnR_)8}jyPZz#=vbqoaA4Wk5&6(l|oJU^dREQT}Ai%t3b~#?UIqNukThj%+%44
zX?iZk>k*Lug1y_i&jCmUdQ_5tGOl|#P>3EV_f5lF+3v@B#iB}Sh^eWE$@g-bA+%)T
zE1MMHyAB+VL}(_+W(&HlTQSl@_CYudMlYTh-)&urPq(twIIkeLPv%gncv|v<*V}Cn
z176!SHGK8sW$+Do!0;1iI}b$p5pBJHv#sV?`&+%{S@z}ECyl(Gf(<)x27698{p~zQ
zhcT9LP1I<AI02<v^AGfS*-q+ZZ2Hw*q;PZi3vP(X_r>s?!6V88(#aTkrG{NK%^Gp=
zQEiPnbE$Z4WF3|28HxOMPW3UkjF|$;`Vg69x?ANK!$^bqWX8~E?*uMYJ$kJ*81(AB
zCJz+X;7hPr1s*4+Cvj$3h{?-F?PNiHZxhef{P6lor#p_nLnF%C-kMK&O7F4Xp<P8(
zEPlKj^z4_|YHfQ8WZT5eW=T`jkPU_`R>A<we}Ox?%Ir(IkFyoAIv=l8O(eB4mi$3s
zT4~*r!u%GCoQ(t52?gn;cag$ElGorwgskx6A%K{^KOG@B^TnHkkNVDo4Zr|eZmXs<
zVxR+)im2`9zDjM|5~RM5{l_@H&^@PEUs9JVZS%_{o6HItb6<F?+ToF@R;#)^1Id?~
zc6@z^ISi1#8;KmfCX4;N<kQDRCfPe>xnz!&b$v+mH^>UB+EDnk<ntsrf6z#hyOB2M
zT1U;iz#~VjLJ2#kzq2QoF88+6*HcK&7ntnWhjZlxPGNrfsFj4vdfr*Vp=KmJKZbN%
zG99c>e3dr-LD+kJg2e)^SqhNPbZ~$1-8;u9k!4)FlgodFGEfskns^e)j!wa;u9D4X
zV?a?y)7HMrJNJ*fFKk%>P%%r_;kQCbWy@A`17UKHG@aYIRCqDi^h#)CNGW6Z(u;85
z!jgp{2G|>`A!M`m=4LT3fFOVLaW=qpfD1ZTM}?Ac67a^!ga+TE^4}LZOibIygAh9Q
z6o*YoyngFk<6B(qsc+%!^==maIYy1d+zBEqqr$~gi3)I1AqF&=p}pVG!g5!B*x6)7
zp8$+Mx}0E>nWs}Hr)V|tW2x+0RUkH_uy5oVyzc9`&aF%6PW~<1{9}aAF?0TveZ`QG
zCJ+3edbayGT_tknf$p`hv2v!WFv^gvmP7bra;%@CWn_s933BBxL@D;j{*Z`*dDO)s
z+B?anra7%Oi_Oz+llRmXzLA0;T|d*gE&MHDVCU~=4!O(W&(-WhLqWg4x%Q12c0AZ1
zW69EFK2hyg{^gpgiS{k<0x)X`rCI8Hv3rz!A=lDzA$3e<RNW`s8pL&zs^f<$f_}Mr
z_zt=XrUiSWV+lLlmesrp7=Cne6Dzi3^~P~956f-Nq;pgsR-dPrTtMI9F0V{w;#<f3
z^LO6`xb5N#@NL7&Jj+DB$`0=9(3<m2I0G8YiOfX`L||Y7$9PIKu6J2MGqMOZ?2s}$
z6#+Sdmf+rZty}RmoJho`MLq!}W+DYAiObmGF<b&&?YVk|_>sx{ot549_yjS*nro_^
z`|Xud5db1)+4w|g`?}2Qy&`UR8`nM>F|1+IhvcZv!zU?cWBLkYq0m2AdUg=wfVL3H
zN~jkY+4H#mYq_tB45|}+V(O{IcG8@>all%fY|{Z*6wR_SV8>_#WcRH$o=X8nIrYTR
zKb<9qUURbBh9xSywILq>0RdO;n}}#YE!o@eCss2P+nLF|<s$Ps97S<`=cg5T-3qHd
z@=rrY(wn;rp%DW!pE_@&w}4X^8l0r*sj|^_)rkm~aokY8{YU||{Rm3^bq_ITtb7p^
zl@(X-_0CBm)la*OA4QFuLn7`r@@!)|x^-nLNkr1&HBJYC9|%=Y>bdTyFHWaa0B*D8
zW$b!GZ3jK`dwAz@GRChVU~<WlTzEnLaI}3)uT1&_94m~!gcVK%ZrEx063%b7^+fM&
zSn09{qQNVP7dqZN>gNMf>(WGM-o0Rd4U0AE-kRHo<d$1BU#{RTSz={J2@Oh0Nv5yL
z#_QPd=Mx+(;^~QGAp9|QTmfX<h0YGy+c0BO8S>2c&nduHfv5yHoD4E)=&GR1tzR_C
zNzhZj897st7KtCERfoQRaFfC~EQ#H0cVa{z{5f-!_tjmq{&+w%W8fhrqPnrPHovIa
z&zm)KoU)&eR-rw+@+cwAUgys_OyQhdW4A|V@Wk0NY926HB$;YhXYx^C9V#lc?7m|j
z8^O4pEHR{ddGow>V8Q$o5=FE<OSpyOwq>?do{6~(8kj-)1nFTUr&gxtl5Q9~dk0+H
zxptzmgw2bZS-k1x5`PKZj3YwHp3zhL03}=?z!bhOb~mx*yBJdXp-~zeKPHvxcPAv<
zJkQgv1HyaS!=jPps93$hSp>qyY6UAVU)1h2mZETcb^QsHhM_Kq{!d1%DK^55D96dt
z!n}6;EoYV%h_XH>%Ft}PcK!be^<U=Q|Jt^9yoe&k5@r&nXW2;MF$OrP+QqMTrEZ;m
zTRSlent++KxYcZ>UV1VmU<YiSaTddkj_b>SFBNOXet*I@t|;g0pE5bNI+ExCtyP}a
zOWvt(=K+y&Ptc4#(mr|r>8($KyktzB7c9~2+EY2m+{e}67n^oFgEC-))Kq`1=^o|$
zmvr2>AiLALQvtAOvbqFtxZD3TsUOBswC^Px40yRBS>cw&6^Az#Zp<Gv%P|1!KyPSJ
z;UXIqN0m~Y+xYK}w;4bj=g*q@z$7b|b&FC=iqHNAS_?#pZqxM?9v3`n@!74M(KOwC
z!Nj)%xcW<`&WdvtfsoN-xnioQxf*T4W|d<VH6~o;I=}1}s=z)V-lL2;^culz)z^*2
z^{oYX;U^=_<68RsO+R3H>fL9`@2gta*0&s?t(L6wV*hv_vt#YRh*hio<cQrnl0*yN
zX|9o(T`jXbyucoz$F$stg{moMlH04C`I;*f*+@u5wjlS)LVvNfv3k|>J=81rLo!D%
zSrOlyL16W!7Gg)-I9*I7@ukH_BL}@VKT5alDQYOCHRQf8F<+DZ!@=5z)DeVbv_!(N
zts93=m+3w}wB*l%2V~A5Ux<JL6FdQxEYgHWY;F2;PXg7=5;^WnQcLV<*io>Yh`x%Y
z1)xT>+qdKv^qH<{ZJ~(AO8KWsZ)mO6VyMbQlh&RseT|0F?V_$oq1D8~k=|zl*>&OU
z&Y+eaKZVu<_l6MViZ9S?olkv;CkNB!PPBNn#C*syat-42-t*R7qI96!68uMX@<<L1
z=JD(PmcZ{jqdI?m$>JA_tG|_n6-{o7%Rj^td1X+tfB8c$V6cbdg*jFQTEdTHY|Ay-
zz07<_W=3w7o>T7S<>Ed4#pcf9I~x<(6girvzN)3o^*8Y^8<8e!G|6>7U~uD8kJ#IJ
zDU|DjTEEUxkJZ5GY3u%0f)FbO!l(CALSRcE9SR@@K%Msx%@6KlNC#w`BmDW5Pxd0H
z7PmhRp<6J({&1WWsJ2LIwq0Sw_Ws-~@<sn#Q+?r0O}Wv}FUvVUKf5f8{L(TDwW>4|
zt2cKV*TA3Yy@*1cG6Ro<QS}2S&T{Hl;}=IM&GE8U4E&FHbSb`%!|P%#{&2wAlrC*f
zbzRt0<ICck@-`32@J0l1=#7GOD@3V?$F^H<e)~zzX?<AkJiIQ0H<nb#{qwtYin8Gs
z@tZF{&157bV_q?tQ5GT!CU9fXpAABLF+};}O%anfJ(1a|{i48xY|v?IB!Xb+apyln
C4$RpA

literal 23222
zcmce;2UJvDvn|?yf=Uumf*>HMh$KOB7RewIl$->~Ip?5=fFPifkt|7akPMBI6hv~8
z3=*3RO_O=m-@X4E<K8jOIsd)mz2iWI-FvUScdc5rs^*+UsEV>I@ulmR5C{aZyquI8
z0)cZMfxvxx0UwUkN)q_Oe-|C(w4D(Mk{0Y=oETOT8aPPcBL7&LV20p4IpS(mNbuG_
zhorS!9=f_%*gGNeihjw#AtDzzBxUMs;$-RIVrg%OAisE%365XF9)D!-;OS&(ZsCF`
zApIo-M@jxU>SX#Hdn$vArL8G~7ejgxKDmhfMBU!Z#r?UHDMH`j40}4^KZ9F3o7g;u
zQ=Jf1O%;)F_yYE@=5r@IOFMH!6U{;}93%K2*Sk8Im?F?;fvA6-_Q>AW*3`}gvG*$$
z3CHlUr#-cFu`xyDuJ<t`5DW-;sfSNJKCMppt6bI0;6LW%YNHP|xr}=%p-m){aE?eI
zQfBead&h})jb`8KLbVPHn!J4re24BmCVI+;vcBrOZN~q=dO)YVs(!Llp`*rVo5RZ_
z_HWtE#1}lZt0fZW{L`+IJ-s0Jnu<$i;UsXad}1f;VKza8kNC5vf+usk%PGqnpPXxx
zN${p6L)f&-&IOawlMF6|EOEGZOK1j!EGY*)OA*>Q<X%mGSwujlnp%2ZMyk&^fb4w*
zm66mfc6=%_`7oS+=Mc(3l<=&p+y52Ku(0p%$WVS`^umO@-f3)V7Jea{d!2z!Xzow-
z(&HdogT;+5T|&gei3OFX)h6W1XXppN;?YmUB3=DgyL7{37e5=XKj=o+70l7shp97*
zQEYhHr;_!h+Tm!Zl@Rh5xij9G3?XQX=>KIcpdSji+j2SlBFy1GtjNk`KBLB_^R)>1
z3~e=Gk2y;2p1u?j8%9|&zZOYQd)@tWRriJECsl}ip*{2PTL19&P`{$>bJ!<nX`$h=
zUHIf@JNGR&l&*gq>FC~2q2|*w!2X@x-aj1sC~x{>7*%4HCp%P&>$n$(_fhS^TyEo!
z7$pV^ztI=#h1GP6EN;EihgUK-|J5>Xp7Kck8^@=+?D&Y{LeeZ#T#0k&nhx?2`=i?k
zqk$8X&28i<Wk5>ox8Ni9ureJEgQnW4bxfTvMu_#O0hJXK&*vPGJJ#{ZFbpHFZ=Thf
zKe<<(8*1>x3eCM@%hK-B*{#;#M_ohjjDR7t%uaIpG-pt;iU@|4Y%xBomARZr{(0v#
zAC6RI!}(HLL@BARU+i0Wmx6=v{d-4x^A~AFwF2yg8`}nB6~!XSCaCpsl`MU`w5tb9
zCVK<VBYKL5C=p;xk|SH>z^Al^K^C_*rN}gali}``;6jJ?J1|)&)ybkb4MxjJQeNf}
zL-Esg&d$??MRBt9ET1TERN2!TN99wovdzm1kq7?AC)UO~GZByPj+b8SG#q(DirE-i
zeZ=6mvy&Q9rf|v4a<4A$H2lJTCIMlK{JO!Sa}4ulT%YmdrMRoBeY82)A7@S{5^Y%w
z?{S`?{4E=e2HYAduAChs`QO^YIp4v2?Vo}aRbc|!BD{ahbxP=y&X44-Rh_7j>tJus
zxP+bQu11zKjfih6U3FV?G1k6*lgBX=TAEB^^xiu|v-<=a_*sgILd3JIg`61s0k~_A
zmL_@h&~Qb9GuDf?nnoN)w#%Q=o=xi`JH@GZ$#TvP6WW~~n4Nsg?JO9$ZBggboB12O
z^l<e{O1=mVVir%(c7YcB%e$~U_o&?n-1LMaGrSx}l=(xS&M1ua=@ezYzwqZ7cFgdw
z#JhVpqqe9_Q=`k2qbcUbB8ppm=FcS`{c<)w%p<2~!Ww&i;8{u&%v;8%w%Y4@b%!zS
z++15STVB0iT>aXmuW9OXperh2y1~X2DC`^(=dh}}u68H-KJ(WW6Jox`PRVJ};ViD~
zoa#xExlYeCiKH$+l`lV@tp92}*05Z-8t;+0@1yiKi9;uR!2hBB%b*N&RwXQ60ZmU_
ztS$YJg9~CiwAjBe3u^t04*V;pTo3b;#1$y*v99TM)9`foOcItrZ-du;tBm3G_AS!M
zR*U99-^s>eI}OA0N3)@cNK9_k<@%2%8Q>Lpi(y-9k<ye=_&I4+O_IHbPQzXY85dGu
zsXqc2LY!HA%`H4y^TV1*N3Nqx;z^Ut<CHJj2BN2P@3;+Fo{V<G5)A%v@gpz05V|rT
zMdf6x<11a^`PPhQsQVBZcm`9y!Ln=y!_DgI>&uwvzl$$gmpuH_=$(wm#bPJ)CE`T;
z0lVJ<Ezi*4zJ9lF!iQJ-IKJ|5!zFY)xR~U?-@K4yF7@)_mAP&3O|VaqcK69XODeH_
zYO8&be(Q*%sCao1-Mx@c_eZVukJR=il&K>wNX2Ac#RfoD;>C3j?}xT8gUZnJeqnF8
zduqX?8Hx`$tTF_&2LfjmKAwUHG8%t>!4)qG2Zx7R#LqU~{j<Q0bl2wnPdFdDKS~e>
zhkAUlQWWilm}n5e;5^T|y$!z1+aKc?BS;wcc6p^J3c1F5^m(ABinTUOqYy<+qaO3s
zYsc;vc6l2PFt39<Z^9+5+%GGShfds(OOyAGt_hpm!J44pEGhL&>h&hfRbs8@SX_)C
za?eX|f+cXDSs{$K-R93PLD9J=fBF{W$FdE#k95jShLQCfu58+c9jb574&7<m+S^Qg
zRx5-j4OHk?wqUSx2obTgj*EHb?sLj_HB;9sk34*c!>0<PV-pRk22`eUn}3cSOpYBl
zUeF<AiyG2|nOPXqu`LOrA)83JwIhjW@;|BT%DheSYZLd?2=30{A@1}}pP&AqypKOh
z_zh*R{twZDS2qkKqI8T-bqoVAibt@Tx$8sLjaOnvbc>Its{f2%9e|5nuJsMa$Qte~
z6kgN3MQtGEUJS$kN<8yV&nl&B-k>4d-D#N8mz(EUa#ST3wR@;?R(0)sbC|`FO6|M3
z3})ir6!A{>J>WsuILPC_j_JBzAM%C-9Y4%za7KFk*U-r!E1hHds0Ej7VC*hps!Hjf
z&kgbRzR~?4Jxt!8w9~q=v?+A@tuAq33f-rGJX`j(pVTS!fzX&J{2lMWKThgV0y0X0
zo0G^&kuBGK*86Bf67Pn=<nCfs<C~QmLsBm<d=8r55G!rGWED_T)woN<iS{RUI(zba
z{p@S&@P<ILQ16a4MTadN*uYqA+yxsT_K^-9e7_-TV56kH-zm9caZ=S(JFbYod$>ie
zg^(eQ3P$B(DU<&(UJ=iyy16sus}%@md*9`WZM7-g?9+F*(e}<PJ|_|V{mc106U~*K
zl%?QLy$yO5R>>D0V05J-{5OmCC)m<*biIxP-M3sjZx<tlWq7Xc&Lf>~Cs4j+s8fGP
zc;6Mp`gB6ZRT0%IC~Be(p@)1kvh{J2Ac24VWGF;i6^JjT56tlE*I>J)JL6q}EzRS;
z6(fYg9a&U}B*R^tY&+i@qFR?fY#u_o(YI)L6MYAECWwd<>L&?eXKHVX2~^K**O^E`
z;HtTlSJ7DXl`q()$>79Wv13Dz1=;!6FQx~~gd>Xl?giU_<J$fo)CNC`$@6vCxOew`
zIe9TtH<&V}QSOAWBjQLb4%^<W`y*g7B<^{VoR8h=A+DabH=T^pAD!IDv3#(Yc5d@v
z&Ux#>q7iZ}&iJw+7baoR%dcv3?HkpkpL=-7F4-=Pc4&xX(36EbjFwzYA#yrI_ZdG>
z;Dv{LZbdNt$A>VuO&?x!;pvkyW{8;({#R%Jdt?4Lo|O@hEa;3+O-(J}yr3k}savRF
zGg>BHbx8CUp<7~v6D~6+p&1zB#pQeG^1{q)c0SH<owubxgVoB)>Mv=@+qaiq2L(O<
z_Ue542rb#N#nx=AR=L@`smto$S;fT-hihNoYI0j24}JamTy#v#a&2-(1|wX6&JQmr
zC=j+HzWz?;g{djpdQ7TplhQc-5+{Qcj@$m`bDPO}>WddIj?}tZ-{q5+6563KPAB3-
zNX+N$aEM-`pr~bJWYpt`>x@ZAU^y)`E7j72vlA^nJv})Pvz(lq-6jUlpQjTBure}!
zH!aoT>BMsoOja&-brMQWoR7AZm6Ec^&PT0?6_=FsSZgEnD8i%*GK;F5h{iF4!+fDH
zHcyW>>iYWn^pg1P-AqkQgIvaHtD5#!M*|ZcnByXbiVY(xEBUToyLO<@%*skw=eG8$
za~}KEzudCWl_WaU+1VM`IWK8#%_?@d#B`N{0yjX5Q&4c!`hbOn#aKVCGibEj91o$R
ztNT770c##rj-GyA{jwLKT4J1>q@8h`1c+PA%+2#oH*em=Nk~X=sL|VB%8bMn6MO&u
zy|E|^a9c6<Ts=pxQCdaI_3PIqhqn)fC-A_mMAkzEI6cl~%(reCb*G5>4UbmY(<>+{
zwxa(2eWArh5sBX0n3`HVeERe$0+Hgor_HrS>c1a2<;u;?&C^+bxRQ_PvA#@@QCLVE
zM!|lmnnNnEceXX`5uHK6Z=6b3l!la)6ay2}BPHENpPH#}KDV!`si|G2pty6|(b3^>
zux;8^)~KU(diQ4HhYx)@-@N8=Uv5*fQG}g`my&();zdu#t?Tz(h)eYA+|mmRA3M+5
z!(=18Zv1i=O3u*DIvyMtIG1I>%gYO|Y+-46acPevvo~bEGtPSD3LCxeE}0$&WkyB@
z+_CLwCgf0}3c-5so}{jB(lA4r7MpQ>#{^TP2rfdvd#}LY897*3RZA<Rtc<(&>uz>s
zrG~npe`jr-!_2D%bZZ!81Ba%%I$lnH=$}7-(p(;gzQLWqwE?Ti$;oa0>C!DXBet@(
zZoq%ZJ()%Hfwiox%uBR1W^<=XPgV8(f*<?*cClJ_o_bD3W#y1b!-o%7wl-o|HNAeN
z-hYm(oFbB!Q2FBLmDRDTC*`)Tn3{|X$^JuiN!?LW#+4wtD%HDH6tJca^<-+$-{!ad
zXo8Mx$yN?JY_Cq{4)3_p1XYdEjmN3mC8*e0s@M$&tWaFawaaqg)EwoE>zr4Rlj~Ux
zJhHvI?y4FmFLnA)m8ih2OssEwh3x##wEgaJDJl0?|5j!A@70h0(OG@$O%M>2?tC;$
zY@P{dHSV?kcs1bDC)$y<y_ZG!6F0+JaX<dNb^3~3SXlUOYUJvwjR0)~!@v)5eO)8`
zK%CLhQ7^k!7IIuvM0YtkWj#Fw7rIl$|8{fg<Jt6PNL$$3V-l9!>hyg+e$L6k>+!?W
zD%9Y*fzY*o7@M5TuG4Yn<IlyT=#-QQ7&vl%)lJyR$;pU2p(XUQ!S9p5YRKUg%rnoz
zdgP=SWrtIT%lw$Wr|4C28d!%gG-dJNM%Lkox3J9VB(tfXvU0@2*FmfEX}<IWsnl7n
zR2>*e3|GncxZdhS-LOe*^GwrAJc5=gc@GZ(c;|2#rccVuh_vi%{2MoJAiTr|U{o(n
z_aBY|wD2zNzmtU>r<-t!J9+r{zFY8Q)YsF}@Y(d#r^-gqK7<$D-q~p-Fz|dbHa5mf
ze;6K46df05GFoP8VPi88jkFo%hM;+HtT(de_BuE?Y}u@wT2N3h;}<ydjmW;~r#d=s
z_xC*zqKmSRAHQ1|VKuzJ-u`3i=(ARX7w^i-N(<`E8~ncu3yi|TG@Y^R<f+v2<x$DW
z@1moxV(&9nX`5SAMACY*N4)8m*#lU_JeDMg_J|vgOiVK6wpUiHc=-95`1v)Rr{OcB
zs<9atA!;L`A6;GNdv?SQu8@;6#p;$CpGSmH^c)}Tv^u%Ex@uKBq<b{LgAWW0AeJt&
zxKeX*aV2iYIQjZ=7@L@=>gyK@_GV;esy=;s^+RdwH~97uElp<cg`_Tggo98rJP^gs
zbsC!9fq}nhssr!TtMJZXS_c8z5}m@?acc{UroFYX=iCV;ekWeNO&0KTUzTEPZD?p{
zEgeB?L;6Tamswz|@z#a3mKLeMi;Ld+?RHg6jEuN2GuRvC=abu05Q~(LhQE39CLoTV
ziU@}jg>qIkFyN>a6Lw#hva{oGa(0%EGre2!od`eBBCp60Y2d?x5H-9r`TM=Fs0<7w
z;I>Ky8(@hS+KS6}@prNTa`V{t;>zt8RjLIB4LbeO3H<gc-DYM!J|ZNv0s&y~0<BWX
ze#XomYa5%ZQ_~vxgXUDN?d_Qr6;JEM9HtTANC7G2Pb@`8*W4acs&!2*;v&E~-p9v>
zn6yWPT6V|_M(Y@ZE#QywvBE(HM%p+0xZ#PFVjM?M^NfVIcin}YkrAz{l$73VG&D4<
zUfLwVOfU3*L{&5eq}V;Ow9K<`x@RA7s8;e}75f5Ce?yiu?soP!g@lHF%YK~H;;m_5
zu<k0D)OANkPU1<Jgyl`}9OIKi^j!$9N=o6`gn0`nXUEkMF4*-#5AV)#b%b*JpB~@D
zQ2*@elJ@cv!Y;e=(P<YU-uB0qrM2`-<)f=RzG@GWx?t)O=Mqy>Iq^|1{VQU3c6OvO
zgGTpX7Z6fwc&^m5{uJQ7MZ+YRm6J0!{VnhzYqwq19IUg4>>uA`M}37!R<AmTm?{*=
zXf*mK!8#+9|KAZX*1wuJ?WY>w?JRcBeGekEu(g%e)TBfh{fg%b2@h}i`|~3iC1vnT
zb8v92)c|Q>VPUny3@$jD<H@0`&rTOV)dMpkI*(}_rTF_e;Ii>NmVFYM9}gwoIP<>H
zyjfRQx7A8%m{wMHWv)F^*2aeIj#7NUdnVagaK>t%1MbGd6;@a+bAP^Cdu;z?CZnOr
z_io7bPfScyF))ar;kRQD6QfhlR{FNoo5|(1YoXWRb<NNheGPV<o{^D|=gn`PLvrC`
zNFbQ-dob#p7CgJy@#drPYDc`hyu6Tzh`l-=XXgiEr~4*Sva%+V^`2B*#;=RenT@FR
z^|nxQW|e2pg0#!cZr;9q9y31YEtOGMNAv92GXc--TXdd($wbft>V9!KFK>?3eDMx|
zg*wxd{wSW?^paV3$~(CG`HIQ4u`0*yzw)2N{ppsMmp!Im61e0up&z@u^Pe6siqEYK
z=I_st`iK1Z@grck!3%v4o7arHPx*T6jha&%2Zn?%ekn>#SzovF*`Emp`(0W1olLWd
zgA;&#x%KgycrFwCf8MFlSGPS;&G3_eBd%t#LF*I$!+x<KN<=sfKZ*Fs@)O6SJzF2J
zq0nH|p@N`hj#2{SV9gin0AHAarPbAzPlC=o{e~jruiD)PnoH){z8eU>E74TOeoHr|
z8c9i7WfA*WUjAF5Zk39vYP$I|7Kz7?ALoAg@*T3AW?{PehQ$=`sKms#<>uWPjg4YI
zcs~ncCwIE-9ZkHb_uh>-uFH#G>~P%RIUq%1;N^Yh)1&xXPxcqeb!4Xct$G)KuV=X~
z+mvTHO-`b{aq!$dV}s&HKNC=**N%^Z8)|E>^V?4j<kwzJ>lQzwEjR00aqjHYhYcge
zWA@@{>W_!h;54}f1yT?}Qgsa0@n`i0*_&2SsIBQh(zl9>_P&!5;b%6I>g||@qOpN3
zQSQ_7i*Rtqd#bm$7kr^Dh>&vk3&;8C?fK4X$j5s8sQFn~E@H-=NjVG~X`{E7eh&-}
zn;h?NHIR%DFb-hfW~ir!p)m_yqdh;XFp)yjUdY~UZm>_I_exkqgqgcZfPTFP+1A$9
z!y6u{e74t-@%UPg9z9aA54<p6^F=qn_XIucv6K!tJ5ub=n@W2;nvpOnQKIJHARNS>
z#)fx>^tN~iDH)kraFfHQvA9l<1}Y_R-_A9KENFDGxLnP`2Zo5h|6H=CgYcgrC#oGE
zRWwETdorcDGRlxPk9FQLUL&6|PAs!?ap7q^*&CbIjK&=r9S!ZxlqLA86!<LwHCzne
ztR%sDGWz@D{X<sHXzaV~O}J0ZK*HW07Od-ls>~mrkJ-cxsA4S&U9PgL+nk-DaHPCX
z{OR}a-)U2G4{S#68+@WRN={CGc(NgpE~4p5SORe&Ge4j3x1xT^&grD|)7)m1IRS^K
z3x9H4ZO`D~U@_~h0e@1FO^F_)HpGI1GXsJVJW`R%15Fp<UB>(u=mec^L8gggA^xdb
zln+02PImgtXZ($Bm43sUxQv<_>P*?lwhjL??}jf*4KRf=nwpv_b?+7O*Tqlg#7C~s
zFp!av?eC4*bD8~$Pm9j^l%Jla8}JU61UoxBq5>(Qay01fVQ$)8A<B$wL!LNyPp2a{
zalQQ37(_&9&vyJzpI}E8@H-X&N8+*@uTG2cT<*IaPA_h-6QFmgFjDOBLRVK8l=t&`
z#OEh!qdqb}k%8(&?T!@z!4ux878Bu>t(8}DJdJ%jTDz0qSxsl<e9(iM``<|Y(llLJ
z5ZK@ae%CW`V}I>_gP`*Q(d^t@pava!0%GgYZq)4L>uszb&(6;F{Q2|N@RT&JJwEP=
z@on=W%yk2Bl;?Bgn6%PTGDk;8uV-<%Y2(p)&z@b2-iG|z5jDh~+8y$_CnPMaInL1U
z0CO|-)Y8_Lc)8{aiowsxi5naEM7TzGuB_!PB*}T#l@1>@FDO$7G08?uZ?)5tY9kYU
z9waD1xO;)z*jZj(ece3MBN7sW|K?C{?Fp(DqM>Xg-9O{`FDNT1wQSBbzo$F7#wg=$
z5VN$l_co-rxx{9hcf8S;=7IU|f&9b)0(el5zwc!?du8b-wt^dA2q*+Y-n}!;_llB(
zAw)6bP&jzDn?8N^Z02YKNeWME9Y9ROM+9Zl_eaTJwM0*J!>P&k7uv$B39PTw8d;ps
zq<Ah+8(7gxrFgBdV56si$0oy{v9Y5HJ9Bg9N$(BOYCR5;aZ<*P8gQqu?d@$bUqM%Q
z_c?q2BbqPy`H%dH-u$K1MjkBC_-uY7aPT`poc4%Zi$iYtJKPa*AT4VjW?Ft(y!Gor
zx6$fIY3)$tVG%rds?YYt-zlPD%qbqY^78TxMe4e`gu%@(A!GQJDxPYn5E$iDRIA7F
zIXiprFrNvwM@SGZ*iAKxGAvsC@FPDPD%8bBELT@vg+_1Mm>Zb6K7J0L9sMW#+b@s4
zUl#pBBX839ZI&#?<9Mr`3y=iA9|SdrhhDVeezZ(7;Y}@}<Yd>b1^xIT7k)#SVq#*V
z+HLJRcKba&_8hNuCA{-7bfWE{vTqUW5Y1Sh3&5UACwjfgZUS3GCnhEJ_VvBuL>@ay
zbPq<IkI#VRibkVzi;LR_^EG=12ZLbe!Co*kGxN{&)ztzdBZ{Bl<taH0q#ixO<It~t
z4b}YYm_4!;y9*n)T!7U<2Qjby&s}P2*meo1$W%)<LofXwk!t@@QS|Q-bhZ3fX;=iE
zZ`9moukJe#m6@b@Q?#Kk_dqPb|7`iSij9GXS9e@)^*~Srd*o}EI;qd36S_vQq~`oj
zwzwCR=t74c_xJ28h)f#rk;!uSge_wD&+93Vu;y&-rf?oTi_5gmUZOB~Ui@h&OOJ8;
zF$Qsj?&Z4`L7#4E%bw^b?uYrfwZH$p>aL)3!!UQs)YNPFH{M(FCske=F(J1yy(zbS
z#@zR-{P$Mxalq->5i}8JV(vG>vZpqx!siSpn|4C+>(wV-!fj`gV?MUjW51c;6v9E6
z$c!`TXmJ$}r{~RiBbwA5GaX&Ju8K4)DpvS<(-_uYUMyYD>}A?SzZ>%q>kZ(KlL|G(
znSQ$S7|}$y;OOBjADwN7-3Y%1C*tf@e7{4zE<MKz40LmB`BMGpnkv70_lEuVEl&IC
zZ>r5Lm3qb9Pz<Bc)QPSG>|*w4#_N|PxkENs(`1M@e0Q(|Wk+mmEqu89E1COJJF-4K
z0kck-?9d>FS2S!M5`eX`hr_^qu9Kxi7P|RHk80_1yYG)Mp(QGxtQtdK2d`tt_PA%q
zGnu!(d3TZW$?Gr&#|E)SuQeenkV_Fzix!{%HWT96@O#mZ&((*s5^b@2;dO)4^={_t
zEhxxT!c2*Ef6vymw>6;;iRz8$f^S6RH_*vu)V*KF*>h;|6>G1($Kg67+kafu`1Xs?
z7F>>K5@uz_ny()1S!YI#8Af2O<=4qxSQn8qD-$-nQSj-tJicw<ZtoIV#@D#_JZ((V
zKAxx@H<$6%p>vCroGl0X{vT!xN(<oynr}5XWIT)6?C~}BHxL=eZ4U8nDYNGY{SL=H
zwj2~CT$yT<mgtO-K0>(kDRo7H-xMHOfL-Ceh~tamiT1aO`dU<Hk*0L-=w4=gNwJ&a
zOu5hwQ>EpdOAY=-@z4!BzXDcNkdLjE5AMLD$|VStA?p?gYld|1hj02>Gz8fi@)*<w
z!Bmj#by#juT9jOwuyvuw)8#qw`zs<ya<(|fSFi6#%(OxLs1rTracf(wSYP-nq;zRJ
zX8djfMOL-)CQoNJVIJ#iZe8M}v-|evQP+Me`3!=gtp=O@VJ$su^={bC(!l-LxBd$<
zTbcx;9jk^EzV^Va+U(Oii@W^|=l3|zrc76bh9b_BMz(c-XrDchqATVW|Cbg3&o9;n
zfe^6~jr{OnxHVNcD=8<OiNzlwQmfR6UrJ6_+l|_-QI`qD@kujhXedv`$*w5!+maF>
zVp{JV-`g6A@any`9tkduojf<{&@^Yl)z)Tqfu}pfuugleHMb5<9`A2B4{y1(@_tsn
zQK-F8*gfX><=~E6j<k0{oQUIRDizJDUn$-;L;)!!Dn$!8DVm!BDO|<a*UR^el!@G=
z!b640X383^rJEfi>8sMWVmx>nuaLs>$T&8tOoV|<;G@!w(;|l}6J6i$JxO-IO`Wr%
z=JB`E*`V1PC0n>p&y|TlhzmPh%u|=OwtGi)_YJ%G7RsD%#hpJgMDkG;#R%k6_x*k~
zh!HHG4byXGqP!{9aw24Yjm&sGV=_{3kDQUdMLL1Ix~s`g#^n`1>{-kaat`s-uqM=9
zL;1V!S$9IzR7hT9=rtq$a5<S;x0|6MyDh2xH~(WS{l5|S{&ycjp3La^^XC9WqXKNa
zQA34LO%ffry^~=Imobs()Oh-oXo>5CJVSdPXS-i6HZ1}a)nVaRLO^VlPT@$IX_y_l
zm$!+LiHVGYBKrU!^_MA0w-|3cP8GWWsIJGse4IBiSN`DJ#Kh~Kcti-;@u!_?S`4+d
z6V`9?sT5`lU!$g8?!A|rm-i6L7zq^fKcMi;pr+xqen1TXk$k1ybu$z0epjd7gKMZj
zdyc;)db6Xud-yBI%?-(g`T2Cfiw2TzXE1F41F;(+a95#34te{wPf5Ma0e8*J%+&Ni
zZ_<LtcxR!@!rGdAXK(=JNwawW`a5I4w8Cnrr1o^|0Pt+*?x+CR8w<{ZO)>_rQd0x^
zo>HU|p$(tj%>jH<skpGPwbA#eWh*p1eAi2_A!e<3a=l$$pA;SS(7q5^P{7u^?ILcs
zf*Bqwbt!%#EgjU(z1~c@-kCdPj<L;+Y&b-}I!|~!)Oq6UP!%cfMOdoxh7yssJ>VH<
zfCc>l;-CH6zwCnJ05rf`%b=hj4g^O|f1Wnyg9qyM_-QQ6H*Y>HzkxY`6N^GZE_88E
zRwhS9O#?KXIJ{C8<2v5yv}iz&Ib58d_q5R!ojMVyi31FNxs({qW8Z%N=FM-JB<n}%
z1&d+DUinp7v`lE8EIqW>dbHC(yP@FF`bNW%UvA_xGqdb=znZwDxH#sO?15)_NoxKW
zO!LXtBlBOrH!xlvNA(khlm2JEnmRg()?n8nK<1<DbTJ5ZvHOj$7~nQ@e_h2#$Hhg~
z0UK{881mHx5@P42b4>+vN!4YCn)+0R21n9QlPgoY0W8dc-alAT=dKtjhz>AEA35%5
zaALT}J2h4o4E*iKG}UpHx{OObk{602*4x|QyVnhg-kTm{Z>kW^#er3rk(2U%-HDAm
z8^|-iAI+WfPBoHzAsa42y+cC_y#+;uh1VvS=btR&9%imH0_2F+iR|c5=*?0)jpZ~X
zNz0*ms;2e|Yzc&f^-z+KtChr2-ueeDtgXa(?;b8f<Y=`VCuZ(3B<feLTq$v0R8}<u
zJl?EF>@vXq-g~QL#ho1;01nl2=&Gu|1Q#kWL{6GazP?EA0FXmh#d3d+H=Fy`tTYlG
z8WPe|pCaOk9Z4j%&gY<P;cIPv?1v8-37Xp4p}?9PO%zpO27GDO?>tFa<tog|I^QHd
zIR_Y9*J3^xdDv-#B8-xgM88V)_6rlEpFe;8=<IC9k}?Z5hIvm<>s7_-VI7lqYO}=#
ztVF@gy9z5<)I@fjm!xJ&6!osW3!c<(B8V|s%?HvUtY@U${7KVML8V#Obw?aixD>d7
zCHDqNc5dz~K>S>3|Fi7k#YVmqr(6OYQ)D+qvDpgi=fM5q#>0Eyu{?o4p|%6KNwUe5
zR@Cb%%yR$Xg}=HS_wIGrhZ(I5<mDC?qH9I{6%-VrqM`!Ck7r1Y6TO51=|h}uvHRv2
z_@bW;3=IM0fg2MOBc`i-nu~JUT~h7EMc)w=q=vygHX1M@3;ICE3~NNtMQc0<xG&yq
zZ&kaC8;Y4#v?yVvES+bIwZ5GHP2{B-Z;TyGawxgiM6K&cm3`{MIhe(5?`w*_G;NUR
zi@q{H++Bt^(68tDr{41cusS^YBf#{LWh*dzDdw=9sO3#t&+|HxmX@YN0incZ*r=yY
zk3NN;&%5+#vr!c2)m%|kRc)yJRPVZjF#7r7HrS99#_?KvRis-*0%`bAJ-@cLHoW=Z
zIk()rN3Lssz9xDCarF=a-@?A#MC~9dro%{HS(##^R7XQY1BtB8rA)8Cln2J|AsV`;
zSvTNs<v?>w!;n@5UtxkkF~&BxQw_gv(0?7Tc*T<<tQB=0$M6VGg2=$T&MKEfS5&T`
zD2{t#3{hM5>4*!>7gF3Plq<&9u`59kH!+nYQM7)qy=4m0585ra@o|Fr2~_`BW8LuR
z*p~Cuo2rLC7|eIwlbEo}E8V!utOXE`G(R{RwGmku0iBs%QljF*68hqHtN%jwv?~4v
zwSf!2Q2;R)xW~4z$CF#+_#>Co$8&%T`XDwXF2kcWA>4B<t!Mf~&V}Fj|3A*S_WVft
zqu{8IA2Sc|yi$HOIL^s5@Qs<11mgjXAmFkT)omK>3sl9;g3;u1ox=MGO7QjL_iu{+
zHMhEWJMILZ^~hrM%apmSU*%eC2E$cAuTjtYY61@v=IK^9VWR)>=ehjBm9K1uu4;Si
zqM{R+hg)iHX|8Ja%`dnQKCPoX%*@ThwtWY=n3;2i4?j|Ri6$HY#9IVg3Vv3>)XBPg
z5%!;lEZCT2;I*9PS9q3hc+!C$HBUXC$M+5Ue~npJ;%$SR?Ce_LEjOHMDvnOtXzZ(j
zojt5*<nEqo+?YZdvcU&DoygrjMF_NPrFvFYU$i(_Svz^HhuE+o81;^Sa#Pz64iB%v
z`BSLVT@5!K9i67s;ED>Ku2R*NOeKt~-oX6PAMq@|0sd9VNz=DsVO;*FK3hTns%B+n
zArJtLXLl#@lL8^(tAnhrrh+wkKdDQs3TfPW35)R8M}&qxgjy5PwCrMxUKunNL}avn
zOihj4-gZJBnSIp(U>N0oG`W9I*ODtQG7M?k-rnx5#L3Fq{4J2+q$r<59B^X5X%Y{B
z6-zWxeo1&>GI;6Ir5-4Lfl=Gq*xPdprxm=C#Ao}x(ss;Y?GG<PLQU<8kg%|-p&@Bn
zPC|prvRW6x$c#f;b+uM~1OO_4Nw-?NQZD>tPHo9a^}ClH380XRy)7RNpWS!}1XLz=
zc4CPq?iefpD(ud2x|<_D^L5yu8Gd%$S$GVbLME`v`uh6uV!lEeg*sWINX!208Nhu!
z*1itA2z{6Yi0nDgR<o`O3YUQJm@d@=BM{*~N*w}DS597@Y$EqyXA$GI?e5~jz{jWY
zI_R(=?A<$Qb#?WoqXh?nsH7yC&Fuyj4h|U~pZXDc!1^F(L5S)PLvbIL#?HcmjSIsZ
zpZV8Otbmyt@mz1UzTKp*rlz8)IlSR}-3s_*>*1nM1hudm8=vi;zoox`hn2c}?dnyd
zfm~I(&b7$~8U)X`&oEtyA0=;S!2-Yn_0kMD65t&d*xdVbp0w9EFSek7QF#tBhD6io
z%ewU*rMb?Eied3nJw1r9)>lJA8XE+rQ6r7M!k}sxT|~pPNLkBJKX4M4zXme~uljP-
zW*xJi?v#P~iXKb?d@AJR=kMP#Zf<<Q=kRu7mrksSKTwzzRaMrK9!Gm?Konwx_hcHE
zuNyT=D%t{UJNxKhvzavW%a==a?i+j8H5x~3`1ER=q#vvSYELEXR&b}@tK4ev9$7#z
z$&K$n-ZOcN9t@zWtGEx#)>KNz)@DD~kgt#na&h&V6LuJv8Uc&?(3&eIHWpvB9$`^y
zM@Y$WweWG)?bweW1A#zHy}1@v)+kxCnYM11os(nI{D#<F&GxYFAuqleUy^jE+_Ldr
zn_2mDFl5Q74bD5$T{C#dyLaz4fx)6+<LwawtPK0})af37OIzDs9mxq99UVzdKZ}8I
zvND&O$yXgL4~m?bxAzVF#?V%N%$1-tQfZrXryiI`At50iLwsUl;&^_01Bs)-o}SAC
z>r4nBIx-6jyEeFiEd2&tOUpAUgkQ0M*T<9;5Cr5}jsjN(ys9yn5W*IAP5@ByH5k3U
zf&VOkWvEC$?DOYay}UHQ>;N7*<9xtn(uN4Qvk8F%yKaiBWW%YrzAq9u{Hd@69udo-
zbyEz0HF@=0+Ufmi;eo1MmOoGt3cD=z1dMZ(!4@8g(5ZD{2}p6Iwa5Dnob)Gw)1k=7
z$l>suXPTN=S|$<g?BwJ_vdetu&f6`8x(SlNZ<kf_6}0(AAOi^oPIXKBE<5|R=eDI<
zz^DT2Sag6F07<_As<6PmY7DHlPS(h(QP2}z_q-XurKQEAV*Cd(igfl!T}36}%a?mw
zI+m&|`ik~}`~BIEo3ZN|e||8QL;vmUtTC5Ead>c0aBwDsruImBO!X5MSlY}_Qd$6i
z^Br;qI%$8m|A{JaMURvCzS;0$*EIlUCt~;~Um=7EBrEsos07Q)$_BSHRCrUiO&#(j
zJsy9MRbb7R#9LSfi5sn;(>d7ZjdhHT8L<Q<kb3JV+{+I9m3evcaVBsc$WvaTQNv+g
z_?g#=hXw{-!%KHLY8tYoonFirah;5L@kyu$9W@Ez%cxY#g*qpF5+;&Xz#(l|_xjR0
z_uaavGS%8VBF>DS>reINs97+DEOSy)SA|w3ue`4q3A**~R&M{RhARsdXj^4FmaVz<
zP*p``dMohFI{sLo2i`Y=F)w~9dYhz=ALn+oR1x?`aGu@7ijc>q(PgWFGa+B#w~7o;
zRx}^xg&FJ{={^ZWf2*{w-+Hq^^(&EA(Rnr39lKfl>l4teXjNFekLQP-qig3vt~=hg
zkuG{;GCy@J*G`gCzxFDi$XN7K>||HHm^2ivIRtxji~S7i&H(Ax#|jGHM@mg#hR#E{
zfhp}Gumzre_TnSp0U$URc`!&TE0X}ou3~6dJes|ItbnL?oNEhkxwvmM)<pb<VC;)D
ztefoY1!Z@0xl5h_EKk;Oyd<+BmRMR^!t#|<Q0V)`pVS4bkLJUN5A|X<e`snecz6oe
zL=!mPMco|}1P%dqoDzsH0<<J9uCC7qzdW0jm+c765lN?6x>(TGCZoESr5LyQ$GX_^
zl}*WPpshF2-#}Zai6Mn;LBXgv{%ol>_<xzR_+f{EY!7$IbDtd{B`uu}&jB%Or62Ek
zL(CvBpVigXVuO~j0yB6qRmhXB4fW8gk>aNU*i8s$>EfgLpMt)gckOexzE$er9T<&)
z5(A_KAsYI|#>S~A@qr*8BAdCkcR<|n+3?Y%_-xB_`NH$Ui_UIYzVtCUx`$H!oRyUh
za51DkaUA-W?!JbQ^S!y*ajEC#Ct-IISVkz#8?RoHRuYd(h>d8Zhj+7Vgch&g_T*;>
z+y`$)1UN7L_WU(gVM*Q=NgoLeGaf?b-Sr^YZ_s%K@$pnZwt4GU=I3{sYm+l8?;iQc
zmXEUOc)!JNlH)bbi3Bt2lMTX4-IPRE>1}ALU;3033fD~(DauW)xvWVV)VXz;82Qb%
zgx-bi&(X1T;b8?|60v5H9!^jHwWn=W(M9vH6N}<+`Nm|4#OOBIf>r|L3s|l+@uAOG
zY^Z8&ZH0N=u6Y7tfop;L@MO|DI@e))r&5V~aP=S0*bTIeS+Ac}u0ubfPF1*iZt{DK
zWEg4XjYJQ6EpgZ;m->VlGA6;yCuw>(H*&W)GSVaT<v;*g7xmwWhyQ!1`TxaP=U0Cv
zJOJ*x39H}JnY8+942qcA!C)M|*RUSHS@0ZwGJN{<bxFy6;C%PlnW45Lq+q+?hPJqz
z2w4yJg9lsNot&8K#v1w8V2N)Nj6kLI52Q0kkRqoH1!r3#ul4bp_$vkn2M4u7^9K5g
z1Rzm+17$N%I$bXQQ^)S)pksr4YYt09OK3{-1J8oPDSS1eU8Tfh%NWtr$%zb~I$q$1
zJgYXI^2;W!i``4=cQR0771M75KqSil7^ILxR|ri#a1dBXZy73&p7RXT^W;~q=pkAR
z0hBOnY&CYged|^=JaQ{H6q~=CQ?ogSjY}<JRXa57`+dDR;uOo-5k=p>OLAeAlINS|
zU4$Aq=EU^%`7xd#qx6e>EG6~2+v{%oXv44idJ*LO-S)nzO5d0@zk>0qMZa;_u8!$Q
z?NQakih`30$yihdE;B&UlabAA2{N42pPe2RK~_BsTb@2tc{e92fq)+SnV#)KH8?Il
zt$<)*j&za)8DYpr*@SGdgy<->?7Sz4+ZUoOSBz9})zifi^o#sIsX%F)=<7ymd;9J<
zrt9Q2CJXAU2Zp0X-VFo&12bP7#Ped%xEJr+o90Kxc=?Z`7F~oyCrRxMl_w*T4oB|I
zdwD+@i0%&Xnv(bb7xK}^)fBDq#C}|S^Ad(M2efKFY5E-9q&3`+eP4MT#qLqWPrm9&
zuC=khIpb6#qHKpbJU4ev-M(3Ozjh<C*kqNiZylFKH!pI#wu+O(u)P^zh@)kcN8NB1
zr{Skt;`;4PK*5irxPfg90u@sH=?|tz#8ORkF&1uPd+_}GxnG|I`%NamVZ7LKD1Z|K
zhwv_NpZR_s(d50+K!BjrRJOLZ7VS`0R^GeYJ~clNs?A%sZZX`xeS4aax?_!~BbC2n
zYr9e$ZXqox`KtZ+=SOCO3SWQII$flnDA1|kmT&&S?Dk;5U~oVXU3&Zq3ki{smk%{d
zJlZlSdvWm+Az>@3IhfQ0u&D;SxOEaJ7W<!wzx(q?r{OK>MGzQnVSxEW*NubYfd^Mq
zRP1^whW1*tfa-wPwVHhWW>FkG8hixmRxEOOfsnA@=i>RKEAdU@jjQ!RHz$%^2um~#
zeXmJ$cYQb&Ioa(84skc$4}b{--p=!<92YTec;^0JD=RZfN-o1P6svlstDA56d|W;m
zi|wGPQbjz=x=qjDV`9SNh$93n2|zuuIB(dIvB;Gx64LJyi(W?Ln5s^NZk3(1y!^#j
zHtoKR+K(a-St;PTrW$<>bg2|D@)w0L>jUuU0QKdWqkTGl{E(28#HHZS%S~uB`u0kU
z;0K^lJP$#b_W7b~R^4(T>lYRGOpPMF(VR6r(ZXoReY%dKVq&rs2}e(;0Bh0iKXewS
z19+)Kiw*Mr-e?n^>+hqYF85H5z-_RaQ>=ACK=p8h@Iz1$PPPxBriO-BI5RuIC2Yfg
z{@klo?=Unlm<*U))lydv%+0+US<3AHaPD1~8M%ohM4u+mvA*&>+6(0dK?zY#|FX01
zyrM*dkKt{=fR|k|3JR3UIlX)yDy4`}gQhESEw^rBz5P*wJqVuLy}rM`h%?2yzmi`J
z;#3NNV|@Mm<?Nov<ovGt5Ux&8ODA=5g_=6l6*Uw}Axcbq+&z9v)O0gthIjXVlbjbA
znzo)kgUaYu;dw%ekS*@h#m#hijA152pW^-XpG-CX*IkJJHDNm8PmWAWLx6l~7QMeU
z_a5*IjG1dWz*dMRC}s(&??`>N4j8rJgA%IQtUS~bs-!odJRP+ea_*PnIk&X;V*ODt
z$-fFzAC5T(0Tn$xHiLX!^YiD=V>N@hs+kV+9oG<|FRN|G`1I=B9@lHwj8~IE6-Zgw
z0NgQT-qWxgt`!d!-f``8XbB<9NP*kHM$C_pu)#nrEd@KQ4PR1xc8anT-lHlmfIWXd
z2jI*v4$9cJk59xdVzqSE3Y5f%BK^8IFuhR4k=X(LKKoUu2{8@(5o9S^P)>ki0}{S0
z&ou`D#O~{S?ryX4n<655>O)Y%wz$pB&Pw$_5MbcoAb~Oqu7T7TCtEiF1T=WC-=hVw
z#sXQ|@av}4(Q-%h%Cjvm;QqC~T3tgh+`D%Pn-g@(N=t{ve(>@|KmiQWv2&25@f7QV
zVg-9cQUqwV!T?&>@`A$7xDFDqYKtwh-sub!RXma$Szb<_Df4bS9_suo^B8zW>u1km
z7L31#kTJPTagd#lv%{gFp$P-EY3fdUICWrbEJfrpl)eM`3g5xfmqCxHqb+rd8DuB<
z8ikS|ZiD1MJHZarf(`=ML=%eJ^N<!^*#WgsD2NgozTARjaRyA}Uf<|F920{7rbz$C
zuz@!*)Fb`R!otGHt5nz^mxjbAku@mY;##53*MExTTulayo9OBO95$JPOu1O{3i163
zyG#bgKAJODvVXT#R<Y_#p~8Mjtl{k)#*3zAX7~+C`e&SfL1?$jmJ)JnYe?6AS*>WD
z6y1|QD|IUvQsRk@1*-q56Zi9l5&&_!@C3$9&CQ#wzP>4uk>a5u(h7hAC|>CfRxkYp
z_xz6;hbH4vA{X8e5%>tIcE&q*@Cit0sdDdKe*YJrtqF7>j+@gDv6|u;2a5$kS`xT;
zYf;&<AwlU5l06Xa0WgDgHs~qC*0Tq#25n>~h`WCO9&*tIT+d9mV;dyX<`_O<VcqD$
zqF}GupD+4Wk+2sIurf2tmLpeewF@<{BXp?m^$wR}p+AhKC2`&Guw4~4pe-#e1^j#=
z>E>41J@@#k72XviNQyu-i3kA6Eucl#3&n;=IuJTbfW#Tw{eeY6JR$uatFp&RqM_=I
z09+@tw)PLo4NBK92mV^{>AQFDKwBI%VJEAqO4iZY+3NQ8?c2kFEZ2Xu)WKb5JMnR#
zUIsT+ZQQ;;g|*}^ka0jI7?i`Z3N@P|r4>l?EF`Ii>7aTi0~%*0E-tb=A1`9X&&7i;
z0XT@j(gdepI{(zU7w2l4m@t7{T%$niWwNmQccc4hpwEWv4Tqkdv4L1F01WFW$*EU;
zSvg1jm-=_x*0<LX2*|tv$_hKcrrb(OS5d`UrMMtIHmEY;OCkeFw9a)<P?LAY!n8q;
zMENQxqj_DIyUI*EeSYT`70KAy6?qgMj{#+%6d4-Ydu|aFbJEEmG#-iAu1!yW$VLN$
zbUe8JF44rC=X&qtBuUz0JiullCA>*pSlLmjNxPIb)P&?`pkrF?FJ-uX;U?*QSJn#w
z0;AF7)u1&4NsHL9y|r~<uLY5ZH;9HIVKp8D(B~WiBBn{-XL*B8(x)~y1;fi=cKpDH
zuM2db<R4xJf)U3aqs+s@6JnRPy_i3*aEoxlU%5TGPv3<;6|e-b0PE!&H`sAyVgJRZ
zwg?F+sdFIC;oXVRc*9>)Q)B!o4<y~^%sf1*hkI1)7nKvb%v@YtJd(}tQ}M8?1XbN9
z&V~g}MTGxPKhTW~l}nz4zm{FzZn2~HKlWV*2#5~+TRQ9)xVFwE?6&5}P&YA&+91At
z=Z^8lWCIpX?1z0j1X_u<{>(T`17d@Xq6h{dA)Wr971W>_W{cT$Q}p(2=?5NmUv+rD
zeWAR4e`D8A(D0=aPn6^zTy<qS%*SWc`5ixhzU(r4BqM`gX+ISK0@!Aw`xb3Y26FQe
z2n4ky_V)sSbKn4sh2LmmZ0r;9k_B#j7yoo{o`;v$Qs));_+@4<n9}O&m(sfDOu%_&
ztr!rhvJm=<uHOSE#^b0G2jT<z5qQ4c_)!^yX@9|elZ)#;-T{xrYiwUXwqwKV8(>(?
z5M1zEIm>hkHK6XM74dLL%a`Q&3#<HX9m%W5Z_gA43?T<JAov|BXXox3z{3B!t*y<<
zPM;y8?$M88$v0}CTn`Le;&9WfY6@9eZ~M=h*8cm6cFc<Qez6~#72ap1<|5<u@Bh*y
zkhqA3gdB$dQ)~Xe&2~XNO(0Tv6+euUtdVD|4V!RfFPW6w2Hk{*jjZnlYbhzO_jj7G
z(%&46k6_PW)Z6Es+Mts;f@U>2ezkKWJ4Z?Pe>!lA<(;{K8KnY4iulX$JF$A911UTZ
z@if5+o4-5c6AwW30D4{;#OBj+i%4{{fgt<onr-7B?B^g6n*9pGAA=lm%m~##>Jld7
z-TP1VRwNg@?3B32!`d`wTis$nnKQJwhE>9V_){ht^U9O<Q(Uc-1QK*USY?xKYrR1*
zs9vN`B8w6jv%5iq1QHvLJ;S`>vNcdRZFQ11O18(!9<TGi56AZ<Tm?BuF9?4p^{xbg
z&}3#mj-O}81VqN$E${!QW+`n}EzYbFURng6jBCn}Rrw-|>F6RI4PKhL-eXZ;cO9O|
zlMHf@$dIA@)Xv!bPJTVYUV4MS4y(N>^=a?26G0;7%M1S$H<FKmu=x^V7LAPaXOH!^
zkrkz*<yBJmN4rg(WT@M?gNCTL%MGpuRafAIWiJtDt@UyruJ@Khm;g(IYE{V96^*w#
zs?V4~9E5}LFrUALl|ErrSB4^F9N!-|Od{jyT7(C0WYBeZy@iJigq!Z@6oZ27a(b3Q
zam9MA*&*nOWMPO;UrKyHXNA?%AdET!o3YB0czzI9S=9LHmKSmwgy11Qi-}y{@atvK
zdDdaw3WCs#XIVC~4HGahQzeRhI&|Hv_S{I4Vg`>sLn~-lHkDn2htsyRX4NQ9TX)ku
zPC#6B^_lA|sJQ0zQ0z+F`;$R!)>Zf6COG!_b7uT%^n0tue!g>j#%*4){d;S+k(S>+
z6E)Ql_}NbwWuzOcM80hBs6L;}Usu}f_^dyJ=0QfzqA<IYfY7PfUZzF8o8qys*{VY%
zMX0x;T-W_sx=+>(^IRvORO6YyH&DnXdOREIP#`)`VEK})SDa{ttE8_M1?sX2sx#Ho
zfD{MyTIH27RxuHG{o|vq+o~2T`vwnA|JoDTtVgRRZZT(#2W?@jYhAGhezJm;mg%F4
z<bL&7w8)jY{ycZ@gmF)0)8t|O4XirdU8kbG{%<JLma;1W)}0K+cP<anSy4<BfVDC$
zT^s&~6fN<fv8`!RTkztOjRQ5d{EA)dxnL6>{Tj+&b5a2-c_1*Ns{Ax)<L$2FA~B|%
zB5*~RR&#4(-q4vLbzR}+iD0rYH69b=wyBCc=zM^~zK%s}asQLX+5i3+^q<|))&4G@
z8c1%D$Mc-fW^fLnl*C6Ye%Ko+S!xLZXn7Ks6$lRh(?$Q;x{bz1N=ihqzhjYfz-QB;
zIGl#|7i`-Zd;#IglnsrvToW(2(U!gd^=WG!l#i{^q4F2uaF<9}D<d{*D@J`8R^=={
zhGfvY!2GLDgEFbiXyXup54|;SaP!UBQjn~80;?nzc}-OXyI1seg0e<WBmY_bDeyzQ
zXOp$A`T5z|*~3m)W>n$v<7>s{U5WFDtL5F;=2&!}B4_9_XT$CXR#w*hC#X8kxY*bQ
zt`nd_FL(N5VQuIb3H1boCW8bEXq%k?bvj(2U9JaEaS{KdNAu!oR(7^mVK<F^{fw*s
zE7i(kG@hsibfgrW9AU!BqD|5a3<WhNhnO$nPv{tZ{rVN!tNMKcQw1C)kB?-<56Q4S
zUm6-i*4n_IVqtNQWawxDSQ`-lMQ%UvcRiDnlR4-?Y?qX2XRN1EH)MdLHu#A6E;Gmx
zdi%aWLzpY1h0@TI79aP&GO4T`q)+`j_rCfuw0GEH_iiI>h86%S_3z6rxCm&zfy#q0
zZBeVWr6nyrJ^jg%%+<S~SL5_QAk0=um~~HhmamZxNy~5<G|=9+pA^~p15J9sIhoXC
zXWxOAyQ$tog{8a9S>nL>Lg7?0wg&A|y}wYXizp~uywEEFaT|n~GIolv;q}r)q)Ao*
zh-%2_={aMyp)n44Ed&C95%QxA2LWjFq3YqfT}xg|JnQb}=JjbDScdNa{UZ=yZA1XH
zAP|^(Lp}!VN<*cB&uE>yy+mQ!?yd`<H{-p0<1EknhKGhF;?^QZZQ3%V!&*H4z9FWO
zto6OF<I-?x6iPEsc*=K>`*vZm5VW^2WaW@BxYHU)Jkh)_E<Uxv4Y@F+EEjabGNAFS
zDqu^)jbXyoKN=mgp1}`{C|3Kmfo<gqXws>a^3BqvbOL0)+G8uj><^Yjrtj&uy3T9$
zwAhrI2%lEiO{u;pFYjfq#kn5m?|{nhiwd3;lI~V$Kx?3HQL&yQD<|jhr;yUpQo5Jp
zaUANv2}5Tco=#=)dd2Ew#I>Fs>8F~S%m(>&egCs{Fy5RmNmWPZ&!X4m^O9AFquxlr
z*U;=SjXXO-`f}_*)$Q?#b`pG}YwaR%&a;1Agpv((m4S%Uo5WO!_4MmF76*HsG<ajY
z)-JIG4s;aaLaUwq<=Qy=`&77aW1pBCKcJ+=PLyA%<isCBQqtjbvCu#VU?dU~`h!Nl
zE~;A;Lp$k<(Z?30P_AC-zd=GEcJP;6DUnA$Jm}zKQc@T|Vv&y5KtLZ6K@xd{gc^ss
z=kP65CUDNr#XV@}EcHEdvzcntS4tB17XxO3gihqb$DgkuXQd)~6HsT_$RTj<k$=bf
znidP6%}4+cW_U|AYI(2q{QMfLDIX`~G^#0GRr(iN<2oi`Ys(IKWY73`IC#n&fX`IC
zR#&ka#2MabDA&OJyFz@jJWrQT4MRaX1xlhcj9G}qg;{^>?=x7Q1m3KVQ1{>eg;9C9
zN}g|{jz0S1dU}zfkKGcBbBM@(%6&mN3njxM*gBMm5WZ=>dEo6s+pEH;A27eLaCjnb
z!gyUsa{I-)k&2(`Q_q5g2|LU|e;33sXzaxA*$MRO*suhF(C5#ev1z-Uva$?lh7eOo
zSNpFz0KMJn04BBxz=4+H$S=B*9fuwE9$%}f!cvno&NTcPT*peD<3Yo11g#+B&{&N#
z^DndVk?fx@uAuT!%cq%d0qqvyvN%0Hz`0?~s4drztA1uvik#B!{`vDE)G3gTOFQKH
z%V>K}w;)f(kT(HVgwl-;=}LM$$0Cbu{)B=xTqg4ZZW=RHwCDW%{0P*E@tXSj?;tp(
zLv;wJ8;`T})D}Y32T%lC-23-8J2Z#D(PjPo#Gsg@B?;DY1HRqZ8=B~_rOM90OAz@)
zWuMRXvr>Udq1!R7wpIwTV5<fAEd(I}mv*Vcu|2oO#u*p7fZd9Yjz;XaKhb6t&nr;j
z;J5`m@)~deFu&uf69b(GhlRd?1gd6l2Vj>vlnE+I=7izvd}`<7w|j^%Jy1Uwq}G!c
z$fh26Qw0@IAvMK&+mj?vX50x<RjSLehZ)CW$SNTa1%F<W6rv@8=n_&C)mP|*OvXh(
zOAqk$F9SM~p??qBQha}_yVn$G<S$9yE9Abdg*O;in^!g0m<lx`NJqPTREJd?^xWL|
z?DH6wi4PI#bWb)W`<(nM;v_9Y|G^~KmjY6P3-3*EV%pzfZ3g5Sr766Ng$@stu#Z4B
z8ec5ZG?>~rz|O^`$~JfUIvuJ*DCz0IXXwy82}+C=<ES4Tw<c_%I`mBw8IKLY4}Lg>
zOT$)HUfwz_Kt@cWMl?%$6)hduC{hs{A{mIYKu{MZ6-e{{9dC7Vwl;37^i-1$f3y8n
zI74_~by^@>OoUECA<INTsoZLxi)HzHxsY1=M4S6Q7HZb#>QslMLOUzDx-=A3%GTce
z2u|$!6Dv_7KfE6MV|Ln&yuFc#^Q{&I^>a3oR}7ics|0&=8x78!_KrQ7-JF)(4>12v
zDc2d))V4-*;R4b{1*GN@1j&;sT?`;ikc$+l0trn4LysUG5kr+CRXPGDbV5gZi>L?z
z0}=_niy#IFz1-uUcjx`Nb7$VKGjq;9-?#T#>)SKC%*sI#1bo1!D>mZ)(%S9sO;yOs
zmQzBA0q#@&`%m3uN1V>>9+Wgn605G2_)@vNi>VxDS?4BnlR<V)`4uDb@s%yv3oC0o
zJ0MQ;p!1#ObM}U`{e(bpOu%rjtTQJmGcGiEhx{1SbvnTYQn$);{HzLmt~qjQ^#>zk
z)c1n;z^iS$<9-G2HXKEiXwB&EnsO?Ecjcm&F*Ntesx$I!SwJP;N0^EZATcSVRv@aW
zGP3g~-|3dyC8r5v%Z<!9=*5@6FBj7gEf5h+{e4If4*#j2tX!I<D(?Yi^R$lN;9H-U
z^~I;xVmXw*F#^GG55H<O-}z!6=FX6y@HkEZh-GkO9qtV}zrkD%0~&xplvduPCEV*!
zXC2)oY<^T$AY;*vVsgMLvL4R&B}c8PC;oJ<)hn%n)~j>gbU7CYO_%A{i!_<&NXvyJ
zklneA^?p=us5cD6t=yX*9+i38RC~`TeMLGaD)8os{EB(=$f!&KPbY370%hS5i~4p{
z)^9d}k%-}1SaiO^Ywo3kssj2MiieEA!#rSA!q@eiJNxH?=rGkCl8@QDc?Dv4o7l%B
zrBolS%WODu@x~G*PJU)M_nOtR0q}a)zqU4Yvtr}Rc_RtBsHk%{@L9>?{c2W6V8mri
zIsVsF==`$jfMIi}-jUuPsC$|JGMd&`05guMS7~#X&$>bHbzCuyn;IlL&L4jqgbCc{
zYtdGt%0nMbs(SN-e6CH-zw!}28mKc)Us3l!TgxW?;43ODgc*$sRpAkNzYr%O$l=UW
zn)9-C!$x6<kIicV{tPq@f(JY?N>iUb1KSUk3D4_B(EvJqgravFvd00#3&QKa`7IZM
z@trLQ+p*10=lKpY+4y$bb|33fm-t#Do};(1{3=&rx7w<dXQITT44%VJhFH88QkRtF
zI%75z;*>Dh=UAU@v6B}b&&z1AE=?g30yXL99>c*h{1&A*obR-cnj=!?pC}t5C;U$R
ztx-0%9Pm}a&-Da7Lv`dP&fjw<S1jB?=M3-zx`nZoWp5pXEE}86_EmQ67k4|D<L@r-
zTS?J-CdPD-6-hOKisWp!2>#;9w=FZ0&|`uu@d=JA2r}r;NxKIDY;9pJ%=x*Sy{l6}
zmJb^)?{0uQRF?Mr$R`~qy-!90-AOy8se#|*cxHxk_4-Fp=`DZu8Ue|)JkWfA`W_zt
zp%D_#L>;WIHW|CcgNzyGZ{@t)|088XXaELU4fPbBe<B}!q9>BmPWv0hwj^VbsScq~
z$Le;HgDu}aJm*38PBYX4nJ$?#=6@v$M{n5z;{rI>ELzxK56(YVtrj{RBOb*{!1m2;
zZ-#2wH{8A_wA7hY{PqJz*nTdU2orNIWp>ps#Iu$lB1=WyX}j)vi59K*LQ#fai7pf7
znHE4lhfKJEdEn(`Zu!arbFuD*kccVVGYZ@9cJT^lFW=pV{EQl8BffdNb<(%_=;_o$
zjx?lM_(cGy;&oRR#+klmF#}HQD>p&e8kekv;*%?);)bQ)M!3F+ECS^#Hh`MlqH@$s
zs!%qO?+Lnn=pRBPhvfxBYYX&xjM!4=X_KpcL;nu6xR!zxm62rX(mJ<#P1Ls`so}a{
z<#;5v{Yjyz?h#T2W8(qcHr+F`K!+WSk0tGX)TCc(Hj#mj1{q+j4{LxLBcib4a65lC
zSW%f2@<E$D84wTYo~dbTTgs55=moB!{<qf@@j-PbvLdMmsfQmf>|&D;4O8mh8|;sL
zs1C==MV=g&TcgIur8EJQ!N*0++SSGLLzdFT`CF+*0uF0fx4^?CHm@^R%TOH%Fy#P(
z*Q^lHKt-f4DI0BUJ<8MYgM&xJ8$JzXr{p~?Vx3Z&7-nr9bZ9v?R{KCJn)egBa_UTG
zm01ywk|_3^NOtj_bQ4@VO@aBM(kdeAM&BGHq+(MJH!H;nuLJIs*US6(lOL_CewECN
zyeprWSu&Fuo(hZ4LXK{3Lq`Yf&?B`Og5d2AiVa(pfgv-Q5h&=(?LqAB?Y&}wBAgP_
z)-D?Yk>yST(`r-by^j6gkQx2+15;}3WPYbN$2{l}qS8se&3RZ%&;9U_F+W-af=A1A
z@#dxW<p1O;ESopak${sV60E{jFmC27P+JLmODnMyM^73cNb1bYWoW484?6llAniCQ
zV4>fGK2!TwHd+6)_WnnIt^fZ=PM#kZ+ji`^d8=PU?|t~9Ycth!eG;2%@}LeZg4mb#
z_oDXZF>wr<SYE>|ZNfFq-YY$e`VxKSHo{TIi-hZar_GyMH&r;Ymv9dw5&wWZm+5NE
zTMd`EK{LaRbyXejyb8&x#7PKcx9Z@0D}6sJqz#6ymwe~kRIG~b&QvtfoPdsvw<Vh^
zrHJo$D6v`_?#vQ5>9w;9EAUFSP-yX{+XUV!?}GjSki18h(b%Q!`ZJazn&$Q*2T7gn
zhV;gTF|!&6acZ(vXO3!P0CYN7MiBI~PB{1H4qe~g>~2D=@}>N>UIqh2t<Krk@<Q8J
z10f*`Z~0lG7N1DcC%*NF-t%Udct#>$=$q!E@a#7J9=8@G@7@?3Jmz)Nx3lmNK6vC<
z#dmAneI$pVYaHS!eUKYhXgC?(m_&%^w(}b3w}{|7JC0~(qssWI2?Md@HU_I)f4v^+
z&A=n6uYNs(P7Y$%g0$5Nui9EFQlzLe9Mx%$G)ghChE$=iyrrd)a9hqebA;VTZ^GUS
zhlSY7l+!`(1>=CB#K<8I<B<|8eX`7@W(K=L$aUUoXRkl&2pA7VGm+9Jsh}AD%1%+L
za*iGsNWEO@sf7i8x-*YT5j*H%0J*I4cN@*-VGucJ_QaT{(vm{?deJ=@8IjJDQbG^?
zvX4QyVB^&#OMSBOJ~Ll}+Z_!`scP`nM!_w^?WOM#1vW&0nHsmrz{1-X-E>eEVgnB$
zpP9(jTe6<TJw)y<eXt*opjs`I5f<SnraE?2_2>w1?JpD%ZhxdSaIeH|mlg!qg%^C)
zFLT@NC2~tol4+i%F&cyHcuNi`qT9=Hl)^08ZACNP(8H;M<*Zbunz!Fi4=y-B<ht(%
z3`xPAvG^_`_xbU=T6<_;MxLAX^j|*v4Q}0T-%$am_8X<fvaU%GtPC_)v5f~L<MFtU
zsL)_UPGq@agMNo&b_Vb608Xkap#}a+arz4F!r94Q9nPk*)9EV}`-@bk-d#ZOM1x?^
zDwv1c(cOkaxavcu6GwjeiqCSqsd(64GKLVw@Pp>nxi)|YZ`O|#FS9tU>zRA;D?VQC
zH!`lW$2QapM8WmtCgZXtACw-69d}EO6uoHePAn)pW0}o71NeDwLpp<U7#N&Afe&3_
z&WP3`c8Od8j#~A9-5>k!p8o&d$NanI&uGPa4o}yDDRY25Ge}SSu2z+X-Lt;{mFh@Y

diff --git a/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png b/windows/threat-protection/windows-defender-atp/images/atp-new-suppression-rule.png
index 9742cbe0647e51a1d9f241c1661d39cbc8003867..b330f34ac1bb0c602e987eb836e0ae8a31d5144f 100644
GIT binary patch
literal 44437
zcmdSBby$?`yEZzAia~?Yph!t~NvMP(t<qfr5<_=bw17yrpnw8HNvB9jcS#9Im&DNV
zUGu)bckO+wz1G_MTWkOGaU32n&&)i}9ao&!d7ZaGDoPLVu25b<AP{(R52YU?5a%=y
z2yCxQ7vYLCb9fW{x@`AQ%MpRVZ^Zn=ie|&7f{Qp#a*8rI(>NDM@XqyaDXjf<Nk-G@
zp0kq$(gE=$uj3(H!gYd6(q@h(4wiOKmPlI!$>p23;QAHJbt$BsyMv{<g%cu|phFa{
z;{SEk!ORHr(Hl;dHf9KcJ%Y>d&SlIyPms@?T#X#e5PEiJn2%rm>*kh@Ce}vqQ3piX
zx8iWPd<k<|!^pwb($*aDjcPssuHpRseP;&~GX(nV^~ygVlS10qnAtiZb~|F~;MzsZ
z$DUd`S(_m~ulF${5H}EV()XUaC9O{QD(EgGOCGvf55H-qeQW>nS8GP&Cpk-hr&j(i
z-U_Z_+T%=RQ{1_%nnX=~))8tU`Hz}ti^r_A5`$O9P|sqjq-Q*C8QnDUtNJj0A=`6y
zDDMTbwUBCqeT7^9{XjYA7CDuH$*TS1xBZjjk|PVPBIaGkh%WAnbq0?~yOSJKwne%R
z&?4R29n(aJ)R#Y=8631}{27}%73?=+r<(0fDxtnpush3~9zEvt=hwaCGP(;9-j3&}
zPWJ;8TBM|<rHh}P_$Jl{D$X?cOP*q-l2-Cj5D*a&^(O3&pa}&{MK96Q)2E}~v|fXY
z5utIq@QY|P@PF{q;>ng)%!cV6mD`4s?{{~7wKFVb@jYYFh8yrCZ2?QgyyouXE2H5y
zGMjwe6t!pjT^!O(%)i(<OpIk<yep4>zR!uAKpLJ#R=E{sU*w|MPczb9P^QE}_^#i1
zmp4cP12mKV*{mC+&gN+Bym_)W^8Bwas%yVz>wT_PyTE0fc@qB87GYiDp;@yjls^+%
z=PuB1#Nf0`hMYwY?@rGgZJ3FY!f0Oiz1J1DK&j`~l@h?eZij^O2x80v)bIXYzGquP
zY*NGG=(8V=oDMkKSI@*u;StqXWDX8$@R8g6K~127(l3~4POUA>&BJZv(CXd^*ZEG~
ziRX;^IGdA8r*VzlZB)M7thN(zF{uWUJnVI6=_XW^r?m~-`3F_Q24expx}Sj)QwJ$#
z2Zwn-R$EGEkY@)Ah!?3Rzph1X99)%pd$y(gz;3o}!!$%0R$((>(Z=gz_Qg7{m2Kx`
z-*|VJ{~z@~8-La`s5X&VM{}i%!x>y`XF<%H({*)M%`M}{!@5%W>3KzNE(p{`vQG*I
zI$s^z4l!MoJgR47@tGGn9t_vU<5?X37=F+CY#?A`R;L!*e@$^WtQa#qvYhAKKJyxJ
zXTLdXPoCe(l<=BTi9K|SjNbc7SN-Zhd0l(x77>v+wUSHS%bZwA-tnvsYnzHkL(eZD
zkQdIB!d~{B?bV&4%XspVOZk$>ebFD)O(jbOEcbqO`~11GmFh;EpGw}m!tB4<vF*7D
z_dJJiTdp9(3;NcyH`Rcm>W`~&k@0bbox62Zh_WZi!7Pl}_OZTJ?SZ)AmvUzl$}^Wr
zgP2WYHN43?6X9R$+{U=4xTcoB31vV3?S(MD7!}gEf+lI$G9=nwY#(M;2r8XM{hFGV
znGoGhb>m%ksRj!%-u-z^WCKRQ<GJ=o;q7+nxPW#3*J9i=k5!94504Ee$<wVKqiP>x
z;q}vpO)L3pQU@t@?^e1!kArZ03?;x|kPCVFGlv7F-*vy2{$}mf%t;*1`xU>i*L)ni
z!H$KnKK%ZyddvIT+@ol{=|(ii6c*UL@q5B)u$~`2);VcrbNN04!LXh)t6Y;YK_4}J
zwodlIDfqnhQa3mzy=LRje&^k!=*?$S1J@BKuB~?Z6)=)w@aD`5Il?^^q9)+~X$E!<
z7Ubt2dExEdl#`}0*tNWyY`#n12qI2K)JIX2NGj=yjLPdD+{Q2~Iy)3<c|4ca;J<OU
z)iWJOjzwO&*X@nNebzehscz8|?3-=f|1{QD^c<McblP+`$8tnq;82}I#+7_81I0MQ
z(IF1<{J|>-7vBX>9@NFzpO(kRZgy%UY((uCLyAQ@YnGbo)*KUo`IjDFm|i=3K0OL!
z{z5R-vcBO(KsMz|F!edR-nUkWy)LoFrHQwdG%3Sue@=&HAANVPs4Aw2Zj5qU@03J&
zra5|wqIN9Cz;wU*=+0CFW`{eiG)()9IIWf&_IS=(_1Z<t9aqj2%kd!G(3dWdVYZo~
z5*wx9y)OYTn;0Z#wtpXOG=-}6AOoV4)(nF0aHt989doYpL|C6dq&y8wnp<djy?88V
zqCl3$(W;hSs2+4q2lb|H6|*@Q%X2#YL}cK}v+Ezve!GX6r_5HtWY4uWVC-x#*d9C)
zvvhA}D|hse5KXw24tZ~m#-&S-eV{WyA6gw5H>;pzR*a|u1Aj=UUmhxVp{#P9``OPS
z3=W34t|M?dml{TX%2y@fOvGF@^{&5Pyo;5#S6mo9edNDU_S-u4b<C{0&y=hEN;5zB
z+s&%;@~NIgm@$B@6if_glXerFZE{p+pJKy;3pzas9=bU_d#B7erX+Y1*01R;vJyoV
zMc_5*9B*-~+O^BYh{C=(DTw$sb-LZXxu!velcVFDdQEaWY5D>7E4AVD<c=|yCqnvN
zZDcfKe*zZQiW~1sOIyX(hWt6(-!zzo#X?w<J2Gmc5WgCHeTV;~irf|+J-I0AyEO&T
z&qt)Y?sWUiU+8pRO*gf&yiX;@6ti09DN`W?XD50Md&XYT6?AHnZU<i$^rd%Aba-GT
zMzpqyk8M4Dh#*a{8VU769N>%MuwA`#YV}qflQN7&k3!1uuowNnTPWWT`yOQ7!i0hD
zjiWrH+C8N`Dv7f#6n;Em^Q~r$cpU4HZt!?;D#1p^_jhtcM^BPBj68iJjtgJ>$!`hE
zT#KfGZ*tB{R#>?)w&b6!#O7`WZmP`(T)?+rrcVc3@Af=39}m=RCKEKrDoE4$lYuQ+
zeB96x(R#VTiVPF?;F%`<WP-C?zJKaI=zjT*{t~j^$#ur1yWhz@dF7NmKU-49X!8jh
z-fgpV&z|x3n}<Quab=Z>Rbn#4pQc<kMPEyEaDvgMA2)r%#BnqFO%2KC(Rw!DjLGKs
zx;H{8<QcVFcIE;Nu$R4$24x$>y2a{*GO%`hkGdseCp-?#o{ah%)D9ZO?Pebm*bi?v
z_<FS$)W`?fi==q0%N(>nig5G6e2<MbH^yD<1gG7Gi9S7G3=Hs0V(aY2l-4U9J`F5H
zIJKDDpRZ@TA8*iB(SB$4TfdesUCsAUQg-feK*s6xcO5q3bbsk2Zj;U2cT>>kK>dL>
zGJ7S+O-L=>Ui)xQ7xnwvdC1_VipRqF1?2;$JQ^PATvt!R&+LhPk9Q>W4{EQNTT;+R
zlK9(ZK+2=tN@nDlO$~$}TIu=5EBjvWs!*-b2g>7t^~=UDTq+*>`PXd}C=`^Ettz+^
z3P4^~&D3O6_b6r3I8<jVG#2Nvm|(51tm8(Sv%qtuOXXuUu>>)1<{X57^l!{wrJ6d2
zc)R0!n#1n+%6V-IIY%{iyAW>r@K8TDE5*~k$#=^S9{)B^|L}&9@r98%02MiUdB`7)
z%h4M-i0f6@Wea3R4#!E;dJhlJTLC25|0?M_nrDX@wDn%!OFAa+FU1^43o?{Cgk`^7
z-?LN%;Wo3)bKiYY%+}X=<zPd8qB~F)3p%>Gy+uHqcy^H%X40!|D(?V}19nHXhrDq8
zx}=}RV5;$_I;tmhwOj^K@f+;*WnMUOnwZa48p=CFFHh;RvHJvX6k-6IbLZ~fUr<fF
z<G%yhEE-T_u6#7uf8D&$=%^GGANCTaWHB*v9x-*Ytd477a4ZS$5^;3@aSp41N75Hv
zi)6$6rsDbgCDH#$FU3h)qlZ`gva{pyZ<+8bz8+hXRaWlK&Kq9Xu3tgtEsI_#8^f!c
zO5H{8d)2CGDbr_XKg&(g_`b2%u&`|=iu)xi3&*yMDk0NMGzurCBCN55aTKk_PIl?M
z`Yna@w>l-ipH~RE<quQs&0pKN*hV5!bL`{WOmfAe0PZJ%Mtsa(#*Q9AF~7WPsK|6A
z?ea5f{o3d3;E0F_GcE&N-M4na)Y~-=`*JfwLqo9;+S=MNHTuCwTU-2!iVC>}Dspm7
zKZ{(y`)O}cM@FQfvV1h(-*<F%JrjN7d`~qh&e7)CGp1*?hld^m!^8RNn$i@pyD>Qt
z5kv!ngJ~5N?po~{YHC<_6+(tbM#!o01LlfbTjhk4yUbAGm`!Kwn{;4Ic^-3TGOM<h
z*2cz$oQjH1>_9<DDLp;?oQa7EPd|OcB{5oM1+95?{+uDa)b4<X48|hL%E|;kfBx*5
zoD945AnZq$b8Nd`US8gtv70f2R!C$(I*TRO9a=|kej%ZDj{$x>MMXsmTU%LkbLRA3
zmRd9lIXzr=D)6F7)TL?y7J!_RvWR_ZW6#9awyWorS)Rd(C~Ag^ib_gK>h-upq2#!2
znbBlrrKpsA#_)=ajLd~s^&gJAs^7Ywtz_Lv?uv^MaunC0F;RcNM(3@!heo#^76#X|
zcJ=l3ec}o9PGh;^;pvHWcm0l|*SrZc;iVsD=TF=@VrVERUXHDW1&ytsDYZ*Gj@qhy
za!kHcOBM0X4AL0pN^T;z3qOR5Op3&<y73^(D)iC)B*_mvW;A>IV-qb5E=!~mz#g%%
zvGH|SId>L_8g#-q$LS7jh|&F%llX`&^5G4gZGj)zw9*G8BqT*y-=9l3YSD(b*qxG~
zG6i@(Oe{GWJ2*V{8REx_czFKWwQDS#oPr7@a=MC&p=r4GeSY_EzPW!>m^v(uhs-$X
zMO@3AgH{-g#q;O)t*qGYrx7M3CKBNXM22lFudGOUdRC>a!e-<?ANBC5qq}wMmP0%&
zS#e286Yl)l>T1*`{CSh~O8t`4_c;gnBg09GP}+NCI6k<xR-yv8z>Nr%lfxI)KQ@+V
zccW-*&A(-qXCUH6Gxl=UgO92W<-GRWL;0=_4t;jBa-_bjM_DKoUP(#GCBOR?NaO<s
z;vkBa-!4^V69M;cM#aQrj<3-MNpth?7>&s04~KMhb-gJ}7IS~BM0RAb+79;WE)jIt
z&rAWX)zsAFptap8LL5ZCo8LYcEGMm|CWA!g=QhmGKik>eZFAIHO@u$Sl+taj3Td<Y
zErs*mm@XKywuB6?2w0bi5D5*345EMJf~SI^`J1R1<W;0Jx@hC|5d<{&o4|~lS6#t!
zE%=|0xXyc<2=eov4{yN^Xt)_0viHus_F|9+x8!-OyGSHgTU*=AP}#%WMyH4#BD1!H
zhk2wjJmZaBNh0v^moV(8=xB<}p!NIPm)D#`@sxSEYIca}BLb@z!KdN=<vdQ#&NnGT
zn;C?hot=x0;Tzy>pX#_N$;r7J2YPy5SnyMR)fH{O?&0A<h#!C_R2dU<T{v0E$;E|o
z9`*V2!=LA3vcbhzaxyX)mxSNK$N5}1$#E%btt>5HHcWqu=QC$-FL+dr<{)}`_s0Cb
zg@wgkVd@y?k<ro1vF&D>$ZV6g#}ksY;SYwu4ecs)9gc4lxbZm%Q~Qs+uK)GE@*BF{
zLyT7Xqbff?|BsFA>}+FWKIR_S$=i(4U^q%y{RLfzhlg<|U-BOig$OV3D@ICP-C6K!
zpSy2hK=-1%+x?_4Dz`)^0=A%NR;HgHZYA;wOLJT~T_NXWq_6MQLx%SSesy2Jl7OwN
z_@?XTco3rvo%Iuk4RmxuEcjW6=`Nio43h5o`IB|wOMbp`MTsCqjul~n8#~6<1FmdW
zENr^r&e||DGvg5`1g94a2J=2wWYF;3UB&uyaKY8s_#D`bzvWCiw}{B?tflxWC71Pa
z%YADJkqZG0M0|Ij<UV<5W+(LLfFyrxEk^O^$&)8J>ZOLxe8el@Gkjhes;Uuvhfk)R
zL?cVN<Fy#uUJb8Ak5Pxpa^UoxdpAarFVLN|gY~YZXJ8;|uJdu7;+KbJXK^c{TwL9M
z+@C*hbMXDt$6;~J>fSvp1bG<tiOWim!LP~*+fk1QYf1lx=}$owB23%I^hScrrta?U
zMMq!K)9EuAO&H%Nzitg9lTrO;Cp=TSrMdP%b#gFAgCllnY3Uw6WvFEY*~}nGfty#{
zUe*Dn<*67C4^~z`#n)sPJ%Sm%*V62Vla~;ffa7(&B~L|LJK-^#Wbbpiqd2xZfgyv9
zjptu9g_JHneoT5nDT^daIaSu%yJpUhOKsY2q)6^3zA^hN@?k>(7h{3;FxihWV+mb!
z=Wuaxzb$OHj&#gEdpx&yG{<uzMtQe?LxqJQ68naWmmCs_?9jZ%m-9*dn#;Q9wxXFp
zTnnRC=*^IpW5Ta}<U5T7+KqUXC=|z%@ZBngJNo|q{-#?5jbXP)X8U7UdrK4t0`wkx
z7wB-_nZ>*Kx=5$EtV}4QFk5=5nCU$m!r@P)MOvSvUQA3(b8;!^lITtBmoKQR{(Ok4
zp%l8omVWi2?xmL*HM~;&{G-VQ1F0?{qQsX|B<deUEe2hu>}4$^b=f#_Lpd&`XD<hb
zMZ0nE$Vca%?nt6tt0w+<)L4qwK5^$JT-iH1;ib67!|7U3l4)rley_?Pz{s|#G;v}x
z_>i=<Zfe8)l?=sKrpgO1yAw~9QzdBnbvZK8Xtb7~S=RULrEyL^K0Y30%gtsSl<a7F
zZOjqV^E)XPO`11*DdSlS!*@^*)5kc~=<7+)QSA8kVoNQOL1-o_Pt%23S7B<N2}X7M
zQA-yWK_;IZv{uRePrUlv6pm%StYC|gv{Un(!x@^(_G5#CV7xb1I<v>vC?cZJdwV)c
zLIlY@Awo~-BdV*#+D(pjmipyl6*HXGbYJK0t_%!3ZPS}jZyYIb((4X-9I^TPk=kHX
zLQ7K<BQ<_YlAEzM1F_bw90l%0juxAd&Fkjde$xHLpY&9g*mZFG1j6q<Rujlb)YR9X
zEaKFiuMCx@=P|kczOb^D;mFKXSvh<<)5LZ<7lkUJ&QF`#qYcM_l;VFVSE~PQ(wpnz
z`xTs{!;{nE+HX&e4W$`a#l^*A>XbS<J45Bjb7urLLQEUK`8W!h-XMH8_c{Cd!%s6O
zpJnnte7KQu??C-M4Oc=YMX46UnQ`@F$nkSr_agPIa>MQwuBE4Rm{6YhNYY3Ac&}q8
z&Gt?r^X?79gT7~9lkd1PDcUv({HQi)I*j?5ZC+c-&YZ?j^rX4!LhM$iDL@cAVQZ1k
zyuHOw<6GtsU+UUfA|U?04Gm30p%nEMevXaVP&k&17d7oOZ&!IduK0Z6^*t?R`6XW7
za7&%_IJV75yA!wT+xcl79VVtbdan+7?i{-B)R_{Si0+`-C*`99laD6FN-t@ONr=-b
z|J2S0v<4aO=BzUWV98b_MB*n;BB#YQz;qy$$4p(7KZ*C!&>%bZsY}D%w$IA%ej3&a
z@jgk+op;?ck63QbjVJs|pQ{O5Fnu`I_QAV{+~m?X2)U`{@dKn%zUt}eT{?e`$GLEv
z({dZ#v*eVyBkB(`+5v<kJhQg(^5x680IRJ2irn?_iV6`a5o$-7_}w4%uW=+jw>yP+
z#KhiuAMKin(gJo*7qD`36W*S9g(;U-F8`l|;8Bkp27mqxHsmJXKACO^NVC+|9-ip!
zec2E|prb@ZO)YI@Wu-l=4D%w0Rg=qGpQs9e)fj7&kBW*X$!u<xr55)fMSQT-9+wUQ
z(E9`5QaP`(s!H|g(>LSex=yaHS)R_ARiP-kJ;4^2kZ|AKT?Aq1<t4W6m5`ZMS7+dp
z_vOpWbe6^S_2y72A#Nd|fCqHmq<iZV4d1_?J3Kn#;pcyYfx%`Mad3D<MXw-K)YS6!
z;Ikt&o@ML?YHCqYQQwxFD2*2v7r)K5$6_HwL`3|Hf?zO@BZhuI>gOM?awQlX97Mcu
zT<E&j&(9J}%!l;#t)q_3u%v{D`rB(b-ypX2dcg?C{#H9zOVq6)J_!j<l3TsnO!M9g
z$*!hC)4zUw&@HX1qT1fx=JgK?!-sjzetU^6IB*_nIdS&B1l?pwUs?dqTaK!#L|v(p
zbdjV%3=h=Q+8wT3y~;ttduO8D9vhw`)TpAV88_q%Y<TZs<k0Wu9v+leuU_?k!^p<g
z?l6gyMwM4xoy4IAD^^TzN!7!t{Sn~!wB!kYT4g1r>-u=mfkX;sfrOBg#Yv?mE%-1y
z;MdbxG&MB~l44R*!^0&GSu)TVI=?BhG$tp6jEl1JydUI9-D)?U`J=YBM{mQz+OU@V
z{QT^zE|(#v!g_mE8%9{~sghQ2cir*FTJwMvjKTg%KrQ^jklRAj+{`S4x&_k<hzfpy
zPb;=Rnux3onw~aV9V_GN-z0=5p|lzr8jiPxFgxvH?11^K=`AJ=%uB)l$;(G$bhh{b
z4NI&Eu$_x9XB{dKpLi<Hy(lW;wH`0$NzTDEKiY)7KN446!0fnn<L_XM70N2)!LR@8
zB~_k5UCI(U=Gsswo_TjlrxPw_a4XIJ<KyEBEqCGXVq0sso!$rkR=!V9)_BH;-9-IU
z)+&EL@RFcA_Bmsfk$I+{FO+d&8jzAg>sB*aoR5Pz_YyH~yO*77CGuEg-P6P4mrGTe
zWx|}3nwkbmA}Da^)q~od3@&e%*=9Uk0s@n%TJO?pP%_TerquwlhT?GRYs>6CZt`NA
ziQ-a#yQ8C80CrJrhX7@JMn{9v(r%8mtE*i@(2mTGuAtLPO0ET`vsdBPO@+f^6c-nd
zkW&!#{=AMKFzrym4Z#Vo%5_73Fgm1>mGnyM+2XX|ojW1b)zu0C_h4^A@L>0ID!=Dw
z<bMa>sU=Z9P@fRc&mZnlgEC{zcgB+^+$Z5i<ps2tL~4?<Q_#Mb#QAerBH`KDF)KyE
za%yT)!@;#)z3+{fDnl>@Wa6w%fICHMH%@9d^X#9a6Mtu|L9^;LqExh5i%z~orrVgI
zi~;i@FRbAAX>M6r*%_DAAa9mal8Gnq)Pl~LueEH#lY;R}?Ze${%c|4_kn(so1819|
zZZ$QPwv~sP_}t4EX=2+&hqJOBIg-0OEvD(B0?5<@Vd9lg*^f}Ty+4wt-kTS0;#X6{
zYk5CnP*YP=q`SSDx=5}xH-3X&dqw?(F`a{hBT$;YopS2;_JN9q2D45z)OU0I-d1rf
zvq7GG=mW1Got@F!G11XY9VC~|a|;SGEm%Tzt)rte&cp1HolV(RwoKc{j|X>m02Ucy
z$ltX(?N=HYv%eXs%smETxi6D1ni{1Bl1FH3y1JCKTo{NWS~Vc~<d)^-b@8Um%*>P@
z4Q%XDEjP|?{zycB`-afvBm*j7T)iVRlL=GVqv=E(&LaTE1DioaVQz0<m{xmqc!-Po
zxM@3oSV^?KT*gQldhUhTJOs%(iRUmzD6tS9a&oRhd14!Kx?lV=Mup|gmoK-abd6Jk
zZN%NTKACku&@C>08bcB)Yevtc9f0Nu=B2^Mf$VKkDc$7$MY8!;#KVqFw%ypzT#kFj
z=_bO_j;{kP#DDyt`YDx0I6prhgWeJ4<1;y^DPO`4;V@DU3dppC74<I^SD%&TSH!Ri
z$GQdv1b`U$%)363&O#b^v>hK=a(e3HCPwSt(1&bU>d%^nBE&vX2Qdri94fDOW7_Z?
zs6H)fp4-?&pSe`%0$UQvv%I1nWq-J1*|3L)hX?7SNY_`GT5zDE{7dHh+>7V1%5^#8
zKL?_%5-tMn-*o%6choyJW;J4d=#KTFwDfvpWF*gA;)*Q0`Q&wPdP3Zba}vb%9OgPN
znmqbj=A1<5Dgk8>LTS>jPTEBH1QuCLsIf3ToF|$`oiq08$;pYoW-Mzj5AG))TS6j~
zSt4)A%*&Tph<6h@Gmb@OjrnaIuYW;Qrr@hP$mACgh<<#ZI8;_uSC@L*ySh<{iyRk2
zb*;HHEIDc0#-_7ic$z0qNDv=tYG{Jf4P9KWW2y&FYha|*)YRmLk#oy~IT-sq9MtBg
zY)TRLWS?DHTZ={sBA}`<p6}=H-10QE_hqPB>h9=hM3ER4*4F6fPy2JmNrqf!sloX3
zvL5o#9W}G(Q4=%A$O~H~QfmEW?oxJkTg)8<?}7e$;bS#5KcFQLAxEgvQkPaU22uYf
zB0>-vU%x%GsfYQE(ilbe#KDRKlVN0S&A#qN8u2t9nFod8?TH@{w#?WR?%jKtl=2Yp
z7jPvGj*hb~(SyUo?VMB*rgL+1t(=V8FV0}+b!$8ZRs4N)i198>RX8#yDVZx&s86sN
zvgZGz1yFysxlAu4G~5%NxiLBLgp|=XIjgAd>Xj?M94d^B$&S?3)P$+=rQRE1mL}%N
zW}z!N26a1Vw-C5SDXE6{zVB33R9=jZjxwUyXdxOx;G}q68{N9BDJKIJn)U4v*^jqr
z=$-|I8Qmzs*fL57{hO8W5_#pv#=2`V5kkf%ZmCa^9Wy~xn$(h}gBieR!3@*b`m%K%
ztCC`<17qBPhN2Y~At5p-`(pZMCq_`sj`2%KLtvFIxA&D1$FF35_;A-{4y*a_bAG<i
z+mG5;9Q6VZS=rb^?$G||m~)`8{X~EBQAW=5?iBG$0Sz&FCJC8Frl#kyv9XIhRg~+H
z$|+)&6%r9DizMi~H(mq>2fwion(bz-FMIUiMU!nUVDAxv<mBXbAC6ZNX^;`Orodi!
zT7qj&XPl?bg^WeF?Y3AoDLUb<WH?|fRV`<d1K5IdWn(tvDif2FoM(C(8UdxHg1}SN
z!+27b(Rw_<MsO=-LO5`dVOVzPapgG2{nn(fMHp;m@n=uV$l##aK4VnNY=qF$x+!FN
zuU3h5+|)K>GbilyEbN9qx>A=DvQ%0|#s%Qu91_~+c%AG^i;Ky9D3-v#Th%>1?<6E7
z{Pv*1fADC-op;!8gihU=bi>;W(D#;xvAmWL;h5hQuUg;4gap$Gs2D{2^D{GLyK?fw
z-8Rf9DJfq8#c(;OeeRL)$WMrrZXI%7ii&t}Psp!xcOAsHeIAl((1WEqh|de>hTSR*
z3l6@5q2;{0ft$Ssp_#auVcx!K!hf57va*RMsjcFkbTO@%!=GRE-IHG1ooe1epC_vI
zx!_qbgQ0~nkmCo2h9sQElHX=pLQ<LOObiTE51nRAkH_~1_+TM!^f$cu__ijvUTJBc
z%H9ggx6M{jmDJ@jF_CI>!Q6j{K>i&dNwl4)O)UM+%*52EE(ids_q9d;u8mIr<ATAd
z-CF=^v^PdL9s(-){{=?<PaxR8zWY&eiM<*?2RQfVygdCr2O1h0#0$Xx0EJDwyr}C9
zxoK|xl<nu=+1tbZhE114gHI>%7EmX@pkQ8kE@0;IO6RK&!l(<yo;_6)=s>E~)f*CG
z5V6-fK!1R=Z$3T<&l8q~YU-)YVJFfja*3Q+)b7`}qS!%xybXY++2gw4J|SCMTi2SZ
zVn(#GVz~@T72>47YinuUjzq1m+d?fIR|kWHXs~rhvA+lE7#Lx^sW|%)^rLu@4V{TX
zd^8P}+>(;vNl8fx0fqB0{Er0%Jq|y6dQ=qHhF)Uhs62j5uOn1dRTYt(Y-2I;m{g|p
zvp9O-31pu~v)2LbQrH~s^ebza$-o2-4i3oa=x`9ffB*jVBjT3BA=FTX1qBEM%kA3{
zQv~?<#$H~!U2K(?v2L)jU40NvEA!w14yQpad+e7lU$79PidosLj~+e3op}4IR!!Q;
zS+CY>^iPdp39XDOCiUNOT{m=c8X(L`@i~&dI{fR`4cP||=EM$T@`r}hNy*6CHQCtM
z>^Em*M$s9_40lYiGM;`a?O;@*c&NE^lm;b>knQ-l<6|)>Vqbs%eqRhG!Yk|OMZeiQ
zEN^6#rr;!96KB#_Wj}jyYkS+I7Uu;#QnOT8Bw0y|3z$6?F0L|NT10kE4xY0D6acn~
zwSWA$a(}k%m}Fr#xW4}0Qw@!eB_)I0J`WhAo*CnYR$P_y?Z@ot=vVVOJpCyS7GeQ!
z<G!h>aGE<VcU4IdAsi~|dQT@NCgM_3V)~)1>z$e+kWrlpyGD$;Wmc-s&vz^q3I0%)
z#D54{yY77MuC0};s}M|GRbQX8s!_U(3=z))(V{{zAydmXvLf$w{S7FSa`RV)^V=B|
z)YK|gVX3;3?~r}90WM@&=F-L282X>V<S_1yG>4CtmR8Kv#z-MHl$m^9N(`9VYXY2Y
zso>^lXsgoUb*Kt-N3-o0x@e?cnMP}3g`lXFB~Oay09vMHXQ!#Pu>+sprcQbRV05|D
z()(juxYKP^71U@@JCRdUzpaum<T*eXw}k0cI$efO`BVAG$z29A`}p|#RW1a=W$mY5
zZZ5l)tdEbx{KCSV7mTUs^t}yC#&u&d6l&~)ih=?aCRezhL#mpFMmvL&a^uv`pU?Mw
z04>bU&N|eMS2(s1M(S6a^gQ=Q*lo`%iXAR~^zRN@Twnx2Rhi<{@jRHj)cEz_r(d#J
zbzVph4?WH`&5fF9T^d5^*xWY1JyzWJdv>w+BaHY>cDBFmJ?|V{`px$rlai?0>ldMK
zGFFDfL0C`K(vWfKD`?i%MnjR$GC>=+r|azM+U~p3BCs^KurT{ET%st6$#&+jzCAdd
zTw5|pDJ#udvET0G5FMp|%}9R_wgaexSblfHe)Jd)d#S8mosV9rHCD)2jn#18r@}Z6
zcJ?3Fi|gy_-;6~?M&81CjU7_wKpNEc2xDH55=vjq&Ck!Qj((MkZSU%e;fQ+%kqBH*
zs2JY`it(+v_98T@u#gB7QLH2POFk476nx{n_m?!zyIU<=-{-&#LR0(oaJPw9IQZ0e
zA3O+1QpU9yE{lotb&rXRG$HTtf&FgaYH$3tXWFrH@v(2}VDHBVW_#p+4!-?K6hfv0
zTY+DlpPQ?zPW&!9+HZ5yUc{~ns;~8Gh->xW`FQA(_pWM7QyUouWw4xR#1J|<HI=R`
zqYw<^j?3y@pdH3bVcXj`^$wkbX3uFV2p+I0!5|g?76}MVd67URJyM1=$ec}M)b4b3
z&j>lFQF9@#dpzd}HLZmJRF9Iv6R&puu-?8ML_vrQfVc<DAP@Af)78*-ov!vZbcRW$
znfS?p^w8{FWR8H6Dk=UD6A0;E6zIHz6!!n9j{jY5`j1~0Ga1lR;s@~2oP%@~@v?pH
zT!Cz44p25TOIfMSz{l{>T*17PHXZOc5BA?G{67}gNDmzJ%jt%m+RL>cKO7A^JE=Ob
z#H7?fmXncxV-{|2dDQgqbMzZQJnqE~`<JegH$ivK+y2(+&*aEfLd;jJqf4>YT7Sbe
z{iCncPRGx>c8ex#%Z^?3^k@M21Bg%sSTs4Qe;|%%SOD^{A}KqYoPq)iQLdZ!W@X!>
zCQ$aHzr$0tCg|{D*mw8CZs<&cV<4c~fO<lsaunjm4&ukd_GpR1!yV<+QSH))>41sv
zr@b>u$h5?C@cu5%n3$MwQ~dzl6&CVn$?EH;D5P{iIn2t+N_fQ&)9i&|K-4qj27n07
zCj<h<5fKzUwei5#HjmvG&?3~Ar9&8Tftl>j$eiRb#eMC2F~><=jR0pc6qxph+*3U$
zqY%)x;`X|ZJtUymAkS695K9vDJ|3zx*^fnoa;l_IGbM>Q%I4*lm61VD3aUj;GW>wv
z!9hkzPcd3xbUAz*fJ|9@8L?|ypVKR8ymuCbhbZ^i3%8WdMHoJNb}=I(gN>7!GSnFI
zvD^Y+xBL8*0!~ur?rLdKyl66&XHcS#C%&BIPT{?Up@OW2v)@*D9DUdG+89NBX7y&b
z3A%<LB_%a9Ha2dW19Y#Ts0i%SL9$wzp}jp1pzqanzJ7i@;Kc1jlYynRu(XUYOQ>Rp
zQCWCvmhfmG4ayUT8n0-s`d<xba5#RSY3b0>{}?)>>0iG-@ljVB<epeT(?c^_`u3zK
z@CMYs^62`Z-ZN=q05?G!so@l7@f8w7+1oobbg^tK6pHRu2&b)PfjsKAWjZcXTA@HQ
z0qKHik-9el$4rMXwTf<^gJ#wR1oU+bt*tu>a1B%*0dXW@x~hh|l+F@t7MplbWtxg}
z@#0Kg!#JKriNwhZ=bY}%N@C2&ZRB+vt{rT);lyCbIh4S^__F^OKhciNH{S10JvD7l
z9KldrtEEhlY_aXpOMe+Sd*T1UrT-JM>_7JZ|N6tl(?e@j|0Z@R@E#lbhgADdVooA2
z&9_JY!j1?`GzIkcOgKH`j@Ldnls`QqBXLVAkJBwFC*2olFdXw=Y%yJQbTq)vuy|LL
z4HX0%njvck0b$`lAUV#zzIWhmXV<gEbaq20<Z{{vmMf$(5vjo2U_irOz4oLaZ2g?}
z*VaL3b`*FYxg5Bo82=(#B~YWkpAYBhEpBW)0GxqOEo>Nf9rt2HYARRVu<!cfA_AeH
ztZZUrgoRLf@&sE(l^Y%j(cjeEeD)B%f_SmD1=@k^Y`}c=z(CLOLamKnu4>tt3UP<$
z{{<r|=7(rc8~_MxeHB@kp7`+k^=on(8i4^EM8hGvUB{*@P%HNcvKZpU`}f2Rl~2`V
zxXGi;!o$L5z$}G5c0O~AWo{gHwzk$s+<L%X77zY;ukaa8F<bB}L+(J}e4)U<-(MUR
zTjO=Wi%E8{9>9znT39?(s&ZVw2Xse-dr=jTGIG@efNOC2uRqfbpTB$o&QY41ys^S@
z;r9;A<Dlj*E?(BfrS!NfiSS&ANz_hzXLomdV*~Xbr1@Y#c5%GY#*A%*L2BIO{JC|X
zKVL$jP%&eAj~~DKYTgYw%{DVD3y()j#NqcP2L}fgEiKFV9S+yA=9ZQ@UWHun1P;xw
zt<iQni>d<y10U+@=wLB!b3DP|ZZk?MDl;qmf)P=A;?(8k=YXrp+pfL-3X$yZc0gJ-
zD@0@X8>l9LPH<1W_O+iSS21~?fz*RuWPn)@kU_cgN{rb!pqG}3szT&&IP~98@(4_K
zVWP^Fs`S>R%bjGUcxenPj{$Z`$_BF8>P0pHwuHU*|GXcT1FU=7s#HfsS(Q{55FEfC
z-JvbOXqU49H{M!zP)G68%URgiG%YTEUNwF~dI9Po6}7>hiMWR@E-qJe3dCAVb$);z
zsQvKCXel%>?)LM4&Tg~CAQF-x>vlE3A8BlVAa8CxgTfy2sO=9+W9kTQadD0_8Zf@Z
zL^esFOdiCHO-zJ(?yXb!5HSaC<W|mOx*>pW2xB?*-cJb#3Z_?Aj}sbHZ^2T4#nP2|
zu_<Le2@CIQ2Od+;`<wB}QrVr9)m3Y$;m@_WIqqnb(RaXxPFOn8ijcWJj25e(**Th+
z+yayH^_6_lgw>bcuB1SMoe6yjymnyx+AQaXvH%fcx&uYyP<xm2R3C4(7wM?5d;b1G
z1cnyh6SOXP^3D3!_Pu!zC~^cE!5H2@UWw6nb{2rj!-QOn7WX1-owkmSiLqj4VPS89
zF2G^9Is3x3iL?L$x-iRLo%PbCvX9V>T{?!O@gMctQi@4TQgZdJZ~F+e<S}Ea<gn@K
z>5{R(D&?IU|CFlEn^yH14|iPGp=>$Gbj5s*sPw;a0%I}Fvs;aK+D^Ft<~v1Q&f)j-
z3$@C4E75^J63QibD~eRq)%{`Po{8dWznq)wsn{SfsUarP>NlVp{cqIn9|h1UIS+h}
zr{BjOtY&q8x=9QJr?;~HH(4N+MFOO%<R$Jvi+IqGKoBB#J=~mafv#9(FwtmMem+5#
zQnL0?5wlX#yRqclu%Tcm&!C^#l<YIp7-Tjat0hd`3}2X4qNAZ{3L;^))*=(v9C})2
zn2Fxm`2c-fpItXGsFg~i*3cd>Z*FdGLwR>;f=WB#x2{v(8a|w?toNOrON>%Tn3aCb
zhD%;V{GOXjD=i&z7_IT#V>(F;fDwGpkdKWi?sy#6F6p#L2vwW?^mo5FcM_ZSuiX+M
zAOd=`BI>dlXQmZzI(hoE^j17@k)XOehY&<gzTNOWJ3_pBTth4AL%p{#g@afH=RVro
zFi>TG))G$FGT)iF`O_+YR6X<5Z5W9ZU0QK#kKyoNBWlSUtf(NJH_`3MSFT%|M=yoD
zesi;4iv6lB_+&`W0bTNn9fJdXyblOUW7vpuK!j2EM9sNrE*qm4Bm!z0gn4=8V(BF_
zKTE85>xsyw?1b4#Ff;u&ZKpX|J?Xut=l)XMd6^Un%UFKZO79~<d>Ya7h}&F|*-x^R
zrrV;~ioDXG9$=~$c3CB_JsiwGw||`ZHA)%@HN2gp2wa5K&`A1`J8*nlo#x|vG&YsT
zk_n58sRW;a00_2KMMo#GSRa`F0_PQVprW*Cb=Y_y-z+Uzl3u$8>L(bZ_{k>h=w)1d
z{7eB=LJqh2S@qnr)03kg?d>|79=e<w3KMj&eg>yov1Zf|v>e7zVU{`M7w!<dSD|u#
zFI!#E+Fy<poL#%>YQuE|Odh~2|BVim`e6*mUt&W}M973c$h{nDF)BA8^x6Q0Dda7t
zr6c7)^(5@NPHj6?i-#y;Yg=x1SRS}-Jz6BAuK*jyRkhaWdZ>PNlOYE=F<R&A+tJT$
z=yj#E(r_iV*I+eYx8fC<zT3?uLEuKxL6J3SA+i4p8#bA3U2!T~po6+UhC>JV87|2c
z9cPR|pmfTbIr_&%(^E^$+ON0A%?w8P7>J+l&-#~la*!Ryd~)Lmo~POZV+@-*JKc-n
ziC=LxGP*ZeuE$9RjaaU5j(bzaCWA#8lKwlb`6FGhQ(8<K^ViAwwhO;x<x2tB#uV}G
z2_{2yiH9fj@9*8CE}OO^$5i2CqD;ieZhD`Cj0;82c9fDu{a`e0<mTq)h0t6Rse#l7
zup!dkcCvbu_adU)_e`SHX6(9aWvzZ+?<<P#O1ZqgculOk^72<fBsslzWY%XoG&~%D
z5deLG-XX|JKSKIjTU%2hm0>cZuSmy9t+=BJyRq6_67(>$v1u0yb<lA7U;S8K4_UYY
z1{O0_?fzAPJB&^;3<wo++gIu<d<F$sSy^+6attho((~W_u5LB+gUMi=v}9O6lI(1I
zp}YM&z5a0H&Q9^o+f|->oJB=Nzg?EA<fQx3ka)a+qWAY_!{;E_k&|)izH??Ql^XW~
zW5qLD)_L90-yx^W>dbJw?pnuJ?1uRj5+v7C#)6NJKXZJr9n(4w>jEI|+IEdvjVLvK
zL+1hPhhU=!^c?l7T$*e~D}f|=>v|iN1Pj0ImJK5#4^!+dv6usY-fz>WHLl1NnV)S5
zZ*Q!xHn@KMI{V&UiPdm{NlRF{oECknv7E~(qbGSQRQ^FLYhz{hXQ$p2SqI~lu;LiM
ztUg+=;+aTj38M*-`>oNQK;3hSxA5`D(TwbY$V5;y6j+e@aexdTWn{4}4o-(^X$H(5
zPKRWX%3vX2AFws8JJU<jK&YFh!ZI((q|W9F9!7n~1-I_(WCKsR2eRRozx!g(P4L2L
zz+`gmU!QLlc|5MMn|?Lje1Sb|m`ErFn(N>RP27RrU>93cpgJgWp4nX+!z?bQO(7M4
zZ?rL41H@Mt1%gXkV`qJ;jtl7%fKT)N<Y;g1!)AOuMT01MtQU*~=8k!e|EK#50`x?m
zb94C_MBuJ`Q3r$hKG(oJqx*L@*QV+uGtsPCG++t}ljqSKe(+5HxED>ITEwQ{!Db-=
zlZ%Ti0LVC6VzdTxM$TZ3A}8`ZbV{uw&`S;#?_y(_BY6=1>fAi3fkF|`JsB0aj4(Jm
z9G<I_d7mXI*xB;y%abfqn%Y0#uliTQg4gP*(|vVQA+%4}3#sh_duP&V00xUkTs#zV
zz)Vk?)JTa{?3}RRSJOg7P&a7kGL+TJtVdrFNbKMBsdbnOK6V8~ftVx&&o>a&q~3o@
zz34UB$E013UNJzavl)h#>L%BfzGz0y&ougu-<uv%%z3YQdB%Tv`{391!Q<L`j~e~4
zqlKU$(ak6kQPE&nDT<UNv`_~CM%Xd-B|KYzhM80f%3^~$p;HCVul2f?nVFlnD3EO~
zB5k3uN9Xki%XXsDEN&0%FGhLgFmaPaS?ndOJ|ZM&7;M+Jg66RP&tcX!#D+I|46yka
znlG*7esK~zJA0#E>bu;q9S#*(Oum7ywK)&F$IUEkTPZ*<14_d?^Uc}%;ozUlDQ@4n
z%TFMmIM8vJ8zfd;LzS9r&v)AEltcKWDa%pgc13yrsmJ+@LWNq^5W!;l9~`)Q9dEY8
zOpM=M{pIV8dni4g?I}L#!Vt{Zdw|0(!5_$}GYwwd0ErwA^<<t?)d;M@ey<5c-_8ew
z&j!EOBn+84pqEl5q*{>kJ^P)y((7K8&x4{Tq02mO>-va81$4okot;I4!TC0tIwKr$
zK2TO+5VOL=8Rs)Zh>%3Yi%axG6;LB}@ZTI&{J9FbB}Pc=*Y>AJxXsG4#hh`->Y(QL
z)|1sDOL!A=4%3(!)<P1KdXM;K7YQl;KC}ntNU8^m)LY-VSE|uq2+U#Or|Rm>3|%u!
z&y`#rJb17P$8FVPA{QUv8T&Za1fQf$HN%3@8|g90KZ*=p!MeWZcR*%;=xjSy%8@D2
ziAL=KbNWNtXsp!6-d9{$RFtxxhAGb1!XEOEyAKp&EsBQ3a@Xanw+Z&E2isZQ`(uZP
zhhvLtBOz`md7OUgPguQvUP8G54!K-8e{OMUDI&G0PR7-M7y6n-)Y_Pppq+nN)ZgE~
zC42HaQrXzULwk}12M4DRG7qpOt5bD!biT)htFMHem!qod)z#H!U}gMmv3omRU|Ziv
zCJqxEUTa@Lo;$1`02_O`YU@~`I|A`qR~ew!>MDDR*Or_}9l6vqjC3bS(pMkj5Le&_
zfw*wtg1@v>6f&=jO(XAzsngN!n!g7X)QHCl-Y{i<PO=)Cu~Ld=&16w$RwjyvPahnX
zH+rCj9)gs<oXq>xmyHDYv<wXDyFoj+dixwErr=FPgTB)LjW<XnGsAXT<7&fpTJ(9r
z{dopnpT-fjuS{LbH0TBw$K~+_ODwW&EK)b|ht?(D!t3~2A9PSROp)i#9V_8*Y4;$8
z5XMQc!u2Ur4jl~CgKBE-6xd^av2Rc&$(0s_g@sWLIiDW8uZ|QpI2?VS{*xV6p&iMg
z@jc7;(0Xua@b9LiMLp=+l`XZxTW<MsSS)xt2M+O`+_n9-FHhS`f9qm)LTXg1_pX+1
zx!pY%*F~L=wGf1<noj{I$V>1fR`Kqvu(PrTA6eZ+_+#zP$GjTW_v|d_GEem$vdeq$
zu{SP{@YnWrT5s3DKyv^_MV@&3$4nJAV}epihgh}g7gQv_X-Lku>1O&Iz#6p|>V7kh
zji{hvQ>6hOTJscfkDb}LujPrBRuBeL_&Z+#;a40~X`|+c4zq(RpbXkvui9vvy#=D>
zcb}l%#6;?%j8-uwdC4Bn+Z&0zbU0NmYrG69T-AThVKP*MQ^X%J3~Gt%Y>7K4zbKLK
zyS*D6C!>)HYm8D0>iQ^6++^&0iV<W%Xzn{p@70~c^sz>W=7P@KfdQ05qA@z!IU3dF
z>XtaNel%tt@bA@F$U*gL>YUB83k}oU;DiPCv(3Nx`mwD<Hj1ZfmBY}F;1HQET|hv<
zuzLHovrBwHLy0dAt;S&vAf@B{Z=F2qP4MU*d>$Vc_rvK@)Xnj|rFsv>^Z<}PlAO9H
z1d#1{dlcvgEgCgo3f}+na8o}2w#z?SfdBfF|Mz##jzi^ysk@vmnMP)uj$T_o8i2<I
z<_4|Yie$TLW@a{0Zf}y=@Zp-~I$rXT1kVr~QG~z=Is%yKC>Nk07LC6D$3n6HnENWu
zoODG02$$5|;!Qo-iRYJw<C@Z@p&b7R+|01+rU*d%1lq)FK6R1}u&ha-+xlJc5W^y5
z>u~pjMr!(N|577_;L6HMUQ$?jB5{j<SC?4cuKP<D@+rd_=Bj-(r1n?Y;)Rw^+}!o6
z%Bj=`eFN0T=U>;ySppesVPzGWDwU@4otKH3nJ7paK~5r4H^p_v@(GSI^z;xSZV+Aq
z+Tk~p@Jnebmn2e^V@&k3;E)eL<pl)h3{ysi+31*3vF^*e2#_;vIkJ#yZ*Hz`y3OP%
z_w$3CrL}wJ7>M@IpFh7_$Uk+gHVX_S))F$w<Bis21ZwVY;Zv9j3mo`}v=jUB<Hx1v
zR#rq;{6M+^nl;Nf+ADqly+FD0Av^n6f;i|yZmt67f=d<N++xcM=(In5`t%0rl{A<%
zJidp&^EA}p0jwL)@+POVBPnwvLD9mQE6dBji|1&&VFqw!%6@osVBifLSgEK59t42^
zMuCTymwuKNB*8)Ie~&P-bx<fNoPHyOYHndrAs3@S=u}JnrMa}R5ddli<;r?P6$x*h
zO*b)6Yv3TBs;L=0fBs0RKYWFigQID6HTQVcNz`lw+@As(S?pQ4xwwvwj)?1#HE_NH
zNe%E3QeH<q-)-bs!{^#s{mE+d86GaKsc5l)d_TX`{S2hIUfU*hkTfnwGe{F+R<52u
z2USxMwQ6mqr3&c<kb4843{x(8E8R{=#8|{sb)nlp=kBbKqy3EJ`Uks}Of{QA?MG$b
zAY*)=w(GdNKgaEw1}zE3SRMfZKRC8RqO7Gg8a#VT8_vZ9i+k?oetruaD4d3gnoo|8
zmviI1`1+n(jebLeN)c?@%;?VP(T2IGKjRT}DAM3L7RS#x>0KqfKUAJWLqi>!8SE{_
z9B_~?E-5L>L=igl#kv{U<>e#X`XP@^XoZ*q4MO_*ME;`cQ5MIKK`BLT#fVY&I845J
zbq<DBUbhN@3y@a35M&nN5~+$&J$v?ym!_d8@cha>#azUP^z`p`h5A9zSv}a0o_$12
zBvb_Ab9n`Vt1ef60?pPC_uW))b+e6|%X90u+yPRt|1S+C<?ia}YtX-pW@K4Xf^ZNx
zi5pcoSPZ)Ufh-Y<P;quU;kNGr+G%&Xbon1)iml(A*kv4$lXS^P73zW}&8}*Kr>+nB
zY@q*(i;s_JDQ=k7R2Ko_(t(<xV1Gp;$Mm5pDd_H~d=8kkX`!X@d!Nfb?@KmD8SP3z
zpDs;%uoYW(JPQ2oze&GS-l)$aulhF_!MP=)+2+tz^GqCdVQPH`;x_NpafcOWMuPLu
z{dieEga?w(C-?5%%bb;?_$TfPitUX%{zI8-MsEDY^LVKIe>w)*n{eFFxg^NL6R||d
zB2~W8e~TL5T=YD202_X{y+OYBakHPw!U3j=R&ez?v^?mG{*&Nt1DrQ3AcQlF78X3^
z-_!R0eElDN?Z4vrKW&G9|MtJ4Du&&E&Ggrpia@=i-FG~`_r(Z9j*$#MVA8n$ujB+`
zRJMX~D$zY}<6I5kx(-)v!E;#F;COCt!~fR*onq1d<Hy5HlZT_XBv0*H+r4)C&HD&1
zLy(Oq!TZ}r{xwDBR4?9so?K7;d@_ij_E}XE>uPVA1hTV1sAn#UOFsr)^EtaR*Gx@K
zZ?{N#=g%nSD9{r55H3`Y``wsRs|;iNCqC!Ty@b&dP=MBSAxh+BQ0#BGQyk9q)NV4q
ze4hj8904zySoTc<T6yaNjG#ALwq#t$?p~1JFDN61P~5zT_Q31!IMN2wgia>MCZSoI
zKj;_CMK9`jqi$TCVm&ba*#;+s9<Y$!XCeLm?c3d-LsG?)5H^9RYTLdI(mWTJA#P>R
z3?F;?Ls0|K(SHL@lxAjT;!Y{TDbw8Cj?-WLA3&YeYr)Ud3lxqpXh73aFpf!TW(-|C
zUfF;KqlYm-Xw2~g6eE!fZ+U%sdaB^35Otjj2xUH+*EY54@BH$8Ecr0Z8T^kdpagSc
zmEU2=OdZb7fkVF95@}G59h|p9^Ka}OfjVM(N%ic_&;EXsKvjk9125=iF0QSG2I<jR
zRi?NsP2UQ$+QxpQp%I(JsV#w_s^k?R&O!p4TL4A`4(lP_wdDULDTS^dmf>njnW)B2
zOHHO_42t~_PWY4qRY|UG-RO0=c6}kQR^So)6Oi0TT6A=De1LfMC)wg9$?$o{adn>H
zgIf`oAV=ZaFLgVfl*kN3mNNytVbNcysWmGoE*^Nt9^!o!As`?CjnS>CdFgnN1`1*S
zlrctQl5MRm2<(J}m{Z%9mzObT)%vREnVsRFBM8jk;3yom`dC&rY}ZSsTyS_bdh*|L
zU(fjXThQ5wtigdIfATwb?qIP`{sM6?+y!zWbfsQ2)&0>^S7%D)Z#pKR+E#on?s7F>
zP_Z9F{Pk61WPJo|f2)+Yj{38drBq2l=rarH2Jr#}wLjjp2cPQNSLpiBR(<($8OpdV
zv4OK}?S6hxy-{cvK9H3qymVg0z<_Ik$R6vR+yoq418@6aNeK+p+!lmFL@r5aLIUNR
z2BUVILYRz#g2In(P`W~fLJ*SNDi{%124QR|R^jj`jCT0DATRGLP#eLV;VfeLgslh?
zO58CS5kW!!>}=L{OY^QI5b%QHDfnDKLw$gdwuYeBUey#R?B#d=Az|DFNOHg|<FW>!
z`F-Go%dWqltdup^WDH$YyC=QOatWEhY_?@df{NFn;&<mcgucg8#+%IwT~7Cx`5>um
zOfwh;HSF(5lk}oSm!(vGIzc!G<j+X~Yp07j+!xvlM>r!c2Z$IELCzKvf~OUjchkm~
zLqV^Q&XWOM?if8aHO4AZ?3W1mL{cWp6*1ay-8|sm;5~^qh`V}v$qEiTmnR1XNZ}oY
zIE)_+U)dH6I<M*r1l@(d0SFIjlzx*K>=o~FXhkCY-!g~jK6x$*V!@Nr>ttk9%jsZ*
zJu+XAp;n+{cK*yvEPo;jXK2jm9~IMDw>cr&?N5K6qpXV$Avv?h@zW7PJr7ZX<HghI
zSJ)?6I;OC`!I?#qS`e+qkWm|M-e*a{Memr%!V%1P?po0Azp)n!tW)?D(2qGi>24yU
zN(!nLs(B4ki~^Gvy66{z(?67zX~azR^c4Iq2UjO%GW+`VYs_ppbXySYDf#rAKzYKx
zV-7lX(+>fZ8vTx{%L5cN4JOMod^y4z92%?wBP9<`|AF&)X2!SyodGBfbJE<(N(#Wx
z_=*x{)h)?T2J%qS887;CfWAs>V5ud136ij6F~@ANgpFnh_GQVFe)GlsPHGTfB)xUM
zunZWYokv|g=$*U%NnJ=t2(%fDwIA*%yUAY*l`V8!P!hQ=<wOGR#Z}c2fLC>44bGDm
zeu@bOaYmeh+ws{~*Rw*Kq{}{Mk`)uLXRG|f(yi0K#$S;w7D%TJ73Yj_R4mV^=+RH&
zFf3XOx<v4YR<+^kz}>-Y29>1g*F-mcix~#8@1AqJbypK>`jrG}aYPPYu2GO5vbyS`
z23g!oM+r8(5tT2=nmKWvWu>03fA$Ex7g}+BmjVLb`&Jv=C3Jiy+|4K1c<{$Pg#si^
z8iUW(nv7NJ4SN*eAY`VqdC7F=QWKeh^>UtT?fTl9jmU@UtgM!S5^dCSUxxgZfQCm*
zk=cXKF@z{v@hC@n*E=)ieDxfg7Mrlp&<gFG@6!c9TTd0!tzOR$3c4H`9$u!G+P&cD
zOy@%BQg9uDd|u4gr>q$u^-g#<!a|O_Ren`W(B~FyIMRh?s0m*)ktX-k9Ki+iC*FdI
zHe>e(r=~WvhYoByYYD}E*bH@DeOE(kF22gE?YA6&#{bkQTlQgZwF*In>?pv_alBiF
zvNx>q=Irk5thnFw?b{3Jbqp7d6-ENJm;LxlT%JgKk**OFZFtU8){5_s(p2o6TSg7i
zch@JZmVMU8MKr{1P!h~Z*kk=m#X0N?Zj4Jg+(MF)`Rb_)yKzj+=2k8sfntV(p4LNy
z$<S@JY%5`xhaVa#D(taMVfRnII)64!r%#`0-0R!&ONW&!wjjOYS31=N-l#Baz(V?b
zSswr#kLy}V)srug4;lK3Xm|HHJoRUVwjt?8KVnP~d5!mkGq$9-__yfrof7^M$`NQj
zCf5EK=^r|}<ZmaOD@|{-{`rp2ak*7e#8>(5JXiV%yFnvE!*2q*hM*u&>;7N7y$4iO
zS-UNY+G@86b3hRTMv|iBWSc>PA{h!)f@BoQ(a?&aK?Nx!s|W}Mg@hs$Nku^@f`Cv!
z5kv%pq6k8PP=q^o_kYei=iYPf8~=U(yJOVomQ=O(+G~C5`{tbAT&0blj_>G9zIDj@
zeb-fe!&GInfo(QnOphFMFy5mB)bqSdOIzFIKG~GZS0(`lR4FgLeH3~kNwXu#4av4N
zqw{R1t|rMv*<DvhK7+3xj74)k7GX=V|C|*wF)r|@!|%Kmd1<~JI}wTLN2>AK{Tz<(
zE1@U3=k|wIM3e<8R+Rb0rMMSU-Ir;_SszYLPfvGsolvs9l>YQiKmaQ!)Ye3L%L<iG
zD{lt;E*&Y=Ret?c;EbV+f&$NaxpnWUr#JQ(AK3UA<oTLaR7@x^7qm;c6}_X>UQeY8
z$?!jIl>Ao*9o%a6P$zf(u!VQ9k!7@dJ8jK_4?2{F!=Mv?r}Y<=D*Sfi)T++@gGbNH
z4_kC5EcwzocADRMF(02t(@HAL{S=Sq&gbJBUfBuo>dmn~MDQ*Ct2q~zR-64%7INFX
zL$Esb;k@f*f}P1X^tFOZ;{x!l0ewC#0s6vu|Mg$5`tRQMzxYA%2t&f3*6fN;^{}5V
zy;h@~`HwF?iT%pQ_htLLb$oo+1Ac}3BHz{>Cip~;yH^(eAO4_W2}WK!Nk_j?Fz{rk
zW@3JZqw(Ig+IWesH|BbaGKhaF$GWHPiL7#qyDy%kgQf9`-EIFznT@f1+q5^|^|BMp
z5?#ooHvBxhckIo@cSRQr$=&Cc=hv(d*-Yv+5Je~MGv~Y%?D$UB%~}!Ghw0lp*YFJw
zvu$(L66+y^zFyItffr<CI{QPn?!BP9f8FGa-?|4U`0ZLq4Ysc5D^eS51-5KyeUibn
zLp|H=?3qbPx8kBxyCse;#&>=3DA$py7{<smMbdX-$13Cwsdm2TOz|r=1H*~NiqRMM
zF<LSGwz)rAT3e$agn6dEJMQT7XFkel7Lt8Ny9EOGZ(ODptQH>}t}HL#ZzR3`0W4fj
zLBD}6Gb^thkI(K7u`w)Ca!g8pAQoAbe0Hz(rAtTA<02&ys+OdkbUGLnoDuo4W+KVe
zp`oSI<l#%QCC$j}`Ps7wC83-Cnt+u*ZX7|c?|Ct1!@a^b&1yPKFL1f~AA>$zN@lVn
z!o#mRu<Gi9HDi@iUF1_Cl|9rU9%mw+Un(I*)ertLS%A!y#Hg&Pp@0?Z8kZ{4vMu!A
z{P6c}E3ZVWj2C53T<*$ldQtm|5>L5m+?Y`ns3*UBJX=#;{rk_6u7s_r)i?Bb*Q7)l
zlD%}{NuQzw-%qmZt0pJ%BD&Ja#T}(nDHA@6uQ#*|&*NbK`Z4Ka=VzuIt6yl!L@3xL
z=6@tc-Zi;9BVJn-KTc4Pe0<v4$EQ{5h_TV&r7Tf~sEoXP^3ms?+y>NTx9Fwn*$F6E
z8j|PVIKp^+NJ=Ums%KTkhP%#r15?8}#~zW;QO7*|QxOAglp0|P0Wteh?cOj(_)=R$
zt<X(@CrRC*3`^bpp;F5|!pIAv1ov{dXw_pjp}KwsGJ(mnrA72}>2^YT6kVVcE}{}^
zm*fRqPSSA})Z*Q=cXG-zX#^cDay<K5|L3Fxjw}%v!%NLC40WjQuFpzSAmtu={s>KG
zk@O1V<*UtXB8}zT2csxKe#OPz>4KX!)k3Q!HzX2zpIu-!G@Etn&rx5blhjGK?{1Ef
zm<6_wz{kbKY4q~EX8lkRocG-ys>XB@o;Pg4`gA3<rdKyfrzJbr#Tlq^{jR;L$Wg^^
z1qowvGZ%`7lz$wWkhy&jTcGW2Y@Gn^9rCwuu7BM!gi*t-L6zB9py5V}PF)3A?-d7q
z=}6sFy?R`e;qEX-dGBcI<b2FG-85#TQ9H4CC;&;Xu&`v4bhI&qf(&H2_$(AmYQYer
zlQwkuC`$lFi>*mK6DA(++Q4@G&@~cd*)mVpNO=V+x89mqnR+CE>wf*k<gF|1)=!uk
za9V=UF`YmEneQ?IW3$GVsmE&Z=rA-H0<*fi^>7SB#NnDqpzD^cTOBvujVcolSFaeF
z$gd#A>mg;-x0+LBm5E!UUQ-S!f2v2pk~=N@)z-4Q+gYqwJ+)^jr@^i1_jP=9%aV7Y
zGa9)gw;X8#$HHeiS+*CvDSD4?+_;hOds(&9=WHmb$+tor0#gqX`k<O#yZ#uH)KdB&
z(0J|?C{OBH8$1Fd6BCp3h5)tknHu#aov(eAJCe)Z(dgG(7A;y-$>--?B-ny9Bn{1A
zFiT+L53NYbu}&Y}wB`Cor^dP+v0Ha##&0e;yWH{IZ?}&o=zeNnk#G6qcU_8Zy(P!O
zDYDRPb0SNR^)<4lw<^1-%`Wh5mE*i@)NW7xRX)yUF<Hqp`*?{R<DPZ<tz{Ou+H@Cp
zxUnwI1uChzZ&~1xW&iQ1h<A!w;)r^5Q`PkN)Afnm6+vcc*x`{7F)~DNms~U?H~hHS
z7jKl>_`_4Rdg)hN?)bRZxp-Z(?=ybI$aSBn@5V%sI(+!$?b{3M=~uY@4de~wT!SI6
zfrDqqb7M*m$_KmiILOt;ER;A+z4zL5n{B7-Y*R1$1Jcn@SGTsXc$p+lAq{yMWh-nF
z5;B`m=DW`Q?v<OdSWD%jSRdK498=TvOw)!Sy#=iNUE%7sF!0HG+F(m_U06!9rg7M`
z#zv}}JZ(@83(wlmuRUwEY`#CH9?hr$a&e`k^E4yU=xsSfO4GD74?izj2c!gj<z7ar
ziS=TOAEq(A#uKx)1P#pCsPtCn`Rf~{&3yPE5-5|&cO=JkMoyoScg6LR`>w31*BZM+
z#LAu@Uh#rVHqI3=erlxTZ!1MQ0;Cg9dH?zcV)+9CN~am>l)*<_*yUVl<5*?pYw5A(
zUv{6#68Nd2qB7Lde&N6?qtpb5)|f6lLrbpL%nb>j@mVMP4_P(QnuN&V^Acv064S9*
zE;V6ST5)l)<rzwwU}KYRj$W$cdP6P7;H`n0lj8<&eUzQ(v8=$&?9UBO?hh4G$0qU{
z2Oar_)$~hrDM#w}Mr*oH-&@JMl}%!wJ+RT9KHOj{#k??twAQPz-DR_Pp{aXYJoZ^#
zELMBfdu3h7m|^H)+#qA`9bWoi+_q^!_~x?LFSV1T9&Sp{DZWaARv2@cvO*3!*^MJ_
zvXtf6Sm`DUo^tq1QuRpuhXproJe#Cr#C`fI^!Sd)3Hf~jLqF|yZCr+tkDS0<`pj*`
zeborY)?6-qOf%<y;$BpfA&S{1vihFl6}v#e_Z)MqC#KRB??T?8$SQifdF<$Tp6i!4
zHxd-qL=V~MI?6}u#cSJ4Ei<U<7(ydaMB`<{^(vhUo>Ay6Vg_kU#Au^Cd%UL`)Y`=2
zwUf-xXe(}&(ellaxH&!=7}cF^tCY!Pn^5aV<Lq%0e#QP8q??aVzwADgsAq0vRqB!^
z%Pxv}fYM(NNyq4Dhycp5eUVktN;R(<{04`HoanMZeM8ma*9pCSZIoxC+2_(CRb=Jj
zlEvwgw=cKQM%_l8Xg0qSRnhHSfAEU((F-0P2IwSNa{H)5Y@CIA7|rP61`;D&{iJ@H
zsg&!)q>q50Ac^S_#~sv4^87PoH0q;;WJ|hv0I|PrZ!|@G4Ii9!W4}g#Vz#FRvLl~9
zHMpw4ccCz5ido{+I+uCW^xw1I-W$#Qt4RAqoA|ez43+#MG&a+;k)k9tY~4A;|E9#&
z%}uX(q&2g~-c4z%9RHNPi2a|mpj`|2-Ynfb`^R|M+i%}qPW!32Z&NysxLtqjEN~84
zO}^{PCr-~~f3eDpWp;OS28T<(e7R7c8^Qe(fBEHiCD(5sAM^HT#rW8l5(%I^8S;j|
zlFx$wB6a;Qa?HPT+JE5>98Tv#;EL*G)ZP~~Gk-x5v<u}KDdf?*zAT6|gsf*M*w*j`
zOtCVzchBRyJ~%aXa;@{kAgQg;+kNMKTRVGub+q<3!iYrQq>-_$NliXl+7f8a?UGI^
z8QHnCCexUT_o9KmN4&K+uv>}z+^Wxup^LDCl69A=KGo!E75Y)0q6^6~!HJcv0cl-W
zR;$+-81~%u`lc5yJ(ZhC1s=6hg}O@{u$MxvkP0V>ekhc^*r_?fsss;y|HBJm8>Ef$
zkS8ZG*=fa86jvtViO{kh7BkNjWu(M4NMaIBd&BO4?lJNryq(ERbdl%SmS^OYXM0aL
z3d*~@>YlaL72@N2oktg-iZbfJC~JJm^O?*LWjMRu!hW(w6gsB_2u0THrkdnk>gjft
z!%N>l&SUr)zVQN}*!M4QZ&@wVHD`7}6k&WvJb$3{x`o2Eo<E^Itxu19oo-xXSd3H=
zhAnv&FynkCqAoR<hWpvS^<kuIOIP}UYl_b0zpkN0?C0CXLe?PPd$`cgaPdVh`QFL6
zo(}N2b-l6vj;1Uz)8Mh1*=Cjcx;pLin~>|!{buO<5D)zuxS0%e=eA^6o~h@XxV4zS
zAMYU&^fu#I>>-0_G+ltlHE!4_!73B-Pl4=F-++~OEzy?NlFVL)C#SDp(f|%SK}&h^
z{Vxyk-{S-cUN&LhMyGKK&=^OzX?cDuK>hpFKxU0PB}{){upGCQ)8UujJq-y~1exaO
z(Gz}|o?(hYr;vJEgjYM??faEG{JrLjqr?pH+#h!g$)r&lk|!rBEB}n~9?T<KI&>6~
z5G??QJFqh$I&3TQ^(L{LA$5Y%N~?IfTf(?Hr{v+aH$`pz4gIT@a*Uz~fjP9(B~n8n
zTFSKyiQ)pP*8;xlflTyfK#A?{`ddr3Q->pcM7R$CLV^O(wM})*A}-MrLtv-i!87id
zB4Yw!e3;qF<6nMaA%xH4h}di~fw5U6d9p{QI0;WEVqU-Ih=<9COSLH_Tm2jA>*Fq^
zzlxn5OQcfYW40ORI3^j0MvUm-fpwi*j<WJ-jJ)%=k24{Aw1}7j<!HyJchT<MQW^PO
zdi7P84atDSDx>e9&WQwmK0fkuGLm>ZJAscY`1n4FZT|7cxMRA|sn-w-)GW?ez{i(T
zmT-rnX&xJ8{<x(x(Hv{3q$mCR`d?5`8vM6)@IMnXHvcH8B3s(PtPofd@=LB4QY|fP
z0paRaJCldc0t=M)`T07y{F{|N3RuNw)BuXTG-c@q@x5CgqSC8S&k;QX3@WW~JOT-B
z78>e;*hnCdW$zDT*on^(X<tU{FLOQq(`KQw6KSqPLqlhRW7?*qmM@>qo@E#NTnw>W
z#P_BvmD0H%xrm8)&NAZj@tX88#m*|SD1~T9obijVx9N7ybJXKKcE8YnUbU_)Jd9ND
zKT+)aLdD1FcmMHI3es^#xWrX->7IUwg6PmJ5M9<m&-WoaLbs6DM4LNHJfx<#dvx-!
zq9XCO%mPedo&A=k#$=7@tS$eh1&BYp*P>_Ll7%R9Vby4vX_#4r@64V_tal&`)+&%M
zBkznVoly92DV@yLh}Wi07?2xu^pO9HuD3IaEsW9ZZka8K^{1N6wfRP$DYP&x9?jgP
zS{E?qm#94TbuOHVXX#B^s;@FT@{k5on05I);lB6x)@VF0?}Mz7a1}I1IXRu&|A^83
z<h1bGUw_dN4+|}~urMTJ3zRx|@Hr}WytI=nZt9C*j-N*@1?#YS-p<E&e>;xS8jH%R
z&~2%)d~_o!*6^6q!iOa#>vS}Chn!2*yS6Y5=@x|L=_bsgh&kh#ME_croAI3mHQ#3*
z&RXg6_%ZuP%y$jwj((|c=Ih$P@bB8(@d=H!#?=7e?w551zeLUkb!S?>DQ3Xq)5lS3
ztDg~GP50v3vL?33UU|mhUCWC?ofKZ2^|^IF7|vdS+}Lu9ZxcM@JMU2<UP|9<lebG`
z<*zBpCaf^`+20qt&5Y|?`n%~foo1pvXA(O+O&=7`24u4U^K4be)c^_{n_{P>c}<3y
zda0Tr6x5H|ON)RQI(kBJtA4z;p?e{qaPHR!64Dw@>+ahtxcNw(w7Giq9I_tE2@~<K
z^Kd{ze;h?O$uuqhU6cbFk!{d`{RlF`U1IK6S1eziYCx?gr>Qi!DG2wq(ux}zJHGvf
zso`>lNzH(E$%eJMp#t$R8PPJ^hHhzy{BZZ#rZyWl8B@x$&oI_YBhuBw@YcE9Fof=p
zga<XVHPR@r@w7lQ9XiSA9i?qC?_TDRZ6TTDRVdEL&`D!z=zmx1Zn?>dZ4@eEZfUWf
zo2ipn*E&0voDD4LuO}grR`7xmCV_jGDEj##DW0)HFYv~W$ETmZ&VZmx|4iezZx;3R
z=u~aQta$D6b#6;;-?Z6oq<UbZ4wBESc@X3?y`#+O8O<povQqs+LqxfHV57;kJYw;T
z)z4i!<z$+>OLfZZ)NH!v^t;Fnj(znk|C+9ie0<+uP?hd?2FkR5`uOoKm6V_T_1QRt
zw7EC`a6sMhr<`+zg(P4Yz<j8a<^5+1`gT7!zC$c*`R$`>!mIH^WOJ^|_i72RrubdI
zEE)d!-MgC<WAT;0!sb9NNvC4n*Z?`+MEvsLdiyA51s(^H=5=MshqAu6`EwO2qIf3$
zv-<vVSLU2lgH!s`cBwWm_ywpRy)VgMX}WYqMdX{5f&vACDsQ?oPfkC2YuTfkUMVG|
z!sNyGE;+PMHV6BqU(qiTGpm=0ozs|MDN)!{2&3#n_^ULPiGf2Tk!>O6dx03h@&^N`
z^7Ac!r6TV)j*#Ea?QfIM{CXZaTmf}%8pTd6uofvfxg-E7W2~Es4uXg}n$q6_A~~^i
z0_$rXd9xESp8uZ<#4FD+G7jTiu_KTD;nw?bO`1MdE}$@M8b;Mx@!G)G#$Jj7Sk$C%
zrQ#uqo8&(8P=tlqzC&%Z4sRhtONAt$6cK5=s6e2ty?qK><@u=7Y}uS{pZ}cE#O!R5
za9?w(S^cLsPVC}Y#s<3HZd|R4tCR^s9Qq5%o#nHtQNY{aVI1(IERtW{cfabC>}ZDF
z)X;2>)>y!h*!P-Q>oO~yrMTnw|GPNLB<Z0d*&iyIHab~=<%ZXbTI>2B&Gy+{KB`mv
z{<C?0Gwu_v;@n`*nd%xclDb)5^wjqUbC*rA?={iaQ~jp9gzONuDYk*~SHD7b)1$bL
z`BznB2V4)1x#-+M&2w-RpMaVEH$n-hi1fD7&2QF;8#{Z#iRJu{fL0nJj~t=w)PEDu
zMAj}zh%cW_Gfm4e$u<y0PwU<-E6x}>Zi0HoYIbt8H}te{B^xLU#VA!ewU?nV_iRDF
zAFCjSH$bI!Oeu^`X%&watoNVcr?e{rm$vxc@|1$csXi{#%#8a3Ub4YOXj>wWuD*Ai
zF^`ifDlTq&<;rUZInWPSHUxkf0ldV>k-?1ZH|V&=oYgb-57}dgS(HPKza?gzo#k-P
zw!2<Sr2%~`yf@wB<Kz914^wT<oG}Xw?C<M4x8w1Fwwu@>yLWE+JBZ|b%8r`z>kC`r
z=s$IXjVHEM0{cx`!H@g!fGFtiF8=xTffUV!wr1HPREOABUUnbUqZw6I3T@f)87+Bw
zCN;4$wJT=E=2~kJ3RHt<nUDSLw-yig+%}#X8}AsEU4*3NrCr-ir-G3?z*b$*3%71D
zEmrpGQBYDL&LQP5@zAj6>`?u|o1q@mM{x)1IGw#~C1E~&nsM2(keB9nD*Re3yJoK6
zY3<;gm};=@3{7~S_w@@%HX{DLhWZR$)c8=xP+tY7*TmIp%Q59x=GfTSvB@YAmV%0L
zoy7XVikxn{sh-i|B>()x%b64`?X5>q|F!wvwZ?uY9oc}m^>rlIZ}^tbQ_t}=Eh^K)
zB?0mVsyozC=jgJhYC0?=H*vtJ!L|vHL!(%%sVbI=)!bxF<VfRMZFm-ngC1ws{OgeY
ze;G;eJk33yAn3n;{qUfN3njP9^v|nWji9-)sv{DN$?-^BQGoQJR*89np?xhtTCR^G
zkPbz>2p>usc$BA#Tp)z}X~na2=)TIjA)md^z)iax)6ZXs-kBF3ih~hk&BR?|Io22#
zMMrw0vnxt92!m5Cm)2dYQA#vQ-L2}y<K*m8MePudaxW1x_j_tiyRBDEx_Oz)P`eU1
zgR08Pr(}tISM^}Gq4rd?C8#>PZvp|?hkRUv(KO(AJaVR}R9wT`OFXO|J#K&90J=ME
zk!Mdq8ZE2}pODY6M=&O@d01w15#{#5`Uc0h$ndkHW-AZXd>^e*kx5gT{I+Jz;nLF5
z!%9kRYp=JXb|kmmj78*e&Wl2c8;8AACKOvlD*n)I;7(L{xQ#%p<zh<dL6TGPOg7Ow
zm;gU?c2m0f?v?HN?pk%uUouLbSQ>&z1*%2eCVlA8G0;$de>$!yD{7WvHdC>#fG{mS
z3R*}h(QKw)pCVo|Xhl?hze#IK6i;V3w&q?m`e@`inAht9`xHa6Wda~5PHSGKO*7Fp
z)dF)#Pltdbyh1`LEe4Zc17Ba?DYS8D$XFw);+1Z2IMoJa)<`XlOhKs^@usdxzJB9b
zdimDY*>RSWNVI0o!1}C`PZ)KR)H8NsWt*y_FfXiThZ>@T@rRwC8^{#&BGXGZs+t9A
z8P)7u9pg7;(?)l-Be}|<rpBY;^at6GH5xnFplXswL5oK8O)}kMt=DS855j~e=L^D-
zgJ}mmAhWcI`Vww0pMVUw;>;?PagjHsF-dyp@;&`9`G|;#ktVqZquC{AuyJ!fZx9V@
z6w`ofZ}MM~Q?;w-4dD)V|HPlMbdjVbq9GgQLwH}{f?;%TynrbE>5XAL{zIdfBZ)+5
z=7~R`auL%{b)1I-MxH-(dsWrdwoqJ0l44Iq_~u-o<O|M2Vd3QFMvg7Uj2&M6H(N-8
z(b%5fRPwRUSm*sOEaE@2Y5$GUIDB+kYDA6)bP2=&5-EW8_%BdmOUdxSSNMQ8cfJDv
zK@0+z0YzaPT0NqbeT|@vM`A?x98ECw=18GeDV5dWaS3G(Qq?MI=`pd`8th9zXk62F
zg8YiD@iw5OS!6b!8r;}3>UkorHha`Oy=iBT2H$HVl0zP<5{y~I)2E-1pP7t;dc_Nb
z6v29ln<M80h{-n4LpCTGZZAjRi+}$4l=(N^W!D<9M+-p}Qhb-GvA!y51^vUNgHR6U
zD9H$;d~%E8A5yC5UCWp9(oRetJs<VAmu?vAiFC?dt^uyx;oqyPLozan{$mekAK!d?
zfiZ_noOMS+!2p2vD-&@FUO71vH*!!~JPW1LOlE$TsWd`aBfm(5g^o~px9z9vR3`V#
zy>wt7P1F<fj?#zUUOiUpr2F2rb?@K*5gw}+|Cz<Y8zmy?N4j+2z%%V6Vb%M`cl6AR
zX8>(RE*|_6G}ieVu$rjRk3Qd4+>r)iQ-=0JicCt<5zaGaA{jAk&+|((5Vh*R5Z0iE
z8~^z;*OMe3RyBsF2y-7$`7`Z9GcmJ2B<AX#47EA}IdT}+$mghleFC9HDbR~zgM9-Z
z_&BR|zR}*bmCpB$zx%Vn&UM*<uR!2QP(D)1%G8mOk!(vA%Q381aYeNkWK2vjf;FZI
zBfi1vB;kp48rvzhq&ma?@#*)v9h$vo6FoJno!MNv+~oo1%{9;6c<<Z!tFPH!y7X?E
z<v9@5`^eW3+Z3h<6fbJQ`{G6v&8j-E%tR53xwWT+`Wp1jNZcPCKTBm?#s>^**qsHR
z(gJ+nW*ZlRH?_0ZNYber9)68n3H^1X4VzSn<RgsHb5u%F@&$$sY~HTbzX_`NnbiF_
z0S#RF6LT{k^Yo{y@BI<p-v8p#;v?SSUWHV9X_j*yObF`lZ@72dg!f_7b)wB65Z10k
z6L>f|%k-M<^?>*$n0WJ|&BKtLAq=B@g%3G^b>qQa;BZDvz|_KGX1N?+Yxjd2ptC50
zWZW7^M4j{55#EfIf7)$QOik}0*A?KVw)umg!-E-ZS#ib9aGZyEO;{!LAahBWdKefO
z{s!KMq_Wmcrt#ywpVUSLn!8(i)%ULL_gFz|+2i&)qb3Qrm+1qd6dI?hG3}(!ZYIX@
z+O=@km6OnlmbdJYn>a-&J_vz<i<k+3KrL*9Q^{feeeq#q-C<^K@q|}6k!V4vKDx~a
zoZyo6cx<jWmj5z;_poq?D#01vu5a#tRAohCuu>()7nZG%2_#Cv^dMBmx@8bIl85%K
ze}LJVuxls6+px9Wx)&|!qGyoFN~a-Rf?J3<iEfdAXK>zBb_=LcABHQa^1MdNp-5EP
zB9Bk!X46JC9^bJlQ!C)k9i3D?R-@ed2hd~UMO)rlJ>mgdzXV-NYwM4?jx-}(p!{jk
zZ{H14$>fO#qf`Sd1~5{i@+*IR>T40JP~9EP>gd~I)HiMWO>qN}Jonmm$$fT=MSD;?
zEyhC9W|lKLS;-47f9a!a#xjR1sk(31NUod&l5W_uhBNz}mho+sCb8GIW>`L`j#0|*
zzs`jzPc}zj8b)Q@&Hy2LQI$MGV&RVp5kcnAz#RaZRL4L~ykGrc-n$)1-9N>8Z;yfs
zJ3Lo}Shzp*KIK7)Rfp21CAUr5#Nm3VcUXYaB(+D%y++CnN3=NV7k&0JRsiUW64oiA
zNPDAw4plGJ8L2e*fm8J^y$1~*G%S1RIB;j#FY|-R5(7x-GDIns?$`EIJJL>8U$aKd
z->pn@l@E}w@;=KMF9$pVDpygWCj0g4XCU=L9p+zm>@&*s>JHU+nf%eM8$cmS?(Pg|
zD~h?s#qrp3-F)WI(3;UaaKEMs+GWX{Dpp4V^Ag1AUDtntNs?T4n(;fOKKj1f6=*2#
zf4H>!SK0grMh<ap0+-!S(d?qxXuaL|sj<TGp7pYg)kpHku3&<)s6Ytx4QQ_Hgg*dH
zfkW44#vJ;HnUBN?i=HZPfWTbuU{~yT84Z9MVj9)2Tl%&@(WR|F_y;FTt3^;K4ed{H
zT^o<`d2Dn|H6A94_8PzOOkJgtegI6=bdhW%Q^`iD)c(k;id&gT^&=8`M?INMtDvtE
z69@hW#Iw@Qp7g50Heu<zn4y6s&e`jmyR$ai6TZG!a_eFfKiis}?r(b0xok7X==8wb
ze!E&KMcZibMP`|dDuYMYPD)|FeT_1}HEQ6X5?FQW`Za(#_J^93UD#z;_;Z3FV`bV!
zS3N9~f<()fMo-{mEl9L9)F7p6f-XWGLX(IpOR1O3Y8katYT<;GcA0nl@^ziJ|EJ}@
zemPf%yazjGpF+oE(CnDjTvk`tM#Kc%W^CTzfsDf0DK_0_^2hy}+>Dt~|Jj<zgk2%3
zC*saA7ZRR!S@MXY#P&BRo1b6OGr@C38{eV3jgzJ}dAzD-%UYW+E?9oB*I+w}^Nc;s
zb7BfrqTItLXJ*M8#!v=EIz0NEwY=IFc6(ovof63_@;9fD!d_;IWTv+hPCZZ5;!WHs
zG|IKEgWum58P{)JTO8rlWS;S|$9L0;fY2%{g+*;AVYVe8B&7fRERc#rti~WEYnJlm
zHTV9YnikqtIJvKIjhNUb&k4~h+Y?gmvSlJ$4=PK6O`8t--wJdWnGYm530)|yDv(uM
zUA|27pYy9(`q3(rfIa`M&;d;hgu1_kUuEDYUu~6z|57LStIo>V^Bz)Z%A!&Nf&K7d
zQ6#Wu3wW;Zip8FmTV&x8Lyr*QG+5oSUij&SOt_1iBB)S|+~TQbAPWA0b8Ox1rk^tU
zcwTf9DT~bkmZG?c-cG2WhF_vvjnm$C6SafZj(<W4Wqs^jsHLG=y!QQ*aab=sbK_d~
zQkb`j=2Rb{kWq`5&Z>kQ%|*WOxux<F&{R;-B(j&?J~}N330MMK#lLI1)2dhN&nA`D
zY1lNR@&Y24-oE*=yF+5&{l8~B7j#wJf4nqi^9!(mtI&1gPO)yy1|?V;$`jI)IWnVr
zaq4=$H|GB-q2l)&Ucgl3or>falz$1s2FyGMk|i1h(az%jpVJ$6k|k2j|ClD}*@prX
zn*!ouSBO?|jgA2V)DW5-4iM{bhlhzOk=fXU+BV#TWB|~#iOLp^=$^GpY_RKB0``GC
zPZzMIbR-4`urP?^U|~p-M*X~-5gt%EsMcYkB0>veZ`rqH1>7YdTVX>_tC4CQXsN${
zo$6pC4fr+Lo!Wt4372oOq=8LFenRj`LV(#3AeSt<1<Zb`u!E;G(`_~zzptZx(9P8a
zkK%9q--6-$t<?%?Q0j*dCm<0|(xX7%Vgqh?`a;G`OM5$HAVFny<$3(kyu_>doEdg&
z_3<6gk3Rp>qF?R%U2*sGv!@}%u`0?G_2xlOX;MbHs+1ZOpIM138~5#!mZ376Gc1KR
zcq>)U{Khw|$u#<Z5TO1+g})J?hy?%1?yz9;v3jiOIl}l|VCz;rAi9LDr7BS(5x_XS
z_WR)0r@_9mD4P3PLdT7w550|Ytjy?{_+V%lF`T3gx{<!;vL#-FVE{C#3u1f6<4<7l
zP~HB(?S(rJd|LhB1AzC+F}=4HE3S`ALd<4q7lUU2<G)l7Z2dGdWP;6&ggFWB3=ju0
zsonP3$z5tuyuE*=G8vqVP_+-D?9oZ+NMS~5Wy&(oLskx~xrzq_4+n}dE<k!r;++k)
z+Y)gtA2|Rfww*$nX<@%n2XLpVg5x`Cvy||Fto#7lM@wWQmyIN(Sa=1OTd>T-)pz5b
zw?nDr){&^a53Fl$BTKf_4ze$r(8jcdeC=$bTzE4+9P6i~QN1Ree7ZJ^l{^-PH{@SL
zDu7lZ`r)4YZt*KW>KJ13`~N%!DCdlFY|S6(C;vm%^Tm-+LJ8hGzJt1LBQk+6s=Gr7
zWaoj6@alte)mE9*ZVp+Rks<8s`q;?@P02y7S@{MIASuN<&Wo;Jckj45UwOB)M(Q4s
zz@@hOWtszDwh@Y}WIc*QnCoCH1V0Ps&pY3N{}cJGQM)^~fq{IejkA~OVVdHC8j{1y
zEh75Av<`y3L46X*4E()x(hI%@8axXK`e{n3MY6JN85x<&6=s}tdz4bS{Z?sZ?WgLT
z*-ynbE|Xq(ito)Wwo%TP|3oDuImi;?0+h(R`zTAhfKEeJoZs)%K7OLC$nGkwZM$-8
znoWf7jj+$o(~bD?<irDsBI{XSIA4M#(%%p&7E=Blh#ZI^>R<#Ol88Vco!&!;X%g7l
z&H?h53t6EOwD!h^&sQ^{kt2q`^GfbMgC;mmd<GPAxNXy2ft-9GkoMbMY;*XTgrH|#
z>B|N|#!2WDmHZ&>u^j$|&*c<WMz(!(UG}czQ20mb5DmEuPYklx>}2mQ)f$z#0wi)=
zt+_rGsrtruMSQH(Ga?J`pM)S#aPfO4+m(a#pu1p$na??hRa_WNb8^PPs0d(UO38P$
zvN{Q96}h`uiN*fVy02ef7@BQcX>I5SS_7cn`AKZ_L6H|>?M1c>U;kFmZJ-IQobd^L
zB7*Lh?X<dzIaf8us|47H*K3z8BE7v#E6X@1yTy@}+|<!gJSab(uaRok*&nKJda&z-
zUKcTltU8cp+y`dUM}x<R|AI_XneODT%F@J+F7n8L3}KF=xa>djlFY>iSyARz1Ct{j
zt(ETC2b#LG?6^(&?rBII*_YbXAnB1StUpn=>8C)>+dR|DSe$JO^GSj-+LGZqf2aS@
zWqrQ7saFn}x<aGM%3pKIPEsc;R~#SD%Os{55=k-R9SVXB&9)4TPy+`zTBKtSkT5eQ
zePM@3*YeT3w?h{ZK<A6D58|Nl^^%?7r-M{;uw!;S2g@lbhz*(z!LujapzcTR8s5#2
zatk1#m*B-|yaYfBRMD1;k`+2c#N3-@^Y6;jegR&90*XGkK5J-^-N2Fz<KqJg-2;}!
zZL2(g4qwb%9^8`chAIO+;<^2-zHl=nNr(ywXSB5$@{S2$;&5bLP@4yqE2d!27BpN5
zmXV>-38xy^OgjFq@C`DJh4XK$o8YQNxz9EOh%PfnE`pMb<i1q8Q2`sngz_>{4&U(c
zzesF?y^akJ&l{r6{V<zl%)so5=g-ymZ*U8rX!jnP6`Fo4lx5OWIMJT(4?}C-5dJk&
z{PRI^?i|O-pQX+!_Aj2C03lQ5Y|88~^%wD<F7x-9Qvn_E-6q^1GEjDr|HuaatNuW2
zNMZ~4hCLvy&+BLixN9Z339Kv9v+v)^L#Uo)%YD(Bc4*E0aQPzc{yPw$9voWmCZbHO
zbEG~wGJA7IvuGEYkB`#GjV&&RN(hqy5=q^?YoUUyT(Et!lY-M_M2H0AD=<|k=H(aL
z&CZ}Wai`6C$Tss&std1<dAQG6`H0TfUSMN(qyMXH9@3UCk3lf8+B*Is-|PM*<omx|
z;`85PS4vr(IPJv<4IGgq2o<hNO?t`bD@#i!z@;vd37E0g*r~9gYKM@~+-PLS=LxD=
z$AB$<Pn_+=AY?m4O3Ua*m>PXgJ4yOAz;*i;$0-?*M~ber?&MmT;z<osp7VzSxVnQF
zUNSd#1NE&9yD=5=9P4^-F@`n}%e3gBYXmy%3aeYyIsm)Es(|$B0U1_J6RH!@SVp(7
zDq6Z~(dbGjhz{YfJ9eVVOp>9Nc{r+_dW39Yv4D?&jHMcS70B`YCr{CaXL<cIGabyF
z(lY&4Ej*`M+H-R%&Rn7P#&|oDhQ!uCXvuMk1&TzV&8U2`N#k(7^Xk040k@QerXT%h
zFewbOQDw8)hdR}Qe^VR3sUhzDZ(0Bzgd%oISXNfe=pXxsUIhdpp=Yr)ta6<!*UG{*
zOto{_Mjms%Z9mJk8fi1cb$sGpaqX^HM*w>DHifXT5i^e0lLX!j@lE}dMb1jvl0yU{
zdYL@gm{Zg(Fad0&s@Tk<b76hOF0qHdWwLuGcr@65Wa4arG?ZQu&X~n^<mCY+I5(so
zGM-kGupvL@pETmb`+0-z%!0o@xR&eqdw%`^C#M5^4v8u6$EBF{;hw1%vP_BL{qSHz
z6`O$VJq2?d+v+f?5&ff3UnyR}pTCK7C@D1&RPxdxMjR!s&2mVJ7|HECAnWK^AG%S}
zfbRlhw4%?4#+|wDXN>>s<esVOQ>Y`_?*!#}aU1kWU9kk7O!&(Llk-~!Zgd6yL$?#>
zAoImY5$ms~gYBT2xtIosUFC`|KDf*B*wA_cCnp{r#+rbkYOQs!9YD;0IeN~_%#1OC
zI0=**nv>ergSimO;J17<x`pIjP7{VWViyQp_@KVs2!QMGbPMU;FCGLR=hY8~^a-4F
zkOUbXjEnp;*?@nCKSo4H`+E4#g30=F?w`@+xpIHws7%#9r001Nd{F5`@tm*f=HXEp
zmAT29d=luVHwj*_M6WEC`IfUVdLd9?MNKFn*iz>IM4!q3y#VnaBgZFZKIu*Dbb0J6
zJ&J2S$p7mBM<EWwEzUSnw_>E8AIsTBeD`0|-}1j_!HSAj-G;A{I^mX{2IL8>)XBAN
z>o6noOsHLw{~oTM34q57IH6yHDhcEa!J)w8$s(cGIq#IbiL3M5bkcZnvAJQSt{~{I
zx6u2c{EN65n$`NloYCz}zuI-jlVjgNm;*wX7!StbbTDX~eOP$}-N1yiWT>!)mKF$L
zTf{XhU#Qj)PU*h9Y){TN`*YVC4`G*r)-WLoE2|I99J@tZ7)|xjMdpT67hH6f4i%@h
zcg*?vA~7fNP;x6qfIqLu5QVfdXP<#w;mkOTjxdBc^>?Upc=rHFxE<uOh^PeZ<$_qk
zv}4rnhdYl05l-+U#DVh=2_QmO*<B{&o%PrqtLTs>el=nuifR-R;z=-rptB=gzd7e6
zT-c>5<M(5YSixLTk^2mNeY?LIz7BC6I)>%&9hes#UQAfJeL-ksZ@x^VFkHy~var&?
z@sz52V{z|7=4wD}8u(mNniIUN$ZgpUk-uGo;ml2>&<O-1#l+DxkH>U}GmQ&T@xWYg
zY@|#m(v?7FdOEO3fz(r428;ev{L<$V<hjRp+ng^zU=^y1fkiOV^&zau!3hp$FbA%=
zYN;{iL9h7bcfhoQiXLZi5JMx5PE}{0iv!vCF(W16It@?2QTI&n*z{<P9UK}7)hOKv
zWA5?8g)65|h$#^QNo_tzVXvOS7RZDiF<b_b89_FCxw&b2Nh|1OI`iVy#hB>U&nay;
zVUs55-qh^gu4>jsbBBE_sP=^X#WL@(amE9apk}}}QAc#W)S*N5&Sw?yS<e46eO=tl
z1vKDc0h;Q^C^k<%(|@Klj6U_pxX{e^Q*9<n2rkFEcpY;^FU12yRHr6u{M$J@@P5(_
z3PT0vvu)ff4F<UGH(f9FD0!xbdj3O?+<#o>|EYQI?;nhP`~&d8XE&6&c=DSKHe;DL
zN=rckc@Rpss+9S9`$E;A`*w7b!kv6~Fv`skJp;`kUXwn4naQ}nFG<TMCnNQ+YoeeK
zCbVooKd6&HPD9mB1h2h!JfdCb!H3GO9^<MUBFzg5ir@l$1mt9k+9MbzVS_u_rHWdQ
zkQSmmM^#OgM4Jd&2T>b?QbKp-OPsQ9RBe@3V#SQR>a}ep(IYR6>%w{>+B`TC_#2KZ
z8KpHe^7EkN%ap*?pwz8mLu5p*vC6bE>>Y1m?JR#{$7G7<YbU+>w|22yj`Cu@FRIx#
zV*03p0E=Mx^;~j<_76>#+Q13&Or$sX8t)I)2J8@y-i40rC`j2*j*d>@W_N$aSOKoh
zi~-y)<$7Lk|2mYZ?#uK55&TWh9T<(OXLM(vSrfMtZic2uS=m>RhT%;Bg;f0Z%X~m!
z)C_1>FIVghRg;I^7n^2j7)-upi9R)lv}+__3QsoQJMMzAU9}G9S)mySKn3`f-}F$V
zyx!MYF}O$_?MgVR2i5tABJKk)iF6uAPmrKI(EU-xMtfCu3R+t9b5VWc788u?nv>B3
z)-cxfAo}ObY{GgO<8%WZ92+)@u?M;YxWbMuEU4_$v~DGuT$&RgC)1Zh_Z^1CIn;9K
z0US%wzc3y>LpMrQGg?6gAI4Soj>+0`oa5Xz@-t!_x&wo3TwJpkk~qG6*Av10TrbwA
zONL~k1ISowfQwQO-5c%3f8k&)<a7Z-7u*XhfDp^rOyLBT1{RBTxNR_EAOWW+<GEr6
z;ib<MM%*Y(_%kmff8J)HG_*I`IHb=xXyrhdp0Mq!y{`??ZDAm4d-ZB<N+y~|9G;E5
zV1bR)hakm1Vit12ekfHn>RAhwB#0Sw&>S44f^<PQG^rr9BCo29`-3V)E>h<_eAR7@
zrluyn5vH0X^V<XIzjM&43x`bX4G|YE2FUgrB%+%H1~aBSALa88eUyt695Xx=+Yh(z
z1Em{M{tBSP;3FIY)B5PDIz~_)p_1Owv0oHfLe6r2eTX^jHVK1~0A4OE_Ru$($xh%U
zr+X8&4#_(Et!CBUzHc^a$c@3I%Z$N5Fn>}BP}(sI2BYW;O7l{{GXuj%uzF|rz64Wu
zeik4j=D$YX+Y48Y8HHdmVL|MZK|9_%%RS>G=%b<xN-xC3AN!xGpW;N3x!Q+*FJtGX
zdx?xj5j{yTW57hn<rs(~K5z+|V4fB9%(Ynfi!Zu!R;BQvN64Y&*m0TrGmp;pUQ0l5
zqIakB>yNMbh!7$DZcQzL6u&<Ae<OqV|LHTnv)jbKXw81pLaPs*gdOS4vFDV|euQN|
z8GSI^!=IiT6U`6*Xiolr3B3PI?)iWER$1FSAtC^WxEE@I^$+@B<amC6Xt1T>=5y1>
zaH7KgXiX<KsV9G9?fC+vb-+KXtYq>9PC~KOJ98^)@$<7E89<>7$xuGt3GKZdz%9t0
z=(d7~351^{LwB@;vl?;(t4Doz0(cAfdMJBM??H5!1I=ff)>xUI0c-f8_IpBTu>iJ<
zl9~^MZV5}p43?i$?sJ13fUhI_0Kp)$nyPj$ibIsTDp;+e_cw>{o?5i|BGR@@%JqOZ
zaaXolWE$>TeQ({|$@uQ2Y+$!S_c*p_f+kin7&#**FRu0#LQMS_fM^ss%GTViYS6Xo
z_6CG)9g|hE-x|g-paf1;p57gTJ&Gh2cMfSTbVaZ&NQ1cbaMc;$_TxFlset?m(2R2j
z-N3|#HObG*S@q?rb{dn0)&XcWc9s;K{x<3fcf<<riD6ZTq{T7EA-03E9(KTln8<Dl
z?^~5cP*z9{k*L{iq7Lxy>@C1{G%E;j_~5~dM(?$gp1>)ED7LGtFv@6$BqD$+u;v04
zWS3Ae2Sds$T+UtIX3B&z^ktgz;pkNB>Q7;6@s(a+k0*E6*-nBaK{UwmNfTyDV>3d*
z1ffs0&rb0$Myi|V`RFo8q9i518nv66QJf+$+GxY-p`j7f=^MvL5}Q&pvwGt1Eg2ox
z2sq(0pB!UpbyRMh=>$l72>68a9$xFpmdhzuUThS~7Olxs_7<u^0Mw(XI>#;^Pj|=>
zik6RF9LOt?lURK(t4*u!M@JPDc%B>+eM<2Ix3c>7#rRZWZv!3=Ep6Wv*~aNsVbn|!
zwn1FIyW-ryOz~eEy%pKGD$gp7p}Z*CC@Zr$MNS69b5e1k1Rx=d288jI$}1qpx4$fx
zTAfOBo{e^uua2JGJurp+;hM5+jU{i(_c6nCZMneMb?FA`;IgcUnE^?HOJChCLozL4
z>%x3L?9Y^z4R!jl52|Z6^<K680KJ8OqT7tnH$`KP)XTQZw?jr-cF|NWbDTLG{$J*c
zu?NPU#YU%AgtquorEv9`zLlKOaiX<^aFxz1@STqC&f?{pR`tFvBw_CW(5(?m65)iE
zvKx$C9V*doK}aA#X$*OHTq{KD&Qx^Aq+qm?ceYJ4Hq&CjrL!j9iD3*&$TFZvVdmaa
zi+_P_7he*JnzMUzi%4X(UC{1@FM#|38dc-~B%vh`UjV~Q*uq<|1E^j%${WT4ENjw`
zhVW|Y(l}v^3;rg_M4T}+;cj1OmojQ=NRG!Y@wZL~O@~hp@*!aZefv4RE#MOY0`CS)
zT3RT3>mtNMErZY~yV*avR?PDM6v!^};wH<9SM&23ONKvzTZrHsfz2;pE`|PUD=B$-
z+v*39Tez6w^dOn&#nKAzr3TA1<v9;aJ;xV&DU6?B<casnbxr4=7G8~=(1gK#!mxyZ
z3JZ<u(TO|;k|r>u*JhTdpy%?b?>@1)s-|8eO0jCB;7X1|3X?5X6ARJu(dQS)?4cp|
zXa%qaK8tX!%RYoU2pvWhqczcuUsf>p`>jx6VvX9HK{wp{%?Ojk_jQbXYIYQ)LWHSF
z21;~-oU!u`UtF6jF~D`3GQkmw8f8hLn*NEV(U&QCcU-1YtmEs^H)|yYmI0kw<Jkju
zvOPzdZP;Uz?bJ#=mVKCvoLuu*_~V*h5{ub)?Q*=YH`IjLu_q|a5_S4a3irEFu91O(
z_2hD1fXej6`mFYLQ=Gn**X>343INMJyEm(6o<DM6?%OqBO(;QGQF<JeN?awD2hkZm
z31HgC10e?kmFa_VM{AYPpBzo%tSGk>oO>F@F4-PZp4%uQ=D#_Ey=p~3)nXHoYWcJi
zNb11W3{`bI_v{e0`LLA!ZL19I{9h4igimj}b?e}Q#VeljJ13UTh>H!y+0tzP%3|Co
zD=n8Ux<yF)UpA(`sOHZ3bK0D&je83h4?F4Q+Zg!>lx<H4eY(D;(5}#Wp~j6%4$(V)
zC0SpTOgU(s_RH>D?HgMDl=`^T%qz{zWm{L{t#y*i{G@IaY#6z{N#Ym#Lp#pj{j_U5
znkT^wzvH6N+o*djqq-_Kb>g;XjAHNisJNZIADx4T7B3@L7xyam%GHc2)QoO1_7S>w
z{FzNerw4kC#bv@4T;O>n^``X12_{bOUH?GVcM1sg+FX$R$ENsj9LdMCR>0m1*5kY)
zIyJ}sBQiTi7PNHV>EiWPu3AeFXwSwVjCL2gL6}*>-6$ZCyibAKvoxGBGP8R59S@Hb
zo&9{R9cymFj-qp17Nm=08aXU%6;8A@G&MEFM%hw3qT5rjlG&nBXz;Mjx8G9kTKyf_
zhIM*T74~2tU5x&G`0!Z$VaAMyq5FI;+nr)=6rK6KFS~24XmWpds%~$PuE32JpLth0
z__Z~nuW?hId>LFi;nr^-mUPS$LZWm9ZA;znpSL}SyxA(xs|$x<mUoDRE&+wp%~Hm#
zZQi^Y#%FiLTLE>wzjP3|KWk8r#1y-={amNCn#Q%A(lRnQ6wKDs546+WvaUN+W09VV
zCty3^FJrcp#I*DJo<h%sr$V=@v-g5z>_P`{_W1>cr!KZzK0oI>L{ZdB3v1YdRDEdU
zn0$8tl}(L}k(QPgt<MRWZdu+>6AM-Q<XV`pY@EwAbhO)=@Y?Gsc7~7L&dyB>4v<ge
z-%-WkX{RK^kAoMQVjOlH`fdBlUk`I-Ulib3q@<>H0{74L;_fFH(pFK^&kr;wlJvV%
z9!tNETBM+9smF9>N}MFdubP|hrJnDmeI<GEntQ*10BUVdO6^cp5^YQhli>C*l!;hx
zf(3#+K|k<aV<VZ;PDYfQwDpybc9dO!VGz9a5EI<{7JjL$LU%bI045VHLG87DdNvVO
z&BI;?@8v$;nnI<DmyNhxRUYx!f_hYnZ7I2_dAW$P0{0Hi%z`}*-DYgkhs<kM?c7j!
z_66G$JfySIK~o8;ZsA3nMAZ(*0IjGWB_=1Me$evsSs5GNJ*aq5TUt=N_4AQ!XAc#>
z5BmNtr@v0$)y=J?`k>1hMRo8z!Xf1eh0WdLF|X^|+BnJXd9_`T4~j}i#2KZ6hkIrq
z`T{SV{Zd>G#p?5eugVT5<<>;Ctdv@=8C8+;{e=GL2XTWR8G|my#R{|#NAI!^ti*8j
zMd=2W+_f8WBsx68B{U<XMK|6%{%z%-A^a-SD~F2bia39`jZVLC&J#U!w*D|-5ly9N
z`mJT(cRZTzbK$}fas9HNna!e@X%4%hP75#NWtuZLUt%6W30AVv5B4js5?^f9sQ)(m
zL9Qjf#HN4*_dQod^4X!2=#R%4mdW0rv(Fu>L1Y^6IDPcV8IAfan>U;*&1kmQ=#K9R
zIUVLzi2Ux`5FA*jyQAg1Poe&dDn4HX0KG(UYx?X=b>O`0QB9_6p3^x!-JTjpMr>1Y
zQ`+YKTfvj<8vrud_daP(-@Hg?v&P7y&RsbZf2>1I`f)+x%wgv!oP4lnW&x|P7})XX
zosa#w-2M+<B{a8*q_FN3)6Lpx)Yo5ith~LwmouxAmU)rf=}8@J*&+M$zq~f(Z`1st
zm(pcf)MR5+qr2nro61Uc4W~f47c<=w{`bPn{F<GG5Iu$$_h08sitboY-**_v+?Jq2
zGM8Yt3icpF<eG;^)2EMcX8aR6$p;F^c|0`1;GK@wcJ}|;SJvtvIv!UP_#&u^^7-Q8
zx186Bo4;1kOvD$Xx2-vJ>1VgH`4jE!=K?+s#Qd!5JB(ebdmI~d`j7Jg0t@qVBtavu
z#No&?o(DFzj(B*;N0Xg4Hp}6}5VU0;ICyYgafey`BNT3BY}C*qVflh;&J_>Q*(_JE
z%)VoR+uL8x8fzjey6hidedWs89u2rneG7al6SqPrU(EmJq|t)LiCZ3P&WSncectZ<
zHYq?lS`!>kxnxFmw$(>Fi6M>5lY_ry9^Y{TaA}1@bo*Y1Z?gA}&xdB|j$G{Z(PQKd
z{S6O#*cQ4)(SzsHDhvyyUz(CGen_gkU%QzrudtAA+7KQ1dB~0Pa^1CPoI!9ocQ@o6
z*)}bz?MqCv_qmM&e(a$@+Hvvf)m1oUX4s{dXwA}2T8kEKy^vua<%fjW-s4C4p2)f?
zak>~sKsu2*+}Ei)w2tdlnWi2YK36aw=E(iD?cDw)EqR48IiSR=Vn5Ad51xmG{j-zb
z|1MnMkBaktFeDBhIB=b4&aG0P|M&*$qC8xxqiv^(i{}k$j92%L0-5=VvnW`fBL6r(
zac0aQFZv^K9NT#f!S#gasn-*<_(%^q5DwHYPOZ8{xLohxKbTAW@5jo2=F3kD)|nvS
z;H-ANJ?5uCb>a+rD32L9ZsLPUYDcn5Y1dT?$#9a2qe#|Qldcij;Bw*X9DjKcKcHMx
zM(M3>TUK}n=S=!+#olpit&)jkcx6m^m|lZ!V9OcLllgH;Z_yj`E1?q4_7x#Qo5#E(
zJ02f-e)fp)>Sk^h@~DfLxj+2-p-l>)UZgE~6H@+d=bGH+@aX6dV`DCqkXo19N9Xmq
z&^tMhLoVPAXGda!f`z7pq$h^6#Cw|KdT;dSy@;-L6})leSwne~6rHN_;|7eVX`1yn
zDHf9VkbH=WiEZDqVrOL4{9LBee!l^M-}5;)IEnM~Ip*mGZN3X8=+hsxAcE?+clbW1
zp({x%yT|txyVqF`;kja{>X<~2LxZV!IyFLHQ^~`PryU@L1=zXqt89|a5;~Rn^104_
z!x$XU_cW<@n^#aJTfvo`uN2e_t7_owUGhDOYi#a*xO69DclGZYX`xop6q0=OIHg^}
zw&t5=z>WrQHL;!L7OOE$h#ix6x=nML>H{H4mazk+Cx9NEEA!sjbu(ppWp7H%tx)yd
zw_u+KdNG2hp|p5Z33f0JVM!^}H2K3zKd(5}$WXaDdnw$gxT!mY<i)87*QHlkvXaEt
zu;m+?duCp7)ApM8jAq1<Pq-@3#9dq3sfzM6k$%am8dVPZJ3Sk%XSBS}W8koQv7qr<
zyJVs8>ff-<eRGz>zwv@i>y9vnq241s)`BB>CW~ITaaCkxt*wt^f<XR$u|qHLoO0}`
z{h{w52RG5DWoPdWST7mA46v>GAwI)THL)rWA%({~A!}!3A!#wca%CmrjoaO$N`9Cd
zNjj3PN9a_B3w~}6p*YaRaR_`YBKGXrV|V9|)%Sh@1^?Ve0NU@1lR#%%&GJmh>+YZT
zGYF53O>55C9JuuqaLbi}Cj}QsO4Y#p2uDdR;lq)YNZk0cMdYpuzQ2snmtSKQ#fHAE
zv&Cq+2wau112TN)J?ed3P~c-$NN%=YkD~yB%gjh5sn#@9Jw(nYnn*+)4i32fmfd3q
z85i<f>pV_RPeQBs#$^HmLL}zAH)kbep+(xbc{5DRuXhaPh@L{~gorcDo7uZ|2@;er
z2DTy#rROnoSRO!YJBu=xY(YxWIaOU<-KdfI<%$3G5oM^qgC@T{F{L>7NVjqOC9g#*
z!Oq5`+IEI@7ZV$YKZFNic29mv$yU&--+7%ge(cF9n!OxN1f{4r`a8Z44rV*#3zTP`
z?DubpbaOQrMiUoKHFy#W2U$oQ?SE~>C1reFBLkzaQ_8VOx10@;!5@}Sh9Z3D#$^>p
zkpwT3f$93AX{Fej&C0RLz5*~&S@>G;_`On1`ynf5%iSRdx0r1?Kd^!CutrFr%Z|s_
z;c5H(t4LqYd-SACD{WkM$=rOw^=p0x*fBl_1$BJCS_!n!Az*QpX9776JLf|PxRB<;
zBk<ehM7e8K@=Ue(uerWvX0glon2n8ij@{$18imR4x1hR(_F+o2$D_QNJ7cdVpPm-}
zGQnHkty9=hR#s+t429Ekn~2sNPh+Vg95(wH%}DCyndN@{IKboyQ*8CU!#+-TpY6aI
z$JNCKq5?m9J|~_3A^-H=k;HRulY3ruTM^PDUDwUeO}$dFi@4+``B%DTQ`te>mtLBI
z2ABs=HeX|XO>kV#jiLvV@^@4uN0d3vKPtiYZ^>_Q8@<qAyAE2e9v*b{ymoh}DNBr#
z!N@bZ41FbDEq_I2KYjZ2fTAv?a6`I5O6UDngS*f8_?8K)9{*hjN7XIB>G4t>Loer#
zJDWLvX7C@Pu-pFZGT4N9v_CXCX&8C%w@0alJ03qOD?kd1KzRSdjvteX5cS@Nu8q|t
z)n&5budVtqqnntQhMp5R8o2$sb`o(Qji)0zw{?etLNIq48gv<!dX`!aFH?UA$JWGY
zCw<&5D+2e*@fN#?9(hjHOSU`_<MJ;YFvv7T$d1>3+}rZ;y;c778rLUz`r3s<RsWcp
zyW6T>`Mdq7d-!WqW%oXTKnyS8zZ1iQwN3Xy$cMXEnjIGSfG!wwa3MNwpG68-uF|wp
z>LPs{5J=WKrMEB@YB9cugl4zNh=-T`j;6=i2mqlL-TVqih;?>e%&X*3vT?39Su0n;
z=5Rr4*k;Yib6Pv!md$KAwNfdrC+`4$NF480;!Zf=?>f0-6;yCo&Bu_<uPYAg-7i49
zBD*ZMMnBV3c=cng>=zmEG==BS1Zl<B5m~@umID1%zV)tc<E<waAZ<OnKNQnSEFc0<
z_LfWQVkf?`$0HIhBKOt}Kb=_b9Pzv8dg9zhI?f^YdaW~BgEn*Lf_845oo;nXU8=3y
zOjowU%3g~Nxw}{YCMUHkRIQo1r&_Dh6I}&44*KsOna8>1S0^-DPoX8iGfL63?!YO)
zr$nqvmwDsRz0*-#W{n$;TZNsou+yLR(srzFoay=i&0Q?td!?2AxjoO9ZI9MuR+7Ra
zB3f$KL~h{Oe!G`s>L&||2QGSd$}<$?f}U<;-|?8z@iv8Kk0{EF529)U$him>{e0OB
z4q8BtX(gFPQ!0{rH3yE3eZ;`QU664tR|o^jmp!CE`ud6dhU2XZY=;wLn259k`&5Nj
z<NdQIqFX)<SY2rNSO{0<1E6+3&GLA>?jgVmXT?*;EyMivSa7b!DF|)uSWDp%j-g?$
z;h{Lwx#Uw!z3(NNSk3P7iyE-o<*4m={3_h*+13s!$JQ;Tw*AxRFSe)$Rup5;!Onxj
z;3{Ocy??2kf7G(QC<YxS*oew<Lije)@8LKQWT5t&t5JEmxVae>t=ouLp<Jo8104Pe
zZ-cg{NP@BC9`PXMR+wTbPUK4*eE71RrFrwbU#=WE;&PRIP`KxcfXS)Ij!yu1PGKWi
z9{TEd^qt_U0(pIIK4L7ZbUV&+0HAg9H9VE+R0Zj5$0)SewVwy9C$$`|(V=~S!KAc)
zVpyF$5pu@XM=(-79-OIUoU8Gcd8PEp@#X~9pAJQrB~$qeH#JRX|1O3(78Q;{Wu$o7
zME&4z8f-o{T5cmAah@1061}P*g;9wGj*!Z8^D=<y9pFleC%bmKG+zFpMtl)hA4Ha%
zEKQ`x^6T#}O<4_<igAS(JHS>K0qEKSD)TDNM$}6TxVv>FatlP3?B!mf>+^@6x1BO9
zoQ8d0_GrM}SFZTQ$y3LP19%JGe<6;e{&*~ZDtp^1CB^=kbR8L|!Qeu#Np$(2%5qQd
z{rl(3a9;P_yNdtz>;L*MKR2cb`Xkq_YLVi+xE$kII_%le%y0B$^^ZDzC#8;l;gzeD
zvQU24mh^pD^RTl;!t2WL8}n4nC7e%1nL=MiQ~iepR<Dx!Enp#WU;iI3G+7mjhnp~^
zIb2YMGaf>;kLTOqYK8~B8}#<vx_j5?g4QfAlFM~XNlE!w1HbR}4`>HYj6IVbua=s&
z=^{^0cbN<RY}4`)Qzy<wu^l(LvTHtN$fs8U2Q|&(!|6gvACg`yzA@f&>gUv3w-S|I
z%H!3v^$EE0ttY(2bJ4@O8*ASZUF#jZ_K9yp@IQP9i;(>)WnEYK-n6!Efq$5(&&UZr
z)-ii@PlhlgOmeTMri$^sAx>`R=_IiQWv}oNz4?lRFg}{cN2e~}3)-r*|KXmxE0D{1
zF53g0!%2`Ta{Ri5TNU%K0X}?W<D=s><2M{x{Dr-kHPWG?VEfZ_CZ%w4m1FzV9=<QE
zw*OJt*$1<I$8kL6#?E7R?Ru;Pv(c56cGH~bVjFIo*3-5YSI_2YD=8Hfkx*`_hm~!v
zr(+W3JhWX=Bav!^i>m3VcuHsqnTKSF5H#{6$v!{-?~mQ(-~8@=`F_3+`F!8+_e;0d
zoxBwjAgHMp6`jR5H!Zz^+Sh)un7`5z%96t{j4sUzy_Gt8kc~(#sLC%)J%F-8Qd?kG
z5+)w;W5Zz=KD>{ufkK8VhF5y0zP>((4PC}DR2o2u!NZi(4=UuNAcwm*uhMF<v;ye|
zEFs7@vNby?tQY|yH#gTAUA+QM6SXYfc(OLO@9H6hd%J+h@EGC~CLWJECel8+(%ao#
z0>0ldC4<5E&Pxa&Pb=|zCJ&(7DT2FjYUa$f{3yM^NGZp}VblBf#T-smB#mSd&sLrr
zD3B3h9FI{9I$4g!sZ;ORY3@^~<nOBURFo$=p*UwADY|FRu&ay`7{r}}S8mu(8~62v
z|7wjJtYr&S99el0qQ8?NxydZ7<fY~G<fIF!f(9X2^OsFgU~V3S=mpCJzY||G5l}Q3
z`=YNc&}is@YCg2_ugdsrjbB}>2(EW_@|y(dWU?dhm#LX>S1#9(K}tg{4&L~N06$84
zU8=+$4o8r`;I*2Ty?Gxp%a&PUS`EG0!8eK6VOw9%G-OCJ&X9Dyu2fbe?xFSCan;V&
zT65S~Tw4u0Oyot!dy(|ax79soxeSi3+}7WyC#35*Zk!_ciXtPET6_yiGlY~C6@GY#
z2fH8yF(^R)Z_<ZZaED|b)L>o$qQ`lTz6ZPj(7J$Z&JpDeq^&v5Vpjuk?vYS|?pi$W
zHYFN?p#(nrTHgz>$t%ENaXHKKitX)Fo}LK^0-}%z<q6Yj#>yRMAtZN7?Gk=-@9)pn
zR~9YT$My>D7OvQw)W&kVoMC2l-7NKhxtExgWdrpx1eKnx*AjgF|AA;X^~Rs1fYS(#
zaDCkkU9_L=fX#h#Fpmdik>uO<*M--=mJ`O=sd-o|HvCkr^-{Se`Vs&Zq<d~4=Ud8Y
zU@%Cv7py-;&Q_IA5u`n!K8L*1<Pi$_rhfF{LXUOFK0fv-rXO9)Eif=U9>3iBr47y1
z86!y_>cg0L6{SJGNNg%ElickQQ<1=fq&u!X0|QlH>~CytHZ4Bg7jEi-l1Qb{Nj!#l
z`0c*;gJfhG#%5OdF5%8(Iq?1jov&=cBa}OO_^0R=Ig|pAu;`6}T)O9t5%2Gq&EW)y
zKCoj-?@e53DOIoZa#qYano1GLrwqF@lZ;}J`i6&<1r*g0dLo72zjbk2i}%QfF>RMz
z_qF;mFwkc&W?~jZ^JQ?w!u1xyrQ+oDbSYFJ_e{vN)o#@=F98Dm6X~#&1drop{guvO
z_gESn8>>h(W+9?6Y9<*MAEIz~07fg4(kiQ)e$bkok`iQ7ipCX2ncb2ezcI)bLI?^K
z*3+3)I`+CO@%70024vAl$5X!DHFH8eLC+{c4Igdz=?-D{imY+t<VmBl`tf$Bk>%q4
zM<uzAvo&Y*k>CxLk!`>}v27=V>{KHKPFYk;40sUT&%N3P7|P%C1MLJFaowIPeo<t!
z6Hq2gOU=<gL{vy9a(MK8<DNsO%Ucmgpp~-8PCRI(nA`ua-U&_T+SJ1&8`k`J8Yd?v
z);^c6#=zEC*OoDKTT>l2#r<p_kAt2}_sGHX|Eopw^Y1(%pHBr=-=)?cVbz!1;Pd%;
oUVU1FinBD<a~Rn*jvAbXJzFN+y5@pG?tuC#C^WF+^MsOr0XCpY{Qv*}

literal 44552
zcmcG$2UJvRlP=uK5m1yMS)v%=NCwFW27-!!fMfy5lA4^OB9cKw0YN|;0m+h~iIS59
zk=Qg*Bs5KwoNl$>_szO%*3A4f_x|@R&k}a;z57j7_0&^O8TwE~@!XjUXAlU)xqElz
z)Dei2CI|$P4=FKR**|QlguhNZ+|_kPAjq2t|DSlvP0j=tNnGwJ%acrzoH{Rcs`W0%
z**}-$bzE+_x;(XaLS*H4-GxhMUEq?OxwEO0m4l0wJrY5E`r;+Heui-Uj=h7Yla=LD
z7ep>amn2*z|8v#J+?a4HyNi{bIYMNc;xv46n(&E+y@iXrv6DH%z~Pv1JK3L?TREHB
z8pEwli1PZ9Xt+#DxU6mLgtS6hBI=ob1;aIxe?0H%WNMDsJPySD>$W@gc6R1S7sOUq
zTpe5^CfxSO%Ei_k@p<_>Cj!BaxF>h(k;nTbtp7u1Z4>^z0^U4<vg@Q5i4<nO=y=!_
zvsTmhjB-Z~M`S*Cn=Kc-W6l4`L06MnBYWVIx#*`Xv()>vE3*rBWfr%e=Y&jObEyov
zKX%iH$QEDhmi{=72idN5RnCIOwxHMg@5on^r!OjOar~?}IAWixsLGrp5x5h$<Cpy?
z{oRr4o=eYf_ihR77|EnFW%{so?K<tjqIO*onn9^$UEh*7o<(PWmJ{{1bgljw(azxt
zNiH7=6%|z<+PQAv6gvk8hh70gQwaRW)4;AECnsk{MJxzcIl=`(;5I7V7q=qd!#0ky
zCh(ygoiXJl_^^mHkO4l7k^he$wS6$xq3TxqY+Gf!C3((#mVa$WxF@rif$)YLb-lph
zws-!wf8Ei4xbssOy)Bzk6S_LgwbXp&tTEhBf=uTPNnY|Ha!ws<*`U=NE<YB*mTa*N
z5+VGCs$>n4I0=K^{4T2SpyVavo#E!~2~!)wXsEu^G|AcMEG$oiCvNrlCL@L~lo{5n
zW%AEN%KDBhnl!m?S=vu+Y8%$WBgJSgIXRbTB_&FIyFBB9y7iNW{<Ek0t)@{*gfV<q
zXKm7Qwn<<}QW*5a7pP2@)=3(>3c^Zg1-&6D92mTCReE=c^+l_KW6?$=?Sv>{HQv1$
z7s;y8_};cSD6mEv3A0xSk`uN+Sm>;f5V>en=XXHAen?`cueMEZhxUwIsX6K(+ZpWK
z9NxsQB<34oSQ2-8=?+FF4*x=|&aBkD_>Qg1<er&0{$~8ZV7Juvp7pWu4L_#JpaShj
zQ*)fP!x>xT1K}%m!PL)WTgwgeTkGC0zuiY+<J=4?qh(%F9B;A=hb#T`D>?qcI#sA9
zQLy&TzHsZ7t^RPFK6~d8;Tsw_Q@^tL)#+*z<K0TkDfeZMruKI--0P73)Hec`2}=bV
zz#y@qny~*<w06_!MvJVEk#_v(`c=J&=(_Fmzho-y^rB(CWZuJuY4iJks#0kdLZ!4!
z${tZXs@sxWCu0*!=1k``3Ds*vOv+96%qH;S>yG!MYlEmZU9N>w&r;M)M05q0U0y;R
ztZf_KUQUai+MKDY$F=%D<4nZ{viYxELDbLmNEeWuqo44n5X-zO;ENCQSy}2CCmbP@
zmtP3C5H_RIZ^n7>wWG83$zvz9cK*z6*tKeRG`*$&RvfZ6HT7xZ5O?-Z9|VfHGyK)o
z-kMPxwNh7_L7nL1X3U=@+(@+hC9|i~b?7mpYSi+(l-p^1DEjzh|4_c%TgT;C4EnH?
zK7Nudn)RNJ>Pqr*GaIw?3%G&f*V^3{TtRgJY!_#F>PA~y&QS&t2gm&y7OB*R&9%Z8
zx+ZcrB2$^kCU0Q|6E2>;YfKp~Cc4y8%I&c}azpLd2``Tbh%_2~5pSsZa54L?rlZMT
zhP!NoX`0$IdGV25Vj;FsluhAo<BFIm3`2asxZJFbrZc+cm=$aWy?u086GZ091LiV#
ziXLC~`YoIygPiW#!vbS{<O%rHX#SUXE$Tk~&DsTQbdm-&TIyuvzBd?yF=19Eb@s<L
zZ9Y%KmqsH?DNJgb6XVi#_T34#^6ST6N0XBmvHSiGs}CPBo|xa-cCXnN+-}Fea2J)?
zT}m-`4>~@aV18LsA-7F5<F33I6B4rQo1TBB`gituv4~L0I3u0+UuJpC4Pp!706ZBg
zuVWgxaPds#>x&QGm>)E5uWeA<W$<2xlk)-wmf@~GzSk3%W><NN;ds?|X>ZHjaqVz>
zbu;YR!M=Chs}*IVDw7L$PkB3@_VYuXt6Rc7cG}j0Q-B)p^!+VJu#)APyvkGPp{m+L
zgM$M(CgkHP4x%tegBiBk=t@;&(%{#nZ^!)0GSWv~8(;<jU^+vt_YxW5+iW{|L(bfv
z-W=XvY351$fTa-D#jr+6@ak%4`>|}izgyzV!GYcm=~|C9Jpm?VNMA-r-4H-?s?fu<
z(d2Je&0L)wp*`56nbryK(|Fn3R_)a2+KQ`ZC`ap^;Y<=nG`80>7(=jF7)mQka0dR!
z`|vIOd1TL-(3YFc7!th4mmwq1i`HF3dM^A+L{wDiQMwHJwxmSrG))TK2h;&UgRkq3
zlN!-hEyyg~4E>t@v5$IL?i-)Oq`1F?1XsPC2Su^_NyTLgE#B`uw}Ms(76%UM+z7Ak
zLDz=IiVJ_sxIYEvY~I7d>Md=~pEuWvWxbWkdPC7vGAT8TrMV2(^F>@|hty^YAxerP
zYUgDl#SE|6U>Y-UMqM(9`qV?LssrI@%yEu7sP&_-(8%nbl{px4M-5sH*1Wsl;#(Cn
z=^^_R6E>lMOi$+l*WhN=I6QGQ8SUV_zKFWb@anms2}<NFg7A>bam0yfvpJ@x$5U)G
zHT^YCDgFml$0UC|ri`CsrM&JNgNY-)6dyO$N0gK^Un34{N1u&E%Wg=6Nj#4cK7PR>
zuiCa<HcR*9XP0a<J{!Gr<c)R>r~Gm#+xmvFv3(@9CcR4HCU~zhzTZc1Qd_=dotEBj
zaCh0LaYt)!@4+<8JR;;HNQB81=nH1>jf5w-<4K=exEA3s6U}8~Cp|B{SdCVU{)89g
z?5SO4>GE~b-)4w4I+|mtDGXVA(!$2boU1A)2Zvr7cO)x7TN}Y|*P-LG(q5$Bw1xNo
z_B+}uxK+V5I-6k1<5Jjgf~m{yj2{Q7YoE%GHfpMpJvORXUFLV-SS6~?J>XhSK9zM9
z%@xUexq$6h{zv~#BsQNzz-rq-`Xq;;QaAWQ{uO3g@WwS~S^RenEk>{;JT9>WbNpOr
zgc?w;Vs+I1GzbA<=-bB6V(-^ziOHU$WzHfSwJKYo{Z+6yv=u+MKcll$!QsGZ>=9o^
zgc2b@cS=2wzk3Mr2;FLuz`Iej9-p!QKu!*a3GupcEV*;cF=Y56DONkJCE|+H#4{oi
znPWf`>RRl5%IPc`&b|j6qy9Ush=Ajr-^d>xOnts@yUA8-<fQkx$18;J&P{O}!^9A|
zg)Et=%iai@{Ow;<I})gWj89damX)aq2j};MpYN83?W3X6QdoNV{2EfQ+SJ8qN{FrL
z?{(+z|LUVt`1_nmi>&Eo*4}HxsqyG*4<VFh7~ATPM|~m*p@tiEuNZa?nKbI$4@@W%
zc|fDCbhb^5%+!5uPF<G<z8&>ODP!MJ(3r>k)&tB1(QQXL`iA?pN6Lu$CoA;snT(CY
zrJZ%JRYx;-7LQQ8Q_iid{=at3k9FDL+3!_e3xS_n0zw70Fl~7isxR;AQc~v`OR*Tm
zUtCJprqxX#_$?-h%>Dk`qXMGa?RE$86TX6)%@^U}`<1@?MoM1nepxvuVcA0~RA1a}
zCo+(?(E<1M;pn&j$(uh?d9(fSuJ1_?5VEp;Fa0I3;bV$yjo4j@-PK1k6LOc~HRz%A
z%ORnIUkDE5028wt6g^`;tH`i~Z`ui7=?sqhH5$IEyyEv#0PfXuS3hF@gXQk4bfjJ)
zfIGSN{}z7xchGNpqS_U+C`8zYJf&@W47&MWzc8Jclu{LpfDfqhu18V*H=yCad-eYW
zRsO$zbWomh!$bNZP4l9Oj)JD9c(RI%t83o8Ta6*VG;2>7Qo}(qd3D#vY9eX~XApyL
zO5+MM->hbqNu@9>7+N&BYhYjicRbV_SVZOOwMd?y;0>)cYIgFg^S=^yuOuT^hf?2~
zVbw!gkl&?{uk4^VGrni8SlXv|aeC8h=tne*yqcCKX?6V0;gQI0V?f(Arv91}@@fL&
z;uSw<$;im4&IF;x>7RAmj;^i>AU<SeS+!%*hb=5DUL_|dJJiB|v|N#uPXwNhlntfb
zy=>x2MQ85iHM+<#M*Wyi`-i2Slar8j?dYi9kHNwGM};ASZ%WET&XJR&GBSuGBO{gc
zYEh_@2$bIUm%+it#Ul?g;o?_hIlq-R;oxvz!Sk9-4}Di}<s29sM5U*nYHVyo8$B{L
zHRa;wZd_e;_)+2@ezqLLQp#tFd#{@lI)sxKXBJJ)%*i3+<>h^9XV*N{7;MfR&^UEd
zQBiU1kh0Udw5+UQ)+yZ=TgZS*D=btSOv}!G`t<2dQ`1YM7z|aY-0C-bKkB-JS^g6|
zKMMO7UVO7?tgjDP*z=WPgNeKFnzrl>Ap3KDU@V_=a$@&6qk{Vvetgr{&`7g6vFRZV
zL%YLH`D%qRUXaxv?^1<j9Y9&;S{6HZJwVN*<>69NSaoGB%muhD9UUDTghEWGoGN><
z*mH>WVa85NY4-!ay2lE=e)-Ksfq{XrxoWdp9@1z!;h91q<iyf@fw+r(k|qNz9|~mG
z{AVgZ@H*%AJV9+VS4^~c4X8wKOME{+7Z&GMvljJsa?>j&IXUw6>+{%ZiwQ=HRP9Td
z{eMRXyQRt<mXwv943KUuZ5`ZUG1H<jIZR7SD<WyKm6<`0A<LIHR7>>oLci|0Rk6To
zua{<LlLj{uW@c>s5t&Hpqp7Khb`7C;D!?EozyM1We&G^Fi%5tkGkNfWPVmc@#Mi~d
zE-{=%6&6x`e8@HBQ3A7uuUs7T-C3QYH7JkknQNS!{O~vf4g&0y8qr$}24n82r>94G
zme{x)Gvy!-Kg6OvNKv(=m<I}~s?m>$b#@x^va<T}GOMbjmf3AG`%jl+@^UWSiZJ@2
z5-rDpc66A&U4UI49!^;1pe;CPXHJcaqkE*SO&CaNDJ{IydhBig!W&n%v&3qTAHR1Q
z@)u`rnV<iRWV^vi0lPmFhyU3g>x33Rn${T{9PH?c{VZ$8?kJhe#l!Qa^8)|RDF+>Q
z9~N@OM^80rPGPawB621sraml|R~9!td|gzuW3ve-NslSS;L#iR@BU_d@XKcnHt$gM
zrJHF@f-f7RtE=nBj~{QjlUonj<Z>3KT8Oc~xP1{@`J^0^7F7ku_wxBZ7O9y+!3zuw
z0T}$tZx*qg&3m_=9+02kd~)#hF9duk*WZ7K>P~RH2wmVfpvpUC!x2*Xm=AkurR$yW
zml4~~d3o~p?u8-~=ZmiU?cm+2mWTRkefKHJgJ<dAptwR{ox<-bDw1%-+<iouos|`X
zE6B?W!Xi~YGBu5iQu80c5aA}Z&U9z&ZEbD(+aF&oqlSO{_^S#VwYBAjtu{9|KdnFb
znwC7+6=!X2eP0}T`FyBc<R;l)C(+x9iHT2&M;v~2G4{JA1UcK01y8I*OUf=TE>fNe
zGGi$#FK?W3m@i9OVyG~Sj>h2QHsSP7I*9-DP<%4gU|u}pVoveb$?(OOLwq>5DzL_f
z+S;5GIiEj=TuTzP)rMbaZ-OB%xm6*PN=r-CS~c{eQ9RSanc3OQ;~x$mi!+n|{{0)V
zGc8<jBmR6TM{Df7aKgNgnkH?`T{-d`1YK0DPUeWCt+n-SapowDbMN>#IpGk=78(|N
z!4hv(iX!XK=nHT+a$;rs5;J*PWu<PnhQ5B13%3J@#l)@phDw+r$}fOH)*D%_FDBz*
zYx`h(reoHrP$Xh7LWHWxZDsu2WH|p^U!NKc9o=F^DF3U%LO}`T&SBqT(^hh<%?yby
zY?NA{YO`pN8F4<5(ZOps$>bt$V;>)%=0V;BgNmjyf~#41`}XaX(nGUh{MHLzZ3T;u
zdf>^OQZL1XEU+6RoMcT)&tD+oKzNczMn@+Z>Xh!ki7<<bF3fj!a&jqXZEaPKRunRb
zwJ`tI*-3=JdVav#^Ez@CfdS-kghrWi(cEX4jx-nQ=5Ht!te*Y(vyJadQBl!ny4SOW
zlj~Aj@tAMewk#n}(V|r?cV%%PC!-UB(?!_q(%)o-i>GzOWg}YqcUY`^Zb(X=0Y6uo
znzbhrvdMC}1BIVO1Q7g=jpOo}=H}*mo2-<13RY~F;?7Km+qt;V)Hl#q&ks6PKK_Ei
zi~H_fx3;lSuDcvddnV{XQnSXbh-Atcfvy&>+@EN|Y-=+%t_IiE%6QZm>Wa>Yr<(2h
z$as>6%u-|dz?98jAyBQ2F7ED%k$HkbWIOG5XA8v)1GJtyGQS;3DA$RQ^@!6a=5;KN
zsz@j=DY?vCo^UO+JO0_T6T5d#gs^U3ZRzLLs$LOQW6OHI6kVTw-`tbvS-?^vetB8N
z+LpJ^y720A284uwQHhV0e<>Y3ee3%&hK0S=y+c2VL6g#4?<;&-7II>5cE0~bx1B(x
zsc9bHVqzam?|Ql6gJ?uESrBSgvBZr>Av@YPSF6rNjmBJe?tU&^O7s0k{-dpzAm)2W
zr<9~jv>${}VzzgEget;>_*~g5v$F+zzCMz@-83wjVx7fT@L6^3&eypO!HB-ZFIUl5
zpYfyFR8nPF2F&;}Hh=$45Y6Ol%-xmIyvoU$=6Be9p{L|Lj&8H`2WLp;bbJv5=CYnd
z?3JjPGS~YqELW9Y+)`5w?YP*@iTB_w#LAhbt9vfliRwR!kJPPHxAO9m%s#Nd2-{%q
zTKJf9w0tCKe+tLk!;h)Tm)^8+&JG-it!PrNSaE*2oLm47j~7WsGS_~jwW&~$mXMIh
znA=+D&!px{dXSU1LoOthKQl9P&%Hc}%5>!WrmxBy>o^iYd9~NpD0(9~h!2Z*u4M!@
zPF?X2fQ4TWk9{QVi`hv}%eHPnesRgyKYLR&>YX~xl`Jwt6_xJSwLc?VnaG3FTKq1X
zxZS$%68uzKJAV13xvfNAe!eJ+5$eVkvYZKmCwlK*i2-|QtKr$#L*!;#0Hb^pvMU%B
zUL@w{^YvF<FD@=lYY5WyjBMqga_oOz$o*qwyK|E(3`J&8h#c<g=<HNld`To6+D)&i
z>AKJ3#}%@s3EnZoz3J*+zMvFIb8WbnP}JAoyFL&c!;y^V^OQz~b`SmfNuDy{hYK$m
zQ_@Y`YMHrKRz5s<d&a#}y@4}ElV>IIaTj$y3pojR)`fsRkN(%@%!+?qKF<B@0ahR=
zEgb<-Yqz<7bTsj`pox+}IYWWD51qP@QNXjCHwXJo(0LK2t8tPF55^P<So}?^xx3oL
zGZZnrSuCcXk`=ub;~4@`d6sKq1s<@ak)|I5f;Rf`Zkc(Sxmj7K2~oaUH0j%KL1LH*
z;GW(ain(QFbU{Hu>%PW?(RB0k^8r0`{dtWZ<5oD~cg{ud5T|NN#4dB8$7>0r2-Er!
zg9W~Lr4*u;o;%XdZX*2ZjNJJ~Y(;n9;o(v6_Sxa-ZsAOI6nHmp_2@5za0J1dM=^H>
zJ2XVUc?Zx1f0mM`g@r;nYZO&l>Cajs5^|rTUrF|Q2IP=Ipj=zm^Y0OU*bMtWpn?Bi
z1NQ%ze9pZ~X@f*6uv3P39ru2`^H5VH4}-L^Y5aI6_(A68_BI3&i98H}L=H2Te?FWn
z<t`vB99y*6Oy<zy0AV-!l42AB@kle0v4cR1Yw3*!>R4KGo;h;{fOceecejgu6kLD$
z4WP}ri0J6Fk`fw(fRNC6XBkb+J`9H2NLy3$>#Wnq;$mtI4UL3%@4gaINC!x{FF*0~
zW38#FVPIgW2Pix%ba;5kaN)v91XmbGxs-@VkU^DO`zCkTa}<hW81H7lI66A&u)A)K
zxT&QThr|+4cvjpXdq(!P<*~}Zj*k0?`by`y582lU@V**e?8N*oI~(5qYQvz;&wyC?
z$w!;@W_qItz3AcYwziP7YA9NjuKg{HeP@2h(UD)JEllgzuU}?_FX|l`2|e83&irtd
zFlkh}NJz4*KkKPer`BC>-8#{oD$7RuL5^LWrrG7j?(S~J6z^Mriw=i-t_F<j8yo#-
zWkSL^@%=*6)vH$pWMvD;#26VFGdA*H=GTA!u3i=Z8Dd}9J<Jo|z7AT_zg&(>`d`2d
zy1Kg+YS=mn>%%05Oi;np`bxp%OeMd~IvM-<jl1X}k$f_H^J$;TfMSt*bH>Vss>)*x
zm9MYP#l=<M98RA$&d<-^+S~hz*)}ybm903(2~%bVtNK0i6r?@$<9_>g*eAYuxw$<3
zU-$O6R}|SPd+my=s~<;65wg|$rTgT};;Xw!_O({75`?J_vK)mHKKZ{Yfc(3YZ?&H`
z0j|{`=PF^9T$#yRQStZmDTxSS*>?EL#pEPHA*N_do$14{$UT_oe^!Lqh9Uy?U&;4&
z>J9I~fBVJK(o)}mK(L@(7mi3+J?j7MlZi^_)<vODZ?m%@gPC7k43kP7!Ugrr>3>v@
ziD{j=w<w-Y0GHCNs-xvlW2s|P$#j-4E2U|Fzx{71tqU5(#jTYpC%2ur&+4}`)svZ#
zp<X-vkc(!ceGl$>YGoBufJKU(e0H;=^QKK8iYp-{ML|)qHO#gE5<om259jjkE}B;U
zM1ZEZjJGr^BqfcrPQ0EhkUw9!a^)$YSL1eA{<4Q$C7)y+U5@h&s=hybKP*Q|MjW`#
zmS^AJ-{02WUWg`Ck+_$S4h{}zv6BNi+K{2Ru7nN}74uz+ZcW4GJ4q(5r+OH5r6pet
z$-l>2FvLAajTJI1pa<{R4LSQlSy#s=uCRP>#VWtP+a{OMx$jjnk*TKmU`NJ+Au_nX
zb82JP1tXNxsk48{&}N9mrfO8Ed6YzWRI)F>5x2=fbH>=gLBN7OMf~M->O2RK254Wp
zf>LZ>;a2<IDnEQRinV#ScVK{4lhtv2$4BNYIeCZg!s6odiIt(eo{HS9YN`$Eo*Q@x
z#sZbdeM{-+Cbvs5q!%t+__=m|uBPz4Ng|31?R<~9V0jr?X*jdXw!*CPtN4~&NlNYx
zkwH>oA|w#;*I7Gpn~=LJlzoDPyu)f#OB9mtjRxGGM3Z-p7c!H?)|G8j4-cL0{^8+}
zxVX3kQ?n8p`M$h~-0=IFnt;+eJ>}@ZXTa{=vazxG;Rl#<A<nV#F~rb&1595i)#b3E
zhke%e_VGCK;6|a(5KyshHrCb;IyH237&a32d}IugE3imU;}sk(uyG2~q^J?e(ca#G
zmKKG|!^U6=B1B?RlAyRaSEsIy&gYyJ$UO~mY;wu!%8*UfqrRbX90>NF%JFeS&xi|u
z(zkO6LfC_BWFK`y_S@DKhO;I<K99Be93M2-rbv5!FX_t8Mpabk<a3@6ZR@?Nmt1O2
zgDV-a1%e@RF^)D>2`|A4fTY{Vv0BcTu}XX<xv||x6b=@XQc5l$R6$|k;!j4+v9Ylk
zE8zhMo{}%`f@m}~sUU?ijp=Hs{G1(zMoaFZArO-X6Iph@zn2{$EG&HQo8?(I@Uae6
z*!AfQY;=F7Y9rna*I{R?8<7qtTr^2}*~ZR}7qX#z&0NS+jwYrYp1|72sp*%Suw<&H
z4%QfHYX`5bIrig&Z(lS>4kvRE`Z~C>4M|wr!%Jla1V2tch7|LWVMA9{xwbx#;zvNj
zY-(%EV}00yrs`zemS?(f@>zhi0_w5S2>p|f<0Z327`&6dva&K{i5WPz%ExFSS~|Lp
zo|od<CFTz-9wY$SVsBrNpBqlQ!c6@7*p`wikDe)S)WOJz4bjFYx+d8tG`%c2gE(f9
za+CXJUmXDH3n#51M-1s1GP1PsXxfvdC!Zl;NbglRVQLG0klsRWjr#cU1fq9z^h|tb
z(87Whq|N<&=y&fJA3b_>d93zbj&=bDGdcgla?Rb#&#_hRNpV0E=$8?n2mp2>QB_m3
zfBRX`Obi$M0~M8)T<RwuYj3bdFHiF`7=_32=E2hqOS)d8p5HoF);t~z(f9oP`DsC?
zqB&pjA&q<)>B(2Oe6!~6%gdkg^72CPFqcC{D_?MFT;hF~WnjqDn!*En<*m)lc0Q`&
zRnzMN0s&71LZ+ss5@syr5W<EbK&8c^=K&@44<=VvOH15HiHaisEAW<?rDf|<eokKA
zTdV@dD?$#2<em9;c4TCv!fP`d$pVK}Y}mIoiUranHJk`eQaG$DWv}{QS^!OYxD&lB
zZAYII*Et)eJJ-&<0<VY6_H$9VX%5#J!03Fh5-Q<c3yzpV(_kxZ<!aL<7fCg3?eh5~
z<@NP-fg3k!KHD`<Z|uTPyqzEHYJ{Y;U#scsbL&q6MW8+xtXA#JaCiA1uE2wGWB(A%
zC%EPx-+6_9bad@ryJ1r^zvmO<>R8?Ku+G`%-z@rFgA-jN(U18`%FA&b43PG3Yr46K
zLaM@>*?Q)L#Y|5`34Il0niaV3WipJotNi?`Zk#9g_5dmlMDFXIH8lv?y9S;_!mqsz
z$O1kzhxC<xgEH@JBw^2&B{Vg`wnHEt9FfmTzflJ0^g1?$lx_6k%J#mRmKI(4<LLw8
zeZePmWdT9?Ef2XqNs&V=Q1W~8LevMWVD~sIEbOzhyuN=S`qi_b!}}J;rlsVqQo*IK
zcL`^egnL|M1o)23{wyY*@zK$1$3_|&fq=<NN=oWsJbGj$*jsK@24eY{;1b+|n{Zpb
zZuTd8Bdfm0IXXG157nS}O%)Y`m!kyAF}(b>GO4QWYS(Q91!WYKBTBRL@|q!lxMEzz
znZfDY)X<=YkTrWfxbY*-!p_?IJNDwDTb1kATp+B@ojd1LC7Q&WHTRSecbl1_STbx=
zx&ls)XZe^(**Q7)nUhA$6F|1<x<hIZC6Sw*{d&V1cWKbMfS8zg(nZqT!%>{sk>qt1
z7OBf>I$4mNef!QGA_zUqmkZ3L$=5n)RSgW1$D#_EE#_i|6?AnOfq*lSQOpBY7FapQ
z&da}m{6hE0=h}rki@)n3rt0%@{!@nW-}ok`Q9JEH;i4=O-5Q8Sqp!H8=bA&r8yFbC
zA?v7tae?7i_fi7{(_JSr=zmBDIDzB-$$yGCc)We&ucgn}6X&0*KAd>pIcrjW83_H;
zw*MVM-?rKl=QgS(BPp3!=1Qo*<he4H+hJeF(elqO6hW+(!=0|W8Vbnj|3`tzzr$Dm
zlPUs1o0622q^74A*3r=+&pR|YNR0SgP@o84SV2L7lJu|dYE5ro$-vnozASboo(U#r
zxeXY25r>Pf$uBDt9jo@F4yIrey<rKl^qaj_9b{fZ1x7<P%S%g5ifq0wAc5eiih!9f
zd|AV~Pn4q1I^rkl{M$RTv%|_K{JiD)nk;)#<gKh0iaM&|J{76(8`aug$d{|&<>!z8
znhSYD7;65PJtQ#}78yR^E=x*FKi1Y75*KYcJ%-G~uJX7gl1VFmDn&p{EEu3|PI%!j
z7dJN!S=kAf(fazEk8s0Bhx=;ajP;eJq@-frz00x@ajtw^l)k*y%GSEG<8fg-0A92p
z>bJL$$zAmECVRlx*yD(Z2m}J0fy2(KvBV+dP6?^0BnTQ>+V<`J{e3|pA&xm(gSUuR
zF)`0ziXZaw&c*W^#dSW?)I1TebnOw%DS3H$biT?h%qRyM!)H{R>un@}iRzra?d&XU
zVQDFN{rV^FoH(~*xlUbwf7zEWU;dOHr7QjQ%L1smj-t5u_?hYE@S=TX%-#keNpT9_
zqrTN-n_6Pt#~R$-t@1!w*%*l=2d1E{r>Au$T9&W#DNicty-~0Bo}T!RcYlNzKG1`V
ztL@vjNG~=7e50~{5d^K=cnG?0;^GqdC=kHnp(O!@>nV%+Ehri36-HXMda+2lkU}o@
zIX73%*|`{59Yd<3VA2&`$fV@`Yz6joq}bA&q1R10>|y3PK{yt}kflJZ4hV|lEk+g*
zM)u%An-#oa9*++K-!D;iPuyjmGR0&1w87_xnzVQB+!5*uJ*0Czd2`tYjv37Sp`PBg
zs#&=qCIn+Pg!C~^O-<$PcAX(ON(5$MXcISN{zQXDo)0rI5$!zJEssyi&PIDtK`@5E
z?D|z%|LR3UB@+dOmkaxta{E@uVqFSm+S}R$upmW>8CX_zp;EeH*D3GjR%XllE;)H1
z=<i}mVxE!|>9r>6jD8yVXMiyW`O+N3bM?z%i~Rg#_zcjOCorWp+Ul5mSPJmod;9yQ
zND3X&Yd3%Elq<#aU6hqIq9+HJO<=Hbb1B~Bh%e4_DrRP8ZLU9m{W3u!Rl4J2VlLwN
z`yiNj4doj^_8U{Mv9V!J+11hUx;3|`NS#=QSM3Nk9lH;(ih+?arq$fdO-uV~p3dBd
zkuAg|9Bq%uXCyG4zHZQBl_c68w20LjyE2-T`CL{~qZui>j2@yhl`ySRXE7_c9eMqF
zlgA=8j_FYpv&3^qYk@PuCH^SeYNqDC3;g&y@)C;R#^EwMCd3m+4J$m>OvW~C^n1V|
zX~k-8Fc-r9?fT=zdGf#le17*SX7o3mGLjO&%sMUTX~OYAVzaZS_cn3&ZWuOJ;Nc6#
zDxEovdnx-%_epq4oCv9QS;7gj{TkS&7v_SAsj2b2&TtqUxBuqmRw8#Hp<CXf`Dh_=
zjhkCdQ}c@cP*HKQ<JQv1i%xS3i;g(8G{}#^^5*qez*HR}-yg}=1{MN0RDj#MHzx9T
zS5Hr|{%aU*dWno8k1l`h4u_Ywx4F{&-28UP*wgazl)E{JaW?wK5$=;P;RRw`Pj~m?
z@)v5NeQH4@)7>LaW5p=u7z3Aj`oMAfv5IE|w5@T=({uOr$vX-P#NhRQe)tXeBVmJ8
z#)kpi-S>eZr<79}zJ7^r7;r^pL<vLMNF=h04mR<=?L;jL7=hD-kdV-W)-<c~E8S#I
zE+(uawZN?MmZcmf>*wricQXcNKU~pkw@gnDU#onQb$NMk)){n$Pet@Z3}Q?CXlZHX
z&uys&!RmK)bqTxxdLX;>8v3f0uTpdBJ)uSfl&f=C0*5cmIaP{NCc}e~CPNUF{!`82
ze;E?m5`8|{aM2W@NeKZ-l04Y7uQRuuz0A0gm|zdXUyK6><OyYZJ*P`l{}<8f`_@hE
z{pc14k#)9ky<hwJc00J0pBY(%FO|z7)Bl&wGVXG8E0LyV9v?AG2z%$BJeG+SWv8bD
z(NWtwb8{*J6~Pl*_H{4xr*y@Mf`fRTk{YSlbyulmmEGgS#0%F&M7}P#5Nfwjg<AJT
zpobs}aFX~_FD6Ae0Msa-Tl1g{m2<(V(GY621YQW&U%Ta11IZl%QI3hc$^K;w3%(E~
z((;;4(2jKfcX5vf8c9|0{44wOuOE<!P-r9$1g=@m-CYcTk!!)Jx{2tiDdWnh_wSh*
zOCqWb`5}ZtZLn{2Gz@Z8NS$u7Ba*%m*G*6$7?_#gT<n_LxF{v1pYQMBKnX0t-+3g2
zH9q{#+T=DYI-TRmxb7->Ct+eG7>gV#wS9M32U!;a%1oKwyu>p(*<rr>TkW%QpM})_
z)Qrk3Ap3x-(t8PK1!O^06%$YgQ1;=YKNHm3*LTqfpw(Fl3Vz>KKpRh$?|TpZ9BA`@
zGPGiL5|KY~6kQS|fJk`%Ue3{Rt!RikRPKxS_VSAjNO&%t51mKfKJnqxr@!iN3s7HF
z`iq}xE28sh-~|Glq2Lx$Sjr<SU&CgWe?aYgB)q1rv$GKpW6_Xl@rZzo3^^e131M6!
z4-XI2Ut<lT6tc5TV9HRj1v-VWG081R4Z_s@wQM7X_34qBA}>ym89e*=@NQJOx~67S
zpI*fDv<aZ}&LJ?k4B$t04*eLjP3#(h2LHN0D)`i`>V|bP9HWw>-1#SmE-wW>0xAVy
z2%HX3$MsPxQgk)sf>*m1TsrvViUmy&0+9K@rbrYdOw4VZ2(UfnEY1uyD?|XGbyy}`
z+*G3pEYx7?zcFC%)@d_0?3JUUqNYPRQ|e!yV~W$0hEb#5oDRBun$6w(s-0<5gRIWc
z2T#IPZ^q*$SfKwei!_r@$xXFR_1)6FpYnmg;+dt3FgC@lzyHH954<#pC0NIQPgwk4
z8u@>%N&YV%Z95dR$Cjbb5=MgieuybU7XI^>^Z&6ouq{C&I{Sb#jftT`+yo~I!N<fg
zlx_u36EKrEeSK>N<nM)LXM619%N>8VQGsoM+kF!spH@^PWIbM5W)EM*ZTF415F!e&
z$d@Qd+lC-&WITH!q8~n`=1}<<{;azKbh@vkG%Kjnxep$(<ouv5Wm0l-bD16HC$5yP
zp5P|n5(YvN1O>u?ASB>2PMtgf@wj8Vv;Z?Yia=0PQ~!Z-fYb=YbX^_WrAwFEy1JSG
zW}HBzr>8sJ2t$4N{F(F*o+HrFIe1imE&ne&B(h~`DHmDOqIDVX1jO%pY2nx!+JpcH
z0nO!5AkcW5crlE<nnfYLGoGIa0pP#|qfT=QP)xq})2F0!-N}tHmlV~D>_?a90ID*}
z_zb(G63!h;L`r93*6AW8>10~8%ySeMF!c-O0EHvyjeMv82mzWTIIVsFaxqCs;eb)s
z*PR$omH-9<^hM4h`64^}+FvJ6z@PV0?kXz$yu5E$svh$Zkg%|@My=)9==z3)Yj`JT
zXJ?^L44sGdL=+#2i-oOOpkD79LP-ZaG=?8G3qaq3A3ZJY)Y3>Xg6?^5Q`3w52NvXP
zG7&If*s>(zru1bDFzAn8UIa1xvWSgn$Y}_vw=^|r39CLak@`ajMq5;x2`Ihn{0Xu=
zK90+pT3Q?c0Ll#oS08I?LKIIcFQ*Sf-BhE2pYLdD5&)B#nOyl;ce0ctfk@x!J%3A`
zsTa1}apRYAzmq+t>|D9M;<4rnaOVTorx1XbhD&YYk+LTEax60b84z)2RHfHmyjQJ?
zGUK(JAVBx|-jDM3vEcuBb&3sQ_4wk+;`t03fGCeI@qs`;wg6}`y7Ij)E}E3)+qZAP
zl)uLMz+HBBc0jHS%`&P&wfnsHm+PTh`fU*HJGWv-%7Mp&0ds{l5Q;(Qx!e)DLdb&*
z+<*S~@uvEVrG<qFu(vAIGbt}ZLr?D>!%i(N+3tD)tjjNlY{q?gtPjh`6|&uhCJBOf
zU6Pe$gHgR+85kOZ>d7PRS{)n{BjYUs#Mn#%!G@D`ycPi0CFEapi>g%<g=Q8Oi)hPI
zoIsK`rsFD)`-GfW$q1Toh>9X@HlzK9hKBB_(fr=pI;q2Oz>7ZDd|i-18n9})ExhHu
zh3x=@sRoRF9q*7nY+3PHz)+~AM4C<l+<}AoQnqh4lf{MHM=-z;*A{aL?F5J6%7Ar-
zrmk-2$cQeseh1>3yjt(r7_;V}93+CSoq%7AEi77G4EwHl!<v7NYe-*Ca+8J4qwWSL
zR}weoK3V^)XToPgIj6JGq=|vII5;A#ie%(ao?!UK-`teX6QYajKXX@I_kZ}ooKydX
z68`($7;OqUWM4*sk;w_a`S-MgIGu=Ww6Bv+ft=hgy8S~^fsl8=;d}*up36tf+o;Ze
zB)zp(Xc!vO#k;v5^MBxf&6IB_F4eO6RLq;p9QVaqah-;#^sN`l|EpExZ>UNEwK34l
zj=HkAuyD)Y-@j`CsI$i2-rh5DT&_UeIV}Fjy29&yu;W-c5xV#^Z+>M(QB_qHZi{9!
za`I&ix_yyZ%8lpO?~flZGRyi&U%{YCZIoS=_4589C|fVZ;GxKOw;c_7AzM+Vy}dp4
zA{o>GAI+JmWcTry0<tq_9_s35CC%-u&Ft*VM4v!FG5j-Br48JAQf{0+Zoy<}WI8N-
zPnYK{W@y=DllGv5M6JSM>h_Q7wXNBO%v1$WPtP$smK$C_Tnw~?mi>kHWA3V|Qe<Ri
zo<Jmt+BM`9)Sf}y8^9HswmNJt8zAbzk_+8e#?9Y0&kq-x4wqO_8+y*ZeUqo*U2C%~
zmR#am?YUurJqmH|Un;I-XmNhri&U*zX~A3dxZm_gTEz?NyYW`cJs;NI5PG#SNqn%r
zZm)qhq-p>(=A)|i#=JmVjRuMd4R|+Tg>6T0m-M)yN^-UF)eee0=(Z3ui>x0rp`d(w
zyIX3djekZXQ)LRWmD6_y^7P9cRwr*E?s~m5OO|v!qn-aa21gH7^|XezzBI+P9~!DB
zcBW63COi}ezg|TNlcs^y=p?_<DIzA8nKNN@xTxKEO@oW(HsqX-Enyj84<7<!^~KQJ
z%j=7ICqdkml%n4W-Y^=x01XWd`}t5FZ(qI9jYHT0*j`ne&y>7@EgM?4$II9%sO9Kx
zxiN!&3(F?ucGl=<J>FabQi`9oNy+^d<}~V5dwDLZrwR*xnNMZ~i%kIn)2Ll0aKp%Q
z+_-SrODp{@W^xiqNl65ci-G9%>utNBfa?A6<C8w<oGdBRT;(yhL1yN#JSH)Qb|piY
zxhIUs&;Q8M7_Rm#K9~ktx?o9?X2nYXP7}YGT~6P4jdz-#InkcckcH9msCfzfOK$D_
z$;!DDrHUR1%n;RI(Wg_$>>!|$8^K7~r8g2`K3eT53>DO$Hg-0B8Olkp3~>p#>t*Pt
znResVBP9<C7w>xKvU>icGN_E?<rt;Q*5Q5I625&YTKf6K!7s54bD=@p!9jI(n-rj0
zS%1S6{pV#@+H#v8c#~TN77h2n2EHQ}H0_LvSsVNDeefgb9}f<Ey38ZZ2UC(pXE>gx
zv3Fx0a=jo>0Jg5wAGx%|kkv&AzDFf0$&x|5`ekiGDypicaNeD~fWjgimd;A6{;T~$
zh<aFnLRZ{iLVxMz>!`TCM-`UObtLaFARx2&_y=3767!@%xdy0l#%drHAL{Fe1B3zP
zAZRw*zkm)W&##5g3M8V%+!FF~tLKfn#O%ib|MvTahJ{aouLQ;$xvQKc+AiR<G%N^t
zqk;R^>zI_aPG1v~+lKXW34Je9$msdn!gYWSiei(E(l+#zH{^n1Gk>E(?s5zqBZGh{
z-+fWSvGB95vX;BqS0+U83_b^ItxoS?;)KW1=l3u2J%ZDUcD2@j7ttSa;_r8o=lu?G
zMmRln!e5GS@AZ~F+S=ZpIoRFE`1<?Tx1=_R=3W!IhIXP!%eRk!6vK5$+_(`5G)jxD
zV3o_lYn~MoJ=I8Fsg^Y(a7aVRNht6Bu1F@a)wcyc%`Up8@1j|xuHJdMRsq30iFL(h
zDBpO03ol6YSUR-h_54Qse6SLbcV{chk=O=UX>*Cl)VwP9m1%HIU!_*6sRv5Ee$V%P
z?yb9!*Zy_Ss9ZMSJ&9P`&;q&fZ2^X+uCBA-KCQ|>Rd4~I0WrYi8ZX-V+d1)_vnLUt
z-#w}G^h#RkN641GJ`q@CyED8_Fnz^n)@FOZ4JIuA#_q1Cr{fKeRd$dqfCW^(zzN&j
z6W%}NGu3bkD^IS&V04-9_U!B|!4{AKN8q?-kGZ+I&2w78Q>?;zT;k`aAfaGwO1a@J
zASg&BQejjw`V?E^t!>Cf!73dBQ|UOd21PWqo%MEFW+n;YyFrcMazgGecB%{DSX`gY
zkCxh?U1c_ZXjJ&_m%Y#6ogkQ)Ui0~ZK5#j+r!+7pb-_V%Q-7g+6|rH5DN`={^c09{
zV-u4G7oPXJHDNRUzvtCPHgihBZR(~%ISxFyP{oPf()`d}InSAQDJgN-G{kCYfv@tB
z(O<Xml~&Rus>za9aI0Xp{R0EA@UumuLg8$*sP`>1sJvpBT!&T}2ta_bdjeJ=4lCrg
zJZ2@i+|8w?8?ciq+jk-3Tv?KseG3Vj54(|3rIY+o9jFETWXNIGgai5Ey9!b5)34OL
zbEEizmO+6hk!2ytb)wOG_GU9Xb>BGrJ6mW^8$Yku@v1TOs2Tsn-@+QrIXiPYWKePq
z2Pz*@SgC<S=%siJ>+J|<;01kSWo6~(d~x1By(gmMO}VA=nAvzJrimE5QS`p(BF?-s
z8A#y(kPurfh8z>HJJoAg!RGs04T@(cbx5tErPo6i{GO8R+4yhv05OWsc$b>mnywV@
zlE;pcw*X@A*VYR;*H3mMl3u?*=cklnHT7DMN~UCLV0BPd>Jq$dvFQZ{Dh)ad^s{|n
z?P6P>{@pq{TxwOu25~NI#K{den3sU9d0yzf5=bF)6XZ&da$bFL#c6eY`!)qktSH`^
z1Z8jA8+VIo^c#A|6t7ra)U<zaf=pIGuDo!ygS%i70wP+A-?Tgz7{l&_)@d7~{ltT>
z7K2W;dU@^aTML${X?QH-5C2O{QzNR{JTI&^H#dRdxH?cY>mu1VJj|uvxbr!@G{_)!
zLEF$U3bv?Y^?VN58J&u|VP7~xdYxd1pRI1A$k2VT?aKUZ_4Fqmj6Ho7^0ZXI@Y77B
z??{Q2MniaA<5YdA&CpLDkf)$;p1A3LtFx``rlDbqRcF9Rk;T_`acpiBP<69u{DkOu
zyR2gJLf~3&FQwmRj#2w&Q<d?ZF8f?<N9mINo%yurmb^~66QX_Mm!C}OFsz*Yfpmsp
zsBK#1+UEg1s`4@nPFzcMxYN_8T-i!00^@Q{i$DI}-G$sMg3)dI-lI63RN2Y!!Ry5z
zG7XFX{xs~VTn3mwHD_6>6KfD#Pj76Sej5l9MUd6`@E-A_nW_H<{WI?4pM@}H{!3a=
z@FM?W^o=bB5Z?ThFNNF=mgXhQ5{zvP47n5e3Zh7RxTB}1#PWDe4h~Ie;0xy{WdHLC
ze1HY?fj$4o!gchOgsqKFHn{N_!C&J6N<L6kohfW(jok<rv{xX+m)(uISsa8!cJK^{
zSMl+gWLHcMTfC~AX2Z_r1GCycfB_lK^579nc@gbfQU=5+6SW(_yw8)A1yLol=P?6@
z51Nl7XIx5*A7O3)(0Bp7XNCK@#DN?bFYKDDK?cF4ILO|(!J?@+I+>Ao311oC2L9T0
z^TQ3xru9+FLaTCTSVDt$vOAMRx?(1}#eyo}$Iv~2F=c+G7p+#tYe0E2=o{6v_s`{h
zGPQHnT2RV$kp?+Y%Nwoe?_amv+70$$)`^D!BlYKcQd_t180Bq#nlpK$f+jXa@(*@^
z3)8kGRMvrCLC3{_0{v5*E7bn;+aJl4Lw40qu1@mX{d#B|t03vn4%q>~#g-s4db9ZO
zvbVSaZKHum&CyEd%!4b)C6zv8@rMuWzYJm!E@Bi6`s@G-X|bZIetT9}%Nro!b!|l$
zl`vaXnaO!>En~T>b^`eMKI@kw2i|H(dFYn#Sd;MEw1zMaWf}Ov^qiI$zx3LfFWnE<
zRs?1}LrgnlR_<NN?BAe+`s4jYg9r{zRaKEi81H2|fCCr4O2C5~mpC~U>F1rCoCug`
z<heQXoeY+y+Jrez#-2cke2Wc(&OJAR-N!u@#SC7gDYAOXX<N)lSV$K<<6oSps6%z3
zs?_xBMzy|pq^5aHzinRH-~?pVS(2{gZJAkE3+HyW^3ot@!}MUDz9S*f99cyd7aFEO
zk?GTxeLD7k%ZOs$yxq}{{rHd+q(8vE-kE-9HK5la9O$t`ZCZ1l>Ye^#@#5g4aE9Xm
zF-R@2N`p%bgia<@Y1IEfhZrNW$z1qWNK(?;m8y+HdTZgU*A)(-R(6Ye*;^%kYr~l&
zxVIr(qW{Rm{*M~n|2I-e$$atMzq9~^e)$7xMdFVS+ZH(<hVg8v;#P+_gE#NXnIZr7
z{~md(OYYvi)1tP+Ph16`GRAqW%@syR|M@g)B6=zDGOEOs^b%pD|AQ1T(JN}$S9Zst
zuhZu!jkEvZdBSqdnuh<QPaoED*m@R(1;WCC!2fZDJqOu_i;Ihn0T0TR(4uqW#*KL#
z?oU^|<T2iV;->1nDDs;xF`{kQgRSEX>k~@-vrvWiwkyZ<4Gp#S60%sq!*<oo4^hW-
zN4}NA+f8@Y50Aa37i;L7Y7^t10i2nPkM~cC+bsV_mybC?!RTTyvD?SF(@s+Em}SL@
zn6#fr{@ToxI$cl~8}9Gn*;+&U=iyA&@fYQMV}^ZrP#FFE`IDWJR8ASUxOiJhDcpzU
zEb&Y}BtU1U92f#*K=CWHOCoP4$^><G1VO%*oy`H9vkC=q;Hp;*w5;2CNwdmv08OW?
zd=7dd;;L8VlxDa039TYVB!OSeQ+tr*QoptyY0BTZ6X?S$W5gOw0(F%2jT~PV8%7S4
z+2QsiZv~sTz^~ul7GG*LFY>U0(DVEE=YxY<0FFWa1aUrLg92Kqpj+YV6DW=mfye>9
z06)SX(WG->s5X%K2;9Ga|EH5mrbanyY7gh!rdJK2i3hrNY;3qe@$)g;deQxe_4~lU
zsmy-HP5$x1Pdjp?)N?M%%8~EOer!m963W9v{Ff-xg$un956j)5Op5^WN|>00#Jm#9
zg63S|rDv(siZY-lw=Ck^`X;QbiN|!5PtDc9;UPQ)``lN4H|r~RbYPy<ls1j8-T|J6
z;qQ`30{dvRX#wgZkUgJ30J*`y#undSGSeFt9xe!C6eA4YZ6sS$UHxPgmTyQyUHv%#
z6a?8<0T5w@M}XD@9QZq7%h%(_o1e?dv<&A<kHy)279MF11o7MDESYrAL7~wmG(RUt
z7@Goof8*3E92HJmlNP8a5Qqbj4`mD|mbJKx9QOwUjnMqdzePqwJdZ}D7wcjoXO2a~
z4|tihORm@o8c>4}kTmGFTHrx^!*JvbupKo~P~es0i21z!=FJ<PDj&IUXjUPx`{sG3
zK0eIAoM(A*a&pf2(GfjENQ2TSSOaAq67qU&U)8Q<qSl-H*YC)cy5plWbetkGhfB^-
zX$b^4cS(AGA$u|EM@M`6GYnpoMXHP;4D|%0_fe5l(QP`p4Gp)kJ3{xP9N(w1FDIrq
z7mwJ&su>M><iIBqq7MkNp@nMT5P-fDTyfB%IRzpyH?^z9ut!2iJ%AVe4{$t3xX_%P
z;CS~*Fahq&<b!$YF<A)-E912|l^2Br7a9;Ba&sSSH`g+QylDM+t>tUeB|a~|I@v4c
zdi=v8@4P_&Ek-P)Cgz{($`F6UbN$mn-5;SR)SUsOD{#>W;k6!V(t-pZ>^s)r4Pu(_
zj$8@D++tlsma0r+zrQnM!BK(DPHd`*u~94S!J2Bm=?ui;Jidw7zI!8cTJ#t5p=l5j
z5Y3^|!Z$|41bK@RHBKiRnl{9fyFXVAglMUQbOw4IW+m*3N8(CSpt>u8q}Hh*8|D%J
zhhS`RIe>;YkszX}PTa};JM8&Qc1mZkt>(QsqPoCXHs9wO^s=|ij)a%?k{`VPeIsnY
z7P|iY{h%D0(;5FC1dB64x5LSErME(POAX^UW}XoU&qa4^OLcYibsEkaJ0#UW56&Ap
z9SiqJo4PXo;mOlQcK`IlqP$Q1m;ZdpKfSt{@=@Q43lj@VDVo%bigo`toH{Lf_$Eyg
zO5sWB`XPR}_5`9;bITu*{C}nxu3VW4W;^n+w(eMT`qM)zwG9e!-G7R8L;uCU{j<9H
zF9GnsqSAlz@jw5O7D62&NBK`>^9=`-HPtpY{uO8nC!!I730eP;7=K+f=@sJHobEAY
zV}qdAHl|+3HUd&(t5!+{IkW#!P>qD6q!oYBYWr}qQ64hQ=#&R{?h)2EZsiD0oZdg@
zWi?|OeZ#_)aoH2xDI^S_C=*Fuc9EnyORQb-Xbq0QzakI~>J8MT2)>Y=Qs;M37z$DU
zI_?U`$$;anI{OctE==XWWQY)Ew$&8orzj?mpiUMZUgid^I#}6)Asg2i^_IDfuPfX7
z250pMiX7hzxye2i=-pB4l=#!ayD+}tRin0H9nZ$Vpfhl*V`aPbKxGZIb6$GgmIJs=
zg#m+XLN}8F$cK|Gqz9ivqiJ@w)!!6-)@z)y$qlNq2MiG5NRK}-OtI0-sQ0TN>JLHi
zQ(obbwK-6I)~9&>Ye`-ml;i&4@O^!KtuW+$HQl&P6Yv&(DNs)Z&d_xO3Kjiz6Tck9
z1*D~Oz4@8R!8<+P9v>cNfXJY3v~wLq(6^z1@5~j5Vj!jaG0+dnNBQ)K0uZ;w^;r}z
zJcs6@lJ~#ds?6u1nHA(FrP*zAR_^O*s;jXS$eG87@r5g)!K>vf-IJ<*lBW=V9Lo{Z
zsKUb&B#pjx)@xAMH}LZxyET{NLE~JvHGSC7-)&=i0zrp<*yXnik#e_lIQMP++{P_6
z8f<|&o__-Ra|{@puNMr31K+Z|y!^SyrW5|Pn!b{wkd4tDQw5ix{X@SI6wuBny#Sbq
zfT-wIBX?I<Aclwnr2REDp$%98{6j!cPqcXOHyQ5H4MR|X4l?1ly7bn8SaRXLWg>(3
z3-8G<d#l8w0lE{~``}E}KrigATCx<n@|S7lw+^mfAmad`a^G8}eTgBz@({1{6Zbfz
zn-^(&%fz7(4EMa$Edi<&v>Y)Z2X%svsIf{%-m7$D(alJ9v?VbvoN{Y02*X`#2PJZ0
z;Y<Gbfge9U0Jogw8Oe(PtsF#rLbcn@PTt+UeEH->KgQMzRU#m6TwJt<C{GZ*rl-rR
zNcrxS<VQewN6_)Tgg`GMA_9*=sSZJR^x6lSJr7QC|1z?VpfB+*wDC&M$_@i{>Zf0M
zpFfA}8TbGA0ks^S30df}gAx{mY)9zML=YmUnYeJ;VJ;N6vAfuR$ftKDevBLBXI}#u
zpiABi7~Sgrp%e4xvd0KB1TzZ@G?tzQ$O40X?DymeBEXX?3nYc$?hpI4w6tDA!{aU*
z3QjOY1ge9S$E9Z!?^bDl^SAr=ot+B4F+$^aWhEn=SZJ?|vZ5_8b&Vybph!cZ8eB$U
zJkVE(KtOO7O^THLJ)a`7*>3s8-1b!g|M(6~BenZa+<x6g@`{dHzWFZt@WfB)oo1Ch
zGg6zUPeb--rKP2L{9TF2=ubmMey>>wPJ0!?iU=AIK&HH|o&E<dyrQQ=442y*jjc;C
zlY0sh1gCHBROLbB=`{MZHh5)AX`jrkCJQdRlEF&u5_)90qqQ_NV$X86I9viwY<C30
zZ7Wd8=4~hFZmU)cegQE+eiaIJ+sy|00pSh_Xe0TGck7&mD&3S@)hq=a;xlyFKD*0A
z3@w>(#k}GI8{3etHpBM47x(b)!61YJ_6?fZA8}WbS~WoTGT#A1mGw7<x;n@ZGs)aX
zeR+9!ehkP%>vew8BTUE8*qE(X;A_&4qjp-_+MT`kT?#x`mA0FcYaN3+V$|mfzNH;8
zjffxF7q?BU9~ZkH7uvl)?RP9&i4B~o(w7V?it4sdF}gH*p^qiffG=iG+JW2Qqx^e2
z<LvoRQVJvfkTZrKj!@R8&U1CIehqmgd*-~gCi{tMD)!ufndg!;C3Tg0^%v+o1X`+W
z99*9<a&78b)xW%tZ_;ZXt187-$=CYNOQ~AyD9Q3zFYO$je4ZfO=$W#6u{*eDqiZ!s
zYV^FQgv7!wB5siH+GhV{D^Jf#W4$~r8_#XCbalZAaqO7s<E@p6i84QcXLh*0+@w>h
zchc3Z_T2j;%yqBPoJpDG?fgDHjXEtHXWm}KGrQqg4DKdIc?bvVWk)my6~ul=%bc8?
z*Mmof$zD*G4r(<1*4>>rq+-z8((<6Qa^Kn9!Qmm41Fd)7J3P0#eqjJ!2kz2bH*U9R
z0E5Bp`n-Gp{s(l11Hl1SIJoYdsg)yAGAWg3o%B{E^M=7!P$Q-A2Q054k)d+ap>~d~
z@e_4E3){a3dt_`Rj>}nFZ@oTVP3qbF)uXlP?{5=rkBvb-yZK=u;fuw`EI-}tI&W`p
zXiB=EXE-*&ES95{V|9FVXt5O1uPG=YQ90`>V>O>R<~QZwp~1_(;G(xlkt*Z#GvwOa
zuroo=8>YUzV?9f(oYSWen1b2pk)04Qt3L!dU$yXL7hI>t(EW52R4qD+c&?m3t(l`~
zQ1ic-dk?56vvpe(b3|;jBA|$1ASfU?v{{s(2uMcBsmM7RK^p}X0m&)?5(*?0QiM`b
z5Q?B=D4;|n7D0(Z5#Frs-RJCk@7d$tJ>I)#yfGMdLqXO5uYav?eczn(o6D<l^N*Nt
zE%!anNmmYqg?B4sF3J<HhMR$ly1>qSXQdR48~*U&6m=5grMBI?@Ht2HQ3Zt&t4A03
zLv{7_#cyOAO6|65n_nw8vM}5wJYQq4n5Z}tly~OQ;+)9TV5Zu_jhA^h<|xO+#lKt3
zld9I3_yr!Z8eaCH!{A|ssV>Q9a%##e+|_@bi|{TEXB#rpxF@~bfFt?7`I5Oy#ha=2
zE-H44eRiK_qg7)Z7~JWjuXu7tW2jKh$FbElHzxzHBpJjH@0NBt)#KFa!qG+=UZVg2
z{?N9dxT~SHeewo3Yqn=VBl?tFTV3rrIAA#?-Nl_7e?C#ptf2gglF@QXV&eW|OgZ<m
zs|5vm6&U~g#AAm-D?G>=Xe?4LAQ5a_UGoTUO+G7>RAt1@QYI?si)Z{Nj1(FuGxm#m
zi(Q!tU$O>5CKl%?`P`%QsJTG8&xre0KB9pJb`<3cN(%AzGemp%U$`iq;e8Y!91KL<
zdD=KlmejU$#|}$f4vV5lvCIX|MK~Y)@sYQ7;$85;u=BbG29q(2VcpkJ>}}X?*p0km
ztn_?s@0jWQQQqBK^IpuN#-r?XLE+X|ukvn3H7<~jawl0bN%_fid$R}S-ElH+PF4U_
zN=`SA7g6nZsZ66V#CC6p_EeoFj<<@+%Xc{JCW$&MfMqt1Kh66ax@4n74u_pT-DsWn
zT(iJWaQCgLpJr3d0*k*#ns{$*ncUjQJ$J@`ZdKvr@!8Yzu4CV!b&ZwnbDx(m74WmE
zE4cjQu+dEA>^eo`#}zLz?RW+PwML#e6%-9P3Wtnm(GTi%Wa@D_Yl!T6V2zgc3kJa<
z(b|GZ=!Xb5DIAQ*6J$IOI4ZYRH1ht=#g%e)q*<M5ZT6<VRYf-h^rUt-H8eDA{_TSx
zwQgu=h<scyg6bI;F(q{&xjspAK}o9Y`oz-}N7>X!0x5aTzN?H6XK5=pT5H0kLRKTK
z#=F7KeS5$7&6bGO)iZBH?{J>EUQRcW*XChk`|5aR<1#k3A8U@oAM&lh@}uxrjNb?!
zNj9JN2B9i~!osr#D}LQJq3;}tU%iyg=f)l_i^4dz;Bt=g60w#{w$Hl^Lh;KAd+#n`
zWBYY`4+{UUo6#7~c3o{XY%2c`UkIho_E=EH3OC>{)LzoPrXn+E3|8Sy1UCJD@%I1I
z1rhgc3pyC7>}J~W#Zn_hBXu9c4X6a>z(?aOc1k&kfdB1rlCJd<jZ_v$?SG`qzxCcJ
z8N(XYU!sJdgiwDDwjX?h9vg$sB=E0Cu^YI7yXIpxX_%0Dtxx)$c`{>n(8n!n?`Rwf
zb6J?1;SyphZGLdZo$u9Bwi11rT_4m_o<Jg&q@MB;UlkQfTZ29Zt~Kd#(s_6F;++%M
zIBnW=!p?t;a7t@T#dP*P=$(cbta&JGE~6|7b2Gpygh66sbE~-`TQFuT!SE#LgadEM
zef|1%;$))w!4<cT>x3sFE)2io#Q@sl6G^o9?{Bg`(?y2pqmZdDoP3J6ONW2ggG0MF
zTzLG)#}|<b5)!>S65E1O($X$~VXf>NH%9_`MJCoxw?wQawIo_3wBkT~tqmGE!p%H;
z_lGKlQO%U<`ui>GMR7mL8P&R%+8K`;a?{Nj)V^{2eVnLC*3;C+R2_vaYtcAQ9w4_l
zl4#Wi)93hJpj=hk6Y|kGwb2?H-Dz9e;9x4K#!QVviFfX-5ThSV&^Y8-rq`Hx<*`#i
z3^p4%s-Tb%t}ShNs*$2*UE<FOIeuWvSd3y#iQ5#ys?>`wuaZ{~{q!VqswbOd`D;k3
zs;Yx<{z&4kuDM~(blzu6ljtM!typ>^!1tn}Th07*!K3c1ND6&+)^^fo)pgaDpYLYD
z0<B%XG}_NdIN~x<s~%b@KBDhav>8hnkhBG@&CEW!+$-yLR8dy;SQ&r8rXz+#i0&yX
zD|><l&fv)`!3%gg*U}>hG*rYYx4xi0z>A23%I6aw_nqik&Y!#id)>9GzJl8>V^629
zU%%c%Sa34CHND^$-d8R1i)F)Q!xRnm0{za0tA18OL(*OKI%>Gl`*+seIf3kRtSD2L
zn5vcLIdv^j{gRQ95p4`PcAv+#pwqQKU4%PprozwfhZ50qsl{Q4^Vw;vq_$Rcvixl;
zWx$1e%_zU{(^=l%u;)m)G)r=_Q930g#Uv&BQcRBQu=TQq8PG8W1-lxiQ^An*Xg*mn
z_H(zN5xUkaN;ZG)p!I$-6^(lO6o{90=}bu&g|08$d@<gsp#5jGDcjWqH}ShzG-1@9
za3SeoeX>i1%Z2lGU%y_hzsRTb?&@dfqsqzkYggW4e<!qYwTEv0rhB(fJikb_Qxm9q
zQ=Z&PB3kFAzI*ph#Xj`%75BsCP;$u8!YWKPh+3>`3a>EFVLhCZr!UnHvR1*iVk{la
zv_@Bvu?;kmrr@@%A?5PrPF`NRSVm|)c>EG-zS=vo5!8b_)*srqx*tv*<_3AXD%cze
zRG0VZxo*25_lMHnGzr|o!7Xb&PmG+gzbNIuP-GzseU{v{FVZU~i89dyO(p(Ne0JQl
zPPp04i}M9V7`4kr<p|tKT@}7VxDlvAlIMscYJG3W^uEqcW&VVV2fj=9)eq!av12*F
zwdO~zp+!z>l2MVw*fh;nHs<0wwvd}#>x^q8hh{lGK1k(os9EKjbDUYNdj&h$u9X^v
zloVMk|L6@xZVmZkEX)UU=XsDz!XSg}zvx%X`1tX(8k;K$S#(s}rlw;TzjNYwz(Ba!
z!HuhJJ%$W(f`|#3nYHaPU#r}gc7kMSK)L{wQAk)g$`uR2wbXNd!8Jcs=30i%jtwhs
zaklX%C-QH)_q6GZg>1~W+Ca?|4dwiT=o~_gA2EKU#qxraaD*7`o6FC}K)GbI)-R2X
zW()I2nDsjLIa+TfOLC?9lyWW_@(d<UF8b*a0>>q%q&hs=zfx_^mfe*$v1xliu`VC5
zb}0M$hT!^jQ43{{HN*!b0ySH(mDDlujU0=3P~Uf{KqQW{v7@7yOS8@404h3NZS9M^
zk1i&ve?fwP))bYrj{qL(*9~gfy2{r)6|&f^KL3>03f=U``6xmRtB=xZF(Y;6-9!oN
z!_4|@K^0Y1YZsT?=fa!@qguLEw8*DVTgDXFuB$RUHaf2iP^==%kqC!(te0?kAhkWx
z{MMB0{zvBk0959FzyuSzL#?(X4eRB#YUOIR<?SMa4Yjhes>oG%Q~1o5riJT*gn`tM
zqMl+q%NvIoo7UJQub6K`=_v8_)@!O)J``pxbHp!=l&zSUx2I=Ftxx*q$b4a^SFDIM
zEpg!t7n{cumpN%;&Vo;Q-7Xg5%&V$=n^elH8#p#bH0jn1>SaX9({1*3T!hWig$oyu
z>Z=s8Gvt+n)N+I)iIBjJw@>ytkR2r2vin>Vj}@j|!`0;!<F}CjU?s#2)Z~1%&TBhq
z#1}hnM3)(iksWR?@hyDrnpqO`y3x;>c5dA@dwcu(ZTiU<GD->^a-up`=Y(zR4s4B|
zjLCXXpkL#1BY#(4liiye^`}Qko%B)j!uBO^Ik?!3tKX{?YaD8vvbY+<(W6CF?Q(e2
z#j8Wql3&&uTJh34Pq&n~n5SFqoUeN*Og&H6ApefJrR6zX7ZO;`+1?Ss%l<d$t1TY7
z%|DGc6)hMzDqJ(woN43YqVfEqW$BGi*@BRm)Tj1jT+Y*-Twmk%-YHT2r<^`1GgIxO
zv16&pn<lX%M?O1Txi%jgQhmGhTBG%`aRnNQlT6VYmYgowyn1=nn|!U9Xtwsz9D*Li
zw^)iE{aSkja%Ic;BB%t<i?dqO7W|<<i^`?@Vx1YF#@XF1$@Kd4c5FrnZ9jIteng?0
zlm{P6uO$)ulGeQ4mylo(ia3H?!RoV9SrD<g=d$278tEb+)yU*Y+3m`GGnYo3qVp=H
z8LlGDBQyFNsM%ZAuas;QlE$@8L>h7)RaCSmd$haKEAJF)96Goyh%h^&F^OFs@orb#
z_C{O9X+&uKbERFc|M>Wg971e)Wh;@Uaj0h}$Dd`_Zvw%mc%NgdtYyX=Rkcf0PwCq6
zhNqB)WkDBln)gw7ZHg0lD2iwyOU_3S0w$x<0S_5$M<j6t>on$N>)oL}3IcTlxhN?!
z@i%H;U0D&<{L}F?S1E)j#!&O@B-TwvAs5^0&2h8MrJ2495i<|uNnahm%6)b%zS<?X
z(J76?&8KDB#KLyM=WX{LiXxlQHp=9Xn9+FQhLG4mU$-4@W#;82OW0o5yUkV18m+`+
z#0JoQZ*nyvDm%wZE-tPfsU>XORw0e{Dznv|+-+_Oylk`t3WaiQ_h+p#)}MyP$#{-^
z?}K=GypWrf9quOcBh&Ob@vpMh|GO^?o!iLC!*fL<x`Q-XT~#GFG0W=UrIDg*E+nc)
zMMiqQnzVmHpq)=tCp&b#4}O9imYd6{<KBr8IwcdP7o(>x38Bw{0dcyF-`p=U)y~4w
zmOt!#q^KbEv6&8+5C<EZT$D^FuY{Ob0(vfx^w^Z^g3e^)Ud3hq8zzB_OaDW@0dzsd
zd9qsB-`!eOJt6Ns)sJlFag%N$XlsV2n(u{1P~a{-m0N2k%!Q2LGeq{D&dAU&cma9T
zzyrz7hkU+2-mO9`dHfPaGb}A$l3`}aY^oqtT_T#LQQQ^oh)%7hFSd~yhs+jyq5d%_
zaQdh`IxukQP}o@RLuuM~bk;pojgk7|;(rYCb2bkj7xBB;$8nd@7hQ(ij<u482mZhn
z^WTn9@YMw;&F`TP(~K&rc}}HyPTW;zC{7K~v$b7V|MSo8^6ICVvm@oG>%`eDRa+;o
zRsKm_LmNoAV&>cYqR=lz<2)2QlTSSHcWOUU=|+%FenEw&lPu;}rBm+ZirOP2B-l-*
zggH{!mTw>LS!_>ND8@H&W=IfcrZHBN6$0^3n^iAF@y-9_S<C`b#90aOwy`=|QpFSK
z1!qS5Ws;c=^io$!zs`4;hcJL@F@kqGFMT0<+u)7Eac}gCeSRul4pGuGNb=NPqs!`g
zYU5x41N9R(4`L#Z|6G>B+>eu+)mi`gLLWz<=YRqWA7|0;0agO4F-MjRv!psiE852a
zUX?_3FZ2yZ*U*c-^R2QNw=;c*ZMbwqP?TLMzxi}rYNf!lH@E&^USc2FmW^IC>{L<B
zs1WA7{rn7T6_~d5*(^j15h5caBYd(I?*es6VIo1=@!RcSZuwM}pi`w!_IQP_*v<N=
zrlG7YMBQvdpP#2YAQ=!FE#**b2ofoIljyaK?fO~0^0K=fMV|HbLIc1A;|I<^d5LR}
z6fVXz@gR@E#f{KA+?tcz^L7FfhiJ?oXqhajvr@|z)#4QhD;b%|eqZN4f4*2MO8-?R
z$(n*<zd8ws`gcyeOE29i($v_Pc;fl9_=Sn&xDjP)wo6|P*VeTw#1<I+UlQaxm$F?K
zNl8|Xlbe}=h|T9<yRW;keDVc{eFhHzMZk!r-4Uk^{E+&kKKJ2^n*VIQ3VR(Ena7r)
zPoa~tA3blELS#YmeW<|3_IvV7+tcxY6Mt&~j<NobkE!mWvJ{If_}?f`|EK!#KP%nP
z%#l-jaa|DI133U6hm8UMA_<FC9X+*`+X@9H8a&SPZSuRaf{ktHS@5bXWQXX_06u#T
z^r<<SK*Jb%^@Lp!mzGYswTgpepoYCNOB;o0o6Ag4P*7ZU{PM+K%Dny7#lFnRuRMwo
zeDXQW!@Gu<2J?OXS<QV>xSq3TZ)x*~UP{rh-j(}jB!TnZE-o$u$@@S_4<G{$JAW{`
z+AX^+q}ZgMN9nP`IZA)z!r8^1lk*iuf((&G7Ya`!hQ(Dz;>-~GKFK~a*@ph}lcXhw
zAD!#}(N*e&?ioGdP-@SX)yu`P(Xe)(BJ7c-qE?195)m$^y?`816{2=F6Wy6pf}boP
zCJIr5&m>fuiv9sxjF{Q!LTsB!3>E&+xak&B$3-n%v*0!x?f9HHw;q{=QX}6NMvJ9=
zQ5Q<C8d4^6G?nVS7Z<K~E>0{yZ3aAHgp65n;b({|>@r;ockdrSn+W?7>M+nc<UwL4
zudrhW3_h$jM==1?JXGLMRFlnUBo<zY(fzCBHqNp<p(}<?6pTq!T%4W9B8*Jes3E$b
zFV4JJm1=M(tPT}vBzH*pF&UY*i>flQT1Y=`=b}Qfm7tOIYfE%zz30pQJ3E~80!|v$
z%Z@H~1WW-;=}!+{ku^>CHxi-DjRiz3&Nfprg0_oD#9k4O00PLTv^KDm>@rXn&d@xt
z1%4QNsM%Gy9&#D*0t_FOb{o>BPFv*Y0Gbr@cg@Snv$}Teo%7`r_;{3OyAGUu{tz(d
z%e-ybFy?vg#1-Gcd=Shv*CA55@T<hGb7s}}Y%OIxM#~Q#<TM-?;-*@DvjsD1VlXY!
z&SPe~p~rDn?^o#rW+2RImwrO*tn3*JXXIsPzvzqiFS+KG!`9P6SqwU=iCP#CqDtZF
zoYr)}cw6qBk|Sy&liNJEn@Xj!*F)%#2h%_+VzjG+gF}Z?hnw$YN;qw=lC$K3VWEF?
zayZu7f&P}Qo)9q#>Ai`XfkbbjN~~5~IiH}{Xx(_5Bl$w@z<Jwksci!zBTd7!e9k0L
zRfJ#j%a$!mivBWF3$X(cPYlSdSd!qz)#6;6dpCHn5+7Y6KPtYoMrHRQuO6BA%($lb
zxzi?Zo#&d<C>kF0dd@a2Hnz_?m@6X16OW;^CUx~F&QH__Y!er_-540+A!m298eRGF
zLZ-+_*cop5ZphtIv<1CxUQ&pc6jEcX2`t6kGlZMz^ij_c@AbOK5O1e@VSm6(#xsl-
zo@T8Wzgf!2z$De3Ps!hRjH7DbVMB_~S)Pvhv)tE~u)W>)!XzZqV>qu_Tt+4po?7X$
zR~Io~<34vijfxUAdD)KiYiy<n2nQ-iRvk(n1dbCW%z5wBmXLDb>Bj)d>=fh)DVLl(
z(un)+=`mAlzItFw9gqb;i~?I^gtS_1o7#`*C}u{!dv}}#Oq7M?9nSBhEe=kH#W7F$
zPbw~`YK@MbdpuN`xnC*L<n|G4Qd`yL8C}f^i`2QYkrVBLebUCm+}9pad&J?#^E{Aj
z?A$rqn(CM3V|2s7=!;|=lQ2&!<z)CFe#v&HgbJwn`9a1Uy!ESJ_5z3Bk7Z&Vp4kiD
zqs3=e14mSQ8NB%6l1yw9&=bhl6MYouKlDQ7_G59#rMP`RONosaLzsEH-Q(Goe-|U<
z@_d#?pg}jJ4&K8fyM!4?%*PtWDmf1Iol2iTs1i)&>@VmbTcRa)AFrC%3;i?1j_ZYH
z7LA>!(WCBvG*(%r2WA7t3+4X&1N6E4MdG)`xjgQ<?!Lz_E!_N1-}0rTv9No$bY)Co
z(|*g1R8vuWjLNO>@tm^-`l>Js4EfIC&lA0H?(qbm;MxhrSrMK=wFP4x|Cwaw{HtvM
zLLc|H?8w4H?;q=-dd*KZ(^jVA38LeQF`Q5DbkaezsW7c8s_Ah;U}SxrNnod1h(?me
z_YWw}H44m5D*9v;d|%f)si&wH##cN&%F#cswix2c&c^n7>pz7-_B^Lpd2cP$Q#ADq
zj1KS_Fx5bu0AXkdM^w)N?E~ibSLj3euXfj2|L^FP9n<x>d7_5tpD)D9oz#;4Mf8F@
zw#vHjaU;-CWZUN#VKs(S70G5hyc#3@2kQ2J>~<XYLI+*g`NV7T{|HM4<6d3eOtNPm
zPZdLPvBp_<X3}1w$QRFMlC{Sm7xS8IydqgNw@#$!8Pb^afg%sNPM6nyVu(G1qoejZ
zH3-63Aoz;h22LoPHrbfm*5p1?Mz@)^AD=+V`P!B1!lpvEVe8iSjaBgbcxe&m+54Od
zi&9oVk+0XfLfJuu^-3a^JeeQ6QGL1L?P+-;7@D5&p1<P-hk+5E^!GvSjot%^5y)Kg
z*hLnhBDG6hK@5Xf$~fx)jkKTmU=8>vb3cey(Pz?RP;0a>;5R?v-%-zqzye#C{m%3B
ztX7fVOt1o(86x+dm18^!c2y~vYO}#k+=z~aCa%~1Q$srN^duaV1jK-ei^=r(<<%qo
zJNJdFCc84HSkSW=;p)|A138~M7p_n;C)x#O(-wcaXM6ddeQbKgPe`e9_rBXp*sceT
zH&lcQC@Q*-=%3XZkvp5-u}=`O1U-Y?6@7Q5|BE$j;CBTXkk1;V=}MgfjK#036pz%$
z3NR?so!%iXtkv89<iA?Iv2&ihSgU7SgXjA5$DPmM5&l}r!Mef!iZ%GZTYvq<O#I8w
z7;9ABj=F0Ft5zxM%&`cmiIL6`VyGsnqvBw%C(yK>U;K=g2iLh@KM4odv9Vn(bQQmg
zLav`xP`!RqZ4R)pB=Lyb?1WYE>|k29VA`-#xEZk!$^CV@OxrO}w1;A|@Js^Iu4E%*
zhOtn~4$iy#kJ7-ZO>}Z7r#4lWc>ZxG8V;4}%6a_L(Y;}bZP2Uxf#j}EXS_AqL4Ln;
zf)%xrPFGvGhQ2%*xMASKz0Hq{I>P^|)$B?|HzXgf?<&eH(QAy1t2Re}5HVnYL}0*}
zg;m?IY73=0oc-VeS$9&;dUp0NPOI47ZcYa}0qu{S%sflhuQ2m{^Y|<>eDUX|P`IE5
zW532K|18^%&7cxG5M4d^{?0nG+pz9Q9lY39?Cnm=_>Au2fS;zStJ8RHO~HY55c+lV
zS?J_Z>Jr{}BctFW-Vqb<Xe9|zvo#KEk$X<?^NR!X^Vg?Ok963`%wM6*h6%jnl5%*v
z{INy6uNGytF;hZ6puUk+y=}hP{&)S6TXbw3BQ{tWb~u|rQ^pdLarpXsX*SDh-nIYp
z-to3I_iMb}huh3_-=a8$X{rL`=Ji{n&nG@PpNLOaKFo#mU(_}I^bnfc_}d%uXBz?|
zRh?FjP-c4ZTk0x>{IOqMFzRY)jpkIxRnqw=m!B@$H*+O`tNPjeWm^`jwkbQMWOP5d
zt<q#a$~3Ev0%wa0uF|f9Pte``eP9!Dx{TA_5`8Kt>u&<?-PzYOh0BgQYE`G({JmaH
zkzlCk@#Af-A8R6@)2I#wEhd>G`g9_qSv%dAFGr1&Rb%Tgi~|Z!UdF}63FWVqHn<D*
z68(ov`>mP%#|Xnt9K9&8kM8}6qBD++R1gh<=dr~rXHp8TVg`}@=E*z1vs!V)Mo}%1
zA^4AMuCMRbQN$2r%l#)ODPOWBrjS3nV-gGgVo1EyKdn`+MPh}(8b#uAHa3Y{+y05}
z`<ILAfAc~`@Lbc&zxU-!dp2GqYF&oYznRYY<a*gl$QrJnRV~;10A91Kyd0VPwd&eh
z2HL+s{eWO%1?ow3rSzldh|MV53<eg|+^oTav*?(<%(v+gfu?78R(zMHa0IPP*LQDd
zg`8XY5up0J9*|;qf<AH=5|&<9?Y9j2tNf|M=7;{E{zwa*a7-8Bh<X-BWwsmpHnvCt
z70DZlF_k{x6wu|2%lt`Bd4=kYf3N6qih?;0dMoBLD#Je-A7$s@$d{AkJNW2aZfwZ#
zv{d|Mw%4&TO}uX1W$XqeK029{1uyFL{X~Q196So?aFZ(R5yfZB7SoyX2=Pga0OoVo
zTdS^yh5*H!I=<Z9r%&1=6?$7bs2$W2;y-7?rQq|1u-Z8WH7h|ffNwt3e@so6q?>Ca
z<Xn~rz9GphM`wH#oEg{-F~vybRJixG+G<5ApCJ*_{zO49Jw_pMwR2RkFgF*7>menW
zH;PRn(a9FPFymtgHUwQ2_Li|}BIsYcFh**_4wF;lJ#Uw#UDfdJU|J*+1R#LpWQ{|S
z11yB@&)j#mDZeC<G80WX+EWO>HULz<_14V3-d>>Fay`eo4X?nx75$Pg^THc_6zs!;
z%Dc^NujQD09jdn!NBB#^TOuFL6{NMgCCg1aIyA%D!-JH$;9Da)IT~s@$m<zGyzJk%
z+byC8)&f5o@;js(?Bb#e+jWWNH9M2rXPsX)DmYHvV#Y+p#E37t@yJd~e~;mW=mV(}
zGK9ybm9G?QCC4Oz`6M6!7cVX_y=HnMkWe&J7F-RAJRE6^t_>^ny7b#)n{th_`gg9=
z5ZrbQr7LnFIM3IvP<o8i0+~|5s|Ufs*3btgsw@5U(1+3Fqg=Ol5Fi}uk=i~8iXPcR
zl4K#9^tCTKNm^+KLo37$?9dsPyI}(uys02r!Q%NT8ixJyksWx@*1O(gu5a76O}U_E
zs<2!aWib#x;9x8wD(w8Rj@lHB%A5>f%1XM0pJbVz2YPGz#)VjnW*xftU*=uhynbc%
zLg)JAqTlyi9o)V4j@<J_RJeFBy?L9bVzOhV!Lz|7va0HE1eJY~hlfY93uLZWaDi<9
zd1CGJ$=*iiO4pjmb9{AEyRAuTF&lehE<*`mK7;21+DNQeTadIn5H)Edoo-)4MPI#G
zZLwn1{DUQLyVFgM{};L0K38<I;hcd8-bbI3R;^wIG0bX+H-6~fM^U=w?7dSbSPb7I
z*L-tR(Vewps%gQ_j!ri(7Nc7!pO|2#6DKnTMB7&lyDy4utG&RQ`7LFlR%B?|(wfi!
z>KS{E50tsf<e;XQ5O+xQ7<3LWW2$!rdg0O3GZYQWtApGj-lV*R9iUC0`pQU2y*i&*
zmt6y$!=rPj9-Vt>CgmQ&GXxZXcnk`?IH$v5f56?V%Eo=QBe^OuZ~j|}tkjP6)}EfN
zMd;8r=aKFU_V%2f%9jmnlBEn5)ZRgITw9>)zag(p02-*Vbb&|bp8DfX$4ij8|Gww*
zSPOcwF4G}YbT;gDl7=8iEVGrqgH5hRrs-ILO|vj-&Xrypf`x{4tNhHDvpfUE)1Bi!
z7u?bst-X+0wq?*ewr+WFM&97?@NzKGRyC*3sn`EB9|;-)b7j8(xR(F`MNKlOv>-?v
z%Z2R6V#O`R+eqFQt%rEiM{Ar0J5qg8W=N#VX^jmy8{~*@@z)k>gKAwSkjy;)#f5-@
z5tG+DId}3I(zotfdj}i!^^}x@;Ma1gg<S5<hVs+WxkW|oF7YyLu_uRn<<qs8rmn7<
z7%`e*oQbEW4!G5QwB;ZtQ42&EdMRPop*d`1PSmSK!?&J)QkF6<3*_2^HeFj)bs)4N
zovEJ<`SAFwC4G9c=IID|Tth}_jZrICSqVMKD>SKJ!>V-<Yi_S}kI>8^xaiKr2xn;#
z|CF(nwwp@}?Vh~$flEO$M;N>fz`@3zHKbtG4u?nQ6Jag+eZbHqumnjsAVWCDu?N1^
z7BnXZ$2Jp(=oHHH6;v);TI|UynTErkxZVv<DW!Gi7_ek=ZdLo(<VNsdX4-5r2P_ns
ztpRbrxgq(k)#faR2M5SaiHQfWML7o`h`rvqAjTp+h(L=AkNJJivlGv+_BQ70YNTn_
zvwy3?2?_;z&tsf)+4)#vGax49+B9pD2wxuIpyR4gEg_Mb-{-0=8x0N-T{p{gXT8kx
zH4u)-pLp2mAT=bdTC?LNYIC&<_W|@llx6Zdu6pGifEweYvz*5<LvfQR*RoTFUEZe<
zXzU&DAe}n_fFwtxy*#}`I`_-C&0*c)(An<p_OICnG4sc-@Ld;4L&W2f^SDT#sd1m^
z^IzyA@USZQiJbWPD(B>|ZdThHdMlfJ1D<xr&*%6z9T9qT?f_zh@HPa3q+|PHRY9^f
zxU7*e5Dvb2<P|Ff{N6HeXhmH2xr0z=ckzvx4g%VEdt<K;Ept@YWh#(qS9tYE%fvTD
zQBh;karIJ(H`5=-#<G)3hIKE-WW3Spcrh~4FzaQnB@wMD8adIP*PL22S^kWxFGJJf
z?c$liuKRmKcTFdn=>S3@oOCRPdlfbah)ND`T>X?_^Ks|Hk(eBWUm%`Ib6R~D3q3g!
zIuxwjeCh^VXpUad#{l55wrojl|7LzHy8qyX7}`s)9l|fC33!&@k6S!XktU~IJkXET
zXTv;lMNyhQqG#}_J%s$W+a`x2<H4DPT|0Mn{k9f0RMSs-6l4i9c&;!}R}Q+)%;#To
z^at%Px;+26Su?|LCEHc8zmW^>{i^P-nMc<ROLctE8wMou%&@$W#YcVCFCU3QO7*+<
zKP#yIx0%!Oqcl<&<V6q8Km}B_7#kndni}Z47`o@rENH|Mk`UI8a+d0|8@h+n310{X
z7JQq!MuFm(a4p{3Hyz?v=zpec=F2D=_RXk@v$3^(`-$^$X0iaK@qk&Oj&oKiTA;(+
ze?1MnBmMa<`A+UBcTEDV3EE;gX1>NDdD}ebv<Ck<g<=h(N3XQvFW+w;)?jxWM0Tck
zs2gAgL2r4?Mo3lv0j5HQE)<3w@1HXx&yJ=HgiOjjjnW9KmyXZI4nM!0p8pZ3Xgga1
z{OJ5+Xv$S=uH=MgL6Q0Up06`s9Nnc6#nEwU?k5_l0VOp=G1x>wujB9?2$cA&u3mjx
zMAvb%vQh$j{1`N7(kb4(N`L&@X-=EfC03>f5J_scR+e@{e#xZJd^LUU!9jZKh?c7h
zL|vF2mv|ppl0({QL*a-*Kt~%JHG#?^<Rf>D=ApS6%F<}Cx|z}@7fe6*UTm<>&++e|
z?F4KG$tAP0n4_Z{-2*UetEzI3=&_{(vFr0_%uH_0a*5b^?^IPuCcSrdlB`!1)BP>I
zyjXDw+d}_;W`rIm4T51y+KA?*(g{E#%5}PLXVn%56s_Q54Ffso*z2&m`ILBke%!!V
zvV1{UFmrk-*B_+!1+S!uRv(Qofw!*`*%q{mn_DYIV@&@#SIvs{f*m3MORCf4^@dEg
zu5?_g3SE*Mw`6_vog)H*GSmj^yd>gn%%lHIbuJLK#Avf{1hql7gv>Hgy<&O2xvPGN
zHxGDv$Y}EPN&3RkX5gBkOG3I|ZDTPMX{H0|lISR4G_b!aC$+_QO%9z@igR=x8HUmU
z6<XY|zP|oM`Y4hdb3-|9`<6KDSz;7jqF2p!R<m=pC@^6#_mF{DdJ1m7cN_N%m9Xvz
z(^NDCp|sYEQT`Ia#A9k%H}x-;08L~ihJG_WKyoHC{fn(0K7I-5?;u*{S)NkxvC1Qp
zQ{CylS8x}Kb6p&+uw=pG-P}HiCk&z4g-7R1>z6g-Mv@!NF!wg^`sYNai)+V@Ba1br
zqH#U3+vETa`Tn+g5OR+~0#~e^;aQfLVtUKk73|1VUO%oj=hQW8;w*1S4IY--d-5@$
zbL>94!i-Ku^rt{8mQ;fO>gwn`$|a3LG1uyj5Qt$y`Lk!^kKFL2`hftMH~HQ`i}37w
zU48o<DcFe4l`8Dy;hDBo%MsZ*GK)Ov>6oOKVD!NVY8+Xb;W+guw`s5!27~N-H?zIY
zVeN!p-z{Td8k~j;ceWc^?tIDO{!t2_oBhU1E-FfgNZ9rlXR-4Qr;*Nf%LwH?8!eyq
z-d>`lQXUOA+-QHr#kuibdcHkft3ZFsB~%*lHQKnr{Cpb_m4RxCrNQ%l&7zCRYWwZk
zT$&3tXVk|D9p|{_H~p2`>4Z0KJi+1*FoCU~j%-kyq!}PpAjy&Q+5)4|ztOYCuC6TD
zOrA#4<E9|J6MwmsZLT?MTNcja$g}OT?nQ1@hc>c$7elDh;=D(smFmza&5||EckwJd
zk0kA^`PgQarz_&qpr@l_CEG&zOG2*FCy%RVjkV3Enc9vMkW+5i5GZdD00;&-IV47w
zyX2r)LBB@TEM#f*V~~v>gIwd{f_ZLg0uQUNlSZ<#vNeYu9hCv$X-TJ}dp>XDB5h|x
zPy5|$%?eZXE{B%Qk0rbW8Mx2vyzKmZcdF}hHWw|hFc(CMP0Jh!AClw!+Ok&=u{mw0
z{JO(8!1@=Qj^D3Ro+zu~?@rQc9$5rE@GSZ<5U1gl$iDTT-QJY{k{ZYHaaBI<)H|0|
z)0&>(S-sL1_7)z3=%p*Eo@Q{dqwBRFXFJ2S*?pg`LAzd~qX0ziki$UkW$obbdRTPC
zc~59XF3}%yLP5H%a`fi77-x$dAcn{sqe%`V+3;a<048}dLmov+JJhNkxi0B8V|mSn
zVj+pz_HP$pzDqOQf$LCa;Pl{mf|AYguQd7s39E^gA^T^35oHmqWYcXL6LcAsJsJfD
z?9%LSK*NQ~`q-@>9iw4Q<Ol5?8pFCzk>I1Jqc20LFXPSZ$bsa<j|C>5bx5tT&%u|P
zbMocco>t=9q-$t6h0;*05flk)gU)~TGRbw~GUU*RjkJspkdmXEb>09eA<3i*3K|vn
z*ST)ZFE`&s@qb{8uDelYx$ml%`?y2$<-@_s?pW_N5|y6mF1Sr>)OQORPE^DHq2z9U
z6ee5yn>WCEy?`tf#gUPbNg)Le+y`V(Gh&80mv_N{&pIy($a>YXvyivqc*bTfT2AXM
zjnpxAY2(OQgSR}gj_af3&uwM9KK%L1Dsoc26|N5(XsW^xAO}dLL~j>hHL+9$y{<+^
z^rUjPE^4yQ6-NOSPGvev*koRGD>{O;bcItPOPBapeiZ23L{Ftxf>cp%{tgIfp+98d
z(;O2Z^@!#CPfI86H@ia0^L^JpVP4DFq<C)yTYn665I}vN<^AKo$Np_i_P->(|2tj?
zJuAV2Wi5St+DEMcvbt2U<j!a=2B6kl)CupsPLJ*fs@rBh&5qK41(djtC(#@6dm#^l
z^Y6k%`W!$Ke1Xwb(?8s7My)fWTBq#on)zD`@C&%X?`QQs4ElC+(m%s|v6=xg8?~Lz
zqQ4ZXQy`)FFm7u60dgB$ZI#V5vz-O#qA5!4u?wR~NU82G7}-&5kp-_(0oEziu{1Xj
zz5vpyt>VGSH_#_s&WW29g))K&5cr(#x)`WGEML{S+v<%5Kd_pKb#DNxlTspmG;72U
zk4r6pi))`73})n+Lpge0_J5((VSs-Dg`&R9>d9t-ivVO<Kl}Q2iP|rKy>V908GsFs
zD?eVNS;Iusu#iVwGjGLk;ZoEv4lGM1V28FeyL76W--{mi&M(t;oeg8Mqy0^4e%Xn`
zkWd&YaB&y|jzlMnIv8+#Ml{Kd2ur~;a3o05q*{4eZ}Z_xNlq>o9LHgx^<t_lSjd00
zqp&$QPRYikC1w`dbFe4Wbb%e~2SKnVwX?K9W<r0%wzta2KGTKfwk`N<jaqj~;lQ7t
ztI9PR<w71}4KL!d5V4zu9ouz~d)8dibNweUzc#7a5n>U5=g*!iK$PO!KMNj2pd3x$
z@DzChbef1(`1;CRXq?!Kr&;(noYA;t{>1l@z$VE$fgQQf#j+&welg01w3TLZw)}4K
z+!!_Pr>>gfd~T=jw1JXMhi}cZUtTP0LR>{-_F*S679>1AN+f-jUN(gh;U+^~^0gu_
z!Ci%0(N7;{TMcOC1J{rM@C%hHrV@563{~;~6M+tn9ssJVVnZPw`hu)mLUZBXW&su?
zU7y_q_;%+$(oXxLp8-3Wy$&36cof>Tm(g@OHwVW!zh>|<U+;~7TKMoAfWru`|Fuu!
zUsf4)U%>M8pH&?EK8O;9dnbKyVOnxN4jj*yTK|P{)$RD{*R=djFPjUav`6%)cIzH2
zA#T@3Ygg*1+5LaFiQ~T`F8mLlF=L&)?pKZ?Qw(AN)$JIkA1wox8<`8!6naG?zLjh0
zXVql?Ei6^V755hpaTE;$#Afd#Dp5gd+r1aEynpI$NCv$W|8CCN&gy7cjeWQxsX@z)
z5Tt?wVtIUHGE`02N-(uoWw{9#lBhG&?zXhdK^Ah}@*fj{OJ@di4DFNhd(#d7(&z!)
zvT4PMf~@4#07AOQE{F(NgMYGL3Rn_+R#?3dCLu;hFd(~QwOAs8Roh6qUx<|zOj19{
zvQ&JMV^PZ;EA3pi{6e5uac7~4iLPHC*YIM*qB=e1X-oeID=<C9D#H~|kJ9Zq-~Sy6
z{|d6Wg|X#aN@U0G0F-TjG$znxKgc4~nn`JS1K8@?pyI<zSdHLpT>fNrxIUmf$b&vF
zCj*)`?<QBo&C8j%P!=JTEl5q@7hNsEel6c`Y_kw$JeU>W!|9%9@qMV!=t&G=PgB+&
zH&!@+vV#yY16xT{(bbI20;+%0G?7zdRFMmhu>hd~VSQ>X1BQW5&8CN1O>VLr(DHEK
zaBFKXDnSf=DRSaPeU!OQIIeO69!yVNS;=xQ9l;MB7o2S)aif0C_t}|vhJ!OB?vfJ-
z0YAPE^zX<*kjsx<{QB-zlF7%Ij1Q{Ntp#(-c_0e(MB<%0gTp~Ieq~)QOYm6erUJp^
z5u*B}+i=@{U|#QApjea9#E!yBW$`+TpzF7k#!?)1nUFTd#?cUV_=+4$02l431#i20
z0Pm5K5QwrqdA%L&;~GDZcY20_)v*upNqb#$ZN|VR_Nt!j+i+?isBk-+*b>nyG{CDr
zI-^hP!TVo46xOERihG0j3`C5*%vI15SNF-x{(^9bEw@Z<H)6xT)y_50A3Etjk-+2X
zG|AeB?~nQ~GNb*}&fa>;H$T^>IO>A%#a80QAm)=MN`hA%wPJ)}iF!1!B=(dDxMcqy
z_llMC-(_i>$AJ!r@9KC5S7kOiIip+JC|?D)jpwXwd4{r3nZMip7;ZuRrw~h&3gjDK
z`oeuz@IyAAoPCOp4a$%*NbL^iGa$Pt-8=REPkIFu$z!N+c6EYUs#04k9zBXiX%?fx
zsQnW)sKe0nfqTM~P<o6MJ<^Uwf+0KhEjcsY@I*9NA@+xbZACXBSP-vpXDNn*)a0vp
z?zMNsVcwzy@GG03#}b+`FC;#;@a`}>op1?QzVeJu=TH!EP8Jm-6I~tEBNlmIr>VHO
zX6l@1kIbZNrEmllZB-yco|x$fO=EVn?4av@0L_3x2HG-H;kjUZG=Pe*^ZW6&dE;)B
zB&-iw0FX{~f>Z;)Tg3p79?7-?4Qd+#tGy6SBpWqBw1F0Bm$;2%##1y7Svfh?RXMAP
zgq=^-IE3ol+%Hd86RHO=C3q9m^#=vEtOZBsRf+S&#LTt?okkb27xE+_E1}!H<DRus
z<YusSDg`Lok@tu3;rK#B*sBBEOH{wN5j3&H&;56$4ITmK{3|6d<3agq>EY2*<fa?6
z8=Y_{0eW50e5TWcmJflunul1Y=0s*(a<@TO)kKot8!>ci<bIb%s>70?*z1I&J^)^1
zLFRjK|Gvk2(<3{?X$=r>9ZaTBj8M+UWyknl(+S4|Yjv+-oKNJ%rK05u`gzYfT}#(W
zu3fvlUhy17M!*=~f44v{@nzoIueojK)FFA<>41s0XJd;)+Wj1Ez;)D~DsPYrIA4z{
zD)9nu-cy7J4&{-gG6n96WH@#v$#x{f<^o}W@&?=;t3>9;d&|~ho~vFlo!@s5{b)p~
z8cOT{nge#72rAS}j{F<s-kMX>+1VN11@V3--VCCU;edf!#l<4X_&JmE*WRH)6i&VG
zh}E+|`?-y!Cxx1??4a}_Fc>Ilm2CD_bZAPWn$|gcWXHsPf>W7jo+!Lz(ISMA+<YSD
zZ69|u3w2z3r;5R%n1CEhG-^tUi#Hrm0Hp-&Y8r~mku9-NQEiVLub?3iPntHyj9zhp
zrMZ#i{s09`R6sCr?X5wlk^1GKDjGPEHu_B#I6!4jb|l5{u4Deq#!L$+7}G6WT^q%?
z38tnWTzW874((WP=OK$`b<}@YI%usFKYH|9W&EF=*0&Ez?%ptZ?yx3Ak2tfw=M3*}
zY8wgV(h9(1N)7T+&=miNI9MiojAy?8?Ceafe+H76w0#WvedJ$gdJi|L#VRMg&?VZX
zW|a+R&D=`}>~ay=^d1>h!iW4-<dH3XH;5yB9td)BYfC1MS9v<gv0m%F_h-i7vE{cv
zJ7E81X7&H)7b>pE8oZ64Z;emUCAyJWNnE+=*;_5sl*M_~475;u%{tS}hoAmC{ki``
z+V%gg)%U-6E7P+#S!fp;PQmjFZmU0>S@gnG^dODo{^HkJRs0Mc2Zg&3iq7+g`dvv#
zFwT04#ZGTLf?y;)%F`={7){e5hGU)bZEDRLBb6q28Ok#2IDnoP=x6L>0I4%C9L)dX
zTQd66RCMN?PZ_COfgkZPOWT&p_&Kf{1zq!lGrouY_W=;G@B4PfC$D}5U#QYN6ueCo
zru(95xLM=?L<CUh%+|P<B)G_QxN(gr4uLxv@2hoBFOg*(k~(_m>u*1#Vpf5V`03%(
zLAhi#%<I!z6<Kavs9Rww3d4W~#INv9o(E^J?d?iJ=Q@|P)Aws>)8`<T;FM7$)t7Q7
zpRJBCla;VZRuDr}gDK%zs>crW6+k_r4%DkAPM&r|1fpyf^n&%nV*SEp5B>vf_HUr{
zuo>|~hK}4|x^Pzrd*98+kao(-GG^+2z4GH+^))ki1z3kXAbyf`pL(%*^nRGPA!~I-
zuPBIWNp|C!RT17uF^?@mZOdZcg$Nib*iJx0_1FFdyb@g2<CkdU9bfos!&5@nYB*o5
zq`!p$L=cZleqDFXuPIn&EE*}!z?l`joT@oJ3140TJBcc}^4KC8&k%`Odwa}G67<$l
z!(#z5At50w&LXEMr^K9o6_gxg+kY0`^a;JZhu}YQGCM~9+J^rE@5PzV8x?GlG}B(?
zjDSuDR&rsCyKk1@Y#-{pLHuyDL7ca5je?=BE?UpRzRPpOn9!^h$$7FIgVTZDoj9F~
zI?qR(@3<cv9MwGHdW>0U=_(iN3zOaF;KLyQfULiAe7Lc7rG<2#FLp3&ON3fQi^a@8
zH}|L>38xHchEwqI!tgO=ev=v;<8pOybSMajG-zA|<D3v2(|(X<pqk@slhf{RF&yk%
zNLiEYhrK?AW5l^tdR3dRR{9myd5hD?UBGm-E+BrPYKJq0CW&C5n*2V6-qO+%Fm-3*
zW8Vv=bD3{Ulp~Z7^pwksfzq`SUhGzrI$gabZc4;jon(Cr=1D-8GKKO(7C`nAo8oOI
z&17gpyPf-r=6fY6DZsm%1xI)LyGs)nG9<^OhitDvbAT4zQj2CUX5xZZqY@YAKAf58
zGSre4FhFN^PRnH?P>(JyjIwlR>{O&USC72uS+MA1`zy^r{I8X|=Twl6Zd?2WEn|n`
zYrRYI(2<O}6n$$un5~d<R(iy<2de_RWzz1xQoe0Lkv%Lq=B-E=QH-+O8iHQ&{j*Sl
zMA(|1IerG28%s!{s)|&EMFHK{Ifq`{z|y2(qQYwySSt!+M={lME?%4>Q|bojBHW~)
zo!K$dooO@;_Y!I05sr0d(LD+zefJ`I7SMGnAsAg@3IfTzCdfFe#la9Kut>(N+92?w
zakSj6Z8&7svnJ60aLtOEV&Q4&?uEj;<=xo+Y{+rYjes1^%F1#T$wux1wu;piOt~@n
zgld)}l9)%?*{5$aB{|^m{$<XCJYC|z4B92o9A51N;dq>LvMw>I_Byz7sAVxZoa2(!
z55kQra$3=Lb?8gXxEx<tc*KN8&qO;+z0(@Z{o;fbf}1#)rc1O&PiK)^xaW>Z=6fCc
z!rG5$L~w|SvYK`$8}zlF$=Exra5&1!y~bR0CyNU3#A;P3e9uMu**ai3J=2+5WlkG<
zB6;js<Bv$}_Hwl55oe2HUs*}X=CK^heazFd-@F>FAS(tquR<wUWN~#*n>sp(fKrYb
z)PjRqq)d%S<`Ty{m;I8oX%`n#Aa-x8Kd&6r*O_OSdo$_xtTO`3pNk182OL{D9QM}q
zGxJ1r)=JN=3!{@k8~ED2UY`hfm&yNdnz!Ug_nqrUOGR(3HZZ0aEIP$noy&K&GdL!|
zXrF8KGJ4uq;T&8eEt9>UM_|Tp&((oB?;7X0aXHGkT<xWeYwy6(F*>g5l~vU9$B;~C
z=dW(Lck`pl?t7<j_EA=LHgCi#*dKfWkZu{p->k;B2~JJfoAL^GN=Qm_)oULLTfbFF
zCRSo-dy8k~rU7gl*`m2Gk_vWi7co2~zAKDoo}<%xb(v+$uVrPP8<6+BYP1gM8O%Ep
zKaE5*eL}O>XO-I+kaucrR8obB-U@x#JiYIsMl8{uCZ#gB)6raS8D%bIcx1;DYIP4=
zOM&5_blQw%`9a0=iJK6)4@XF^kd9O?Lwgd=TRZw>CxtGOd0HkmAcGOd9*r}7Bb!b<
zXESIvYfB$d+PmrAj!JMquZx;-grDsjZp0r~v*a&x{La#yhrhhJyQ<ncZ|&Q8`Ms~q
zUhK3BK`ZQ@ao7~Bz_u6OgPatoxB-`uS<N~}Vn;*JgO-kDqM(Ic+s0(_`#&y63T;^%
zup!u1Vx3C8;B<W@d9$THMUSg~Fy=G|nJf9NdgB3mqRh?oy44MR>#m2(xfC=uNgLB4
z4AakK0{*Xdi<F7ku_2JF@RX+33JvxHXcHL>Pm|OEdplRCOMIc8qFpixBs;61;GTn&
zZU33L=;)Jz+fGXDCJm1@x^{><YzlMEX%Lq*v9VcaV`CHEhm!Udv{wBJBxCNj3FiEm
z{dgXFO*8sxQ=^M@iMoaY`I2eYFz&`K%;vUKEji#6SMZUXN|Q-1o$3@+vcXHTFZ=bA
zM`lxOot^7NeG4lx=bstUoC?+(G&3r%qKN4s^*-N}whG*0fRBPmpdp)yPOi;|+qM!x
zrlPpY_Nnc6+B-L&0QbdkJmrZY(l#<G2V~~}cmlI(roce=l86ij@{mP!?%rPU7RN(5
z<cvbUfrKzufv@_MwDMdVffdPKM;@Jfrc10Gj%}OmXec#~Ju_4H%Fr^8w89t$n_y-&
zmt_|h52tPyh_0@T-*+y#Uc~~&#^EN<)YBSm?a##5_G$l?_Rd(2JA#o?8pYdj2oH&K
zKuh_dU6Mt5VIj@Y@48gHhg>kC5qT2H(9qg#@v&Yy;wq(ZD=HO-S1WaXsQ1io#d<H8
z-XL(D<d0H**H1fhvRid?TgQejsh+@s`%*nN(9@cYo;iFd+?;d4+}nKFjo&+bcE}p<
zcxSDB99kSRS%EsCpI_mCf-l-sKs3$!{dxRNnjynHWb@iPud}mnVkl4X-cV1ujW6_H
zHSLXdYY6(LKsYPCIi_vnF?Q9M%Jlx&E8`!9Ut61X43PZXtpz%!$U*rIVv*~S1~9B7
z?2KTqQIdO}7Ql}kbN5Q8F(63a=BMfTvFY}49H2{0&26Frz;Rc)Hr|UhHu$1>Fr0&(
zy`pC@=C;0Y;Q2&jy=wxS)|4&`wM=HW95cqQaHJ1>mw4l{y1PkMPK)1m57%{xEB+4W
zO=r3A&;3d3mM?`nwVg-NDc(zxBKtxshP<>-J-MJ#znhcyQkheMzQO6_-q3RqUd5od
zdg$mQ$>490>A|7(M`9?KOA_m?N{jYoEg1HVvB`QSGsx}v2ht9WTjcks4H*qJvrj&+
z^ch`;2tsoHI@H2`I+Z=$V~^GT{OQ|U<7+KGElZvkcaFJufX~R1&CM$eTOo~8NOICR
zVXsLcGdHX!{Ss&0tBlv*G|ZW^v+J8{Qr45mBQBRIg#-ajw;QGjag>hlMD66TnYy(E
z#%~w+Ha(4vB{Eiso~@+(`Y6J3dDk9+;Btqb;Kr6n|9zr3t8QP|`HH>Aop1F`Gmpy3
z9xl8Lw-0u9b(pLHRuo(f<!5joI(E=Bw|`n7F15;_*;sK<PkK;)X_(B!-Zxxct|yD$
zp%bKQnkiHmdSh1j+Sdg=<-sGd9igT&v1M?WX;;{>UPkN5phNQ2X}8L6-+1B3HIxeT
z-$HJRT5|oE%3)dP%y918hwtC{=KTB(65xx&m5C!3<Ml_}q^JiK0ndNmDEZo%qh$s6
z@4nJd>IgAolc5xfl!U(Up`>wKh|KL_(%hO}8+L6v$F~Q{c||&xlG#_Q%ERAe7v!$t
zk0vKwPa5Wrb&A{c#vQ@Pyg?^pd(%L5n|W~PIldz>bbXqzR!Z?<-iZXSFFvv9mHG9)
zZK+O8uh^|Lu4rR98*7{^u2DVim^N5rKImTPR`*9i4bDuF)DMOHh$cSFZ+}ONbdc!K
z4|LuLa_{FtvWq`TIiOc#9i&4J72LA+7YtMH3B>zk3mMG6U^Ha><}y35)XU?T7m@PY
zxJ|ElZ~V(WF9I(oNW8pcaJ+E(bq|3Cq#n3+IUFci+MBO9_3a_GWNz#Ng#BFtiZe>G
zp}(7cb$j&?=SeB%&Qqk8j;NW6Y*~9Cg8FO3okDBi3_In$-|Kz5YTbTb-Zl;bR}>#?
zr+K{z-ZnU~^6uT3qZ{|(`?1x_Snl1tAxHk5Z{;rDfV}#+9QU-$&O($E*o7}a_m4w?
zwmIjOTp74u-VJXUrk}ouhhxT14<JvQ-q!eQ3of9)DT7*eYtQZt`F!^4?ks)Z<*-hD
z!U46=Dt@D))U+tqhhz6Q#F17SLzcD!f-_rh5p<8XeqQoB@1x(dv`?X)o6d!Ux(Nz{
zu|;i+Er-EA+pXyWp%rKOKjpx@CJ>xYX6P5UkH){j;$~nNA!r%%S$=%ofH;Ih%@tCg
zs|ef2@5jhplsC?mC1>DxH;>r+z6p%keLOBWE9usA!VPWF$PaaOo5I7xac9VnU>EUX
z>*CNZ<-*|`vB~U(!zNkUrM}Ci1Gzp>^o0c|o2|Cc(#kK#Kdok7Y_9Da*VfYurAG()
zSJ6_7EsPD0WyW}|9G*(tKt$0}dh~;%dde0TgUkyj3-n2H7Rhr*F4rEPI2YOMzDw7^
zdv^{@LBEfCmb+GY^4Dz)`ncXqCFWL?;o)JKD}^pH!&i!p8n|maHUy?lKhZt&xPq^&
ztZZXQIs5b@a_o+6+ZWU8?DB|FJcDlEIyX`q3F%`eV{*JUXo*IyXE}GKXbg@>PVTOn
zz9<@*Ymk&pE*boB<f7u1wgZbFW`fMD=Zz!O+y?RvTWAePL=ck6%IORZi|FZuCd!NZ
zk+sxd-EED-4dezZ@4~VEhKyI#566z>8&rSS$(dA?|JAmQMXl}G^?-NRgBRL@@P*tH
zLERf)o1iU-Z*daYT2wmOqIqrHY=^?uUXSex#8N(ai!-GBx3zcHGfCEO*4|l)u|XBv
zLr%rQl`eWzVG3y4G-}DG=x?Yv&?$K$OZx+q1j-jAqCfulaRj{=!$<CU%^7Fibt<rZ
z)9PXnF|dP+>tkKrV}c=V_%K|s#nn_)8rd&E|A2FfkJpO>p)4Ik-dz9)llL%B^4#m}
z*RL<;+e=2t2g4Z%*Dtfu-Z~BiAIqbf4Ou2Gfo(|R?l+mcwSE-3Tl}z8Gpe%Eyu4j)
zaLUn!REN2APwh1rm8um#FVNqBur~G!DNF#<)yirOq+4M<E<jOV&!Zcmy~#(#IBN&A
z0z&y6ZEcTfAZSjWOk~Kg?HF7kFyq4wSCRwUf{>_&_Z)~-#YEo%&sof7kSoGCU@&a*
zw$}ny2P+k2)*SlusmCdR!AjhZRNuV3u%wJBzHzlwZ|G$&Vr3-FMKYCI<vN96+%26p
zX)lK9g0#$31~dEnGE&=!w#pYaw>FMT+&IglA>)Jb(Sme5D^R+mVQc={sFcNlclnto
zLm{Rt`|;!T94oJWaK<d5D}X*45%%)UB`je)GK@JD(9821>Y${5gMzAa&!cl69CC1m
z#3#zSJ2$(=Ar)~%#>6JOB*JpX$0<AhU=${$KR+J*=(ptedhyn0*sPH#?|e;eZMI{b
z*-W|hZVz(wB~pEXVQ_&m;G(p4KSl2YZSQ&KxRjm)Th>-|KRLhuRKg_`TQjXz!A6BO
zD6wSh=ybZst&f;Hc&T81c2<Vf@s;MXMAl4=uyNjxvRB?(fq&B)oZ)#=T61*TR^l*c
zkG}9KP5y$NY;5ZzlujMjP^tf3QcX*JXNyx<0A%hpuzuF?3AbNl2U+=m_sQjd-rWMk
zZVx3{Pg>^by=Sj<+-3w`^_ZjSF<jG?^Z6wVzfOWnVTym1D=C8!Jo(Z~wHjeT><Onc
z?OT%Fw#gXs1A{`|%G9WGyPM@&O^Xu_QbqBrAPxU9<Ks%VClH1`aR#H#hO89WJ_&_b
zOcp<rAdxdnFpqxZW=#F@0gdyATdS*8T-@E8eJRnE<S?dF!X>|_ItHU|yUQy-d{~Ya
z6N8>N1qBBKA5;T6lIw*?@S$ol3_H-W$;x1{nY40ea`lnlyt(Tjb>ByUb%reU54hI;
zJ|&8Q#reOVoPhvmcs+;#`jt*3>Iml?^0vNZ7bbA$#1bekH!RbIe3H~`STEjeWiMdR
zjBRf{eZ{SJ<jGC<mP5TJ*KE#Dp!LMRN~kK19rU%Y5lEiU4HJ_busb`S6TLm^)I&32
zwJ(-i9-Ui`-p8?am`n<W9F>$52;7<Q<p4-R941ZFa&M#+(Oo6De3-lLqDIzHaMjsb
zX%2xNCJk-aRv~VtqC7as3N=)gZPoj(BdiD_nx82!Ju#uJAU&FN!>XsG-Jvq%Ow<~U
zDW~1XC*DN$jR1PvvtxbRhP^9q9iN$i3==2JBY|CN&}<;Ni70pF3tK?xwO>9Z<Vj3!
zALDK8w{Y4Ee`u?-G#~($WxJK7_!YHgSDN$o2WEVmju+@-S>*2?0Vd}3^oozdUBye!
ztabsk(hs}mA|sS6gY^afL@cl5l)#I}7Sl1p<&2I4#aca8hdNT-nicJ6D;-tcj@$7*
zdRT7)AH89(Z*w1Z69KEy+)l6emaw5PY-N76DTt?NiK8v$Xw?9U9Bo})ry(;3y-W8v
zzf_xkhh_!lcoose1X|sgQ<Ia|+}xVnj9zr*$Ygj*oknTl>P&z#%6*cr<qzLu<9tmA
z6k}i;rg3O%>8Y<ByU!{wxSo`2OqG`bUxOK&Lp;SgQ&d(q2&Yr9$@aLxU^gY1t`(bB
znR52x(8-AjVDdO#_mgu=5DZY*WT(?SEtO*nc}JEUyQooX<K?A0^_Fkb8oWP^sY-Y<
zCAQk8*KqY;>9+MEK4i=uDe!>^EoL@VF^z!q8oR+%jA5EnQj%U{CAo@KU|jR~GN6zZ
zy_oF8yecr_n(PKkt_BtViy`*SZh5k`{qO3Vez%2sf5Q^=!r;>Y;!q`zf4F_RaH(Zy
z$s=^Ru(s6vT(%wLRGjyKt&qUkiYgD-95sI*fXMd1nKc5js?_J()1p1FQvuC!iihdc
z6^d_ev+q4mkq4c#n_|XFtFs#9Y?>Xbs+?7;n(1>%-`>8(X7-0|!>KzA@fbo=s<S4A
zF*uk_ICtXtM%D{QR;^t5j6pUj9V$Z<?2$)9sbTZEvk8|XOMDcJnw>v4Hw#2GTOT_q
z^0J`)kNnmTa=ep8)3@4khWS6oM@AkeYUTLWt6rr0p(x0fL+FC#bwO3?bos%>>#^MX
zj>X6H)<`Edr^d7<($d3RBXxitpu(Z6a%@8@!-25#uJ-;>bUDqwj+BOc9-F)<xmC$-
zAB&Xba>cC++afI{zDm2Ge?L=L|IJrdnY;Z<LY4V(00)8gtK9hisqIQ*n#!W^Lr{o9
zmBGjk3gaM|3>8Hb+FBfnC@P>pU=*nhqreC)r7R*y0a-K()j<J8WN8F976B>9QjkUC
zC<RfA>`*o-P$<w+pzWOUW0LtZi9aT3(!7_ndGFnG-@WIYZ+U^+jK;sy8zn-Ho-H5{
zHlt*@KP!BN9d)k3mu6&w{hCFv5s9&8X7bPJxc}>LB)A5&qs(#u(^J8Cs8FvMw;#vP
z?%MguiC8C%=N{c|Vp3tbg_+#B*9Duz#|v8aIvUU0npYf4ZllL?Sn|e;M+l)vu)ksx
z{MJ-`&G#Go+HTDr^Lr1wM?gfdD)if_&K~fZW0^Zt<e;+Uh(P*cENl;W9K>R7$y+*F
zTQ>lta@6lcCv4`h$2D=goa>?t>D{%z;N=tUW-%+iImza*1uu&jTxY47aAh1baEL-d
zBj<pc#B=YsY8S;fjh5a+HPQXAO!o1O3KUoVHEvTgfRPeYQ&GAJN)6(AF-{^D3ilk8
zF1Sf-j2Ozu*tjA!oBMbSt<<GERs(1+?--!w2T~}?2srwYy9%AoDoCT3fOS7g74%js
zBkf^^NU(6^Xe9P_5+E<$`5vea8Qlmfe0`CR^%m8;vpb>sc$~-ln6)G&%GVR=1<G=1
zXIhfrGpGBE@z9rPI!K!K(Fhip#hI{ByhKOl$45O~#vu(QF<n>p6KDSHF|w7%t)7`a
z@5Yt~jOg@7N(nbO@a&B)sFG7N)dHu+Jb`Je3Mm78?iY}#R83?SxJFPCI#wJ3Fgsm!
z0I=pWnf7EcfE|b7`G>85On-x$3vMSDuGt7QtxPibuTsIizL`e_dr|{B_zaGgL7#gF
zev#hO4`N0l1BWd?eOZ(|Pi}*up~5X!_lrc8Q-<C?KGqM?)Lw(EAQgN=o2(~ou+L?D
zI=eXwjrXlt^<&q>dFIeJLaeQ;zr3=3HDKO4MpUC8A~7zO8&XvEfqwI*rErdBt@sUR
zv<yPCf#DqXE@=I95o1J*Pcdk!N#u0XLI{L~cH7`M9i$f20Kl%i0U96b6)G<y3d_sg
zM0PlFFRe^l4I%f}UI%O%s=*m~M2-No2$(uOo2i2Gani#wrXyomG`%vP0!1DG{fy2L
zD4!tKDp@Rz9uQgYnFq)qN4+tlt589vZnyf-&KrY(XwfFV<qY?F07$JFXl7`9&H?Ic
zp|`O$i!ASKzj|KO#y3-^wM2K5+{yhMwx{z!^QiK+1zaLKy1slWWx#!?6Qy4%on~BF
z`YIsXVTAi6QcOustP3VkZ3aS9&nDPDEne*bbf<w|!r=NuX*5W8I1WLmA>r|l8F-nO
zC=_U}I&c@z%Rmq?s?!xw_J{f#EeBdPt4%G`Uk|OK3i@%dvB4D6fCPt?E%DNO)?u1n
z0unwGKnCi0fY#B5=0TYKeMY=k=0#I)eXk|ytD0-U&wiL$=DSu$YI{f@k`&YY@o%cu
zTeM)y4KsoYghEKuRl#NL*8CHQm3Yp<8oUAYH!K5#f`-79O(8UjOsV+8pQqDG-xCB`
zUff=NKNuISyG|{$*_kdEMnV2aBkGC5SG>Ays7Z{zr}x~#!op<RjXWk(SpgFyrS>rg
zdvK1oh;`@nuSo{#lPKYMi{x!m3X%45K+6S}B$k)RPA`Lu<~I+_0BePyrP*OBXwW#}
z0~+MJ3j=(8l>sQ^;OA$C_-@bNKtkI4`ckH+gL)x&clSmB;hRhGd0OW>=~}4ujD?}}
zmKx{VhEHYg2rhT(fndnvzam+jd35TwQi0QmMk%cr;C(q~AFYstV}Ef5H*@8w0{Jo;
zCT=Xh*^Qyp_02{rO{gz{K~0kU4)3p|{V{GWFsgPQ>^FHwpn#C3%rzCkyF}5|+<oT~
z%oy-=&S$Z>rN=w1ny}`U*smQOq^@x=-aXB7Ssb@aphWZZy?`@2HBh8YjP58c;*3Ar
zv^5bRaSB>t@kQs7`>lXZvDvCH8rD7clyZ2TIBE`t38Zh_Gw74v<;fjc=!l^Y88x|e
zizoZCZX&aXT@~{ucw$v`0xR6NWF>Zxd*Y`W*|PD12RG5809pO~TW&6U5nW^pRgcRm
z2DV^u?FsNIe@QA{GLn`qND~c|gZBJV@1nq%x6Fx}d*AT}>!dmTId9%LS482=>;0f<
zh^Ug+)`y9cjo-5{gbc>C-$hk&*sH3qWIW%Jv_nzN15j46)q%wL9$oE@5o%ce2b5v*
l>v-)y{%aZi&-HRduEexjQ4&tt%>jx5IqKj{DE{?a{NFTz_kaKZ

diff --git a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 99cdcd7dd9..7ad9b687cb 100644
--- a/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -76,7 +76,7 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
 
 1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
 
-2. Scroll down to the **Create supression rules** section.
+2. Scroll down to the **Create a supression rule** section.
 
     ![Image of alert status](images/atp-create-suppression-rule.png)
 

From e20c8898e73f51f83bf07fb017cfb515d392376e Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 5 Jul 2017 12:29:38 -0700
Subject: [PATCH 31/49] update advanced features topics

---
 ...windows-defender-advanced-threat-protection.md | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index a13e3a95dd..701b634c7b 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -27,15 +27,10 @@ Turn on the following advanced features to get better protected from potentially
 ## Block file
 This feature is only available if your organization uses Windows Defender Antivirus as the active antimalware solution and that the cloud-based protection feature is enabled.
 
-If your organization satisfies this condition, the feature is enabled by default. This feature enables you to block potentially malicious files in your network. This operation will prevent it from being read, written, or executed on machines in your organization.
+If your organization satisfies these conditions, the feature is enabled by default. This feature enables you to block potentially malicious files in your network. This operation will prevent it from being read, written, or executed on machines in your organization.
 
-## Office 365 Security Center integration
-This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
-
-When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
-
-## Azure Active Directory details
-When you enable this feature, you'll be able to see user details including name, photo, title, and department information when investigating user account entities. You can find user account information in the following views:
+## Show user details
+When you enable this feature, you'll be able to see user details stored in Azure Active Directory including a user's picture, name, title, and department information  when investigating user account entities. You can find user account information in the following views:
 - Dashboard
 - Alert queue
 - Machine details page
@@ -45,6 +40,10 @@ For more information, see [Investigate a user account](investigate-user-windows-
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.
 
+## Office 365 Threat Intelligence connection
+This feature is only available if you have an active Office 365 E5 or the Threat Intelligence add-on. For more information, see the Office 365 Enterprise E5 product page.
+
+When you enable this feature, you'll be able to incorporate data from Office 365 Advanced Threat Protection into the Windows Defender ATP portal to conduct a holistic security investigation across Office 365 mailboxes and Windows machines.
 
 ## Enable advanced features
 1. In the navigation pane, select **Preferences setup** > **Advanced features**.

From 48e65c253a57de716f79a70742d93398af833b3f Mon Sep 17 00:00:00 2001
From: Joey Caparas <macapara@microsoft.com>
Date: Wed, 5 Jul 2017 12:33:05 -0700
Subject: [PATCH 32/49] fix link

---
 ...nced-features-windows-defender-advanced-threat-protection.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
index 701b634c7b..81691de5b0 100644
--- a/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/advanced-features-windows-defender-advanced-threat-protection.md
@@ -35,7 +35,7 @@ When you enable this feature, you'll be able to see user details stored in Azure
 - Alert queue
 - Machine details page
 
-For more information, see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection).
+For more information, see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md).
 
 ## Skype for Business integration
 Enabling the Skype for Business integration gives you the ability to communicate with users using Skype for Business, email, or phone. This can be handy when you need to communicate with the user and mitigate risks.

From 174bd68caae7463a4b70d20f2782edda85d3b976 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Wed, 5 Jul 2017 20:29:31 +0000
Subject: [PATCH 33/49] Merged PR 2053: Merge maricia-12038969 to master

---
 ...ew-in-windows-mdm-enrollment-management.md |   8 +
 .../policy-configuration-service-provider.md  | 329 +++++++++++++++++-
 2 files changed, 336 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 2527387dd9..6ae7b4c759 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1241,6 +1241,14 @@ Also Added [Firewall DDF file](firewall-ddf-file.md).</td></tr>
 <li>Power/HibernateTimeoutPluggedIn</li>
 <li>Power/StandbyTimeoutOnBattery</li>
 <li>Power/StandbyTimeoutPluggedIn</li>
+<li>Defender/AttackSurfaceReductionOnlyExclusions</li>
+<li>Defender/AttackSurfaceReductionRules</li>
+<li>Defender/CloudBlockLevel </li>
+<li>Defender/CloudExtendedTimeout</li>
+<li>Defender/EnableGuardMyFolders</li>
+<li>Defender/EnableNetworkProtection</li>
+<li>Defender/GuardedFoldersAllowedApplications</li>
+<li>Defender/GuardedFoldersList</li>
 <li>Update/ScheduledInstallEveryWeek</li>
 <li>Update/ScheduledInstallFirstWeek</li>
 <li>Update/ScheduledInstallFourthWeek</li>
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 44bf627310..85911e3a79 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -4555,6 +4555,83 @@ ADMX Info:
 
 <!--EndDescription-->
 <!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-attacksurfacereductionrules"></a>**Defender/AttackSurfaceReductionRules**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
+
+Value type is string.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-attacksurfacereductiononlyexclusions"></a>**Defender/AttackSurfaceReductionOnlyExclusions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
+
+Value type is string.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
 <!--StartPolicy-->
 <a href="" id="defender-avgcpuloadfactor"></a>**Defender/AvgCPULoadFactor**  
 
@@ -4594,6 +4671,98 @@ ADMX Info:
 
 <!--EndDescription-->
 <!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
+
+<p style="margin-left: 20px">If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. 
+
+p<p style="margin-left: 20px">For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
+      
+> [!Note]  
+> This feature requires the "Join Microsoft MAPS" setting enabled in order to function.  
+
+<p style="margin-left: 20px">Possible options are:  
+
+- (0x0) Default windows defender blocking level
+- (0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)       
+- (0x4) High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact  client performance)
+- (0x6) Zero tolerance blocking level – block all unknown executables
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-cloudextendedtimeout"></a>**Defender/CloudExtendedTimeout**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
+
+<p style="margin-left: 20px">The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. 
+
+<p style="margin-left: 20px">For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. 
+
+> [!Note]  
+> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
+<!--EndDescription-->
+<!--EndPolicy-->
+
 <!--StartPolicy-->
 <a href="" id="defender-daystoretaincleanedmalware"></a>**Defender/DaysToRetainCleanedMalware**  
 
@@ -4633,6 +4802,93 @@ ADMX Info:
 
 <!--EndDescription-->
 <!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-enableguardmyfolders"></a>**Defender/EnableGuardMyFolders**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.  
+
+- 0 (default) - Off
+- 1 - Audit mode
+- 2 - Enforcement mode
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
+
+<p style="margin-left: 20px">If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit.
+<p style="margin-left: 20px">If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center.
+<p style="margin-left: 20px">If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center.
+<p style="margin-left: 20px">If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center.
+<p style="margin-left: 20px">If you do not configure this policy, network blocking will be disabled by default.
+
+<p>Valid values:
+
+- 0 (default) - Disabled
+- 1 - Enabled (block mode)
+- 2 - Enabled (audit mode)
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
 <!--StartPolicy-->
 <a href="" id="defender-excludedextensions"></a>**Defender/ExcludedExtensions**  
 
@@ -4664,7 +4920,7 @@ ADMX Info:
 > This policy is only enforced in Windows 10 for desktop.
 
  
-<p style="margin-left: 20px">llows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
+<p style="margin-left: 20px">Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
 
 <!--EndDescription-->
 <!--EndPolicy-->
@@ -4744,6 +5000,77 @@ ADMX Info:
 
 <!--EndDescription-->
 <!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-guardedfoldersallowedapplications"></a>**Defender/GuardedFoldersAllowedApplications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode &#xF000; as the substring separator. 
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
+<!--StartPolicy-->
+<a href="" id="defender-guardedfolderslist"></a>**Defender/GuardedFoldersList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>MobileEnterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode &#xF000; as the substring separator.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+
 <!--StartPolicy-->
 <a href="" id="defender-puaprotection"></a>**Defender/PUAProtection**  
 

From 74cbef2d123f920d044471dc437cfbac577d34a5 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Wed, 5 Jul 2017 20:52:51 +0000
Subject: [PATCH 34/49] Merged PR 2055: Merge maricia-12637498 to master

---
 windows/client-management/mdm/bitlocker-csp.md | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 2007e89d95..24db3c3c45 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/05/2017
 ---
 
 # BitLocker CSP
@@ -113,7 +113,10 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>7 = XTS-AES 256</li>
 </ul>
 
-<p style="margin-left: 20px">  If you want to disable this policy use the following SyncML:</p>
+> [!Note]  
+> When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.  
+
+<p style="margin-left: 20px">  If you want to disable this policy use the following SyncML:</p> 
 
 ``` syntax
                           <Replace>
@@ -257,6 +260,9 @@ The following diagram shows the BitLocker configuration service provider in tree
 <li>'zz' = string of max length 500.</li>
 </ul>
 
+> [!Note]  
+> When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
+
 <p style="margin-left: 20px">Disabling the policy will let the system choose the default behaviors.  If you want to disable this policy use the following SyncML:</p>
 
 ``` syntax

From b5fa1d1addc91021f46f9f03012333b13ce7867f Mon Sep 17 00:00:00 2001
From: Nicholas Brower <nibr@microsoft.com>
Date: Wed, 5 Jul 2017 21:51:22 +0000
Subject: [PATCH 35/49] Merged PR 2060: Merge nibr-SplitPolicyCSP-12344804 to
 master

Splitting Policy CSP by area name.
Refreshing ADMX policies.
---
 windows/client-management/mdm/TOC.md          |    64 +
 .../policy-configuration-service-provider.md  | 24694 ++--------------
 .../mdm/policy-csp-abovelock.md               |   145 +
 .../mdm/policy-csp-accounts.md                |   186 +
 .../mdm/policy-csp-activexcontrols.md         |    74 +
 .../mdm/policy-csp-applicationdefaults.md     |   121 +
 .../mdm/policy-csp-applicationmanagement.md   |   489 +
 .../mdm/policy-csp-appvirtualization.md       |  1194 +
 .../mdm/policy-csp-attachmentmanager.md       |   162 +
 .../mdm/policy-csp-authentication.md          |   165 +
 .../mdm/policy-csp-autoplay.md                |   175 +
 .../mdm/policy-csp-bitlocker.md               |    71 +
 .../mdm/policy-csp-bluetooth.md               |   241 +
 .../mdm/policy-csp-browser.md                 |  1436 +
 .../mdm/policy-csp-camera.md                  |    86 +
 .../mdm/policy-csp-cellular.md                |    43 +
 .../mdm/policy-csp-connectivity.md            |   485 +
 .../mdm/policy-csp-credentialproviders.md     |   162 +
 .../mdm/policy-csp-credentialsui.md           |   118 +
 .../mdm/policy-csp-cryptography.md            |   104 +
 .../mdm/policy-csp-dataprotection.md          |   112 +
 .../mdm/policy-csp-datausage.md               |   126 +
 .../mdm/policy-csp-defender.md                |  1490 +
 .../mdm/policy-csp-deliveryoptimization.md    |   654 +
 .../mdm/policy-csp-desktop.md                 |    78 +
 .../mdm/policy-csp-deviceguard.md             |   147 +
 .../mdm/policy-csp-deviceinstallation.md      |   114 +
 .../mdm/policy-csp-devicelock.md              |   841 +
 .../mdm/policy-csp-display.md                 |   118 +
 .../mdm/policy-csp-enterprisecloudprint.md    |   240 +
 .../mdm/policy-csp-errorreporting.md          |   254 +
 .../mdm/policy-csp-eventlogservice.md         |   200 +
 .../mdm/policy-csp-experience.md              |   782 +
 .../client-management/mdm/policy-csp-games.md |    61 +
 .../mdm/policy-csp-internetexplorer.md        |  8012 +++++
 .../mdm/policy-csp-kerberos.md                |   247 +
 .../mdm/policy-csp-licensing.md               |   102 +
 .../mdm/policy-csp-location.md                |    74 +
 .../mdm/policy-csp-lockdown.md                |    68 +
 .../client-management/mdm/policy-csp-maps.md  |   108 +
 .../mdm/policy-csp-messaging.md               |   144 +
 .../mdm/policy-csp-networkisolation.md        |   297 +
 .../mdm/policy-csp-notifications.md           |    77 +
 .../client-management/mdm/policy-csp-power.md |   421 +
 .../mdm/policy-csp-printers.md                |   184 +
 .../mdm/policy-csp-privacy.md                 |  2556 ++
 .../mdm/policy-csp-remoteassistance.md        |   249 +
 .../mdm/policy-csp-remotedesktopservices.md   |   314 +
 .../mdm/policy-csp-remotemanagement.md        |   225 +
 .../mdm/policy-csp-remoteprocedurecall.md     |   130 +
 .../mdm/policy-csp-remoteshell.md             |   121 +
 .../mdm/policy-csp-search.md                  |   392 +
 .../mdm/policy-csp-security.md                |   426 +
 .../mdm/policy-csp-settings.md                |   559 +
 .../mdm/policy-csp-smartscreen.md             |   138 +
 .../mdm/policy-csp-speech.md                  |    66 +
 .../client-management/mdm/policy-csp-start.md |  1192 +
 .../mdm/policy-csp-storage.md                 |    72 +
 .../mdm/policy-csp-system.md                  |   614 +
 .../mdm/policy-csp-textinput.md               |   580 +
 .../mdm/policy-csp-timelanguagesettings.md    |    74 +
 .../mdm/policy-csp-update.md                  |  1886 ++
 .../client-management/mdm/policy-csp-wifi.md  |   309 +
 .../mdm/policy-csp-windowsinkworkspace.md     |   103 +
 .../mdm/policy-csp-windowslogon.md            |   155 +
 .../mdm/policy-csp-wirelessdisplay.md         |   239 +
 66 files changed, 34019 insertions(+), 21547 deletions(-)
 create mode 100644 windows/client-management/mdm/policy-csp-abovelock.md
 create mode 100644 windows/client-management/mdm/policy-csp-accounts.md
 create mode 100644 windows/client-management/mdm/policy-csp-activexcontrols.md
 create mode 100644 windows/client-management/mdm/policy-csp-applicationdefaults.md
 create mode 100644 windows/client-management/mdm/policy-csp-applicationmanagement.md
 create mode 100644 windows/client-management/mdm/policy-csp-appvirtualization.md
 create mode 100644 windows/client-management/mdm/policy-csp-attachmentmanager.md
 create mode 100644 windows/client-management/mdm/policy-csp-authentication.md
 create mode 100644 windows/client-management/mdm/policy-csp-autoplay.md
 create mode 100644 windows/client-management/mdm/policy-csp-bitlocker.md
 create mode 100644 windows/client-management/mdm/policy-csp-bluetooth.md
 create mode 100644 windows/client-management/mdm/policy-csp-browser.md
 create mode 100644 windows/client-management/mdm/policy-csp-camera.md
 create mode 100644 windows/client-management/mdm/policy-csp-cellular.md
 create mode 100644 windows/client-management/mdm/policy-csp-connectivity.md
 create mode 100644 windows/client-management/mdm/policy-csp-credentialproviders.md
 create mode 100644 windows/client-management/mdm/policy-csp-credentialsui.md
 create mode 100644 windows/client-management/mdm/policy-csp-cryptography.md
 create mode 100644 windows/client-management/mdm/policy-csp-dataprotection.md
 create mode 100644 windows/client-management/mdm/policy-csp-datausage.md
 create mode 100644 windows/client-management/mdm/policy-csp-defender.md
 create mode 100644 windows/client-management/mdm/policy-csp-deliveryoptimization.md
 create mode 100644 windows/client-management/mdm/policy-csp-desktop.md
 create mode 100644 windows/client-management/mdm/policy-csp-deviceguard.md
 create mode 100644 windows/client-management/mdm/policy-csp-deviceinstallation.md
 create mode 100644 windows/client-management/mdm/policy-csp-devicelock.md
 create mode 100644 windows/client-management/mdm/policy-csp-display.md
 create mode 100644 windows/client-management/mdm/policy-csp-enterprisecloudprint.md
 create mode 100644 windows/client-management/mdm/policy-csp-errorreporting.md
 create mode 100644 windows/client-management/mdm/policy-csp-eventlogservice.md
 create mode 100644 windows/client-management/mdm/policy-csp-experience.md
 create mode 100644 windows/client-management/mdm/policy-csp-games.md
 create mode 100644 windows/client-management/mdm/policy-csp-internetexplorer.md
 create mode 100644 windows/client-management/mdm/policy-csp-kerberos.md
 create mode 100644 windows/client-management/mdm/policy-csp-licensing.md
 create mode 100644 windows/client-management/mdm/policy-csp-location.md
 create mode 100644 windows/client-management/mdm/policy-csp-lockdown.md
 create mode 100644 windows/client-management/mdm/policy-csp-maps.md
 create mode 100644 windows/client-management/mdm/policy-csp-messaging.md
 create mode 100644 windows/client-management/mdm/policy-csp-networkisolation.md
 create mode 100644 windows/client-management/mdm/policy-csp-notifications.md
 create mode 100644 windows/client-management/mdm/policy-csp-power.md
 create mode 100644 windows/client-management/mdm/policy-csp-printers.md
 create mode 100644 windows/client-management/mdm/policy-csp-privacy.md
 create mode 100644 windows/client-management/mdm/policy-csp-remoteassistance.md
 create mode 100644 windows/client-management/mdm/policy-csp-remotedesktopservices.md
 create mode 100644 windows/client-management/mdm/policy-csp-remotemanagement.md
 create mode 100644 windows/client-management/mdm/policy-csp-remoteprocedurecall.md
 create mode 100644 windows/client-management/mdm/policy-csp-remoteshell.md
 create mode 100644 windows/client-management/mdm/policy-csp-search.md
 create mode 100644 windows/client-management/mdm/policy-csp-security.md
 create mode 100644 windows/client-management/mdm/policy-csp-settings.md
 create mode 100644 windows/client-management/mdm/policy-csp-smartscreen.md
 create mode 100644 windows/client-management/mdm/policy-csp-speech.md
 create mode 100644 windows/client-management/mdm/policy-csp-start.md
 create mode 100644 windows/client-management/mdm/policy-csp-storage.md
 create mode 100644 windows/client-management/mdm/policy-csp-system.md
 create mode 100644 windows/client-management/mdm/policy-csp-textinput.md
 create mode 100644 windows/client-management/mdm/policy-csp-timelanguagesettings.md
 create mode 100644 windows/client-management/mdm/policy-csp-update.md
 create mode 100644 windows/client-management/mdm/policy-csp-wifi.md
 create mode 100644 windows/client-management/mdm/policy-csp-windowsinkworkspace.md
 create mode 100644 windows/client-management/mdm/policy-csp-windowslogon.md
 create mode 100644 windows/client-management/mdm/policy-csp-wirelessdisplay.md

diff --git a/windows/client-management/mdm/TOC.md b/windows/client-management/mdm/TOC.md
index e929807ac8..8c297f234b 100644
--- a/windows/client-management/mdm/TOC.md
+++ b/windows/client-management/mdm/TOC.md
@@ -167,6 +167,70 @@
 ### [Policy CSP](policy-configuration-service-provider.md)
 #### [Policy DDF file](policy-ddf-file.md)
 #### [ApplicationRestrictions XSD](applicationrestrictions-xsd.md)
+#### [AboveLock](policy-csp-abovelock.md)
+#### [Accounts](policy-csp-accounts.md)
+#### [ActiveXControls](policy-csp-activexcontrols.md)
+#### [ApplicationDefaults](policy-csp-applicationdefaults.md)
+#### [ApplicationManagement](policy-csp-applicationmanagement.md)
+#### [AppVirtualization](policy-csp-appvirtualization.md)
+#### [AttachmentManager](policy-csp-attachmentmanager.md)
+#### [Authentication](policy-csp-authentication.md)
+#### [Autoplay](policy-csp-autoplay.md)
+#### [Bitlocker](policy-csp-bitlocker.md)
+#### [Bluetooth](policy-csp-bluetooth.md)
+#### [Browser](policy-csp-browser.md)
+#### [Camera](policy-csp-camera.md)
+#### [Cellular](policy-csp-cellular.md)
+#### [Connectivity](policy-csp-connectivity.md)
+#### [CredentialProviders](policy-csp-credentialproviders.md)
+#### [CredentialsUI](policy-csp-credentialsui.md)
+#### [Cryptography](policy-csp-cryptography.md)
+#### [DataProtection](policy-csp-dataprotection.md)
+#### [DataUsage](policy-csp-datausage.md)
+#### [Defender](policy-csp-defender.md)
+#### [DeliveryOptimization](policy-csp-deliveryoptimization.md)
+#### [Desktop](policy-csp-desktop.md)
+#### [DeviceGuard](policy-csp-deviceguard.md)
+#### [DeviceInstallation](policy-csp-deviceinstallation.md)
+#### [DeviceLock](policy-csp-devicelock.md)
+#### [Display](policy-csp-display.md)
+#### [EnterpriseCloudPrint](policy-csp-enterprisecloudprint.md)
+#### [ErrorReporting](policy-csp-errorreporting.md)
+#### [EventLogService](policy-csp-eventlogservice.md)
+#### [Experience](policy-csp-experience.md)
+#### [Games](policy-csp-games.md)
+#### [InternetExplorer](policy-csp-internetexplorer.md)
+#### [Kerberos](policy-csp-kerberos.md)
+#### [Licensing](policy-csp-licensing.md)
+#### [Location](policy-csp-location.md)
+#### [LockDown](policy-csp-lockdown.md)
+#### [Maps](policy-csp-maps.md)
+#### [Messaging](policy-csp-messaging.md)
+#### [NetworkIsolation](policy-csp-networkisolation.md)
+#### [Notifications](policy-csp-notifications.md)
+#### [Power](policy-csp-power.md)
+#### [Printers](policy-csp-printers.md)
+#### [Privacy](policy-csp-privacy.md)
+#### [RemoteAssistance](policy-csp-remoteassistance.md)
+#### [RemoteDesktopServices](policy-csp-remotedesktopservices.md)
+#### [RemoteManagement](policy-csp-remotemanagement.md)
+#### [RemoteProcedureCall](policy-csp-remoteprocedurecall.md)
+#### [RemoteShell](policy-csp-remoteshell.md)
+#### [Search](policy-csp-search.md)
+#### [Security](policy-csp-security.md)
+#### [Settings](policy-csp-settings.md)
+#### [SmartScreen](policy-csp-smartscreen.md)
+#### [Speech](policy-csp-speech.md)
+#### [Start](policy-csp-start.md)
+#### [Storage](policy-csp-storage.md)
+#### [System](policy-csp-system.md)
+#### [TextInput](policy-csp-textinput.md)
+#### [TimeLanguageSettings](policy-csp-timelanguagesettings.md)
+#### [Update](policy-csp-update.md)
+#### [Wifi](policy-csp-wifi.md)
+#### [WindowsInkWorkspace](policy-csp-windowsinkworkspace.md)
+#### [WindowsLogon](policy-csp-windowslogon.md)
+#### [WirelessDisplay](policy-csp-wirelessdisplay.md)
 ### [PolicyManager CSP](policymanager-csp.md)
 ### [Provisioning CSP](provisioning-csp.md)
 ### [PROXY CSP](proxy-csp.md)
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 85911e3a79..baf0b42bec 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -114,21434 +114,3027 @@ The following diagram shows the Policy configuration service provider in tree fo
 > [!Note]  
 > The policies supported in Windows 10 S is the same as in Windows 10 Pro, except that policies under AppliationsDefaults are not suppported in Windows 10 S.
 
-<!--StartPolicies-->
-<hr/>
-
-## Policies  
-
-<!--StartPolicy-->
-<a href="" id="abovelock-allowactioncenternotifications"></a>**AboveLock/AllowActionCenterNotifications**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Specifies whether to allow Action Center notifications above the device lock screen.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="abovelock-allowcortanaabovelock"></a>**AboveLock/AllowCortanaAboveLock**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="abovelock-allowtoasts"></a>**AboveLock/AllowToasts**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow toast notifications above the device lock screen.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="accounts-allowaddingnonmicrosoftaccountsmanually"></a>**Accounts/AllowAddingNonMicrosoftAccountsManually**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether user is allowed to add non-MSA email accounts.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-> [!NOTE]
-> This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="accounts-allowmicrosoftaccountconnection"></a>**Accounts/AllowMicrosoftAccountConnection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="accounts-allowmicrosoftaccountsigninassistant"></a>**Accounts/AllowMicrosoftAccountSignInAssistant**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disabled.
--   1 (default) – Manual start.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="accounts-domainnamesforemailsync"></a>**Accounts/DomainNamesForEmailSync**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies a list of the domains that are allowed to sync email on the device.
-
-<p style="margin-left: 20px">The data type is a string.
-
-<p style="margin-left: 20px">The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="activexcontrols-approvedinstallationsites"></a>**ActiveXControls/ApprovedInstallationSites**  
-
-<!--StartDescription-->
-This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.
-
-If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
-
-If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
-
-Note: Wild card characters cannot be used when specifying the host URLs.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Approved Installation Sites for ActiveX Controls*
--   GP name: *ApprovedActiveXInstallSites*
--   GP path: *Windows Components/ActiveX Installer Service*
--   GP ADMX file name: *ActiveXInstallService.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowappvclient"></a>**AppVirtualization/AllowAppVClient**  
-
-<!--StartDescription-->
-This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable App-V Client*
--   GP name: *EnableAppV*
--   GP path: *System/App-V*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowdynamicvirtualization"></a>**AppVirtualization/AllowDynamicVirtualization**  
-
-<!--StartDescription-->
-Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable Dynamic Virtualization*
--   GP name: *Virtualization_JITVEnable*
--   GP path: *System/App-V/Virtualization*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowpackagecleanup"></a>**AppVirtualization/AllowPackageCleanup**  
-
-<!--StartDescription-->
-Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable automatic cleanup of unused appv packages*
--   GP name: *PackageManagement_AutoCleanupEnable*
--   GP path: *System/App-V/Package Management*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowpackagescripts"></a>**AppVirtualization/AllowPackageScripts**  
-
-<!--StartDescription-->
-Enables scripts defined in the package manifest of configuration files that should run.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable Package Scripts*
--   GP name: *Scripting_Enable_Package_Scripts*
--   GP path: *System/App-V/Scripting*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowpublishingrefreshux"></a>**AppVirtualization/AllowPublishingRefreshUX**  
-
-<!--StartDescription-->
-Enables a UX to display to the user when a publishing refresh is performed on the client.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable Publishing Refresh UX*
--   GP name: *Enable_Publishing_Refresh_UX*
--   GP path: *System/App-V/Publishing*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowreportingserver"></a>**AppVirtualization/AllowReportingServer**  
-
-<!--StartDescription-->
-Reporting Server URL: Displays the URL of reporting server.
-
-Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM.
-
-Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.
-
-Repeat reporting for every (days): The periodical interval in days for sending the reporting data.
-
-Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.
-
-Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The  default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Reporting Server*
--   GP name: *Reporting_Server_Policy*
--   GP path: *System/App-V/Reporting*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowroamingfileexclusions"></a>**AppVirtualization/AllowRoamingFileExclusions**  
-
-<!--StartDescription-->
-Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Roaming File Exclusions*
--   GP name: *Integration_Roaming_File_Exclusions*
--   GP path: *System/App-V/Integration*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowroamingregistryexclusions"></a>**AppVirtualization/AllowRoamingRegistryExclusions**  
-
-<!--StartDescription-->
-Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Roaming Registry Exclusions*
--   GP name: *Integration_Roaming_Registry_Exclusions*
--   GP path: *System/App-V/Integration*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-allowstreamingautoload"></a>**AppVirtualization/AllowStreamingAutoload**  
-
-<!--StartDescription-->
-Specifies how new packages should be loaded automatically by App-V on a specific computer.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify what to load in background (aka AutoLoad)*
--   GP name: *Steaming_Autoload*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-clientcoexistenceallowmigrationmode"></a>**AppVirtualization/ClientCoexistenceAllowMigrationmode**  
-
-<!--StartDescription-->
-Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable Migration Mode*
--   GP name: *Client_Coexistence_Enable_Migration_mode*
--   GP path: *System/App-V/Client Coexistence*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-integrationallowrootglobal"></a>**AppVirtualization/IntegrationAllowRootGlobal**  
-
-<!--StartDescription-->
-Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Integration Root User*
--   GP name: *Integration_Root_User*
--   GP path: *System/App-V/Integration*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-integrationallowrootuser"></a>**AppVirtualization/IntegrationAllowRootUser**  
-
-<!--StartDescription-->
-Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Integration Root Global*
--   GP name: *Integration_Root_Global*
--   GP path: *System/App-V/Integration*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-publishingallowserver1"></a>**AppVirtualization/PublishingAllowServer1**  
-
-<!--StartDescription-->
-Publishing Server Display Name: Displays the name of publishing server.
-
-Publishing Server URL: Displays the URL of publishing server.
-
-Global Publishing Refresh: Enables global publishing refresh (Boolean).
-
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
-
-Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
-
-Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-User Publishing Refresh: Enables user publishing refresh (Boolean).
-
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
-
-User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
-
-User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Publishing Server 1 Settings*
--   GP name: *Publishing_Server1_Policy*
--   GP path: *System/App-V/Publishing*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-publishingallowserver2"></a>**AppVirtualization/PublishingAllowServer2**  
-
-<!--StartDescription-->
-Publishing Server Display Name: Displays the name of publishing server.
-
-Publishing Server URL: Displays the URL of publishing server.
-
-Global Publishing Refresh: Enables global publishing refresh (Boolean).
-
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
-
-Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
-
-Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-User Publishing Refresh: Enables user publishing refresh (Boolean).
-
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
-
-User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
-
-User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Publishing Server 2 Settings*
--   GP name: *Publishing_Server2_Policy*
--   GP path: *System/App-V/Publishing*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-publishingallowserver3"></a>**AppVirtualization/PublishingAllowServer3**  
-
-<!--StartDescription-->
-Publishing Server Display Name: Displays the name of publishing server.
-
-Publishing Server URL: Displays the URL of publishing server.
-
-Global Publishing Refresh: Enables global publishing refresh (Boolean).
-
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
-
-Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
-
-Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-User Publishing Refresh: Enables user publishing refresh (Boolean).
-
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
-
-User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
-
-User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Publishing Server 3 Settings*
--   GP name: *Publishing_Server3_Policy*
--   GP path: *System/App-V/Publishing*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-publishingallowserver4"></a>**AppVirtualization/PublishingAllowServer4**  
-
-<!--StartDescription-->
-Publishing Server Display Name: Displays the name of publishing server.
-
-Publishing Server URL: Displays the URL of publishing server.
-
-Global Publishing Refresh: Enables global publishing refresh (Boolean).
-
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
-
-Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
-
-Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-User Publishing Refresh: Enables user publishing refresh (Boolean).
-
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
-
-User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
-
-User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Publishing Server 4 Settings*
--   GP name: *Publishing_Server4_Policy*
--   GP path: *System/App-V/Publishing*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-publishingallowserver5"></a>**AppVirtualization/PublishingAllowServer5**  
-
-<!--StartDescription-->
-Publishing Server Display Name: Displays the name of publishing server.
-
-Publishing Server URL: Displays the URL of publishing server.
-
-Global Publishing Refresh: Enables global publishing refresh (Boolean).
-
-Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
-
-Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
-
-Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-User Publishing Refresh: Enables user publishing refresh (Boolean).
-
-User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
-
-User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
-
-User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Publishing Server 5 Settings*
--   GP name: *Publishing_Server5_Policy*
--   GP path: *System/App-V/Publishing*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowcertificatefilterforclient_ssl"></a>**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL**  
-
-<!--StartDescription-->
-Specifies the path to a valid certificate in the certificate store.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Certificate Filter For Client SSL*
--   GP name: *Streaming_Certificate_Filter_For_Client_SSL*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowhighcostlaunch"></a>**AppVirtualization/StreamingAllowHighCostLaunch**  
-
-<!--StartDescription-->
-This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
--   GP name: *Streaming_Allow_High_Cost_Launch*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowlocationprovider"></a>**AppVirtualization/StreamingAllowLocationProvider**  
-
-<!--StartDescription-->
-Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Location Provider*
--   GP name: *Streaming_Location_Provider*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowpackageinstallationroot"></a>**AppVirtualization/StreamingAllowPackageInstallationRoot**  
-
-<!--StartDescription-->
-Specifies directory where all new applications and updates will be installed.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Package Installation Root*
--   GP name: *Streaming_Package_Installation_Root*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowpackagesourceroot"></a>**AppVirtualization/StreamingAllowPackageSourceRoot**  
-
-<!--StartDescription-->
-Overrides source location for downloading package content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Package Source Root*
--   GP name: *Streaming_Package_Source_Root*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowreestablishmentinterval"></a>**AppVirtualization/StreamingAllowReestablishmentInterval**  
-
-<!--StartDescription-->
-Specifies the number of seconds between attempts to reestablish a dropped session.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Reestablishment Interval*
--   GP name: *Streaming_Reestablishment_Interval*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingallowreestablishmentretries"></a>**AppVirtualization/StreamingAllowReestablishmentRetries**  
-
-<!--StartDescription-->
-Specifies the number of times to retry a dropped session.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Reestablishment Retries*
--   GP name: *Streaming_Reestablishment_Retries*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingsharedcontentstoremode"></a>**AppVirtualization/StreamingSharedContentStoreMode**  
-
-<!--StartDescription-->
-Specifies that streamed package contents will be not be saved to the local hard disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Shared Content Store (SCS) mode*
--   GP name: *Streaming_Shared_Content_Store_Mode*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingsupportbranchcache"></a>**AppVirtualization/StreamingSupportBranchCache**  
-
-<!--StartDescription-->
-If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable Support for BranchCache*
--   GP name: *Streaming_Support_Branch_Cache*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-streamingverifycertificaterevocationlist"></a>**AppVirtualization/StreamingVerifyCertificateRevocationList**  
-
-<!--StartDescription-->
-Verifies Server certificate revocation status before streaming using HTTPS.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Verify certificate revocation list*
--   GP name: *Streaming_Verify_Certificate_Revocation_List*
--   GP path: *System/App-V/Streaming*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="appvirtualization-virtualcomponentsallowlist"></a>**AppVirtualization/VirtualComponentsAllowList**  
-
-<!--StartDescription-->
-Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Virtual Component Process Allow List*
--   GP name: *Virtualization_JITVAllowList*
--   GP path: *System/App-V/Virtualization*
--   GP ADMX file name: *appv.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationdefaults-defaultassociationsconfiguration"></a>**ApplicationDefaults/DefaultAssociationsConfiguration**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be  base64 encoded before being added to SyncML.
- 
-<p style="margin-left: 20px">If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
-
-<p style="margin-left: 20px">To create create the SyncML, follow these steps:
-<ol>
-<li>Install a few apps and change your defaults.</li>
-<li>From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"</li>
-<li>Take the XML output and put it through your favorite base64 encoder app.</li>
-<li>Paste the base64 encoded XML into the SyncML</li>
-</ol>
-
-<p style="margin-left: 20px">Here is an example output from the dism default association export command:
-
-``` syntax
-<?xml version="1.0" encoding="UTF-8"?>
-<DefaultAssociations>
-  <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-  <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
-  <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
-  <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
-  <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
-</DefaultAssociations
-```
-
-<p style="margin-left: 20px">Here is the base64 encoded result:
-
-``` syntax
-PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
-```
-
-<p style="margin-left: 20px">Here is the SyncMl example:
-
-``` syntax
-<?xml version="1.0" encoding="utf-8"?>
-<SyncML xmlns="SYNCML:SYNCML1.1">
-<SyncBody>
-    <Replace>
-      <CmdID>101</CmdID>
-      <Item>
-        <Meta>
-          <Format>chr</Format>
-          <Type>text/plain</Type>
-        </Meta>
-        <Target>
-          <LocURI>./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration</LocURI>
-        </Target>
-        <Data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
-</Data>
-      </Item>
-    </Replace>
-  <Final/>
-  </SyncBody>
-</SyncML>
-```
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-allowalltrustedapps"></a>**ApplicationManagement/AllowAllTrustedApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether non Windows Store apps are allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Explicit deny.
--   1 – Explicit allow unlock.
--   65535 (default) – Not configured.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-allowappstoreautoupdate"></a>**ApplicationManagement/AllowAppStoreAutoUpdate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether automatic update of apps from Windows Store are allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-allowdeveloperunlock"></a>**ApplicationManagement/AllowDeveloperUnlock**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether developer unlock is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Explicit deny.
--   1 – Explicit allow unlock.
--   65535 (default) – Not configured.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-allowgamedvr"></a>**ApplicationManagement/AllowGameDVR**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Specifies whether DVR and broadcasting is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-allowshareduserappdata"></a>**ApplicationManagement/AllowSharedUserAppData**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether multiple users of the same app can share data.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1 – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-allowstore"></a>**ApplicationManagement/AllowStore**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether app store is allowed at the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-applicationrestrictions"></a>**ApplicationManagement/ApplicationRestrictions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
-
- 
-<p style="margin-left: 20px">An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md).
-
-> [!NOTE]
-> When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.
->
-> Here's additional guidance for the upgrade process:
->
->  -   Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
->  -   Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows  Phone 8.1 publisher if you are using it.
->  -   In the SyncML, you must use lowercase product ID.
->  -   Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
->  -   You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents).
-
-
-<p style="margin-left: 20px">An application that is running may not be immediately terminated.
-
-<p style="margin-left: 20px">Value type is chr.
-
-<p style="margin-left: 20px">Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-disablestoreoriginatedapps"></a>**ApplicationManagement/DisableStoreOriginatedApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Windows Store that came pre-installed or were downloaded.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Enable launch of apps.
--   1 – Disable launch of apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-requireprivatestoreonly"></a>**ApplicationManagement/RequirePrivateStoreOnly**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows disabling of the retail catalog and only enables the Private store.
-
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/ApplicationManagement/RequirePrivateStoreOnly** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/ApplicationManagement/RequirePrivateStoreOnly** to get the result.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Allow both public and Private store.
--   1 – Only Private store is enabled.
-
-<p style="margin-left: 20px">This is a per user policy.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-restrictappdatatosystemvolume"></a>**ApplicationManagement/RestrictAppDataToSystemVolume**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether application data is restricted to the system drive.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not restricted.
--   1 – Restricted.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="applicationmanagement-restrictapptosystemvolume"></a>**ApplicationManagement/RestrictAppToSystemVolume**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether the installation of applications is restricted to the system drive.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not restricted.
--   1 – Restricted.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="attachmentmanager-donotpreservezoneinformation"></a>**AttachmentManager/DoNotPreserveZoneInformation**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
-
-If you enable this policy setting, Windows does not mark file attachments with their zone information.
-
-If you disable this policy setting, Windows marks file attachments with their zone information.
-
-If you do not configure this policy setting, Windows marks file attachments with their zone information.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not preserve zone information in file attachments*
--   GP name: *AM_MarkZoneOnSavedAtttachments*
--   GP path: *Windows Components/Attachment Manager*
--   GP ADMX file name: *AttachmentManager.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="attachmentmanager-hidezoneinfomechanism"></a>**AttachmentManager/HideZoneInfoMechanism**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.
-
-If you enable this policy setting, Windows hides the check box and Unblock button.
-
-If you disable this policy setting, Windows shows the check box and Unblock button.
-
-If you do not configure this policy setting, Windows hides the check box and Unblock button.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Hide mechanisms to remove zone information*
--   GP name: *AM_RemoveZoneInfo*
--   GP path: *Windows Components/Attachment Manager*
--   GP ADMX file name: *AttachmentManager.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="attachmentmanager-notifyantivirusprograms"></a>**AttachmentManager/NotifyAntivirusPrograms**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
-
-If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.
-
-If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
-
-If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Notify antivirus programs when opening attachments*
--   GP name: *AM_CallIOfficeAntiVirus*
--   GP path: *Windows Components/Attachment Manager*
--   GP ADMX file name: *AttachmentManager.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
-
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/Authentication/AllowEAPCertSSO** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Authentication/AllowEAPCertSSO** to get the result.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="authentication-allowfastreconnect"></a>**Authentication/AllowFastReconnect**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows EAP Fast Reconnect from being attempted for EAP Method TLS.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="authentication-allowsecondaryauthenticationdevice"></a>**Authentication/AllowSecondaryAuthenticationDevice**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 – Allowed.
-
-<p style="margin-left: 20px">The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="autoplay-disallowautoplayfornonvolumedevices"></a>**Autoplay/DisallowAutoplayForNonVolumeDevices**  
-
-<!--StartDescription-->
-This policy setting disallows AutoPlay for MTP devices like cameras or phones.
-
-If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones.
-
-If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Disallow Autoplay for non-volume devices*
--   GP name: *NoAutoplayfornonVolume*
--   GP path: *Windows Components/AutoPlay Policies*
--   GP ADMX file name: *AutoPlay.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="autoplay-setdefaultautorunbehavior"></a>**Autoplay/SetDefaultAutoRunBehavior**  
-
-<!--StartDescription-->
-This policy setting sets the default behavior for Autorun commands.
-
-Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.
-
-Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention.
-
-This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.
-
-If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to:
-
-a) Completely disable autorun commands, or
-b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command.
-
-If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Set the default behavior for AutoRun*
--   GP name: *NoAutorun*
--   GP path: *Windows Components/AutoPlay Policies*
--   GP ADMX file name: *AutoPlay.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="autoplay-turnoffautoplay"></a>**Autoplay/TurnOffAutoPlay**  
-
-<!--StartDescription-->
-This policy setting allows you to turn off the Autoplay feature.
-
-Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.
-
-Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.
-
-Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.
-
-If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives.
-
-This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.
-
-If you disable or do not configure this policy setting, AutoPlay is enabled.
-
-Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off Autoplay*
--   GP name: *Autorun*
--   GP path: *Windows Components/AutoPlay Policies*
--   GP ADMX file name: *AutoPlay.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="bitlocker-encryptionmethod"></a>**Bitlocker/EncryptionMethod**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies the BitLocker Drive Encryption method and cipher strength.
-
-> [!NOTE]
-> XTS-AES 128-bit and XTS-AES 256-bit values are only supported on Windows 10 for desktop.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   3 - AES-CBC 128-bit
--   4 - AES-CBC 256-bit
--   6 - XTS-AES 128-bit (Desktop only)
--   7 - XTS-AES 256-bit (Desktop only)
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="bluetooth-allowadvertising"></a>**Bluetooth/AllowAdvertising**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether the device can send out Bluetooth advertisements.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral.
--   1 (default) – Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.
-
-<p style="margin-left: 20px">If this is not set or it is deleted, the default value of 1 (Allow) is used.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="bluetooth-allowdiscoverablemode"></a>**Bluetooth/AllowDiscoverableMode**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether other Bluetooth-enabled devices can discover the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device.
--   1 (default) – Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.
-
-<p style="margin-left: 20px">If this is not set or it is deleted, the default value of 1 (Allow) is used.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="bluetooth-allowprepairing"></a>**Bluetooth/AllowPrepairing**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default)– Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="bluetooth-localdevicename"></a>**Bluetooth/LocalDeviceName**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Sets the local Bluetooth device name.
-
-<p style="margin-left: 20px">If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified.
-
-<p style="margin-left: 20px">If this policy is not set or it is deleted, the default local radio name is used.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="bluetooth-servicesallowedlist"></a>**Bluetooth/ServicesAllowedList**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
-
-<p style="margin-left: 20px">The default value is an empty string.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowaddressbardropdown"></a>**Browser/AllowAddressBarDropdown**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. 
-
-> [!NOTE]
-> Disabling this setting turns off the address bar drop-down functionality. Because search suggestions are shown in the drop-down list, this setting takes precedence over the Browser/AllowSearchSuggestionsinAddressBar setting.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type." 
--   1 (default) – Allowed. Address bar drop-down is enabled.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowautofill"></a>**Browser/AllowAutofill**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether autofill on websites is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">To verify AllowAutofill is set to 0 (not allowed):
-
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
-2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
-4.  Verify the setting **Save form entries** is greyed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowbrowser"></a>**Browser/AllowBrowser**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
-
-
-<p style="margin-left: 20px">Specifies whether the browser is allowed on the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowcookies"></a>**Browser/AllowCookies**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether cookies are allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">To verify AllowCookies is set to 0 (not allowed):
-
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
-2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
-4.  Verify the setting **Cookies** is greyed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowdevelopertools"></a>**Browser/AllowDeveloperTools**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowdonottrack"></a>**Browser/AllowDoNotTrack**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether Do Not Track headers are allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1 – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<p style="margin-left: 20px">To verify AllowDoNotTrack is set to 0 (not allowed):
-
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
-2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
-4.  Verify the setting **Send Do Not Track requests** is greyed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowextensions"></a>**Browser/AllowExtensions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowflash"></a>**Browser/AllowFlash**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowflashclicktorun"></a>**Browser/AllowFlashClickToRun**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Adobe Flash content is automatically loaded and run by Microsoft Edge.
--   1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowinprivate"></a>**Browser/AllowInPrivate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether InPrivate browsing is allowed on corporate networks.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowmicrosoftcompatibilitylist"></a>**Browser/AllowMicrosoftCompatibilityList**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. 
-By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". 
-
-<p style="margin-left: 20px">If you enable or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the compatibility list from Microsoft, applying the updates during browser navigation. Visiting any site on the compatibility list prompts the employee to use Internet Explorer 11 (or enables/disables certain browser features on mobile), where the site is automatically rendered as though it’s run in the version of Internet Explorer necessary for it to display properly. If you disable this setting, the compatibility list isn’t used during browser navigation.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not enabled.
--   1 (default) – Enabled.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowpasswordmanager"></a>**Browser/AllowPasswordManager**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether saving and managing passwords locally on the device is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">To verify AllowPasswordManager is set to 0 (not allowed):
-
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
-2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
-4.  Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowpopups"></a>**Browser/AllowPopups**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether pop-up blocker is allowed or enabled.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Pop-up blocker is not allowed. It means that pop-up browser windows are allowed.
--   1 – Pop-up blocker is allowed or enabled. It means that pop-up browser windows are blocked.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<p style="margin-left: 20px">To verify AllowPopups is set to 0 (not allowed):
-
-1.  Open Microsoft Edge.
-2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
-4.  Verify the setting **Block pop-ups** is greyed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowsearchenginecustomization"></a>**Browser/AllowSearchEngineCustomization**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine. 
-  
-<p style="margin-left: 20px">If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). 
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowsearchsuggestionsinaddressbar"></a>**Browser/AllowSearchSuggestionsinAddressBar**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether search suggestions are allowed in the address bar.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-allowsmartscreen"></a>**Browser/AllowSmartScreen**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether Windows Defender SmartScreen is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<p style="margin-left: 20px">To verify AllowSmartScreen is set to 0 (not allowed):
-
-1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
-2.  In the upper-right corner of the browser, click **…**.
-3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
-4.  Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-clearbrowsingdataonexit"></a>**Browser/ClearBrowsingDataOnExit**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – (default) Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
--   1 – Browsing data is cleared on exit.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<p style="margin-left: 20px">To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 
-
-1.  Open Microsoft Edge and browse to websites.
-2.  Close the Microsoft Edge window.
-3.  Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-configureadditionalsearchengines"></a>**Browser/ConfigureAdditionalSearchEngines**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices. 
- 
-<p style="margin-left: 20px">If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).
-Employees cannot remove these search engines, but they can set any one as the default. This setting does not affect the default search engine. 
-
-<p style="margin-left: 20px">If this setting is not configured, the search engines used are the ones that are specified in the App settings. If this setting is disabled, the search engines you added will be deleted from your employee's machine.
- 
-> [!IMPORTANT]
-> Due to Protected Settings (aka.ms/browserpolicy), this setting will apply only on domain-joined machines or when the device is MDM-enrolled. 
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Additional search engines are not allowed.
--   1 – Additional search engines are allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-disablelockdownofstartpages"></a>**Browser/DisableLockdownOfStartPages**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect. 
-  
-> [!NOTE]
-> This policy has no effect when the Browser/HomePages policy is not configured. 
- 
-> [!IMPORTANT]
-> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy).
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages. 
--   1  – Disable lockdown of the Start pages and allow users to modify them.  
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-enterprisemodesitelist"></a>**Browser/EnterpriseModeSiteList**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
- 
-<p style="margin-left: 20px">Allows the user to specify an URL of an enterprise site list.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   Not configured. The device checks for updates from Microsoft Update.
--   Set to a URL location of the enterprise site list.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-enterprisesitelistserviceurl"></a>**Browser/EnterpriseSiteListServiceUrl**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!IMPORTANT]
-> This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-firstrunurl"></a>**Browser/FirstRunURL**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Specifies the URL that Microsoft Edge for Windows 10 Mobile. will use when it is opened the first time.
-
-<p style="margin-left: 20px">The data type is a string.
-
-<p style="margin-left: 20px">The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-homepages"></a>**Browser/HomePages**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-<p style="margin-left: 20px">Specifies your Start pages for MDM-enrolled devices. Turning this setting on lets you configure one or more corporate Start pages. If this setting is turned on, you must also include URLs to the pages, separating multiple pages by using the XML-escaped characters **&lt;** and **&gt;**. For example, "&lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;"
-
-<p style="margin-left: 20px">Starting in Windows 10, version 1607, this policy will be enforced so that the Start pages specified by this policy cannot be changed by the users.
-
-<p style="margin-left: 20px">Starting in Windows 10, version 1703, if you don’t want to send traffic to Microsoft, you can use the "&lt;about:blank&gt;" value, which is honored for both domain- and non-domain-joined machines, when it’s the only configured URL. 
-
-> [!NOTE]
-> Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-preventaccesstoaboutflagsinmicrosoftedge"></a>**Browser/PreventAccessToAboutFlagsInMicrosoftEdge**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Users can access the about:flags page in Microsoft Edge.
--   1 – Users can't access the about:flags page in Microsoft Edge.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-preventfirstrunpage"></a>**Browser/PreventFirstRunPage**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Employees see the First Run webpage. 
--   1 – Employees don't see the First Run webpage.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-preventlivetiledatacollection"></a>**Browser/PreventLiveTileDataCollection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.
--   1 – Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-preventsmartscreenpromptoverride"></a>**Browser/PreventSmartScreenPromptOverride**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Off.
--   1 – On.
-
-<p style="margin-left: 20px">Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-preventsmartscreenpromptoverrideforfiles"></a>**Browser/PreventSmartScreenPromptOverrideForFiles**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Off.
--   1 – On.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an <p style="margin-left: 20px">user’s localhost IP address while making phone calls using WebRTC.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – The localhost IP address is shown.
--   1 – The localhost IP address is hidden.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-sendintranettraffictointernetexplorer"></a>**Browser/SendIntranetTraffictoInternetExplorer**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Specifies whether to send intranet traffic over to Internet Explorer.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Intranet traffic is sent to Internet Explorer.
--   1 – Intranet traffic is sent to Microsoft Edge.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-setdefaultsearchengine"></a>**Browser/SetDefaultSearchEngine**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy.
-
-<p style="margin-left: 20px">You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING. 
- 
-<p style="margin-left: 20px">If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.   
- 
-> [!IMPORTANT]
-> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy).
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) - The default search engine is set to the one specified in App settings.
--   1 - Allows you to configure the default search engine for your employees.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-showmessagewhenopeningsitesininternetexplorer"></a>**Browser/ShowMessageWhenOpeningSitesInInternetExplorer**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Interstitial pages are not shown.
--   1 – Interstitial pages are shown.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="browser-syncfavoritesbetweenieandmicrosoftedge"></a>**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
-
-> [!NOTE]  
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.  
->
-> Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Synchronization is off.
--   1 – Synchronization is on.
-
-<p style="margin-left: 20px">To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge:
-
-<ol>
-<li>Open Internet Explorer and add some favorites.
-<li>Open Microsoft Edge, then select Hub > Favorites.
-<li>Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge.
-</ol>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="camera-allowcamera"></a>**Camera/AllowCamera**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Disables or enables the camera.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowbluetooth"></a>**Connectivity/AllowBluetooth**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows the user to enable Bluetooth or restrict access.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be greyed out and the user will not be able to turn Bluetooth on.
--   1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
-
-> [!NOTE]
->  This value is not supported in Windows Phone 8.1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile.
-
--   2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
-
-<p style="margin-left: 20px">If this is not set or it is deleted, the default value of 2 (Allow) is used.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowcellulardata"></a>**Connectivity/AllowCellularData**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows the cellular data channel on the device. Device reboot is not required to enforce the policy.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Do not allow the cellular data channel. The user can turn it on. This value is not supported in Windows 10, version 1511.
--   1 (default) – Allow the cellular data channel. The user can turn it off.
--   2 - Allow the cellular data channel. The user cannot turn it off.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowcellulardataroaming"></a>**Connectivity/AllowCellularDataRoaming**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Do not allow cellular data roaming. The user can turn it on. This value is not supported in Windows 10, version 1511.
--   1 (default) – Allow cellular data roaming.
--   2 - Allow cellular data roaming on. The user cannot turn it off.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy.
-
-<p style="margin-left: 20px">To validate on mobile devices, do the following:
-
-1.  Go to Cellular & SIM.
-2.  Click on the SIM (next to the signal strength icon) and select **Properties**.
-3.  On the Properties page, select **Data roaming options**.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowconnecteddevices"></a>**Connectivity/AllowConnectedDevices**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   1 (default) - Allow (CDP service available).
--   0 - Disable (CDP service not available).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allownfc"></a>**Connectivity/AllowNFC**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows near field communication (NFC) on the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Do not allow NFC capabilities.
--   1 (default) – Allow NFC capabilities.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowusbconnection"></a>**Connectivity/AllowUSBConnection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging.
-
-<p style="margin-left: 20px">Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowvpnovercellular"></a>**Connectivity/AllowVPNOverCellular**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies what type of underlying connections VPN is allowed to use.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – VPN is not allowed over cellular.
--   1 (default) – VPN can use any connection, including cellular.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-allowvpnroamingovercellular"></a>**Connectivity/AllowVPNRoamingOverCellular**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Prevents the device from connecting to VPN when the device roams over cellular networks.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="connectivity-hardeneduncpaths"></a>**Connectivity/HardenedUNCPaths**  
-
-<!--StartDescription-->
-This policy setting configures secure access to UNC paths.
-
-If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Hardened UNC Paths*
--   GP name: *Pol_HardenedPaths*
--   GP path: *Network/Network Provider*
--   GP ADMX file name: *networkprovider.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="credentialproviders-allowpinlogon"></a>**CredentialProviders/AllowPINLogon**  
-
-<!--StartDescription-->
-This policy setting allows you to control whether a domain user can sign in using a convenience PIN.
-
-If you enable this policy setting, a domain user can set up and sign in with a convenience PIN.
-
-If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.
-
-Note: The user's domain password will be cached in the system vault when using this feature.
-
-To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on convenience PIN sign-in*
--   GP name: *AllowDomainPINLogon*
--   GP path: *System/Logon*
--   GP ADMX file name: *credentialproviders.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="credentialproviders-blockpicturepassword"></a>**CredentialProviders/BlockPicturePassword**  
-
-<!--StartDescription-->
-This policy setting allows you to control whether a domain user can sign in using a picture password.
-
-If you enable this policy setting, a domain user can't set up or sign in with a picture password.
-
-If you disable or don't configure this policy setting, a domain user can set up and use a picture password.
-
-Note that the user's domain password will be cached in the system vault when using this feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off picture password sign-in*
--   GP name: *BlockDomainPicturePassword*
--   GP path: *System/Logon*
--   GP ADMX file name: *credentialproviders.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="credentialproviders-enablewindowsautopilotresetcredentials"></a>**CredentialProviders/EnableWindowsAutoPilotResetCredentials**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-Added in Windows 10, version 1709. Boolean policy to enable the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. When the policy is enabled, a WNF notification is generated that would schedule a task to update the visibility of the new provider. The admin user is required to authenticate to trigger the refresh on the target device.
-
-The auto pilot reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the auto pilot reset is triggered the devices are for ready for use by information workers or students.
-
-Default value is 0.  
-
-<!--EndDescription-->
-<!--EndPolicy--> 
-<!--StartPolicy-->
-<a href="" id="credentialsui-disablepasswordreveal"></a>**CredentialsUI/DisablePasswordReveal**  
-
-<!--StartDescription-->
-This policy setting allows you to configure the display of the password reveal button in password entry user experiences.
-
-If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.
-
-If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.
-
-By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.
-
-The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not display the password reveal button*
--   GP name: *DisablePasswordReveal*
--   GP path: *Windows Components/Credential User Interface*
--   GP ADMX file name: *credui.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="credentialsui-enumerateadministrators"></a>**CredentialsUI/EnumerateAdministrators**  
-
-<!--StartDescription-->
-This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.
-
-If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password.
-
-If you disable this policy setting, users will always be required to type a user name and password to elevate.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enumerate administrator accounts on elevation*
--   GP name: *EnumerateAdministrators*
--   GP path: *Windows Components/Credential User Interface*
--   GP ADMX file name: *credui.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="cryptography-allowfipsalgorithmpolicy"></a>**Cryptography/AllowFipsAlgorithmPolicy**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows or disallows the Federal Information Processing Standard (FIPS) policy.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1– Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="cryptography-tlsciphersuites"></a>**Cryptography/TLSCipherSuites**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="dataprotection-allowdirectmemoryaccess"></a>**DataProtection/AllowDirectMemoryAccess**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="dataprotection-legacyselectivewipeid"></a>**DataProtection/LegacySelectiveWipeID**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!IMPORTANT]
-> This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time.
-
- 
-<p style="margin-left: 20px">Setting used by Windows 8.1 Selective Wipe.
-
-> [!NOTE]
-> This policy is not recommended for use in Windows 10.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="datausage-setcost3g"></a>**DataUsage/SetCost3G**  
-
-<!--StartDescription-->
-This policy setting configures the cost of 3G connections on the local machine.
-
-If this policy setting is enabled, a drop-down list box presenting possible cost values will be active.  Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:
-
-- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
-
-- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
-
-- Variable: This connection is costed on a per byte basis.
-
-If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Set 3G Cost*
--   GP name: *SetCost3G*
--   GP path: *Network/WWAN Service/WWAN Media Cost*
--   GP ADMX file name: *wwansvc.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="datausage-setcost4g"></a>**DataUsage/SetCost4G**  
-
-<!--StartDescription-->
-This policy setting configures the cost of 4G connections on the local machine.
-
-If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:
-
-- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
-
-- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
-
-- Variable: This connection is costed on a per byte basis.
-
-If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Set 4G Cost*
--   GP name: *SetCost4G*
--   GP path: *Network/WWAN Service/WWAN Media Cost*
--   GP ADMX file name: *wwansvc.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowarchivescanning"></a>**Defender/AllowArchiveScanning**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows scanning of archives.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowbehaviormonitoring"></a>**Defender/AllowBehaviorMonitoring**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Allows or disallows Windows Defender Behavior Monitoring functionality.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowcloudprotection"></a>**Defender/AllowCloudProtection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowemailscanning"></a>**Defender/AllowEmailScanning**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows scanning of email.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1 – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowfullscanonmappednetworkdrives"></a>**Defender/AllowFullScanOnMappedNetworkDrives**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows a full scan of mapped network drives.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1 – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowfullscanremovabledrivescanning"></a>**Defender/AllowFullScanRemovableDriveScanning**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows a full scan of removable drives.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowioavprotection"></a>**Defender/AllowIOAVProtection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Allows or disallows Windows Defender IOAVP Protection functionality.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowintrusionpreventionsystem"></a>**Defender/AllowIntrusionPreventionSystem**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows Windows Defender Intrusion Prevention functionality.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowonaccessprotection"></a>**Defender/AllowOnAccessProtection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows Windows Defender On Access Protection functionality.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowrealtimemonitoring"></a>**Defender/AllowRealtimeMonitoring**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows Windows Defender Realtime Monitoring functionality.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowscanningnetworkfiles"></a>**Defender/AllowScanningNetworkFiles**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Allows or disallows a scanning of network files.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowscriptscanning"></a>**Defender/AllowScriptScanning**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows Windows Defender Script Scanning functionality.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-allowuseruiaccess"></a>**Defender/AllowUserUIAccess**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-attacksurfacereductionrules"></a>**Defender/AttackSurfaceReductionRules**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
-
-Value type is string.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-attacksurfacereductiononlyexclusions"></a>**Defender/AttackSurfaceReductionOnlyExclusions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
-
-Value type is string.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-avgcpuloadfactor"></a>**Defender/AvgCPULoadFactor**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Represents the average CPU load factor for the Windows Defender scan (in percent).
-
-<p style="margin-left: 20px">Valid values: 0–100
-
-<p style="margin-left: 20px">The default value is 50.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
-
-<p style="margin-left: 20px">If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. 
-
-p<p style="margin-left: 20px">For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
-      
-> [!Note]  
-> This feature requires the "Join Microsoft MAPS" setting enabled in order to function.  
-
-<p style="margin-left: 20px">Possible options are:  
-
-- (0x0) Default windows defender blocking level
-- (0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)       
-- (0x4) High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact  client performance)
-- (0x6) Zero tolerance blocking level – block all unknown executables
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-cloudextendedtimeout"></a>**Defender/CloudExtendedTimeout**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
-
-<p style="margin-left: 20px">The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. 
-
-<p style="margin-left: 20px">For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. 
-
-> [!Note]  
-> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-daystoretaincleanedmalware"></a>**Defender/DaysToRetainCleanedMalware**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Time period (in days) that quarantine items will be stored on the system.
-
-<p style="margin-left: 20px">Valid values: 0–90
-
-<p style="margin-left: 20px">The default value is 0, which keeps items in quarantine, and does not automatically remove them.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-enableguardmyfolders"></a>**Defender/EnableGuardMyFolders**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.  
-
-- 0 (default) - Off
-- 1 - Audit mode
-- 2 - Enforcement mode
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
-
-<p style="margin-left: 20px">If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit.
-<p style="margin-left: 20px">If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center.
-<p style="margin-left: 20px">If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center.
-<p style="margin-left: 20px">If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center.
-<p style="margin-left: 20px">If you do not configure this policy, network blocking will be disabled by default.
-
-<p>Valid values:
-
-- 0 (default) - Disabled
-- 1 - Enabled (block mode)
-- 2 - Enabled (audit mode)
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-excludedextensions"></a>**Defender/ExcludedExtensions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-excludedpaths"></a>**Defender/ExcludedPaths**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-excludedprocesses"></a>**Defender/ExcludedProcesses**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows an administrator to specify a list of files opened by processes to ignore during a scan.
-
-> [!IMPORTANT]
-> The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path.
-
- 
-<p style="margin-left: 20px">Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-guardedfoldersallowedapplications"></a>**Defender/GuardedFoldersAllowedApplications**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode &#xF000; as the substring separator. 
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-guardedfolderslist"></a>**Defender/GuardedFoldersList**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode &#xF000; as the substring separator.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="defender-puaprotection"></a>**Defender/PUAProtection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – PUA Protection off. Windows Defender will not protect against potentially unwanted applications.
--   1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats.
--   2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-realtimescandirection"></a>**Defender/RealTimeScanDirection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Controls which sets of files should be monitored.
-
-> [!NOTE]
-> If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Monitor all files (bi-directional).
--   1 – Monitor incoming files.
--   2 – Monitor outgoing files.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-scanparameter"></a>**Defender/ScanParameter**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Selects whether to perform a quick scan or full scan.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   1 (default) – Quick scan
--   2 – Full scan
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-schedulequickscantime"></a>**Defender/ScheduleQuickScanTime**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Selects the time of day that the Windows Defender quick scan should run.
-
-> [!NOTE]
-> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
-
- 
-<p style="margin-left: 20px">Valid values: 0–1380
-
-<p style="margin-left: 20px">For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM.
-
-<p style="margin-left: 20px">The default value is 120
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-schedulescanday"></a>**Defender/ScheduleScanDay**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Selects the day that the Windows Defender scan should run.
-
-> [!NOTE]
-> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Every day
--   1 – Monday
--   2 – Tuesday
--   3 – Wednesday
--   4 – Thursday
--   5 – Friday
--   6 – Saturday
--   7 – Sunday
--   8 – No scheduled scan
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-schedulescantime"></a>**Defender/ScheduleScanTime**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Selects the time of day that the Windows Defender scan should run.
-
-> [!NOTE]
-> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
-
-
-<p style="margin-left: 20px">Valid values: 0–1380.
-
-<p style="margin-left: 20px">For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM.
-
-<p style="margin-left: 20px">The default value is 120.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.
-
-<p style="margin-left: 20px">Valid values: 0–24.
-
-<p style="margin-left: 20px">A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day.
-
-<p style="margin-left: 20px">The default value is 8.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-submitsamplesconsent"></a>**Defender/SubmitSamplesConsent**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Always prompt.
--   1 (default) – Send safe samples automatically.
--   2 – Never send.
--   3 – Send all samples automatically.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="defender-threatseveritydefaultaction"></a>**Defender/ThreatSeverityDefaultAction**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop.
- 
-
-<p style="margin-left: 20px">Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.
-
-<p style="margin-left: 20px">This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3
-
-<p style="margin-left: 20px">The following list shows the supported values for threat severity levels:
-
--   1 – Low severity threats
--   2 – Moderate severity threats
--   4 – High severity threats
--   5 – Severe threats
-
-<p style="margin-left: 20px">The following list shows the supported values for possible actions:
-
--   1 – Clean
--   2 – Quarantine
--   3 – Remove
--   6 – Allow
--   8 – User defined
--   10 – Block
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-doabsolutemaxcachesize"></a>**DeliveryOptimization/DOAbsoluteMaxCacheSize**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
-
-<p style="margin-left: 20px">The default value is 10.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-doallowvpnpeercaching"></a>**DeliveryOptimization/DOAllowVPNPeerCaching**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
-
-<p style="margin-left: 20px">The default value is 0 (FALSE).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dodownloadmode"></a>**DeliveryOptimization/DODownloadMode**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 –HTTP only, no peering.
--   1 (default) – HTTP blended with peering behind the same NAT.
--   2 – HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if it exists) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2.
--   3 – HTTP blended with Internet peering.
--   99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
--   100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dogroupid"></a>**DeliveryOptimization/DOGroupId**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity.
-
-> [!NOTE]
-> You must use a GUID as the group ID.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domaxcacheage"></a>**DeliveryOptimization/DOMaxCacheAge**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607.
-
-<p style="margin-left: 20px">The default value is 259200 seconds (3 days).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domaxcachesize"></a>**DeliveryOptimization/DOMaxCacheSize**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
- 
-<p style="margin-left: 20px">Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100).
-
-<p style="margin-left: 20px">The default value is 20.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domaxdownloadbandwidth"></a>**DeliveryOptimization/DOMaxDownloadBandwidth**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
- 
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization.
-
-<p style="margin-left: 20px">The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domaxuploadbandwidth"></a>**DeliveryOptimization/DOMaxUploadBandwidth**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
- 
-<p style="margin-left: 20px">Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization.
-
-<p style="margin-left: 20px">The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dominbackgroundqos"></a>**DeliveryOptimization/DOMinBackgroundQos**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
-
-<p style="margin-left: 20px">The default value is 500.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dominbatterypercentageallowedtoupload"></a>**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
-
-<p style="margin-left: 20px">The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domindisksizeallowedtopeer"></a>**DeliveryOptimization/DOMinDiskSizeAllowedToPeer**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB.
-
-> [!NOTE]
-> If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy.
-
-<p style="margin-left: 20px">The default value is 32 GB.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dominfilesizetocache"></a>**DeliveryOptimization/DOMinFileSizeToCache**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB.
-
-<p style="margin-left: 20px">The default value is 100 MB.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dominramallowedtopeer"></a>**DeliveryOptimization/DOMinRAMAllowedToPeer**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
-
-<p style="margin-left: 20px">The default value is 4 GB.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domodifycachedrive"></a>**DeliveryOptimization/DOModifyCacheDrive**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
-
-<p style="margin-left: 20px">By default, %SystemDrive% is used to store the cache.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-domonthlyuploaddatacap"></a>**DeliveryOptimization/DOMonthlyUploadDataCap**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
-
-<p style="margin-left: 20px">The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set.
-
-<p style="margin-left: 20px">The default value is 20.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
-
- 
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
-
-<p style="margin-left: 20px">The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="desktop-preventuserredirectionofprofilefolders"></a>**Desktop/PreventUserRedirectionOfProfileFolders**  
-
-<!--StartDescription-->
-Prevents users from changing the path to their profile folders.
-
-By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box.
-
-If you enable this setting, users are unable to type a new location in the Target box.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prohibit User from manually redirecting Profile Folders*
--   GP name: *DisablePersonalDirChange*
--   GP path: *Desktop*
--   GP ADMX file name: *desktop.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="deviceguard-enablevirtualizationbasedsecurity"></a>**DeviceGuard/EnableVirtualizationBasedSecurity**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
- 
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. Supported values:
-<ul>
-<li>0 (default) - disable virtualization based security</li>
-<li>1 - enable virtualization based security</li>
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="deviceguard-requireplatformsecurityfeatures"></a>**DeviceGuard/RequirePlatformSecurityFeatures**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. Supported values:
-<ul>
-<li>1 (default) - Turns on VBS with Secure Boot. </li>
-<li>3 - Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.</li>
-</ul>
- 
-<p style="margin-left: 20px">
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="deviceguard-lsacfgflags"></a>**DeviceGuard/LsaCfgFlags**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
- 
-<p style="margin-left: 20px">Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. Supported values:
-<ul>
-<li>0 (default) - (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock</li>
-<li>1 - (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock</li>
-<li>2 - (Enabled without lock) Turns on Credential Guard without UEFI lock</li>
-
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="deviceinstallation-preventinstallationofmatchingdeviceids"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceIDs**  
-
-<!--StartDescription-->
-This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
-
-If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
-
-If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent installation of devices that match any of these device IDs*
--   GP name: *DeviceInstall_IDs_Deny*
--   GP path: *System/Device Installation/Device Installation Restrictions*
--   GP ADMX file name: *deviceinstallation.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**  
-
-<!--StartDescription-->
-This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
-
-If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
-
-If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent installation of devices using drivers that match these device setup classes*
--   GP name: *DeviceInstall_Classes_Deny*
--   GP path: *System/Device Installation/Device Installation Restrictions*
--   GP ADMX file name: *deviceinstallation.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-allowidlereturnwithoutpassword"></a>**DeviceLock/AllowIdleReturnWithoutPassword**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Specifies whether the user must input a PIN or password when the device resumes from an idle state.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
- 
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-allowscreentimeoutwhilelockeduserconfig"></a>**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1 – Allowed.
-
-> [!IMPORTANT]
-> If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-allowsimpledevicepassword"></a>**DeviceLock/AllowSimpleDevicePassword**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-alphanumericdevicepasswordrequired"></a>**DeviceLock/AlphanumericDevicePasswordRequired**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required).
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
->
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education).
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Alphanumeric PIN or password required.
--   1 – Numeric PIN or password required.
--   2 (default) – Users can choose: Numeric PIN or password, or Alphanumeric PIN or password.
-
-> [!NOTE]
-> If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1.
->
-> If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2.
-
- 
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-devicepasswordenabled"></a>**DeviceLock/DevicePasswordEnabled**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether device lock is enabled.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
->
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
- 
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Enabled
--   1 – Disabled
-
-> [!IMPORTANT]
-> The **DevicePasswordEnabled** setting must be set to 0 (device password is enabled) for the following policy settings to take effect:
->
-> -   AllowSimpleDevicePassword
-> -   MinDevicePasswordLength
-> -   AlphanumericDevicePasswordRequired
-> -   MaxDevicePasswordFailedAttempts
-> -   MaxInactivityTimeDeviceLock
-> -   MinDevicePasswordComplexCharacters
-&nbsp;
-
-> [!IMPORTANT]
-> If **DevicePasswordEnabled** is set to 0 (device password is enabled), then the following policies are set:
->
-> -   MinDevicePasswordLength is set to 4
-> -   MinDevicePasswordComplexCharacters is set to 1
->
-> If **DevicePasswordEnabled** is set to 1 (device password is disabled), then the following DeviceLock policies are set to 0:
->
-> -   MinDevicePasswordLength
-> -   MinDevicePasswordComplexCharacters
-
-> [!Important]
-> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
-> - **DevicePasswordEnabled** is the parent policy of the following:
-> 	- AllowSimpleDevicePassword
->	- MinDevicePasswordLength
->	- AlphanumericDevicePasswordRequired
->		- MinDevicePasswordComplexCharacters 
->	- DevicePasswordExpiration
->	- DevicePasswordHistory
->   - MaxDevicePasswordFailedAttempts
->   - MaxInactivityTimeDeviceLock
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-devicepasswordexpiration"></a>**DeviceLock/DevicePasswordExpiration**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies when the password expires (in days).
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   An integer X where 0 &lt;= X &lt;= 730.
--   0 (default) - Passwords do not expire.
-
-<p style="margin-left: 20px">If all policy values = 0 then 0; otherwise, Min policy value is the most secure value.
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-devicepasswordhistory"></a>**DeviceLock/DevicePasswordHistory**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies how many passwords can be stored in the history that can’t be used.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   An integer X where 0 &lt;= X &lt;= 50.
--   0 (default)
-
-<p style="margin-left: 20px">The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords.
-
-<p style="margin-left: 20px">Max policy value is the most restricted.
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-enforcelockscreenandlogonimage"></a>**DeviceLock/EnforceLockScreenAndLogonImage**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
-
-
-<p style="margin-left: 20px">Value type is a string, which is the full image filepath and filename.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-enforcelockscreenprovider"></a>**DeviceLock/EnforceLockScreenProvider**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider.
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for mobile devices.
-
-
-<p style="margin-left: 20px">Value type is a string, which is the AppID.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-maxdevicepasswordfailedattempts"></a>**DeviceLock/MaxDevicePasswordFailedAttempts**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">This policy has different behaviors on the mobile device and desktop.
-
--   On a mobile device, when the user reaches the value set by this policy, then the device is wiped.
--   On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.
-
-    Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   An integer X where 4 &lt;= X &lt;= 16 for desktop and 0 &lt;= X &lt;= 999 for mobile devices.
--   0 (default) - The device is never wiped after an incorrect PIN or password is entered.
-
-<p style="margin-left: 20px">Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value.
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-maxinactivitytimedevicelock"></a>**DeviceLock/MaxInactivityTimeDeviceLock**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   An integer X where 0 &lt;= X &lt;= 999.
--   0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay"></a>**DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   An integer X where 0 &lt;= X &lt;= 999.
--   0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-mindevicepasswordcomplexcharacters"></a>**DeviceLock/MinDevicePasswordComplexCharacters**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
->
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
-
-<p style="margin-left: 20px">PIN enforces the following behavior for desktop and mobile devices:
-
--   1 - Digits only
--   2 - Digits and lowercase letters are required
--   3 - Digits, lowercase letters, and uppercase letters are required
--   4 - Digits, lowercase letters, uppercase letters, and special characters are required
-
-<p style="margin-left: 20px">The default value is 1. The following list shows the supported values and actual enforced values:
-
-<table style="margin-left: 20px">
-<colgroup>
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Account Type</th>
-<th>Supported Values</th>
-<th>Actual Enforced Values</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>Mobile</p></td>
-<td style="vertical-align:top"><p>1,2,3,4</p></td>
-<td style="vertical-align:top"><p>Same as the value set</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>Desktop Local Accounts</p></td>
-<td style="vertical-align:top"><p> 1,2,3</p></td>
-<td style="vertical-align:top"><p>3</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Desktop Microsoft Accounts</p></td>
-<td style="vertical-align:top"><p>1,2</p></td>
-<td style="vertical-align:top"><p2</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>Desktop Domain Accounts</p></td>
-<td style="vertical-align:top"><p>Not supported</p></td>
-<td style="vertical-align:top">Not supported</p></td>
-</tr>
-</tbody>
-</table>
-
-
-<p style="margin-left: 20px">Enforced values for Local and Microsoft Accounts:
-
--   Local accounts support values of 1, 2, and 3, however they always enforce a value of 3.
--   Passwords for local accounts must meet the following minimum requirements:
-
-    -   Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
-    -   Be at least six characters in length
-    -   Contain characters from three of the following four categories:
-
-        -   English uppercase characters (A through Z)
-        -   English lowercase characters (a through z)
-        -   Base 10 digits (0 through 9)
-        -   Special characters (!, $, \#, %, etc.)
-
-<p style="margin-left: 20px">The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant.
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-mindevicepasswordlength"></a>**DeviceLock/MinDevicePasswordLength**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies the minimum number or characters required in the PIN or password.
-
-> [!NOTE]
-> This policy must be wrapped in an Atomic command.
->
-> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   An integer X where 4 &lt;= X &lt;= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6.
--   Not enforced.
--   The default value is 4 for mobile devices and desktop devices.
-
-<p style="margin-left: 20px">Max policy value is the most restricted.
-
-<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**  
-
-<!--StartDescription-->
-Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.
-
-By default, users can enable a slide show that will run after they lock the machine.
-
-If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent enabling lock screen slide show*
--   GP name: *CPL_Personalization_NoLockScreenSlideshow*
--   GP path: *Control Panel/Personalization*
--   GP ADMX file name: *ControlPanelDisplay.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="devicelock-screentimeoutwhilelocked"></a>**DeviceLock/ScreenTimeoutWhileLocked**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
- 
-<p style="margin-left: 20px">Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices.
-
-<p style="margin-left: 20px">Minimum supported value is 10.
-
-<p style="margin-left: 20px">Maximum supported value is 1800.
-
-<p style="margin-left: 20px">The default value is 10.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="display-turnoffgdidpiscalingforapps"></a>**Display/TurnOffGdiDPIScalingForApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
-
-<p style="margin-left: 20px">This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off.
-
-<p style="margin-left: 20px">If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.
-
-<p style="margin-left: 20px">If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms.
-2.   Run the app and observe blurry text.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="display-turnongdidpiscalingforapps"></a>**Display/TurnOnGdiDPIScalingForApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
-
-<p style="margin-left: 20px">This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on.
-
-<p style="margin-left: 20px">If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
-
-<p style="margin-left: 20px">If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Configure the setting for an app which uses GDI.
-2.   Run the app and observe crisp text.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="enterprisecloudprint-cloudprintoauthauthority"></a>**EnterpriseCloudPrint/CloudPrintOAuthAuthority**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens.
-
-<p style="margin-left: 20px">The datatype is a string.
-
-<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https:<span></span>//azuretenant.contoso.com/adfs".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="enterprisecloudprint-cloudprintoauthclientid"></a>**EnterpriseCloudPrint/CloudPrintOAuthClientId**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority.
-
-<p style="margin-left: 20px">The datatype is a string.
-
-<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="enterprisecloudprint-cloudprintresourceid"></a>**EnterpriseCloudPrint/CloudPrintResourceId**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication.
-
-<p style="margin-left: 20px">The datatype is a string. 
-
-<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain a URL. For example, "http:<span></span>//MicrosoftEnterpriseCloudPrint/CloudPrint".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="enterprisecloudprint-cloudprinterdiscoveryendpoint"></a>**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers.
-
-<p style="margin-left: 20px">The datatype is a string.
-
-<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https:<span></span>//cloudprinterdiscovery.contoso.com".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="enterprisecloudprint-discoverymaxprinterlimit"></a>**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point.
-
-<p style="margin-left: 20px">The datatype is an integer. 
-
-<p style="margin-left: 20px">For Windows Mobile, the default value is 20.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="enterprisecloudprint-mopriadiscoveryresourceid"></a>**EnterpriseCloudPrint/MopriaDiscoveryResourceId**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication.
-
-<p style="margin-left: 20px">The datatype is a string.
-
-<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain a URL. For example, "http:<span></span>//MopriaDiscoveryService/CloudPrint".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="errorreporting-customizeconsentsettings"></a>**ErrorReporting/CustomizeConsentSettings**  
-
-<!--StartDescription-->
-This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
-
-If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
-
-- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.
-
-- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.
-
-- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.
-
-- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.
-
-- 4 (Send all data): Any data requested by Microsoft is sent automatically.
-
-If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Customize consent settings*
--   GP name: *WerConsentCustomize_2*
--   GP path: *Windows Components/Windows Error Reporting/Consent*
--   GP ADMX file name: *ErrorReporting.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="errorreporting-disablewindowserrorreporting"></a>**ErrorReporting/DisableWindowsErrorReporting**  
-
-<!--StartDescription-->
-This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
-
-If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.
-
-If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Disable Windows Error Reporting*
--   GP name: *WerDisable_2*
--   GP path: *Windows Components/Windows Error Reporting*
--   GP ADMX file name: *ErrorReporting.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="errorreporting-displayerrornotification"></a>**ErrorReporting/DisplayErrorNotification**  
-
-<!--StartDescription-->
-This policy setting controls whether users are shown an error dialog box that lets them report an error.
-
-If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.
-
-If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users.
-
-If you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.
-
-See also the Configure Error Reporting policy setting.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Display Error Notification*
--   GP name: *PCH_ShowUI*
--   GP path: *Windows Components/Windows Error Reporting*
--   GP ADMX file name: *ErrorReporting.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="errorreporting-donotsendadditionaldata"></a>**ErrorReporting/DoNotSendAdditionalData**  
-
-<!--StartDescription-->
-This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
-
-If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
-
-If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not send additional data*
--   GP name: *WerNoSecondLevelData_2*
--   GP path: *Windows Components/Windows Error Reporting*
--   GP ADMX file name: *ErrorReporting.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="errorreporting-preventcriticalerrordisplay"></a>**ErrorReporting/PreventCriticalErrorDisplay**  
-
-<!--StartDescription-->
-This policy setting prevents the display of the user interface for critical errors.
-
-If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors.
-
-If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent display of the user interface for critical errors*
--   GP name: *WerDoNotShowUI*
--   GP path: *Windows Components/Windows Error Reporting*
--   GP ADMX file name: *ErrorReporting.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="eventlogservice-controleventlogbehavior"></a>**EventLogService/ControlEventLogBehavior**  
-
-<!--StartDescription-->
-This policy setting controls Event Log behavior when the log file reaches its maximum size.
-
-If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
-
-If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
-
-Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Control Event Log behavior when the log file reaches its maximum size*
--   GP name: *Channel_Log_Retention_1*
--   GP path: *Windows Components/Event Log Service/Application*
--   GP ADMX file name: *eventlog.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="eventlogservice-specifymaximumfilesizeapplicationlog"></a>**EventLogService/SpecifyMaximumFileSizeApplicationLog**  
-
-<!--StartDescription-->
-This policy setting specifies the maximum size of the log file in kilobytes.
-
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
-
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the maximum log file size (KB)*
--   GP name: *Channel_LogMaxSize_1*
--   GP path: *Windows Components/Event Log Service/Application*
--   GP ADMX file name: *eventlog.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="eventlogservice-specifymaximumfilesizesecuritylog"></a>**EventLogService/SpecifyMaximumFileSizeSecurityLog**  
-
-<!--StartDescription-->
-This policy setting specifies the maximum size of the log file in kilobytes.
-
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
-
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the maximum log file size (KB)*
--   GP name: *Channel_LogMaxSize_2*
--   GP path: *Windows Components/Event Log Service/Security*
--   GP ADMX file name: *eventlog.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="eventlogservice-specifymaximumfilesizesystemlog"></a>**EventLogService/SpecifyMaximumFileSizeSystemLog**  
-
-<!--StartDescription-->
-This policy setting specifies the maximum size of the log file in kilobytes.
-
-If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
-
-If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the maximum log file size (KB)*
--   GP name: *Channel_LogMaxSize_4*
--   GP path: *Windows Components/Event Log Service/System*
--   GP ADMX file name: *eventlog.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowcopypaste"></a>**Experience/AllowCopyPaste**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Specifies whether copy and paste is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowcortana"></a>**Experience/AllowCortana**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">Benefit to the customer:
-
-<p style="margin-left: 20px">Before this setting, enterprise customers could not set up Cortana during out-of-box experience (OOBE) at all, even though Cortana is the “voice” that walks you through OOBE. By sending AllowCortana in initial enrollment, enterprise customers can allow their employees to see the Cortana consent page. This enables them to choose to use Cortana and make their lives easier and more productive.
-
-<p style="margin-left: 20px">Sample scenario:
-
-<p style="margin-left: 20px">An enterprise employee customer is going through OOBE and enjoys Cortana’s help in this process. The customer is happy to learn during OOBE that Cortana can help them be more productive, and chooses to set up Cortana before OOBE finishes. When their setup is finished, they are immediately ready to engage with Cortana to help manage their schedule and more.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowdevicediscovery"></a>**Experience/AllowDeviceDiscovery**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows users to turn on/off device discovery UX.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowmanualmdmunenrollment"></a>**Experience/AllowManualMDMUnenrollment**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow the user to delete the workplace account using the workplace control panel.
-
-> [!NOTE]
-> The MDM server can always remotely delete the account.
-
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowsimerrordialogpromptwhennosim"></a>**Experience/AllowSIMErrorDialogPromptWhenNoSIM**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Specifies whether to display dialog prompt when no SIM card is detected.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – SIM card dialog prompt is not displayed.
--   1 (default) – SIM card dialog prompt is displayed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowscreencapture"></a>**Experience/AllowScreenCapture**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Specifies whether screen capture is allowed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowsyncmysettings"></a>**Experience/AllowSyncMySettings**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Sync settings is not allowed.
--   1 (default) – Sync settings allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowtailoredexperienceswithdiagnosticdata"></a>**Experience/AllowTailoredExperiencesWithDiagnosticData**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
-
-<p style="margin-left: 20px">Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
-
-> **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowtaskswitcher"></a>**Experience/AllowTaskSwitcher**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows or disallows task switching on the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Task switching not allowed.
--   1 (default) – Task switching allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowthirdpartysuggestionsinwindowsspotlight"></a>**Experience/AllowThirdPartySuggestionsInWindowsSpotlight**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
-
-
-<p style="margin-left: 20px">Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Third-party suggestions not allowed.
--   1 (default) – Third-party suggestions allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowvoicerecording"></a>**Experience/AllowVoiceRecording**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Specifies whether voice recording is allowed for apps.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowwindowsconsumerfeatures"></a>**Experience/AllowWindowsConsumerFeatures**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
-
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Experience/AllowWindowsConsumerFeatures** to get the result.
-
- 
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowwindowsspotlight"></a>**Experience/AllowWindowsSpotlight**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
-
-
-<p style="margin-left: 20px">Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowwindowsspotlightonactioncenter"></a>**Experience/AllowWindowsSpotlightOnActionCenter**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowwindowsspotlightwindowswelcomeexperience"></a>**Experience/AllowWindowsSpotlightWindowsWelcomeExperience**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. 
-The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-allowwindowstips"></a>**Experience/AllowWindowsTips**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-Enables or disables Windows Tips / soft landing.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disabled.
--   1 (default) – Enabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-configurewindowsspotlightonlockscreen"></a>**Experience/ConfigureWindowsSpotlightOnLockScreen**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
-
-
-<p style="margin-left: 20px">Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – None.
--   1 (default) – Windows spotlight enabled.
--   2 – placeholder only for future extension. Using this value has no effect.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="experience-donotshowfeedbacknotifications"></a>**Experience/DoNotShowFeedbackNotifications**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Prevents devices from showing feedback questions from Microsoft.
-
-<p style="margin-left: 20px">If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users can control how often they receive feedback questions.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally.
--   1 – Feedback notifications are disabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="games-allowadvancedgamingservices"></a>**Games/AllowAdvancedGamingServices**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Placeholder only. Currently not supported.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-addsearchprovider"></a>**InternetExplorer/AddSearchProvider**  
-
-<!--StartDescription-->
-This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.
-
-If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
-
-If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Add a specific list of search providers to the user's list of search providers*
--   GP name: *AddSearchProvider*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowactivexfiltering"></a>**InternetExplorer/AllowActiveXFiltering**  
-
-<!--StartDescription-->
-This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.
-
-If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.
-
-If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on ActiveX Filtering*
--   GP name: *TurnOnActiveXFiltering*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowaddonlist"></a>**InternetExplorer/AllowAddOnList**  
-
-<!--StartDescription-->
-This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.
-
-This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.
-
-If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:
-
-Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list.  The CLSID should be in brackets for example, {000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
-
-Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
-
-If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Add-on List*
--   GP name: *AddonManagement_AddOnList*
--   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowenhancedprotectedmode"></a>**InternetExplorer/AllowEnhancedProtectedMode**  
-
-<!--StartDescription-->
-Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.
-
-If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode.
-
-If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista.
-
-If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on Enhanced Protected Mode*
--   GP name: *Advanced_EnableEnhancedProtectedMode*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowenterprisemodefromtoolsmenu"></a>**InternetExplorer/AllowEnterpriseModeFromToolsMenu**  
-
-<!--StartDescription-->
-This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.
-
-If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.
-
-If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Let users turn on and use Enterprise Mode from the Tools menu*
--   GP name: *EnterpriseModeEnable*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowenterprisemodesitelist"></a>**InternetExplorer/AllowEnterpriseModeSiteList**  
-
-<!--StartDescription-->
-This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list.
-
-If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE.
-
-If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Use the Enterprise Mode IE website list*
--   GP name: *EnterpriseModeSiteList*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowinternetexplorer7policylist "></a>**InternetExplorer/AllowInternetExplorer7PolicyList **  
-
-<!--StartDescription-->
-This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.
-
-If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify.
-
-If you disable or do not configure this policy setting, the user can add and remove sites from the list.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Use Policy List of Internet Explorer 7 sites*
--   GP name: *CompatView_UsePolicyList*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowinternetexplorerstandardsmode"></a>**InternetExplorer/AllowInternetExplorerStandardsMode**  
-
-<!--StartDescription-->
-This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.
-
-If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.
-
-If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box.
-
-If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on Internet Explorer Standards Mode for local intranet*
--   GP name: *CompatView_IntranetSites*
--   GP path: *Windows Components/Internet Explorer/Compatibility View*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowinternetzonetemplate"></a>**InternetExplorer/AllowInternetZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Internet Zone Template*
--   GP name: *IZ_PolicyInternetZoneTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowintranetzonetemplate"></a>**InternetExplorer/AllowIntranetZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Intranet Zone Template*
--   GP name: *IZ_PolicyIntranetZoneTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowlocalmachinezonetemplate"></a>**InternetExplorer/AllowLocalMachineZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Local Machine Zone Template*
--   GP name: *IZ_PolicyLocalMachineZoneTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowlockeddowninternetzonetemplate"></a>**InternetExplorer/AllowLockedDownInternetZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Locked-Down Internet Zone Template*
--   GP name: *IZ_PolicyInternetZoneLockdownTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowlockeddownintranetzonetemplate"></a>**InternetExplorer/AllowLockedDownIntranetZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Locked-Down Intranet Zone Template*
--   GP name: *IZ_PolicyIntranetZoneLockdownTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowlockeddownlocalmachinezonetemplate"></a>**InternetExplorer/AllowLockedDownLocalMachineZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Locked-Down Local Machine Zone Template*
--   GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowlockeddownrestrictedsiteszonetemplate"></a>**InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Locked-Down Restricted Sites Zone Template*
--   GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowonewordentry"></a>**InternetExplorer/AllowOneWordEntry**  
-
-<!--StartDescription-->
-This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.
-
-If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available.
-
-If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Go to an intranet site for a one-word entry in the Address bar*
--   GP name: *UseIntranetSiteForOneWordEntry*
--   GP path: *Windows Components/Internet Explorer/Internet Settings/Advanced settings/Browsing*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowsitetozoneassignmentlist"></a>**InternetExplorer/AllowSiteToZoneAssignmentList**  
-
-<!--StartDescription-->
-This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
-
-Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
-
-If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
-
-Valuename  A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also includea specificprotocol. For example, if you enter http://www.contoso.comas the valuename, other protocols are not affected.If you enter just www.contoso.com,then all protocolsare affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
-
-Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
-
-If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Site to Zone Assignment List*
--   GP name: *IZ_Zonemaps*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowsuggestedsites"></a>**InternetExplorer/AllowSuggestedSites**  
-
-<!--StartDescription-->
-This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit.
-
-If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions.
-
-If you disable this policy setting, the entry points and functionality associated with this feature are turned off.
-
-If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on Suggested Sites*
--   GP name: *EnableSuggestedSites*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowtrustedsiteszonetemplate"></a>**InternetExplorer/AllowTrustedSitesZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Trusted Sites Zone Template*
--   GP name: *IZ_PolicyTrustedSitesZoneTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowslockeddowntrustedsiteszonetemplate"></a>**InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Locked-Down Trusted Sites Zone Template*
--   GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-allowsrestrictedsiteszonetemplate"></a>**InternetExplorer/AllowsRestrictedSitesZoneTemplate**  
-
-<!--StartDescription-->
-This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
-
-If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
-
-If you disable this template policy setting, no security level is configured.
-
-If you do not configure this template policy setting, no security level is configured.
-
-Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
-
-Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Restricted Sites Zone Template*
--   GP name: *IZ_PolicyRestrictedSitesZoneTemplate*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disableadobeflash"></a>**InternetExplorer/DisableAdobeFlash**  
-
-<!--StartDescription-->
-This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects.
-
-If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings.
-
-If you disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box.
-
-Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
--   GP name: *DisableFlashInIE*
--   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablebypassofsmartscreenwarnings"></a>**InternetExplorer/DisableBypassOfSmartScreenWarnings**  
-
-<!--StartDescription-->
-This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.
-
-If you enable this policy setting, SmartScreen Filter warnings block the user.
-
-If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent bypassing SmartScreen Filter warnings*
--   GP name: *DisableSafetyFilterOverride*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles"></a>**InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles**  
-
-<!--StartDescription-->
-This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.
-
-If you enable this policy setting, SmartScreen Filter warnings block the user.
-
-If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
--   GP name: *DisableSafetyFilterOverrideForAppRepUnknown*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablecustomerexperienceimprovementprogramparticipation"></a>**InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation**  
-
-<!--StartDescription-->
-This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).
-
-If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.
-
-If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.
-
-If you do not configure this policy setting, the user can choose to participate in the CEIP.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent participation in the Customer Experience Improvement Program*
--   GP name: *SQM_DisableCEIP*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disableenclosuredownloading"></a>**InternetExplorer/DisableEnclosureDownloading**  
-
-<!--StartDescription-->
-This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.
-
-If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs.
-
-If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent downloading of enclosures*
--   GP name: *Disable_Downloading_of_Enclosures*
--   GP path: *Windows Components/RSS Feeds*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disableencryptionsupport"></a>**InternetExplorer/DisableEncryptionSupport**  
-
-<!--StartDescription-->
-This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match.
-
-If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.
-
-If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.
-
-Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off encryption support*
--   GP name: *Advanced_SetWinInetProtocols*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablefirstrunwizard"></a>**InternetExplorer/DisableFirstRunWizard**  
-
-<!--StartDescription-->
-This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.
-
-If you enable this policy setting, you must make one of the following choices:
-Skip the First Run wizard, and go directly to the user's home page.
-Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.
-
-Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.
-
-If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent running First Run wizard*
--   GP name: *NoFirstRunCustomise*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disableflipaheadfeature"></a>**InternetExplorer/DisableFlipAheadFeature**  
-
-<!--StartDescription-->
-This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.
-
-Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.
-
-If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background.
-
-If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.
-
-If you don't configure this setting, users can turn this behavior on or off, using the Settings charm.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off the flip ahead with page prediction feature*
--   GP name: *Advanced_DisableFlipAhead*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Advanced Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablehomepagechange"></a>**InternetExplorer/DisableHomePageChange**  
-
-<!--StartDescription-->
-The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run.
-
-If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies.
-
-If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Disable changing home page settings*
--   GP name: *RestrictHomePage*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disableproxychange"></a>**InternetExplorer/DisableProxyChange**  
-
-<!--StartDescription-->
-This policy setting specifies if a user can change proxy settings.
-
-If you enable this policy setting, the user will not be able to configure proxy settings.
-
-If you disable or do not configure this policy setting, the user can configure proxy settings.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent changing proxy settings*
--   GP name: *RestrictProxy*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablesearchproviderchange"></a>**InternetExplorer/DisableSearchProviderChange**  
-
-<!--StartDescription-->
-This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.
-
-If you enable this policy setting, the user cannot change the default search provider.
-
-If you disable or do not configure this policy setting, the user can change the default search provider.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Prevent changing the default search provider*
--   GP name: *NoSearchProvider*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disablesecondaryhomepagechange"></a>**InternetExplorer/DisableSecondaryHomePageChange**  
-
-<!--StartDescription-->
-Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.
-
-If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages.
-
-If you disable or do not configure this policy setting, the user can add secondary home pages.
-
-Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Disable changing secondary home page settings*
--   GP name: *SecondaryHomePages*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-disableupdatecheck"></a>**InternetExplorer/DisableUpdateCheck**  
-
-<!--StartDescription-->
-Prevents Internet Explorer from checking whether a new version of the browser is available.
-
-If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.
-
-If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.
-
-This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Disable Periodic Check for Internet Explorer software updates*
--   GP name: *NoUpdateCheck*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-donotallowuserstoaddsites"></a>**InternetExplorer/DoNotAllowUsersToAddSites**  
-
-<!--StartDescription-->
-Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.
-
-If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.)
-
-If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone.
-
-This policy prevents users from changing site management settings for security zones established by the administrator.
-
-Note:  The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
-
-Also, see the "Security zones: Use only machine settings" policy.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Security Zones: Do not allow users to add/delete sites*
--   GP name: *Security_zones_map_edit*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-donotallowuserstochangepolicies"></a>**InternetExplorer/DoNotAllowUsersToChangePolicies**  
-
-<!--StartDescription-->
-Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.
-
-If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled.
-
-If you disable this policy or do not configure it, users can change the settings for security zones.
-
-This policy prevents users from changing security zone settings established by the administrator.
-
-Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
-
-Also, see the "Security zones: Use only machine settings" policy.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Security Zones: Do not allow users to change policies*
--   GP name: *Security_options_edit*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-donotblockoutdatedactivexcontrols"></a>**InternetExplorer/DoNotBlockOutdatedActiveXControls**  
-
-<!--StartDescription-->
-This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
-
-If you enable this policy setting, Internet Explorer stops blocking outdated ActiveX controls.
-
-If you disable or don't configure this policy setting, Internet Explorer continues to block specific outdated ActiveX controls.
-
-For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
--   GP name: *VerMgmtDisable*
--   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains"></a>**InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains**  
-
-<!--StartDescription-->
-This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
-
-If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following:
-
-1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com"
-2. "hostname". For example, if you want to include http://example, use "example"
-3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm"
-
-If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone.
-
-For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
--   GP name: *VerMgmtDomainAllowlist*
--   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-includealllocalsites"></a>**InternetExplorer/IncludeAllLocalSites**  
-
-<!--StartDescription-->
-This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
-
-If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.
-
-If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).
-
-If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
--   GP name: *IZ_IncludeUnspecifiedLocalSites*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-includeallnetworkpaths"></a>**InternetExplorer/IncludeAllNetworkPaths**  
-
-<!--StartDescription-->
-This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.
-
-If you enable this policy setting, all network paths are mapped into the Intranet Zone.
-
-If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).
-
-If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Intranet Sites: Include all network paths (UNCs)*
--   GP name: *IZ_UNCAsIntranet*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowaccesstodatasources"></a>**InternetExplorer/InternetZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowfontdownloads"></a>**InternetExplorer/InternetZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowlessprivilegedsites"></a>**InternetExplorer/InternetZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowscriptlets"></a>**InternetExplorer/InternetZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowsmartscreenie"></a>**InternetExplorer/InternetZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneallowuserdatapersistence"></a>**InternetExplorer/InternetZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/InternetZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-internetzonenavigatewindowsandframes"></a>**InternetExplorer/InternetZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowaccesstodatasources"></a>**InternetExplorer/IntranetZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowfontdownloads"></a>**InternetExplorer/IntranetZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowlessprivilegedsites"></a>**InternetExplorer/IntranetZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowscriptlets"></a>**InternetExplorer/IntranetZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowsmartscreenie"></a>**InternetExplorer/IntranetZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneallowuserdatapersistence"></a>**InternetExplorer/IntranetZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-intranetzonenavigatewindowsandframes"></a>**InternetExplorer/IntranetZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowaccesstodatasources"></a>**InternetExplorer/LocalMachineZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowfontdownloads"></a>**InternetExplorer/LocalMachineZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowlessprivilegedsites"></a>**InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowscriptlets"></a>**InternetExplorer/LocalMachineZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowsmartscreenie"></a>**InternetExplorer/LocalMachineZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneallowuserdatapersistence"></a>**InternetExplorer/LocalMachineZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-localmachinezonenavigatewindowsandframes"></a>**InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowfontdownloads"></a>**InternetExplorer/LockedDownInternetZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowscriptlets"></a>**InternetExplorer/LockedDownInternetZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowsmartscreenie"></a>**InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowninternetzonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Internet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowfontdownloads"></a>**InternetExplorer/LockedDownIntranetZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowscriptlets"></a>**InternetExplorer/LockedDownIntranetZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowsmartscreenie"></a>**InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownintranetzonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Intranet Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowfontdownloads"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowscriptlets"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Local Machine Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
-
-If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowscriptlets"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Locked-Down Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowfontdownloads"></a>**InternetExplorer/RestrictedSitesZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowscriptlets"></a>**InternetExplorer/RestrictedSitesZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowsmartscreenie"></a>**InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-restrictedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
-
-If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Restricted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-searchproviderlist"></a>**InternetExplorer/SearchProviderList**  
-
-<!--StartDescription-->
-This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.
-
-If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
-
-If you disable or do not configure this policy setting, the user can configure his or her list of search providers.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Restrict search providers to a specific list*
--   GP name: *SpecificSearchProvider*
--   GP path: *Windows Components/Internet Explorer*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/TrustedSitesZoneAllowAccessToDataSources**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
-
-If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Access data sources across domains*
--   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls**  
-
-<!--StartDescription-->
-This policy setting manages whether users will be automatically prompted for ActiveX control installations.
-
-If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
-
-If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for ActiveX controls*
--   GP name: *IZ_PolicyNotificationBarActiveXURLaction_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads**  
-
-<!--StartDescription-->
-This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
-
-If you enable this setting, users will receive a file download dialog for automatic download attempts.
-
-If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Automatic prompting for file downloads*
--   GP name: *IZ_PolicyNotificationBarDownloadURLaction_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowfontdownloads"></a>**InternetExplorer/TrustedSitesZoneAllowFontDownloads**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether pages of the zone may download HTML fonts.
-
-If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
-
-If you disable this policy setting, HTML fonts are prevented from downloading.
-
-If you do not configure this policy setting, HTML fonts can be downloaded automatically.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow font downloads*
--   GP name: *IZ_PolicyFontDownload_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
-
-If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
-
-If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
-
-If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
--   GP name: *IZ_PolicyZoneElevationURLaction_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
-
-If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
-
-If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
-
-If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
--   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowscriptlets"></a>**InternetExplorer/TrustedSitesZoneAllowScriptlets**  
-
-<!--StartDescription-->
-This policy setting allows you to manage whether the user can run scriptlets.
-
-If you enable this policy setting, the user can run scriptlets.
-
-If you disable this policy setting, the user cannot run scriptlets.
-
-If you do not configure this policy setting, the user can enable or disable scriptlets.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow scriptlets*
--   GP name: *IZ_Policy_AllowScriptlets_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowsmartscreenie"></a>**InternetExplorer/TrustedSitesZoneAllowSmartScreenIE**  
-
-<!--StartDescription-->
-This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
-
-If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
-
-If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
-
-If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
-
-Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on SmartScreen Filter scan*
--   GP name: *IZ_Policy_Phishing_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/TrustedSitesZoneAllowUserDataPersistence**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
-
-If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Userdata persistence*
--   GP name: *IZ_PolicyUserdataPersistence_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls**  
-
-<!--StartDescription-->
-This policy setting allows you to manage ActiveX controls not marked as safe.
-
-If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
-
-If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
-
-If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Initialize and script ActiveX controls not marked as safe*
--   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="internetexplorer-trustedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames**  
-
-<!--StartDescription-->
-This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
-
-If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
-
-If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
-
-If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Navigate windows and frames across different domains*
--   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5*
--   GP path: *Windows Components/Internet Explorer/Internet Control Panel/Security Page/Trusted Sites Zone*
--   GP ADMX file name: *inetres.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="kerberos-allowforestsearchorder"></a>**Kerberos/AllowForestSearchOrder**  
-
-<!--StartDescription-->
-This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
-
-If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.
-
-If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *None*
--   GP name: *ForestSearch*
--   GP ADMX file name: *Kerberos.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="kerberos-kerberosclientsupportsclaimscompoundarmor"></a>**Kerberos/KerberosClientSupportsClaimsCompoundArmor**  
-
-<!--StartDescription-->
-This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
-If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
-
-If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
--   GP name: *EnableCbacAndArmor*
--   GP path: *System/Kerberos*
--   GP ADMX file name: *Kerberos.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**  
-
-<!--StartDescription-->
-This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
-
-Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
-
-If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.
-
-Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring.
-
-If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Fail authentication requests when Kerberos armoring is not available*
--   GP name: *ClientRequireFast*
--   GP path: *System/Kerberos*
--   GP ADMX file name: *Kerberos.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="kerberos-requirestrictkdcvalidation"></a>**Kerberos/RequireStrictKDCValidation**  
-
-<!--StartDescription-->
-This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.
-
-If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
-
-If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Require strict KDC validation*
--   GP name: *ValidateKDC*
--   GP path: *System/Kerberos*
--   GP ADMX file name: *Kerberos.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="kerberos-setmaximumcontexttokensize"></a>**Kerberos/SetMaximumContextTokenSize**  
-
-<!--StartDescription-->
-This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
-
-The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token.
-
-If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.
-
-If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.
-
-Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Set maximum Kerberos SSPI context token buffer size*
--   GP name: *MaxTokenSize*
--   GP path: *System/Kerberos*
--   GP ADMX file name: *Kerberos.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="licensing-allowwindowsentitlementreactivation"></a>**Licensing/AllowWindowsEntitlementReactivation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disable Windows license reactivation on managed devices.
--   1 (default) – Enable Windows license reactivation on managed devices.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="licensing-disallowkmsclientonlineavsvalidation"></a>**Licensing/DisallowKMSClientOnlineAVSValidation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Disabled.
--   1 – Enabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="location-enablelocation"></a>**Location/EnableLocation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page.
-
-> [!IMPORTANT]
-> This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Disabled.
--   1 – Enabled.
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected.
-2.   Use Windows Maps Application (or similar) to see if a location can or cannot be obtained.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="lockdown-allowedgeswipe"></a>**LockDown/AllowEdgeSwipe**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 - disallow edge swipe.
--   1 (default, not configured) - allow edge swipe.
-
-<p style="margin-left: 20px">The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="maps-allowofflinemapsdownloadovermeteredconnection"></a>**Maps/AllowOfflineMapsDownloadOverMeteredConnection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the download and update of map data over metered connections.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   65535 (default) – Not configured. User's choice.
--   0 – Disabled. Force disable auto-update over metered connection.
--   1 – Enabled. Force enable auto-update over metered connection.
-
-<p style="margin-left: 20px">After the policy is applied, you can verify the settings in the user interface in **System** &gt; **Offline Maps**.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="maps-enableofflinemapsautoupdate"></a>**Maps/EnableOfflineMapsAutoUpdate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Disables the automatic download and update of map data.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   65535 (default) – Not configured. User's choice.
--   0 – Disabled. Force off auto-update.
--   1 – Enabled. Force on auto-update.
-
-<p style="margin-left: 20px">After the policy is applied, you can verify the settings in the user interface in **System** &gt; **Offline Maps**.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="messaging-allowmms"></a>**Messaging/AllowMMS**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 - Disabled.
--   1 (default) - Enabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="messaging-allowmessagesync"></a>**Messaging/AllowMessageSync**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 - message sync is not allowed and cannot be changed by the user.
--   1 - message sync is allowed. The user can change this setting.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="messaging-allowrcs"></a>**Messaging/AllowRCS**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 - Disabled.
--   1 (default) - Enabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterprisecloudresources"></a>**NetworkIsolation/EnterpriseCloudResources**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|**.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterpriseiprange"></a>**NetworkIsolation/EnterpriseIPRange**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. For example:
-
-``` syntax
-10.0.0.0-10.255.255.255,157.54.0.0-157.54.255.255,
-192.168.0.0-192.168.255.255,2001:4898::-2001:4898:7fff:ffff:ffff:ffff:ffff:ffff,
-2001:4898:dc05::-2001:4898:dc05:ffff:ffff:ffff:ffff:ffff,
-2a01:110::-2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
-fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
-       
-```
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterpriseiprangesareauthoritative"></a>**NetworkIsolation/EnterpriseIPRangesAreAuthoritative**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterpriseinternalproxyservers"></a>**NetworkIsolation/EnterpriseInternalProxyServers**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterprisenetworkdomainnames"></a>**NetworkIsolation/EnterpriseNetworkDomainNames**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
-
-> [!NOTE]
-> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
- 
-
-<p style="margin-left: 20px">Here are the steps to create canonical domain names:
-
-1.  Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -&gt; microsoft.com.
-2.  Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags.
-3.  Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterpriseproxyservers"></a>**NetworkIsolation/EnterpriseProxyServers**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-enterpriseproxyserversareauthoritative"></a>**NetworkIsolation/EnterpriseProxyServersAreAuthoritative**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="networkisolation-neutralresources"></a>**NetworkIsolation/NeutralResources**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">List of domain names that can used for work or personal resource.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="notifications-disallownotificationmirroring"></a>**Notifications/DisallowNotificationMirroring**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
-
-> [!IMPORTANT]
-> This node must be accessed using the following paths:
->
-> -   **./User/Vendor/MSFT/Policy/Config/Notifications/DisallowNotificationMirroring** to set the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Notifications/DisallowNotificationMirroring** to get the result.
-
-
-<p style="margin-left: 20px">For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
-
-<p style="margin-left: 20px">No reboot or service restart is required for this policy to take effect.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default)– enable notification mirroring.
--   1 – disable notification mirroring.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="power-allowstandbywhensleepingpluggedin"></a>**Power/AllowStandbyWhenSleepingPluggedIn**  
-
-<!--StartDescription-->
-This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
-
-If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
-
-If you disable this policy setting, standby states (S1-S3) are not allowed.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)*
--   GP name: *AllowStandbyStatesAC_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-displayofftimeoutonbattery"></a>**Power/DisplayOffTimeoutOnBattery**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
-
-<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
-
-<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off the display (on battery)*
--   GP name: *VideoPowerDownTimeOutDC_2*
--   GP path: *System/Power Management/Video and Display Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-displayofftimeoutpluggedin"></a>**Power/DisplayOffTimeoutPluggedIn**  
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
-
-<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
-
-<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off the display (plugged in)*
--   GP name: *VideoPowerDownTimeOutAC_2*
--   GP path: *System/Power Management/Video and Display Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-hibernatetimeoutonbattery"></a>**Power/HibernateTimeoutOnBattery**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
-
-<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
-
-
-<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the system hibernate timeout (on battery)*
--   GP name: *DCHibernateTimeOut_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-hibernatetimeoutpluggedin"></a>**Power/HibernateTimeoutPluggedIn**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
-
-<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
-
-<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the system hibernate timeout (plugged in)*
--   GP name: *ACHibernateTimeOut_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-requirepasswordwhencomputerwakesonbattery"></a>**Power/RequirePasswordWhenComputerWakesOnBattery**  
-
-<!--StartDescription-->
-This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
-
-If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
-
-If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Require a password when a computer wakes (on battery)*
--   GP name: *DCPromptForPasswordOnResume_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="power-requirepasswordwhencomputerwakespluggedin"></a>**Power/RequirePasswordWhenComputerWakesPluggedIn**  
-
-<!--StartDescription-->
-This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
-
-If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
-
-If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Require a password when a computer wakes (plugged in)*
--   GP name: *ACPromptForPasswordOnResume_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-standbytimeoutonbattery"></a>**Power/StandbyTimeoutOnBattery**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
-
-<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
-
-<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the system sleep timeout (on battery)*
--   GP name: *DCStandbyTimeOut_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="power-standbytimeoutpluggedin"></a>**Power/StandbyTimeoutPluggedIn**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
-
-<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
-
-<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Specify the system sleep timeout (plugged in)*
--   GP name: *ACStandbyTimeOut_2*
--   GP path: *System/Power Management/Sleep Settings*
--   GP ADMX file name: *power.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-
-<!--StartPolicy-->
-<a href="" id="printers-pointandprintrestrictions"></a>**Printers/PointAndPrintRestrictions**  
-
-<!--StartDescription-->
-This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
-
-If you enable this policy setting:
--Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
--You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
-
-If you do not configure this policy setting:
--Windows Vista client computers can point and print to any server.
--Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
-
-If you disable this policy setting:
--Windows Vista client computers can create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
--The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Point and Print Restrictions*
--   GP name: *PointAndPrint_Restrictions_Win7*
--   GP path: *Printers*
--   GP ADMX file name: *Printing.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="printers-pointandprintrestrictions_user"></a>**Printers/PointAndPrintRestrictions_User**  
-
-<!--StartDescription-->
-This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
-
-If you enable this policy setting:
--Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
--You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
-
-If you do not configure this policy setting:
--Windows Vista client computers can point and print to any server.
--Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
-
-If you disable this policy setting:
--Windows Vista client computers can create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
--Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
--Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
--The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Point and Print Restrictions*
--   GP name: *PointAndPrint_Restrictions*
--   GP ADMX file name: *Printing.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="printers-publishprinters"></a>**Printers/PublishPrinters**  
-
-<!--StartDescription-->
-Determines whether the computer's shared printers can be published in Active Directory.
-
-If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
-
-If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available.
-
-Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow printers to be published*
--   GP name: *PublishPrinters*
--   GP path: *Printers*
--   GP ADMX file name: *Printing2.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-allowautoacceptpairingandprivacyconsentprompts"></a>**Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default)– Not allowed.
--   1 – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-allowinputpersonalization"></a>**Privacy/AllowInputPersonalization**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
- 
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-disableadvertisingid"></a>**Privacy/DisableAdvertisingId**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Enables or disables the Advertising ID.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disabled.
--   1 – Enabled.
--   65535 (default)- Not configured.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessaccountinfo"></a>**Privacy/LetAppsAccessAccountInfo**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access account information.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessaccountinfo-forceallowtheseapps"></a>**Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessaccountinfo-forcedenytheseapps"></a>**Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessaccountinfo-userincontroloftheseapps"></a>**Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscalendar"></a>**Privacy/LetAppsAccessCalendar**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscalendar-forceallowtheseapps"></a>**Privacy/LetAppsAccessCalendar_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscalendar-forcedenytheseapps"></a>**Privacy/LetAppsAccessCalendar_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscalendar-userincontroloftheseapps"></a>**Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscallhistory"></a>**Privacy/LetAppsAccessCallHistory**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access call history.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscallhistory-forceallowtheseapps"></a>**Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscallhistory-forcedenytheseapps"></a>**Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscallhistory-userincontroloftheseapps"></a>**Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscamera"></a>**Privacy/LetAppsAccessCamera**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscamera-forceallowtheseapps"></a>**Privacy/LetAppsAccessCamera_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscamera-forcedenytheseapps"></a>**Privacy/LetAppsAccessCamera_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscamera-userincontroloftheseapps"></a>**Privacy/LetAppsAccessCamera_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscontacts"></a>**Privacy/LetAppsAccessContacts**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscontacts-forceallowtheseapps"></a>**Privacy/LetAppsAccessContacts_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscontacts-forcedenytheseapps"></a>**Privacy/LetAppsAccessContacts_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesscontacts-userincontroloftheseapps"></a>**Privacy/LetAppsAccessContacts_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessemail"></a>**Privacy/LetAppsAccessEmail**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access email.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessemail-forceallowtheseapps"></a>**Privacy/LetAppsAccessEmail_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessemail-forcedenytheseapps"></a>**Privacy/LetAppsAccessEmail_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessemail-userincontroloftheseapps"></a>**Privacy/LetAppsAccessEmail_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesslocation"></a>**Privacy/LetAppsAccessLocation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access location.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesslocation-forceallowtheseapps"></a>**Privacy/LetAppsAccessLocation_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesslocation-forcedenytheseapps"></a>**Privacy/LetAppsAccessLocation_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesslocation-userincontroloftheseapps"></a>**Privacy/LetAppsAccessLocation_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmessaging"></a>**Privacy/LetAppsAccessMessaging**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS).
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmessaging-forceallowtheseapps"></a>**Privacy/LetAppsAccessMessaging_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmessaging-forcedenytheseapps"></a>**Privacy/LetAppsAccessMessaging_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmessaging-userincontroloftheseapps"></a>**Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmicrophone"></a>**Privacy/LetAppsAccessMicrophone**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmicrophone-forceallowtheseapps"></a>**Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmicrophone-forcedenytheseapps"></a>**Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmicrophone-userincontroloftheseapps"></a>**Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmotion"></a>**Privacy/LetAppsAccessMotion**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmotion-forceallowtheseapps"></a>**Privacy/LetAppsAccessMotion_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmotion-forcedenytheseapps"></a>**Privacy/LetAppsAccessMotion_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessmotion-userincontroloftheseapps"></a>**Privacy/LetAppsAccessMotion_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessnotifications"></a>**Privacy/LetAppsAccessNotifications**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessnotifications-forceallowtheseapps"></a>**Privacy/LetAppsAccessNotifications_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessnotifications-forcedenytheseapps"></a>**Privacy/LetAppsAccessNotifications_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessnotifications-userincontroloftheseapps"></a>**Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessphone"></a>**Privacy/LetAppsAccessPhone**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessphone-forceallowtheseapps"></a>**Privacy/LetAppsAccessPhone_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessphone-forcedenytheseapps"></a>**Privacy/LetAppsAccessPhone_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessphone-userincontroloftheseapps"></a>**Privacy/LetAppsAccessPhone_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessradios"></a>**Privacy/LetAppsAccessRadios**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessradios-forceallowtheseapps"></a>**Privacy/LetAppsAccessRadios_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessradios-forcedenytheseapps"></a>**Privacy/LetAppsAccessRadios_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccessradios-userincontroloftheseapps"></a>**Privacy/LetAppsAccessRadios_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstasks"></a>**Privacy/LetAppsAccessTasks**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstasks-forceallowtheseapps"></a>**Privacy/LetAppsAccessTasks_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstasks-forcedenytheseapps"></a>**Privacy/LetAppsAccessTasks_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstasks-userincontroloftheseapps"></a>**Privacy/LetAppsAccessTasks_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstrusteddevices"></a>**Privacy/LetAppsAccessTrustedDevices**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstrusteddevices-forceallowtheseapps"></a>**Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstrusteddevices-forcedenytheseapps"></a>**Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsaccesstrusteddevices-userincontroloftheseapps"></a>**Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsgetdiagnosticinfo"></a>**Privacy/LetAppsGetDiagnosticInfo**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsgetdiagnosticinfo-forceallowtheseapps"></a>**Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsgetdiagnosticinfo-forcedenytheseapps"></a>**Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsgetdiagnosticinfo-userincontroloftheseapps"></a>**Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsruninbackground"></a>**Privacy/LetAppsRunInBackground**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control (default).
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-> [!WARNING]
-> Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsruninbackground-forceallowtheseapps"></a>**Privacy/LetAppsRunInBackground_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsruninbackground-forcedenytheseapps"></a>**Privacy/LetAppsRunInBackground_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappsruninbackground-userincontroloftheseapps"></a>**Privacy/LetAppsRunInBackground_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappssyncwithdevices"></a>**Privacy/LetAppsSyncWithDevices**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – User in control.
--   1 – Force allow.
--   2 - Force deny.
-
-<p style="margin-left: 20px">Most restricted value is 2.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappssyncwithdevices-forceallowtheseapps"></a>**Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappssyncwithdevices-forcedenytheseapps"></a>**Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="privacy-letappssyncwithdevices-userincontroloftheseapps"></a>**Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remoteassistance-customizewarningmessages"></a>**RemoteAssistance/CustomizeWarningMessages**  
-
-<!--StartDescription-->
-This policy setting lets you customize warning messages.
-
-The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.
-
-The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.
-
-If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.
-
-If you disable this policy setting, the user sees the default warning message.
-
-If you do not configure this policy setting, the user sees the default warning message.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Customize warning messages*
--   GP name: *RA_Options*
--   GP path: *System/Remote Assistance*
--   GP ADMX file name: *remoteassistance.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remoteassistance-sessionlogging"></a>**RemoteAssistance/SessionLogging**  
-
-<!--StartDescription-->
-This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.
-
-If you enable this policy setting, log files are generated.
-
-If you disable this policy setting, log files are not generated.
-
-If you do not configure this setting, application-based settings are used.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn on session logging*
--   GP name: *RA_Logging*
--   GP path: *System/Remote Assistance*
--   GP ADMX file name: *remoteassistance.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remoteassistance-solicitedremoteassistance"></a>**RemoteAssistance/SolicitedRemoteAssistance**  
-
-<!--StartDescription-->
-This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
-
-If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.
-
-If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.
-
-If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
-
-If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."
-
-The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
-
-The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.
-
-If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Configure Solicited Remote Assistance*
--   GP name: *RA_Solicit*
--   GP path: *System/Remote Assistance*
--   GP ADMX file name: *remoteassistance.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remoteassistance-unsolicitedremoteassistance"></a>**RemoteAssistance/UnsolicitedRemoteAssistance**  
-
-<!--StartDescription-->
-This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.
-
-If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-
-If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-
-If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-
-If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.
-
-To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:
-
-<Domain Name>\<User Name> or
-
-<Domain Name>\<Group Name>
-
-If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.
-
-Windows Vista and later
-
-Enable the Remote Assistance exception for the domain profile. The exception must contain:
-Port 135:TCP
-%WINDIR%\System32\msra.exe
-%WINDIR%\System32\raserver.exe
-
-Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)
-
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-%WINDIR%\System32\Sessmgr.exe
-
-For computers running Windows Server 2003 with Service Pack 1 (SP1)
-
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-Allow Remote Desktop Exception
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Configure Offer Remote Assistance*
--   GP name: *RA_Unsolicit*
--   GP ADMX file name: *remoteassistance.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remotedesktopservices-allowuserstoconnectremotely"></a>**RemoteDesktopServices/AllowUsersToConnectRemotely**  
-
-<!--StartDescription-->
-This policy setting allows you to configure remote access to computers by using Remote Desktop Services.
-
-If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
-
-If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
-
-If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.
-
-Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
-
-You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Allow users to connect remotely by using Remote Desktop Services*
--   GP name: *TS_DISABLE_CONNECTIONS*
--   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
--   GP ADMX file name: *terminalserver.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remotedesktopservices-clientconnectionencryptionlevel"></a>**RemoteDesktopServices/ClientConnectionEncryptionLevel**  
-
-<!--StartDescription-->
-Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
-
-If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:
-
-* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.
-
-* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption.
-
-* Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption.
-
-If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy.
-
-Important
-
-FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Set client connection encryption level*
--   GP name: *TS_ENCRYPTION_POLICY*
--   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
--   GP ADMX file name: *terminalserver.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remotedesktopservices-donotallowdriveredirection"></a>**RemoteDesktopServices/DoNotAllowDriveRedirection**  
-
-<!--StartDescription-->
-This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).
-
-By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior.
-
-If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.
-
-If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.
-
-If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not allow drive redirection*
--   GP name: *TS_CLIENT_DRIVE_M*
--   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
--   GP ADMX file name: *terminalserver.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remotedesktopservices-donotallowpasswordsaving"></a>**RemoteDesktopServices/DoNotAllowPasswordSaving**  
-
-<!--StartDescription-->
-Controls whether passwords can be saved on this computer from Remote Desktop Connection.
-
-If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
-
-If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not allow passwords to be saved*
--   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
--   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
--   GP ADMX file name: *terminalserver.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remotedesktopservices-promptforpassworduponconnection"></a>**RemoteDesktopServices/PromptForPasswordUponConnection**  
-
-<!--StartDescription-->
-This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.
-
-You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.
-
-By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.
-
-If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.
-
-If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
-
-If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Always prompt for password upon connection*
--   GP name: *TS_PASSWORD*
--   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
--   GP ADMX file name: *terminalserver.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remotedesktopservices-requiresecurerpccommunication"></a>**RemoteDesktopServices/RequireSecureRPCCommunication**  
-
-<!--StartDescription-->
-Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.
-
-You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.
-
-If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.
-
-If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.
-
-If the status is set to Not Configured, unsecured communication is allowed.
-
-Note: The RPC interface is used for administering and configuring Remote Desktop Services.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Require secure RPC communication*
--   GP name: *TS_RPC_ENCRYPTION*
--   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
--   GP ADMX file name: *terminalserver.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remoteprocedurecall-rpcendpointmapperclientauthentication"></a>**RemoteProcedureCall/RPCEndpointMapperClientAuthentication**  
-
-<!--StartDescription-->
-This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.
-
-If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
-
-If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information.  Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-
-If you do not configure this policy setting, it remains disabled.  RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
-
-Note: This policy will not be applied until the system is rebooted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Enable RPC Endpoint Mapper Client Authentication*
--   GP name: *RpcEnableAuthEpResolution*
--   GP path: *System/Remote Procedure Call*
--   GP ADMX file name: *rpc.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="remoteprocedurecall-restrictunauthenticatedrpcclients"></a>**RemoteProcedureCall/RestrictUnauthenticatedRPCClients**  
-
-<!--StartDescription-->
-This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
-
-This policy setting impacts all RPC applications.  In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself.  Reverting a change to this policy setting can require manual intervention on each affected machine.  This policy setting should never be applied to a domain controller.
-
-If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.
-
-If you do not configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
-
-If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
-
---  "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
-
---  "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
-
---  "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied.  No exceptions are allowed.
-
-Note: This policy setting will not be applied until the system is rebooted.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Restrict Unauthenticated RPC clients*
--   GP name: *RpcRestrictRemoteClients*
--   GP path: *System/Remote Procedure Call*
--   GP ADMX file name: *rpc.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
-
-<p style="margin-left: 20px">When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
-
-<p style="margin-left: 20px">When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether search can leverage location information.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows the use of diacritics.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to always use automatic language detection when indexing content and properties.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Disable.
--   1 – Enable.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">This policy setting configures whether or not locations on removable drives can be added to libraries.
-
-<p style="margin-left: 20px">If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Disable.
--   1 – Enable.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
-
-<p style="margin-left: 20px">Enable this policy if computers in your environment have extremely limited hard drive space.
-
-<p style="margin-left: 20px">When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disable.
--   1 (default) – Enable.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disable.
--   1 (default) – Enable.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="search-safesearchpermissions"></a>**Search/SafeSearchPermissions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Specifies what level of safe search (filtering adult content) is required.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Strict, highest filtering against adult content.
--   1 (default) – Moderate filtering against adult content (valid search results will not be filtered).
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-allowaddprovisioningpackage"></a>**Security/AllowAddProvisioningPackage**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to install provisioning packages.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-allowautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy has been deprecated in Windows 10, version 1607
-
-<br>
-
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-allowmanualrootcertificateinstallation"></a>**Security/AllowManualRootCertificateInstallation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Specifies whether the user is allowed to manually install root and intermediate CA certificates.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-allowremoveprovisioningpackage"></a>**Security/AllowRemoveProvisioningPackage**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to remove provisioning packages.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-antitheftmode"></a>**Security/AntiTheftMode**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
-
- 
-<p style="margin-left: 20px">Allows or disallow Anti Theft Mode on the device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Don't allow Anti Theft Mode.
--   1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-preventautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
-
-<p style="margin-left: 20px">Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Encryption enabled.
--   1 – Encryption disabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-requiredeviceencryption"></a>**Security/RequireDeviceEncryption**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**.
-
-<p style="margin-left: 20px">Allows enterprise to turn on internal storage encryption.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Encryption is not required.
--   1 – Encryption is required.
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-> [!IMPORTANT]
-> If encryption has been enabled, it cannot be turned off by using this policy.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-requireprovisioningpackagesignature"></a>**Security/RequireProvisioningPackageSignature**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether provisioning packages must have a certificate signed by a device trusted authority.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not required.
--   1 – Required.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="security-requireretrievehealthcertificateonboot"></a>**Security/RequireRetrieveHealthCertificateOnBoot**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not required.
--   1 – Required.
-
-<p style="margin-left: 20px">Setting this policy to 1 (Required):
-
--   Determines whether a device is capable of Remote Device Health Attestation, by verifying if the device has TPM 2.0.
--   Improves the performance of the device by enabling the device to fetch and cache data to reduce the latency during Device Health Verification.
-
-> [!NOTE]
-> We recommend that this policy is set to Required after MDM enrollment.
- 
-
-<p style="margin-left: 20px">Most restricted value is 1.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowautoplay"></a>**Settings/AllowAutoPlay**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows the user to change Auto Play settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-> [!NOTE]
-> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowdatasense"></a>**Settings/AllowDataSense**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows the user to change Data Sense settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowdatetime"></a>**Settings/AllowDateTime**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows the user to change date and time settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-alloweditdevicename"></a>**Settings/AllowEditDeviceName**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows editing of the device name.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowlanguage"></a>**Settings/AllowLanguage**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows the user to change the language settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowpowersleep"></a>**Settings/AllowPowerSleep**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows the user to change power and sleep settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowregion"></a>**Settings/AllowRegion**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows the user to change the region settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowsigninoptions"></a>**Settings/AllowSignInOptions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows the user to change sign-in options.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowvpn"></a>**Settings/AllowVPN**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows the user to change VPN settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowworkplace"></a>**Settings/AllowWorkplace**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Allows user to change workplace settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-allowyouraccount"></a>**Settings/AllowYourAccount**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows user to change account settings.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-configuretaskbarcalendar"></a>**Settings/ConfigureTaskbarCalendar**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout.  In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – User will be allowed to configure the setting.
--   1  – Don't show additional calendars.
--   2  - Simplified Chinese (Lunar).
--   3  - Traditional Chinese (Lunar).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="settings-pagevisibilitylist"></a>**Settings/PageVisibilityList**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo".  Multiple page identifiers are separated by semicolons.
-
-<p style="margin-left: 20px">The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
-
-<p style="margin-left: 20px">showonly:about;bluetooth
-
-<p style="margin-left: 20px">If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list.
-
-<p style="margin-left: 20px">The format of the PageVisibilityList value is as follows:
-
--   The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
--   There are two variants: one that shows only the given pages and one which hides the given pages.
--   The first variant starts with the string "showonly:" and the second with the string "hide:".
--	Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
--   Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:wi-fi" would be just "wi-fi".
-
-<p style="margin-left: 20px">The default value for this setting is an empty string, which is interpreted as show everything.
-
-<p style="margin-left: 20px">Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
-
-<p style="margin-left: 20px">showonly:wi-fi;bluetooth
-
-<p style="margin-left: 20px">Example 2, specifies that the wifi page should not be shown:
-
-<p style="margin-left: 20px">hide:wifi
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Open System Settings and verfiy that the About page is visible and accessible.
-2.   Configure the policy with the following string: "hide:about".
-3.   Open System Settings again and verify that the About page is no longer accessible.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="smartscreen-enableappinstallcontrol"></a>**SmartScreen/EnableAppInstallControl**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
--   1 – Turns on Application Installation Control, allowing users to only install apps from the Store.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="smartscreen-enablesmartscreeninshell"></a>**SmartScreen/EnableSmartScreenInShell**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Turns off SmartScreen in Windows.
--   1 – Turns on SmartScreen in Windows.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="smartscreen-preventoverrideforfilesinshell"></a>**SmartScreen/PreventOverrideForFilesInShell**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Employees can ignore SmartScreen warnings and run malicious files.
--   1 – Employees cannot ignore SmartScreen warnings and run malicious files.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="speech-allowspeechmodelupdate"></a>**Speech/AllowSpeechModelUpdate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfolderdocuments"></a>**Start/AllowPinnedFolderDocuments**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfolderdownloads"></a>**Start/AllowPinnedFolderDownloads**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfolderfileexplorer"></a>**Start/AllowPinnedFolderFileExplorer**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfolderhomegroup"></a>**Start/AllowPinnedFolderHomeGroup**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfoldermusic"></a>**Start/AllowPinnedFolderMusic**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfoldernetwork"></a>**Start/AllowPinnedFolderNetwork**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfolderpersonalfolder"></a>**Start/AllowPinnedFolderPersonalFolder**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfolderpictures"></a>**Start/AllowPinnedFolderPictures**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfoldersettings"></a>**Start/AllowPinnedFolderSettings**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-allowpinnedfoldervideos"></a>**Start/AllowPinnedFolderVideos**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – The shortcut is hidden and disables the setting in the Settings app.
--   1 – The shortcut is visible and disables the setting in the Settings app.
--   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-forcestartsize"></a>**Start/ForceStartSize**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
-
-
-<p style="margin-left: 20px">Forces the start screen size.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Do not force size of Start.
--   1 – Force non-fullscreen size of Start.
--   2 - Force a fullscreen size of Start.
-
-<p style="margin-left: 20px">If there is policy configuration conflict, the latest configuration request is applied to the device.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hideapplist"></a>**Start/HideAppList**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by collapsing or removing the all apps list.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – None.
--   1 – Hide all apps list.
--   2 - Hide all apps list, and Disable "Show app list in Start menu" in Settings app.
--   3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app.
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
--   1 - Enable policy and restart explorer.exe
--   2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle is not grayed out.
--   2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out.
--   2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidechangeaccountsettings"></a>**Start/HideChangeAccountSettings**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the user tile, and verify that "Change account settings" is not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidefrequentlyusedapps"></a>**Start/HideFrequentlyUsedApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable "Show most used apps" in the Settings app.
-2.   Use some apps to get them into the most used group in Start.
-3.   Enable policy.
-4.   Restart explorer.exe
-5.   Check that  "Show most used apps" Settings toggle is grayed out.
-6.   Check that most used apps do not appear in Start.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidehibernate"></a>**Start/HideHibernate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Laptop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the Power button, and verify "Hibernate" is not available.
-
-> [!NOTE]
-> This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidelock"></a>**Start/HideLock**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the user tile, and verify "Lock" is not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidepowerbutton"></a>**Start/HidePowerButton**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, and verify the power button is not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hiderecentjumplists"></a>**Start/HideRecentJumplists**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings.
-2.   Pin Photos to the taskbar, and open some images in the photos app.
-3.   Right click the pinned photos app and verify that a jumplist of recently opened items pops up.
-4.   Toggle "Show recently opened items in Jump Lists on Start of the taskbar" in Settings to clear jump lists.
-5.   Enable policy.
-6.   Restart explorer.exe
-7.   Check that Settings toggle is grayed out.
-8.   Repeat Step 2.
-9.   Right Click pinned photos app and verify that there is no jumplist of recent items.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hiderecentlyaddedapps"></a>**Start/HideRecentlyAddedApps**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable "Show recently added apps" in the Settings app.
-2.   Check if there are recently added apps in Start (if not, install some).
-3.   Enable policy.
-4.   Restart explorer.exe
-5.   Check that "Show recently added apps" Settings toggle is grayed out.
-6.   Check that recently added apps do not appear in Start.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hiderestart"></a>**Start/HideRestart**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hideshutdown"></a>**Start/HideShutDown**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidesignout"></a>**Start/HideSignOut**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the user tile, and verify "Sign out" is not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hidesleep"></a>**Start/HideSleep**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the Power button, and verify that "Sleep" is not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hideswitchaccount"></a>**Start/HideSwitchAccount**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Open Start, click on the user tile, and verify that "Switch account" is not available.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-hideusertile"></a>**Start/HideUserTile**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (do not hide).
--   1 - True (hide).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Log off.
-3.   Log in, and verify that the user tile is gone from Start.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-importedgeassets"></a>**Start/ImportEdgeAssets**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy requires reboot to take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
-
-> [!IMPORTANT]
-> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
-
-<p style="margin-left: 20px">The value set for this policy is an XML string containing Edge assets.  An example XML string is provided in the [Microsoft Edge assets example](#microsoft-edge-assets-example) later in this topic.
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Set policy with an XML for Edge assets.
-2.   Set StartLayout policy to anything so that it would trigger the Edge assets import.
-3.   Sign out/in.
-4.   Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-nopinningtotaskbar"></a>**Start/NoPinningToTaskbar**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (pinning enabled).
--   1 - True (pinning disabled).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Right click on a program pinned to taskbar.
-3.   Verify that "Unpin from taskbar" menu does not show.
-4.   Open Start and right click on one of the app list icons.
-5.   Verify that More->Pin to taskbar menu does not show.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="start-startlayout"></a>**Start/StartLayout**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!IMPORTANT]
-> This node is set on a per-user basis and must be accessed using the following paths:
-> -   **./User/Vendor/MSFT/Policy/Config/Start/StartLayout** to configure the policy.
-> -   **./User/Vendor/MSFT/Policy/Result/Start/StartLayout** to query the current value of the policy.
->
->
-> Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis using the following paths:
-> -   **./Device/Vendor/MSFT/Policy/Config/Start/StartLayout** to configure the policy.
-> -   **./Device/Vendor/MSFT/Policy/Result/Start/StartLayout** to query the current value of the policy.
-
-
-<p style="margin-left: 20px">Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
-
-<p style="margin-left: 20px">This policy is described in [Start/StartLayout Examples](#startlayout-examples) later in this topic.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**  
-
-<!--StartDescription-->
-This policy setting configures whether or not Windows will activate an Enhanced Storage device.
-
-If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.
-
-If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not allow Windows to activate Enhanced Storage devices*
--   GP name: *TCGSecurityActivationDisabled*
--   GP path: *System/Enhanced Storage Access*
--   GP ADMX file name: *enhancedstorage.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowbuildpreview"></a>**System/AllowBuildPreview**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise.
-
-
-<p style="margin-left: 20px">This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software.
-
-<p style="margin-left: 20px">If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software.
--   1 – Allowed. Users can make their devices available for downloading and installing preview software.
--   2 (default) – Not configured. Users can make their devices available for downloading and installing preview software.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowembeddedmode"></a>**System/AllowEmbeddedMode**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether set general purpose device to be in embedded mode.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Not allowed.
--   1 – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowexperimentation"></a>**System/AllowExperimentation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is not supported in Windows 10, version 1607.
-
-<p style="margin-left: 20px">This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disabled.
--   1 (default) – Permits Microsoft to configure device settings only.
--   2 – Allows Microsoft to conduct full experimentations.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowfontproviders"></a>**System/AllowFontProviders**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
-
-<p style="margin-left: 20px">Supported values:  
-
--   false - No traffic to fs.microsoft.com and only locally-installed fonts are available.
--   true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
-
-<p style="margin-left: 20px">This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
-
-<p style="margin-left: 20px">This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
-
-> [!Note]  
-> Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
-
-<p style="margin-left: 20px">To verify if System/AllowFontProviders is set to true:  
-
--  After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowlocation"></a>**System/AllowLocation**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow app access to the Location service.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
--   1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off.
--   2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy.
-
-<p style="margin-left: 20px">When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting.
-
-<p style="margin-left: 20px">For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card. 
--   1 (default) – Allow a storage card.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowtelemetry"></a>**System/AllowTelemetry**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allow the device to send diagnostic and usage telemetry data, such as Watson.
-
-<p style="margin-left: 20px">The following tables describe the supported values:
-
-<table style="margin-left: 20px">
-<colgroup>
-<col width="100%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Windows 8.1 Values</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>0 – Not allowed.</p>
-</td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p> 1 – Allowed, except for Secondary Data Requests.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>2 (default) – Allowed.</p></td>
-</tr>
-</tbody>
-</table>
-
-
-<table style="margin-left: 20px">
-<colgroup>
-<col width="100%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Windows 10 Values</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>0 – Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.</p>
-<div class="alert">
-<strong>Note</strong>  This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
-</div>
-</td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>1 – Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level.</p></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>2 – Enhanced. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels.</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>3 – Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.</p></td>
-</tr>
-</tbody>
-</table>
-
-
-> [!IMPORTANT]
-> If you are using Windows 8.1 MDM server and set a value of 0 using the legacy AllowTelemetry policy on a Windows 10 Mobile device, then the value is not respected and the telemetry level is silently set to level 1.
-
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed to reset to factory default settings.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**  
-
-<!--StartDescription-->
-N/A
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Boot-Start Driver Initialization Policy*
--   GP name: *POL_DriverLoadPolicy_Name*
--   GP path: *System/Early Launch Antimalware*
--   GP ADMX file name: *earlylauncham.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
-
-* Users cannot access OneDrive from the OneDrive app or file picker.
-* Windows Store apps cannot access OneDrive using the WinRT API.
-* OneDrive does not appear in the navigation pane in File Explorer.
-* OneDrive files are not kept in sync with the cloud.
-* Users cannot automatically upload photos and videos from the camera roll folder. 
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – False (sync enabled).
--   1 – True (sync disabled).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Restart machine.
-3.   Verify that OneDrive.exe is not running in Task Manager.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-disablesystemrestore"></a>**System/DisableSystemRestore**  
-
-<!--StartDescription-->
-Allows you to disable System Restore.
-
-This policy setting allows you to turn off System Restore.
-
-System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
-
-If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
-
-If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
-
-Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off System Restore*
--   GP name: *SR_DisableSR*
--   GP path: *System/System Restore*
--   GP ADMX file name: *systemrestore.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *&lt;server&gt;:&lt;port&gt;*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.
-
-<p style="margin-left: 20px">If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowimelogging"></a>**TextInput/AllowIMELogging**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowimenetworkaccess"></a>**TextInput/AllowIMENetworkAccess**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowinputpanel"></a>**TextInput/AllowInputPanel**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the IT admin to disable the touch/handwriting keyboard on Windows.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowjapaneseimesurrogatepaircharacters"></a>**TextInput/AllowJapaneseIMESurrogatePairCharacters**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the Japanese IME surrogate pair characters.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowjapaneseivscharacters"></a>**TextInput/AllowJapaneseIVSCharacters**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows Japanese Ideographic Variation Sequence (IVS) characters.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowjapanesenonpublishingstandardglyph"></a>**TextInput/AllowJapaneseNonPublishingStandardGlyph**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the Japanese non-publishing standard glyph.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowjapaneseuserdictionary"></a>**TextInput/AllowJapaneseUserDictionary**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the Japanese user dictionary.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowkeyboardtextsuggestions"></a>**TextInput/AllowKeyboardTextSuggestions**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. 
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Disabled.
--   1 (default) – Enabled.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<p style="margin-left: 20px">To validate that text prediction is disabled on Windows 10 for desktop, do the following:
-
-1.  Search for and launch the on-screen keyboard. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Use Text Prediction” setting is enabled from the options button.
-2.  Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app.
-3.  Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">This policy has been deprecated.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-allowlanguagefeaturesuninstall"></a>**TextInput/AllowLanguageFeaturesUninstall**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the uninstall of language features, such as spell checkers, on a device.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-excludejapaneseimeexceptjis0208"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the users to restrict character code range of conversion by setting the character filter.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – No characters are filtered.
--   1 – All characters except JIS0208 are filtered.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-excludejapaneseimeexceptjis0208andeudc"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the users to restrict character code range of conversion by setting the character filter.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – No characters are filtered.
--   1 – All characters except JIS0208 and EUDC are filtered.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="textinput-excludejapaneseimeexceptshiftjis"></a>**TextInput/ExcludeJapaneseIMEExceptShiftJIS**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> The policy is only enforced in Windows 10 for desktop.
-
-
-<p style="margin-left: 20px">Allows the users to restrict character code range of conversion by setting the character filter.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – No characters are filtered.
--   1 – All characters except ShiftJIS are filtered.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="timelanguagesettings-allowset24hourclock"></a>**TimeLanguageSettings/AllowSet24HourClock**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Locale default setting.
--   1 (default) – Set 24 hour clock.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-activehoursend"></a>**Update/ActiveHoursEnd**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
-
-> [!NOTE]
-> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** below for more information.
-
-<p style="margin-left: 20px">Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
-
-<p style="margin-left: 20px">The default is 17 (5 PM).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-activehoursmaxrange"></a>**Update/ActiveHoursMaxRange**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
-
-<p style="margin-left: 20px">Supported values are 8-18.
-
-<p style="margin-left: 20px">The default value is 18 (hours).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-activehoursstart"></a>**Update/ActiveHoursStart**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
-
-> [!NOTE]
-> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** above for more information.
-
-<p style="margin-left: 20px">Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
-
-<p style="margin-left: 20px">The default value is 8 (8 AM).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-autorestartdeadlineperiodindays"></a>**Update/AutoRestartDeadlinePeriodInDays**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory.
-
-<p style="margin-left: 20px">Supported values are 2-30 days.
-
-<p style="margin-left: 20px">The default value is 7 days.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-allowautoupdate"></a>**Update/AllowAutoUpdate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
-
-<p style="margin-left: 20px">Supported operations are Get and Replace.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
--   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
--   2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
--   3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
--   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
--   5 – Turn off automatic updates.
-
-> [!IMPORTANT]
-> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
- 
-
-<p style="margin-left: 20px">If the policy is not configured, end-users get the default behavior (Auto install and restart).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-allowmuupdateservice"></a>**Update/AllowMUUpdateService**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed or not configured.
--   1 – Allowed. Accepts updates received through Microsoft Update.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-allownonmicrosoftsignedupdate"></a>**Update/AllowNonMicrosoftSignedUpdate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
-
-<p style="margin-left: 20px">Supported operations are Get and Replace.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
--   1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
-
-<p style="margin-left: 20px">This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-allowupdateservice"></a>**Update/AllowUpdateService**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store.
-
-<p style="margin-left: 20px">Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store
-
-<p style="margin-left: 20px">Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Update service is not allowed.
--   1 (default) – Update service is allowed.
-
-> [!NOTE]
-> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-autorestartnotificationschedule"></a>**Update/AutoRestartNotificationSchedule**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
-
-<p style="margin-left: 20px">Supported values are 15, 30, 60, 120, and 240 (minutes).
-
-<p style="margin-left: 20px">The default value is 15 (minutes).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-autorestartrequirednotificationdismissal"></a>**Update/AutoRestartRequiredNotificationDismissal**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   1 (default) – Auto Dismissal.
--   2 – User Dismissal.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-branchreadinesslevel"></a>**Update/BranchReadinessLevel**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   16 (default) – User gets all applicable upgrades from Current Branch (CB).
--   32 – User gets upgrades from Current Branch for Business (CBB).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-deferfeatureupdatesperiodindays"></a>**Update/DeferFeatureUpdatesPeriodInDays**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
-<p style="margin-left: 20px">Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
-
-<p style="margin-left: 20px">Supported values are 0-365 days.
-
-> [!IMPORTANT]
-> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-deferqualityupdatesperiodindays"></a>**Update/DeferQualityUpdatesPeriodInDays**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
-
-<p style="margin-left: 20px">Supported values are 0-30.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-deferupdateperiod"></a>**Update/DeferUpdatePeriod**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
->
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
-
-
-<p style="margin-left: 20px">Allows IT Admins to specify update delays for up to 4 weeks.
-
-<p style="margin-left: 20px">Supported values are 0-4, which refers to the number of weeks to defer updates.
-
-<p style="margin-left: 20px">In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following:
-
--   Update/RequireDeferUpgrade must be set to 1
--   System/AllowTelemetry must be set to 1 or higher
-
-<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-<p style="margin-left: 20px">If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-<table style="margin-left: 20px">
-<colgroup>
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-<col width="25%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th>Update category</th>
-<th>Maximum deferral</th>
-<th>Deferral increment</th>
-<th>Update type/notes</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td style="vertical-align:top"><p>OS upgrade</p></td>
-<td style="vertical-align:top"><p>8 months</p></td>
-<td style="vertical-align:top"><p>1 month</p></td>
-<td style="vertical-align:top"><p>Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5</p></td>
-</tr>
-<tr class="even">
-<td style="vertical-align:top"><p>Update</p></td>
-<td style="vertical-align:top"><p>1 month</p></td>
-<td style="vertical-align:top"><p>1 week</p></td>
-<td style="vertical-align:top"><div class="alert">
-<strong>Note</strong>
-If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
-</div>
-<ul>
-<li>Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441</li>
-<li>Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4</li>
-<li>Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F</li>
-<li>Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828</li>
-<li>Tools - B4832BD8-E735-4761-8DAF-37F882276DAB</li>
-<li>Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F</li>
-<li>Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83</li>
-<li>Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td style="vertical-align:top"><p>Other/cannot defer</p></td>
-<td style="vertical-align:top"><p>No deferral</p></td>
-<td style="vertical-align:top"><p>No deferral</p></td>
-<td style="vertical-align:top"><p>Any update category not specifically enumerated above falls into this category.</p>
-<p>Definition Update - E0789628-CE08-4437-BE74-2495B842F43B</p></td>
-</tr>
-</tbody>
-</table>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-deferupgradeperiod"></a>**Update/DeferUpgradePeriod**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
->
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
->
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
-
-
-<p style="margin-left: 20px">Allows IT Admins to specify additional upgrade delays for up to 8 months.
-
-<p style="margin-left: 20px">Supported values are 0-8, which refers to the number of months to defer upgrades.
-
-<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-<p style="margin-left: 20px">If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-detectionfrequency"></a>**Update/DetectionFrequency**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-engagedrestartdeadline"></a>**Update/EngagedRestartDeadline**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period.  If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
-
-<p style="margin-left: 20px">Supported values are 2-30 days.
-
-<p style="margin-left: 20px">The default value is 0 days (not specified).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-engagedrestartsnoozeschedule"></a>**Update/EngagedRestartSnoozeSchedule**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
-
-<p style="margin-left: 20px">Supported values are 1-3 days.
-
-<p style="margin-left: 20px">The default value is 3 days.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-engagedrestarttransitionschedule"></a>**Update/EngagedRestartTransitionSchedule**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
-
-<p style="margin-left: 20px">Supported values are 2-30 days.
-
-<p style="margin-left: 20px">The default value is 7 days.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-excludewudriversinqualityupdate"></a>**Update/ExcludeWUDriversInQualityUpdate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
-> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Allow Windows Update drivers.
--   1 – Exclude Windows Update drivers.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-fillemptycontenturls"></a>**Update/FillEmptyContentUrls**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata.  This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the <a href="#update-updateserviceurlalternate">alternate download URL</a>).
-
-> [!NOTE]
-> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache.  This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Disabled.
--   1 – Enabled.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-ignoremoappdownloadlimit"></a>**Update/IgnoreMOAppDownloadLimit**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
-
-> [!WARNING]
-> Setting this policy might cause devices to incur costs from MO operators.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Do not ignore MO download limit for apps and their updates.
--   1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
-
-<p style="margin-left: 20px">To validate this policy:
-
-1.  Enable the policy ensure the device is on a cellular network.
-2.  Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: 
-      - `regd delete HKEY_USERS\S-1-5-21-2702878673-795188819-444038987-2781\software\microsoft\windows\currentversion\windowsupdate /v LastAutoAppUpdateSearchSuccessTime /f`
-
-      - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\Automatic App Update"""" /I""`
-
-3.   Verify that any downloads that are above the download size limit will complete without being paused.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-ignoremoupdatedownloadlimit"></a>**Update/IgnoreMOUpdateDownloadLimit**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
-
-> [!WARNING]
-> Setting this policy might cause devices to incur costs from MO operators.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Do not ignore MO download limit for OS updates.
--   1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
-
-<p style="margin-left: 20px">To validate this policy:
-
-1.  Enable the policy and ensure the device is on a cellular network.
-2.  Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: 
-      - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""`
-
-3.   Verify that any downloads that are above the download size limit will complete without being paused.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-pausedeferrals"></a>**Update/PauseDeferrals**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
->
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
-
-
-<p style="margin-left: 20px">Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Deferrals are not paused.
--   1 – Deferrals are paused.
-
-<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-<p style="margin-left: 20px">If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-pausefeatureupdates"></a>**Update/PauseFeatureUpdates**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
-<p style="margin-left: 20px">Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Feature Updates are not paused.
--   1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-PauseFeatureUpdatesStartTime"></a>**Update/PauseFeatureUpdatesStartTime**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates.
-
-<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-pausequalityupdates"></a>**Update/PauseQualityUpdates**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Quality Updates are not paused.
--   1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-PauseQualityUpdatesStartTime"></a>**Update/PauseQualityUpdatesStartTime**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates.
-
-<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-requiredeferupgrade"></a>**Update/RequireDeferUpgrade**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
->
-> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
-
-
-<p style="margin-left: 20px">Allows the IT admin to set a device to CBB train.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – User gets upgrades from Current Branch.
--   1 – User gets upgrades from Current Branch for Business.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-requireupdateapproval"></a>**Update/RequireUpdateApproval**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-<br>
-
-> [!NOTE]
-> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
-
-
-<p style="margin-left: 20px">Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
-
-<p style="margin-left: 20px">Supported operations are Get and Replace.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not configured. The device installs all applicable updates.
--   1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduleimminentrestartwarning"></a>**Update/ScheduleImminentRestartWarning**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
-
-<p style="margin-left: 20px">Supported values are 15, 30, or 60 (minutes).
-
-<p style="margin-left: 20px">The default value is 15 (minutes).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-schedulerestartwarning"></a>**Update/ScheduleRestartWarning**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
-
-<p style="margin-left: 20px">Supported values are 2, 4, 8, 12, or 24 (hours).
-
-<p style="margin-left: 20px">The default value is 4 (hours).
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstallday"></a>**Update/ScheduledInstallDay**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Enables the IT admin to schedule the day of the update installation.
-
-<p style="margin-left: 20px">The data type is a integer.
-
-<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Every day
--   1 – Sunday
--   2 – Monday
--   3 – Tuesday
--   4 – Wednesday
--   5 – Thursday
--   6 – Friday
--   7 – Saturday
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstalleveryweek"></a>**Update/ScheduledInstallEveryWeek**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
-<ul>
-<li>0 - no update in the schedule</li>
-<li>1 - update is scheduled every week</li>
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstallfirstweek"></a>**Update/ScheduledInstallFirstWeek**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
-<ul>
-<li>0 - no update in the schedule</li>
-<li>1 - update is scheduled every first week of the month</li>
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstallfourthweek"></a>**Update/ScheduledInstallFourthWeek**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
-<ul>
-<li>0 - no update in the schedule</li>
-<li>1 - update is scheduled every fourth week of the month</li>
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstallsecondweek"></a>**Update/ScheduledInstallSecondWeek**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
-<ul>
-<li>0 - no update in the schedule</li>
-<li>1 - update is scheduled every second week of the month</li>
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstallthirdweek"></a>**Update/ScheduledInstallThirdWeek**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
-<ul>
-<li>0 - no update in the schedule</li>
-<li>1 - update is scheduled every third week of the month</li>
-</ul>
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-scheduledinstalltime"></a>**Update/ScheduledInstallTime**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Enables the IT admin to schedule the time of the update installation.
-
-<p style="margin-left: 20px">The data type is a integer.
-
-<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
-
-<p style="margin-left: 20px">Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
-
-<p style="margin-left: 20px">The default value is 3.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-setautorestartnotificationdisable"></a>**Update/SetAutoRestartNotificationDisable**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark"/><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark"/></td>
-	<td><img src="images/CheckMark.png" alt="check mark"/><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 (default) – Enabled
--   1 – Disabled
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-setedurestart"></a>**Update/SetEDURestart**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. For devices in a cart, this policy skips the check for battery level to ensure that the reboot will happen at ScheduledInstallTime.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
-- 0 - not configured
-- 1 - configured
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-updateserviceurl"></a>**Update/UpdateServiceUrl**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> [!NOTE]
-> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
-
-> [!Important]  
-> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
-
-<p style="margin-left: 20px">Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise MDMs that need to update devices that cannot connect to the Internet.
-
-<p style="margin-left: 20px">Supported operations are Get and Replace.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   Not configured. The device checks for updates from Microsoft Update.
--   Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
-
-Example
-
-``` syntax
-        <Replace>
-            <CmdID>$CmdID$</CmdID>
-            <Item>
-                <Meta>
-                    <Format>chr</Format>
-                    <Type>text/plain</Type>
-                </Meta>
-                <Target>
-                    <LocURI>./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl</LocURI>
-                </Target>
-                <Data>http://abcd-srv:8530</Data>
-            </Item>
-        </Replace>
-```
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="update-updateserviceurlalternate"></a>**Update/UpdateServiceUrlAlternate**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-> **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
-
-<p style="margin-left: 20px">Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
-
-<p style="margin-left: 20px">This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
-
-<p style="margin-left: 20px">To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.  An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
-
-<p style="margin-left: 20px">Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
-
-> [!Note]  
-> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.  
-> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.  
-> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">This policy has been deprecated.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-allowautoconnecttowifisensehotspots"></a>**Wifi/AllowAutoConnectToWiFiSenseHotspots**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allow or disallow the device to automatically connect to Wi-Fi hotspots.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Not allowed.
--   1 (default) – Allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-allowinternetsharing"></a>**Wifi/AllowInternetSharing**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allow or disallow internet sharing.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – Do not allow the use of Internet Sharing.
--   1 (default) – Allow the use of Internet Sharing.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-allowmanualwificonfiguration"></a>**Wifi/AllowManualWiFiConfiguration**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – No Wi-Fi connection outside of MDM provisioned network is allowed.
--   1 (default) – Adding new network SSIDs beyond the already MDM provisioned ones is allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-> [!NOTE]
-> Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-allowwifi"></a>**Wifi/AllowWiFi**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allow or disallow WiFi connection.
-
-<p style="margin-left: 20px">The following list shows the supported values:
-
--   0 – WiFi connection is not allowed.
--   1 (default) – WiFi connection is allowed.
-
-<p style="margin-left: 20px">Most restricted value is 0.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-allowwifidirect"></a>**Wifi/AllowWiFiDirect**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. Allow WiFi Direct connection..
-
-- 0 - WiFi Direct connection is not allowed.
-- 1 - WiFi Direct connection is allowed.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wifi-wlanscanmode"></a>**Wifi/WLANScanMode**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected.
-
-<p style="margin-left: 20px">Supported values are 0-500, where 100 = normal scan frequency and 500 = low scan frequency.
-
-<p style="margin-left: 20px">The default value is 0.
-
-<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
-
-<p style="margin-left: 20px">Value type is bool. The following list shows the supported values:
-
--   0 - app suggestions are not allowed.
--   1 (default) -allow app suggestions.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
-
-<p style="margin-left: 20px">Value type is int. The following list shows the supported values:
-
--   0 - access to ink workspace is disabled. The feature is turned off.
--   1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen.
--   2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**  
-
-<!--StartDescription-->
-This policy setting allows you to prevent app notifications from appearing on the lock screen.
-
-If you enable this policy setting, no app notifications are displayed on the lock screen.
-
-If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Turn off app notifications on the lock screen*
--   GP name: *DisableLockScreenAppNotifications*
--   GP path: *System/Logon*
--   GP ADMX file name: *logon.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**  
-
-<!--StartDescription-->
-This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
-
-If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
-
-If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
-
-<!--EndDescription-->
-<!--StartADMX-->
-ADMX Info:  
--   GP english name: *Do not display network selection UI*
--   GP name: *DontDisplayNetworkSelectionUI*
--   GP path: *System/Logon*
--   GP ADMX file name: *logon.admx*
-
-<!--EndADMX-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
-
-<p style="margin-left: 20px">Value type is bool. The following list shows the supported values:
-
--   0 (default) - Diabled (visible).
--   1 - Enabled (hidden).
-
-<p style="margin-left: 20px">To validate on Desktop, do the following:
-
-1.   Enable policy.
-2.   Verify that the Switch account button in Start is hidden.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC.  
-
-- 0 - your PC cannot discover or project to other devices.
-- 1 - your PC can discover and project to other devices
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure.  
-
-- 0 - your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct.
-- 1 - your PC can discover and project to other devices over infrastructure.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC.
-
-<p style="margin-left: 20px">If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
-
-<p style="margin-left: 20px">Value type is integer. Valid value:
-
--   0 - projection to PC is not allowed. Always off and the user cannot enable it.
--   1 (default) - projection to PC is allowed. Enabled only above the lock screen.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wirelessdisplay-Allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure.  
-
-- 0 - your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct.
-- 1 - your PC is discoverable and other devices can project to it over infrastructure.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
-
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1703.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<!--StartPolicy-->
-<a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**  
-
-<!--StartSKU-->
-<table>
-<tr>
-	<th>Home</th>
-	<th>Pro</th>
-	<th>Business</th>
-	<th>Enterprise</th>
-	<th>Education</th>
-	<th>Mobile</th>
-	<th>MobileEnterprise</th>
-</tr>
-<tr>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-	<td><img src="images/crossmark.png" alt="cross mark" /></td>
-</tr>
-</table>
-
-<!--EndSKU-->
-<!--StartDescription-->
-<p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing.
-
-<p style="margin-left: 20px">If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
-
-<p style="margin-left: 20px">Value type is integer. Valid value:
-
--   0 (default) - PIN is not required.
--   1 - PIN is required.
-
-<!--EndDescription-->
-<!--EndPolicy-->
-<hr/>
-
-Footnote:
-
--   1 - Added in Windows 10, version 1607.
--   2 - Added in Windows 10, version 1703.
-
-<!--EndPolicies-->
+## Policies
+
+### AboveLock policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-abovelock.md#abovelock-allowactioncenternotifications" id="abovelock-allowactioncenternotifications">AboveLock/AllowActionCenterNotifications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-abovelock.md#abovelock-allowcortanaabovelock" id="abovelock-allowcortanaabovelock">AboveLock/AllowCortanaAboveLock</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-abovelock.md#abovelock-allowtoasts" id="abovelock-allowtoasts">AboveLock/AllowToasts</a>
+  </dd>
+</dl>
+
+### Accounts policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-accounts.md#accounts-allowaddingnonmicrosoftaccountsmanually" id="accounts-allowaddingnonmicrosoftaccountsmanually">Accounts/AllowAddingNonMicrosoftAccountsManually</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-accounts.md#accounts-allowmicrosoftaccountconnection" id="accounts-allowmicrosoftaccountconnection">Accounts/AllowMicrosoftAccountConnection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-accounts.md#accounts-allowmicrosoftaccountsigninassistant" id="accounts-allowmicrosoftaccountsigninassistant">Accounts/AllowMicrosoftAccountSignInAssistant</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-accounts.md#accounts-domainnamesforemailsync" id="accounts-domainnamesforemailsync">Accounts/DomainNamesForEmailSync</a>
+  </dd>
+</dl>
+
+### ActiveXControls policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites" id="activexcontrols-approvedinstallationsites">ActiveXControls/ApprovedInstallationSites</a>
+  </dd>
+</dl>
+
+### ApplicationDefaults policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-applicationdefaults.md#applicationdefaults-defaultassociationsconfiguration" id="applicationdefaults-defaultassociationsconfiguration">ApplicationDefaults/DefaultAssociationsConfiguration</a>
+  </dd>
+</dl>
+
+### ApplicationManagement policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowalltrustedapps" id="applicationmanagement-allowalltrustedapps">ApplicationManagement/AllowAllTrustedApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowappstoreautoupdate" id="applicationmanagement-allowappstoreautoupdate">ApplicationManagement/AllowAppStoreAutoUpdate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowdeveloperunlock" id="applicationmanagement-allowdeveloperunlock">ApplicationManagement/AllowDeveloperUnlock</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowgamedvr" id="applicationmanagement-allowgamedvr">ApplicationManagement/AllowGameDVR</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowshareduserappdata" id="applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-allowstore" id="applicationmanagement-allowstore">ApplicationManagement/AllowStore</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-applicationrestrictions" id="applicationmanagement-applicationrestrictions">ApplicationManagement/ApplicationRestrictions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-disablestoreoriginatedapps" id="applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-requireprivatestoreonly" id="applicationmanagement-requireprivatestoreonly">ApplicationManagement/RequirePrivateStoreOnly</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-restrictappdatatosystemvolume" id="applicationmanagement-restrictappdatatosystemvolume">ApplicationManagement/RestrictAppDataToSystemVolume</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-applicationmanagement.md#applicationmanagement-restrictapptosystemvolume" id="applicationmanagement-restrictapptosystemvolume">ApplicationManagement/RestrictAppToSystemVolume</a>
+  </dd>
+</dl>
+
+### AppVirtualization policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowappvclient" id="appvirtualization-allowappvclient">AppVirtualization/AllowAppVClient</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization" id="appvirtualization-allowdynamicvirtualization">AppVirtualization/AllowDynamicVirtualization</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup" id="appvirtualization-allowpackagecleanup">AppVirtualization/AllowPackageCleanup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts" id="appvirtualization-allowpackagescripts">AppVirtualization/AllowPackageScripts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux" id="appvirtualization-allowpublishingrefreshux">AppVirtualization/AllowPublishingRefreshUX</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver" id="appvirtualization-allowreportingserver">AppVirtualization/AllowReportingServer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions" id="appvirtualization-allowroamingfileexclusions">AppVirtualization/AllowRoamingFileExclusions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions" id="appvirtualization-allowroamingregistryexclusions">AppVirtualization/AllowRoamingRegistryExclusions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload" id="appvirtualization-allowstreamingautoload">AppVirtualization/AllowStreamingAutoload</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode" id="appvirtualization-clientcoexistenceallowmigrationmode">AppVirtualization/ClientCoexistenceAllowMigrationmode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal" id="appvirtualization-integrationallowrootglobal">AppVirtualization/IntegrationAllowRootGlobal</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser" id="appvirtualization-integrationallowrootuser">AppVirtualization/IntegrationAllowRootUser</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1" id="appvirtualization-publishingallowserver1">AppVirtualization/PublishingAllowServer1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2" id="appvirtualization-publishingallowserver2">AppVirtualization/PublishingAllowServer2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3" id="appvirtualization-publishingallowserver3">AppVirtualization/PublishingAllowServer3</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4" id="appvirtualization-publishingallowserver4">AppVirtualization/PublishingAllowServer4</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5" id="appvirtualization-publishingallowserver5">AppVirtualization/PublishingAllowServer5</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient_ssl" id="appvirtualization-streamingallowcertificatefilterforclient_ssl">AppVirtualization/StreamingAllowCertificateFilterForClient_SSL</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch" id="appvirtualization-streamingallowhighcostlaunch">AppVirtualization/StreamingAllowHighCostLaunch</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider" id="appvirtualization-streamingallowlocationprovider">AppVirtualization/StreamingAllowLocationProvider</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot" id="appvirtualization-streamingallowpackageinstallationroot">AppVirtualization/StreamingAllowPackageInstallationRoot</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot" id="appvirtualization-streamingallowpackagesourceroot">AppVirtualization/StreamingAllowPackageSourceRoot</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval" id="appvirtualization-streamingallowreestablishmentinterval">AppVirtualization/StreamingAllowReestablishmentInterval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries" id="appvirtualization-streamingallowreestablishmentretries">AppVirtualization/StreamingAllowReestablishmentRetries</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode" id="appvirtualization-streamingsharedcontentstoremode">AppVirtualization/StreamingSharedContentStoreMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache" id="appvirtualization-streamingsupportbranchcache">AppVirtualization/StreamingSupportBranchCache</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist" id="appvirtualization-streamingverifycertificaterevocationlist">AppVirtualization/StreamingVerifyCertificateRevocationList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist" id="appvirtualization-virtualcomponentsallowlist">AppVirtualization/VirtualComponentsAllowList</a>
+  </dd>
+</dl>
+
+### AttachmentManager policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation" id="attachmentmanager-donotpreservezoneinformation">AttachmentManager/DoNotPreserveZoneInformation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism" id="attachmentmanager-hidezoneinfomechanism">AttachmentManager/HideZoneInfoMechanism</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms" id="attachmentmanager-notifyantivirusprograms">AttachmentManager/NotifyAntivirusPrograms</a>
+  </dd>
+</dl>
+
+### Authentication policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-authentication.md#authentication-alloweapcertsso" id="authentication-alloweapcertsso">Authentication/AllowEAPCertSSO</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-authentication.md#authentication-allowfastreconnect" id="authentication-allowfastreconnect">Authentication/AllowFastReconnect</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-authentication.md#authentication-allowsecondaryauthenticationdevice" id="authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
+  </dd>
+</dl>
+
+### Autoplay policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices" id="autoplay-disallowautoplayfornonvolumedevices">Autoplay/DisallowAutoplayForNonVolumeDevices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior" id="autoplay-setdefaultautorunbehavior">Autoplay/SetDefaultAutoRunBehavior</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-autoplay.md#autoplay-turnoffautoplay" id="autoplay-turnoffautoplay">Autoplay/TurnOffAutoPlay</a>
+  </dd>
+</dl>
+
+### Bitlocker policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-bitlocker.md#bitlocker-encryptionmethod" id="bitlocker-encryptionmethod">Bitlocker/EncryptionMethod</a>
+  </dd>
+</dl>
+
+### Bluetooth policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-bluetooth.md#bluetooth-allowadvertising" id="bluetooth-allowadvertising">Bluetooth/AllowAdvertising</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bluetooth.md#bluetooth-allowdiscoverablemode" id="bluetooth-allowdiscoverablemode">Bluetooth/AllowDiscoverableMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bluetooth.md#bluetooth-allowprepairing" id="bluetooth-allowprepairing">Bluetooth/AllowPrepairing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bluetooth.md#bluetooth-localdevicename" id="bluetooth-localdevicename">Bluetooth/LocalDeviceName</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-bluetooth.md#bluetooth-servicesallowedlist" id="bluetooth-servicesallowedlist">Bluetooth/ServicesAllowedList</a>
+  </dd>
+</dl>
+
+### Browser policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowaddressbardropdown" id="browser-allowaddressbardropdown">Browser/AllowAddressBarDropdown</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowautofill" id="browser-allowautofill">Browser/AllowAutofill</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowbrowser" id="browser-allowbrowser">Browser/AllowBrowser</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowcookies" id="browser-allowcookies">Browser/AllowCookies</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowdevelopertools" id="browser-allowdevelopertools">Browser/AllowDeveloperTools</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowdonottrack" id="browser-allowdonottrack">Browser/AllowDoNotTrack</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowextensions" id="browser-allowextensions">Browser/AllowExtensions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowflash" id="browser-allowflash">Browser/AllowFlash</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowflashclicktorun" id="browser-allowflashclicktorun">Browser/AllowFlashClickToRun</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowinprivate" id="browser-allowinprivate">Browser/AllowInPrivate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowmicrosoftcompatibilitylist" id="browser-allowmicrosoftcompatibilitylist">Browser/AllowMicrosoftCompatibilityList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowpasswordmanager" id="browser-allowpasswordmanager">Browser/AllowPasswordManager</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowpopups" id="browser-allowpopups">Browser/AllowPopups</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowsearchenginecustomization" id="browser-allowsearchenginecustomization">Browser/AllowSearchEngineCustomization</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowsearchsuggestionsinaddressbar" id="browser-allowsearchsuggestionsinaddressbar">Browser/AllowSearchSuggestionsinAddressBar</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-allowsmartscreen" id="browser-allowsmartscreen">Browser/AllowSmartScreen</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-clearbrowsingdataonexit" id="browser-clearbrowsingdataonexit">Browser/ClearBrowsingDataOnExit</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-configureadditionalsearchengines" id="browser-configureadditionalsearchengines">Browser/ConfigureAdditionalSearchEngines</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-disablelockdownofstartpages" id="browser-disablelockdownofstartpages">Browser/DisableLockdownOfStartPages</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-enterprisemodesitelist" id="browser-enterprisemodesitelist">Browser/EnterpriseModeSiteList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-enterprisesitelistserviceurl" id="browser-enterprisesitelistserviceurl">Browser/EnterpriseSiteListServiceUrl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-firstrunurl" id="browser-firstrunurl">Browser/FirstRunURL</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-homepages" id="browser-homepages">Browser/HomePages</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventaccesstoaboutflagsinmicrosoftedge" id="browser-preventaccesstoaboutflagsinmicrosoftedge">Browser/PreventAccessToAboutFlagsInMicrosoftEdge</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventfirstrunpage" id="browser-preventfirstrunpage">Browser/PreventFirstRunPage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventlivetiledatacollection" id="browser-preventlivetiledatacollection">Browser/PreventLiveTileDataCollection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventsmartscreenpromptoverride" id="browser-preventsmartscreenpromptoverride">Browser/PreventSmartScreenPromptOverride</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventsmartscreenpromptoverrideforfiles" id="browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-preventusinglocalhostipaddressforwebrtc" id="browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-sendintranettraffictointernetexplorer" id="browser-sendintranettraffictointernetexplorer">Browser/SendIntranetTraffictoInternetExplorer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-setdefaultsearchengine" id="browser-setdefaultsearchengine">Browser/SetDefaultSearchEngine</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-showmessagewhenopeningsitesininternetexplorer" id="browser-showmessagewhenopeningsitesininternetexplorer">Browser/ShowMessageWhenOpeningSitesInInternetExplorer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-browser.md#browser-syncfavoritesbetweenieandmicrosoftedge" id="browser-syncfavoritesbetweenieandmicrosoftedge">Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</a>
+  </dd>
+</dl>
+
+### Camera policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-camera.md#camera-allowcamera" id="camera-allowcamera">Camera/AllowCamera</a>
+  </dd>
+</dl>
+
+### Cellular policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-cellular.md#None" id="None">Cellular/ShowAppCellularAccessUI</a>
+  </dd>
+</dl>
+
+### Connectivity policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowbluetooth" id="connectivity-allowbluetooth">Connectivity/AllowBluetooth</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowcellulardata" id="connectivity-allowcellulardata">Connectivity/AllowCellularData</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowcellulardataroaming" id="connectivity-allowcellulardataroaming">Connectivity/AllowCellularDataRoaming</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowconnecteddevices" id="connectivity-allowconnecteddevices">Connectivity/AllowConnectedDevices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allownfc" id="connectivity-allownfc">Connectivity/AllowNFC</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowusbconnection" id="connectivity-allowusbconnection">Connectivity/AllowUSBConnection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowvpnovercellular" id="connectivity-allowvpnovercellular">Connectivity/AllowVPNOverCellular</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-allowvpnroamingovercellular" id="connectivity-allowvpnroamingovercellular">Connectivity/AllowVPNRoamingOverCellular</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#None" id="None">Connectivity/DiablePrintingOverHTTP</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#None" id="None">Connectivity/DisableDownloadingOfPrintDriversOverHTTP</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#None" id="None">Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#connectivity-hardeneduncpaths" id="connectivity-hardeneduncpaths">Connectivity/HardenedUNCPaths</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-connectivity.md#None" id="None">Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge</a>
+  </dd>
+</dl>
+
+### CredentialProviders policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon" id="credentialproviders-allowpinlogon">CredentialProviders/AllowPINLogon</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword" id="credentialproviders-blockpicturepassword">CredentialProviders/BlockPicturePassword</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-credentialproviders.md#credentialproviders-enablewindowsautopilotresetcredentials" id="credentialproviders-enablewindowsautopilotresetcredentials">CredentialProviders/EnableWindowsAutoPilotResetCredentials</a>
+  </dd>
+</dl>
+
+### CredentialsUI policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal" id="credentialsui-disablepasswordreveal">CredentialsUI/DisablePasswordReveal</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-credentialsui.md#credentialsui-enumerateadministrators" id="credentialsui-enumerateadministrators">CredentialsUI/EnumerateAdministrators</a>
+  </dd>
+</dl>
+
+### Cryptography policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-cryptography.md#cryptography-allowfipsalgorithmpolicy" id="cryptography-allowfipsalgorithmpolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-cryptography.md#cryptography-tlsciphersuites" id="cryptography-tlsciphersuites">Cryptography/TLSCipherSuites</a>
+  </dd>
+</dl>
+
+### DataProtection policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-dataprotection.md#dataprotection-allowdirectmemoryaccess" id="dataprotection-allowdirectmemoryaccess">DataProtection/AllowDirectMemoryAccess</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-dataprotection.md#dataprotection-legacyselectivewipeid" id="dataprotection-legacyselectivewipeid">DataProtection/LegacySelectiveWipeID</a>
+  </dd>
+</dl>
+
+### DataUsage policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-datausage.md#datausage-setcost3g" id="datausage-setcost3g">DataUsage/SetCost3G</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-datausage.md#datausage-setcost4g" id="datausage-setcost4g">DataUsage/SetCost4G</a>
+  </dd>
+</dl>
+
+### Defender policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowarchivescanning" id="defender-allowarchivescanning">Defender/AllowArchiveScanning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowbehaviormonitoring" id="defender-allowbehaviormonitoring">Defender/AllowBehaviorMonitoring</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowcloudprotection" id="defender-allowcloudprotection">Defender/AllowCloudProtection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowemailscanning" id="defender-allowemailscanning">Defender/AllowEmailScanning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowfullscanonmappednetworkdrives" id="defender-allowfullscanonmappednetworkdrives">Defender/AllowFullScanOnMappedNetworkDrives</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowfullscanremovabledrivescanning" id="defender-allowfullscanremovabledrivescanning">Defender/AllowFullScanRemovableDriveScanning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowioavprotection" id="defender-allowioavprotection">Defender/AllowIOAVProtection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowintrusionpreventionsystem" id="defender-allowintrusionpreventionsystem">Defender/AllowIntrusionPreventionSystem</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowonaccessprotection" id="defender-allowonaccessprotection">Defender/AllowOnAccessProtection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowrealtimemonitoring" id="defender-allowrealtimemonitoring">Defender/AllowRealtimeMonitoring</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowscanningnetworkfiles" id="defender-allowscanningnetworkfiles">Defender/AllowScanningNetworkFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowscriptscanning" id="defender-allowscriptscanning">Defender/AllowScriptScanning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-allowuseruiaccess" id="defender-allowuseruiaccess">Defender/AllowUserUIAccess</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-attacksurfacereductiononlyexclusions" id="defender-attacksurfacereductiononlyexclusions">Defender/AttackSurfaceReductionOnlyExclusions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-attacksurfacereductionrules" id="defender-attacksurfacereductionrules">Defender/AttackSurfaceReductionRules</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-avgcpuloadfactor" id="defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-cloudblocklevel" id="defender-cloudblocklevel">Defender/CloudBlockLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-cloudextendedtimeout" id="defender-cloudextendedtimeout">Defender/CloudExtendedTimeout</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-daystoretaincleanedmalware" id="defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-enableguardmyfolders" id="defender-enableguardmyfolders">Defender/EnableGuardMyFolders</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-enablenetworkprotection" id="defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-excludedextensions" id="defender-excludedextensions">Defender/ExcludedExtensions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-excludedpaths" id="defender-excludedpaths">Defender/ExcludedPaths</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-excludedprocesses" id="defender-excludedprocesses">Defender/ExcludedProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-guardedfoldersallowedapplications" id="defender-guardedfoldersallowedapplications">Defender/GuardedFoldersAllowedApplications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-guardedfolderslist" id="defender-guardedfolderslist">Defender/GuardedFoldersList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-puaprotection" id="defender-puaprotection">Defender/PUAProtection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-realtimescandirection" id="defender-realtimescandirection">Defender/RealTimeScanDirection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-scanparameter" id="defender-scanparameter">Defender/ScanParameter</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-schedulequickscantime" id="defender-schedulequickscantime">Defender/ScheduleQuickScanTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-schedulescanday" id="defender-schedulescanday">Defender/ScheduleScanDay</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-schedulescantime" id="defender-schedulescantime">Defender/ScheduleScanTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-signatureupdateinterval" id="defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-submitsamplesconsent" id="defender-submitsamplesconsent">Defender/SubmitSamplesConsent</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-defender.md#defender-threatseveritydefaultaction" id="defender-threatseveritydefaultaction">Defender/ThreatSeverityDefaultAction</a>
+  </dd>
+</dl>
+
+### DeliveryOptimization policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-doabsolutemaxcachesize" id="deliveryoptimization-doabsolutemaxcachesize">DeliveryOptimization/DOAbsoluteMaxCacheSize</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-doallowvpnpeercaching" id="deliveryoptimization-doallowvpnpeercaching">DeliveryOptimization/DOAllowVPNPeerCaching</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dodownloadmode" id="deliveryoptimization-dodownloadmode">DeliveryOptimization/DODownloadMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dogroupid" id="deliveryoptimization-dogroupid">DeliveryOptimization/DOGroupId</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcacheage" id="deliveryoptimization-domaxcacheage">DeliveryOptimization/DOMaxCacheAge</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxcachesize" id="deliveryoptimization-domaxcachesize">DeliveryOptimization/DOMaxCacheSize</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxdownloadbandwidth" id="deliveryoptimization-domaxdownloadbandwidth">DeliveryOptimization/DOMaxDownloadBandwidth</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domaxuploadbandwidth" id="deliveryoptimization-domaxuploadbandwidth">DeliveryOptimization/DOMaxUploadBandwidth</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbackgroundqos" id="deliveryoptimization-dominbackgroundqos">DeliveryOptimization/DOMinBackgroundQos</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dominbatterypercentageallowedtoupload" id="deliveryoptimization-dominbatterypercentageallowedtoupload">DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domindisksizeallowedtopeer" id="deliveryoptimization-domindisksizeallowedtopeer">DeliveryOptimization/DOMinDiskSizeAllowedToPeer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dominfilesizetocache" id="deliveryoptimization-dominfilesizetocache">DeliveryOptimization/DOMinFileSizeToCache</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dominramallowedtopeer" id="deliveryoptimization-dominramallowedtopeer">DeliveryOptimization/DOMinRAMAllowedToPeer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domodifycachedrive" id="deliveryoptimization-domodifycachedrive">DeliveryOptimization/DOModifyCacheDrive</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-domonthlyuploaddatacap" id="deliveryoptimization-domonthlyuploaddatacap">DeliveryOptimization/DOMonthlyUploadDataCap</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deliveryoptimization.md#deliveryoptimization-dopercentagemaxdownloadbandwidth" id="deliveryoptimization-dopercentagemaxdownloadbandwidth">DeliveryOptimization/DOPercentageMaxDownloadBandwidth</a>
+  </dd>
+</dl>
+
+### Desktop policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders" id="desktop-preventuserredirectionofprofilefolders">Desktop/PreventUserRedirectionOfProfileFolders</a>
+  </dd>
+</dl>
+
+### DeviceGuard policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-deviceguard.md#deviceguard-enablevirtualizationbasedsecurity" id="deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deviceguard.md#deviceguard-lsacfgflags" id="deviceguard-lsacfgflags">DeviceGuard/LsaCfgFlags</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deviceguard.md#deviceguard-requireplatformsecurityfeatures" id="deviceguard-requireplatformsecurityfeatures">DeviceGuard/RequirePlatformSecurityFeatures</a>
+  </dd>
+</dl>
+
+### DeviceInstallation policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids" id="deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
+  </dd>
+</dl>
+
+### DeviceLock policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-allowidlereturnwithoutpassword" id="devicelock-allowidlereturnwithoutpassword">DeviceLock/AllowIdleReturnWithoutPassword</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-allowscreentimeoutwhilelockeduserconfig" id="devicelock-allowscreentimeoutwhilelockeduserconfig">DeviceLock/AllowScreenTimeoutWhileLockedUserConfig</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-allowsimpledevicepassword" id="devicelock-allowsimpledevicepassword">DeviceLock/AllowSimpleDevicePassword</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-alphanumericdevicepasswordrequired" id="devicelock-alphanumericdevicepasswordrequired">DeviceLock/AlphanumericDevicePasswordRequired</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-devicepasswordenabled" id="devicelock-devicepasswordenabled">DeviceLock/DevicePasswordEnabled</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-devicepasswordexpiration" id="devicelock-devicepasswordexpiration">DeviceLock/DevicePasswordExpiration</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-devicepasswordhistory" id="devicelock-devicepasswordhistory">DeviceLock/DevicePasswordHistory</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-enforcelockscreenandlogonimage" id="devicelock-enforcelockscreenandlogonimage">DeviceLock/EnforceLockScreenAndLogonImage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-enforcelockscreenprovider" id="devicelock-enforcelockscreenprovider">DeviceLock/EnforceLockScreenProvider</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-maxdevicepasswordfailedattempts" id="devicelock-maxdevicepasswordfailedattempts">DeviceLock/MaxDevicePasswordFailedAttempts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelock" id="devicelock-maxinactivitytimedevicelock">DeviceLock/MaxInactivityTimeDeviceLock</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-maxinactivitytimedevicelockwithexternaldisplay" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay">DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-mindevicepasswordcomplexcharacters" id="devicelock-mindevicepasswordcomplexcharacters">DeviceLock/MinDevicePasswordComplexCharacters</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-mindevicepasswordlength" id="devicelock-mindevicepasswordlength">DeviceLock/MinDevicePasswordLength</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow" id="devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-devicelock.md#devicelock-screentimeoutwhilelocked" id="devicelock-screentimeoutwhilelocked">DeviceLock/ScreenTimeoutWhileLocked</a>
+  </dd>
+</dl>
+
+### Display policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-display.md#display-turnoffgdidpiscalingforapps" id="display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-display.md#display-turnongdidpiscalingforapps" id="display-turnongdidpiscalingforapps">Display/TurnOnGdiDPIScalingForApps</a>
+  </dd>
+</dl>
+
+### EnterpriseCloudPrint policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-enterprisecloudprint.md#enterprisecloudprint-cloudprintoauthauthority" id="enterprisecloudprint-cloudprintoauthauthority">EnterpriseCloudPrint/CloudPrintOAuthAuthority</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-enterprisecloudprint.md#enterprisecloudprint-cloudprintoauthclientid" id="enterprisecloudprint-cloudprintoauthclientid">EnterpriseCloudPrint/CloudPrintOAuthClientId</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-enterprisecloudprint.md#enterprisecloudprint-cloudprintresourceid" id="enterprisecloudprint-cloudprintresourceid">EnterpriseCloudPrint/CloudPrintResourceId</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-enterprisecloudprint.md#enterprisecloudprint-cloudprinterdiscoveryendpoint" id="enterprisecloudprint-cloudprinterdiscoveryendpoint">EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-enterprisecloudprint.md#enterprisecloudprint-discoverymaxprinterlimit" id="enterprisecloudprint-discoverymaxprinterlimit">EnterpriseCloudPrint/DiscoveryMaxPrinterLimit</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-enterprisecloudprint.md#enterprisecloudprint-mopriadiscoveryresourceid" id="enterprisecloudprint-mopriadiscoveryresourceid">EnterpriseCloudPrint/MopriaDiscoveryResourceId</a>
+  </dd>
+</dl>
+
+### ErrorReporting policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings" id="errorreporting-customizeconsentsettings">ErrorReporting/CustomizeConsentSettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting" id="errorreporting-disablewindowserrorreporting">ErrorReporting/DisableWindowsErrorReporting</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-errorreporting.md#errorreporting-displayerrornotification" id="errorreporting-displayerrornotification">ErrorReporting/DisplayErrorNotification</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata" id="errorreporting-donotsendadditionaldata">ErrorReporting/DoNotSendAdditionalData</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay" id="errorreporting-preventcriticalerrordisplay">ErrorReporting/PreventCriticalErrorDisplay</a>
+  </dd>
+</dl>
+
+### EventLogService policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior" id="eventlogservice-controleventlogbehavior">EventLogService/ControlEventLogBehavior</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog" id="eventlogservice-specifymaximumfilesizeapplicationlog">EventLogService/SpecifyMaximumFileSizeApplicationLog</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog" id="eventlogservice-specifymaximumfilesizesecuritylog">EventLogService/SpecifyMaximumFileSizeSecurityLog</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog" id="eventlogservice-specifymaximumfilesizesystemlog">EventLogService/SpecifyMaximumFileSizeSystemLog</a>
+  </dd>
+</dl>
+
+### Experience policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowcopypaste" id="experience-allowcopypaste">Experience/AllowCopyPaste</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowcortana" id="experience-allowcortana">Experience/AllowCortana</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowdevicediscovery" id="experience-allowdevicediscovery">Experience/AllowDeviceDiscovery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowmanualmdmunenrollment" id="experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowsimerrordialogpromptwhennosim" id="experience-allowsimerrordialogpromptwhennosim">Experience/AllowSIMErrorDialogPromptWhenNoSIM</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowscreencapture" id="experience-allowscreencapture">Experience/AllowScreenCapture</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowsyncmysettings" id="experience-allowsyncmysettings">Experience/AllowSyncMySettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowtailoredexperienceswithdiagnosticdata" id="experience-allowtailoredexperienceswithdiagnosticdata">Experience/AllowTailoredExperiencesWithDiagnosticData</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowtaskswitcher" id="experience-allowtaskswitcher">Experience/AllowTaskSwitcher</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowthirdpartysuggestionsinwindowsspotlight" id="experience-allowthirdpartysuggestionsinwindowsspotlight">Experience/AllowThirdPartySuggestionsInWindowsSpotlight</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowvoicerecording" id="experience-allowvoicerecording">Experience/AllowVoiceRecording</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowwindowsconsumerfeatures" id="experience-allowwindowsconsumerfeatures">Experience/AllowWindowsConsumerFeatures</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowwindowsspotlight" id="experience-allowwindowsspotlight">Experience/AllowWindowsSpotlight</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowwindowsspotlightonactioncenter" id="experience-allowwindowsspotlightonactioncenter">Experience/AllowWindowsSpotlightOnActionCenter</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowwindowsspotlightwindowswelcomeexperience" id="experience-allowwindowsspotlightwindowswelcomeexperience">Experience/AllowWindowsSpotlightWindowsWelcomeExperience</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-allowwindowstips" id="experience-allowwindowstips">Experience/AllowWindowsTips</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-configurewindowsspotlightonlockscreen" id="experience-configurewindowsspotlightonlockscreen">Experience/ConfigureWindowsSpotlightOnLockScreen</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-experience.md#experience-donotshowfeedbacknotifications" id="experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
+  </dd>
+</dl>
+
+### Games policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-games.md#games-allowadvancedgamingservices" id="games-allowadvancedgamingservices">Games/AllowAdvancedGamingServices</a>
+  </dd>
+</dl>
+
+### InternetExplorer policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider" id="internetexplorer-addsearchprovider">InternetExplorer/AddSearchProvider</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering" id="internetexplorer-allowactivexfiltering">InternetExplorer/AllowActiveXFiltering</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist" id="internetexplorer-allowaddonlist">InternetExplorer/AllowAddOnList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/AllowAutoComplete</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/AllowCertificateAddressMismatchWarning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/AllowDeletingBrowsingHistoryOnExit</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode" id="internetexplorer-allowenhancedprotectedmode">InternetExplorer/AllowEnhancedProtectedMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu" id="internetexplorer-allowenterprisemodefromtoolsmenu">InternetExplorer/AllowEnterpriseModeFromToolsMenu</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist" id="internetexplorer-allowenterprisemodesitelist">InternetExplorer/AllowEnterpriseModeSiteList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/AllowFallbackToSSL3</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist" id="internetexplorer-allowinternetexplorer7policylist">InternetExplorer/AllowInternetExplorer7PolicyList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode" id="internetexplorer-allowinternetexplorerstandardsmode">InternetExplorer/AllowInternetExplorerStandardsMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate" id="internetexplorer-allowinternetzonetemplate">InternetExplorer/AllowInternetZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate" id="internetexplorer-allowintranetzonetemplate">InternetExplorer/AllowIntranetZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate" id="internetexplorer-allowlocalmachinezonetemplate">InternetExplorer/AllowLocalMachineZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate" id="internetexplorer-allowlockeddowninternetzonetemplate">InternetExplorer/AllowLockedDownInternetZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate" id="internetexplorer-allowlockeddownintranetzonetemplate">InternetExplorer/AllowLockedDownIntranetZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate" id="internetexplorer-allowlockeddownlocalmachinezonetemplate">InternetExplorer/AllowLockedDownLocalMachineZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate" id="internetexplorer-allowlockeddownrestrictedsiteszonetemplate">InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry" id="internetexplorer-allowonewordentry">InternetExplorer/AllowOneWordEntry</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist" id="internetexplorer-allowsitetozoneassignmentlist">InternetExplorer/AllowSiteToZoneAssignmentList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/AllowSoftwareWhenSignatureIsInvalid</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites" id="internetexplorer-allowsuggestedsites">InternetExplorer/AllowSuggestedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate" id="internetexplorer-allowtrustedsiteszonetemplate">InternetExplorer/AllowTrustedSitesZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate" id="internetexplorer-allowslockeddowntrustedsiteszonetemplate">InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate" id="internetexplorer-allowsrestrictedsiteszonetemplate">InternetExplorer/AllowsRestrictedSitesZoneTemplate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/CheckServerCertificateRevocation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/CheckSignaturesOnDownloadedPrograms</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash" id="internetexplorer-disableadobeflash">InternetExplorer/DisableAdobeFlash</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableBlockingOfOutdatedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings" id="internetexplorer-disablebypassofsmartscreenwarnings">InternetExplorer/DisableBypassOfSmartScreenWarnings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles" id="internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles">InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableConfiguringHistory</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableCrashDetection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation" id="internetexplorer-disablecustomerexperienceimprovementprogramparticipation">InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableDeletingUserVisitedWebsites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading" id="internetexplorer-disableenclosuredownloading">InternetExplorer/DisableEnclosureDownloading</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport" id="internetexplorer-disableencryptionsupport">InternetExplorer/DisableEncryptionSupport</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard" id="internetexplorer-disablefirstrunwizard">InternetExplorer/DisableFirstRunWizard</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature" id="internetexplorer-disableflipaheadfeature">InternetExplorer/DisableFlipAheadFeature</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange" id="internetexplorer-disablehomepagechange">InternetExplorer/DisableHomePageChange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableIgnoringCertificateErrors</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableInPrivateBrowsing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableProcessesInEnhancedProtectedMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disableproxychange" id="internetexplorer-disableproxychange">InternetExplorer/DisableProxyChange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange" id="internetexplorer-disablesearchproviderchange">InternetExplorer/DisableSearchProviderChange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange" id="internetexplorer-disablesecondaryhomepagechange">InternetExplorer/DisableSecondaryHomePageChange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DisableSecuritySettingsCheck</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck" id="internetexplorer-disableupdatecheck">InternetExplorer/DisableUpdateCheck</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/DoNotAllowActiveXControlsInProtectedMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites" id="internetexplorer-donotallowuserstoaddsites">InternetExplorer/DoNotAllowUsersToAddSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies" id="internetexplorer-donotallowuserstochangepolicies">InternetExplorer/DoNotAllowUsersToChangePolicies</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols" id="internetexplorer-donotblockoutdatedactivexcontrols">InternetExplorer/DoNotBlockOutdatedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains" id="internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains">InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites" id="internetexplorer-includealllocalsites">InternetExplorer/IncludeAllLocalSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths" id="internetexplorer-includeallnetworkpaths">InternetExplorer/IncludeAllNetworkPaths</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources" id="internetexplorer-internetzoneallowaccesstodatasources">InternetExplorer/InternetZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols">InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads" id="internetexplorer-internetzoneallowautomaticpromptingforfiledownloads">InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowCopyPasteViaScript</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads" id="internetexplorer-internetzoneallowfontdownloads">InternetExplorer/InternetZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites" id="internetexplorer-internetzoneallowlessprivilegedsites">InternetExplorer/InternetZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents" id="internetexplorer-internetzoneallownetframeworkreliantcomponents">InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowScriptInitiatedWindows</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets" id="internetexplorer-internetzoneallowscriptlets">InternetExplorer/InternetZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie" id="internetexplorer-internetzoneallowsmartscreenie">InternetExplorer/InternetZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence" id="internetexplorer-internetzoneallowuserdatapersistence">InternetExplorer/InternetZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneDownloadSignedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneDownloadUnsignedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneEnableMIMESniffing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneEnableProtectedMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols" id="internetexplorer-internetzoneinitializeandscriptactivexcontrols">InternetExplorer/InternetZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneJavaPermissionsWRONG1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneJavaPermissionsWRONG2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneLogonOptions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes" id="internetexplorer-internetzonenavigatewindowsandframes">InternetExplorer/InternetZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneUsePopupBlocker</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources" id="internetexplorer-intranetzoneallowaccesstodatasources">InternetExplorer/IntranetZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols">InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads" id="internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads">InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads" id="internetexplorer-intranetzoneallowfontdownloads">InternetExplorer/IntranetZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites" id="internetexplorer-intranetzoneallowlessprivilegedsites">InternetExplorer/IntranetZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents" id="internetexplorer-intranetzoneallownetframeworkreliantcomponents">InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets" id="internetexplorer-intranetzoneallowscriptlets">InternetExplorer/IntranetZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie" id="internetexplorer-intranetzoneallowsmartscreenie">InternetExplorer/IntranetZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence" id="internetexplorer-intranetzoneallowuserdatapersistence">InternetExplorer/IntranetZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols" id="internetexplorer-intranetzoneinitializeandscriptactivexcontrols">InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes" id="internetexplorer-intranetzonenavigatewindowsandframes">InternetExplorer/IntranetZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources" id="internetexplorer-localmachinezoneallowaccesstodatasources">InternetExplorer/LocalMachineZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols">InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads" id="internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads">InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads" id="internetexplorer-localmachinezoneallowfontdownloads">InternetExplorer/LocalMachineZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites" id="internetexplorer-localmachinezoneallowlessprivilegedsites">InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents" id="internetexplorer-localmachinezoneallownetframeworkreliantcomponents">InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets" id="internetexplorer-localmachinezoneallowscriptlets">InternetExplorer/LocalMachineZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie" id="internetexplorer-localmachinezoneallowsmartscreenie">InternetExplorer/LocalMachineZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence" id="internetexplorer-localmachinezoneallowuserdatapersistence">InternetExplorer/LocalMachineZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols" id="internetexplorer-localmachinezoneinitializeandscriptactivexcontrols">InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/LocalMachineZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes" id="internetexplorer-localmachinezonenavigatewindowsandframes">InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources" id="internetexplorer-lockeddowninternetzoneallowaccesstodatasources">InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols">InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads" id="internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads">InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads" id="internetexplorer-lockeddowninternetzoneallowfontdownloads">InternetExplorer/LockedDownInternetZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites" id="internetexplorer-lockeddowninternetzoneallowlessprivilegedsites">InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents" id="internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents">InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets" id="internetexplorer-lockeddowninternetzoneallowscriptlets">InternetExplorer/LockedDownInternetZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie" id="internetexplorer-lockeddowninternetzoneallowsmartscreenie">InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence" id="internetexplorer-lockeddowninternetzoneallowuserdatapersistence">InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols" id="internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols">InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/LockedDownInternetZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes" id="internetexplorer-lockeddowninternetzonenavigatewindowsandframes">InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources" id="internetexplorer-lockeddownintranetzoneallowaccesstodatasources">InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols">InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads" id="internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads">InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads" id="internetexplorer-lockeddownintranetzoneallowfontdownloads">InternetExplorer/LockedDownIntranetZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites" id="internetexplorer-lockeddownintranetzoneallowlessprivilegedsites">InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents" id="internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents">InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets" id="internetexplorer-lockeddownintranetzoneallowscriptlets">InternetExplorer/LockedDownIntranetZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie" id="internetexplorer-lockeddownintranetzoneallowsmartscreenie">InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence" id="internetexplorer-lockeddownintranetzoneallowuserdatapersistence">InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols" id="internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols">InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes" id="internetexplorer-lockeddownintranetzonenavigatewindowsandframes">InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources" id="internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources">InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols">InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads" id="internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads">InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads" id="internetexplorer-lockeddownlocalmachinezoneallowfontdownloads">InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites" id="internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites">InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents" id="internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents">InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets" id="internetexplorer-lockeddownlocalmachinezoneallowscriptlets">InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie" id="internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie">InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence" id="internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence">InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols" id="internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols">InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/LockedDownLocalMachineZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes" id="internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes">InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources" id="internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources">InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols">InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads" id="internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads">InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads" id="internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads">InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites" id="internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites">InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents" id="internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents">InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets" id="internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets">InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie" id="internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie">InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence" id="internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence">InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols" id="internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols">InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes" id="internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes">InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources" id="internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources">InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols">InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads" id="internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads">InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads" id="internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads">InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites" id="internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites">InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents" id="internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents">InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets" id="internetexplorer-lockeddowntrustedsiteszoneallowscriptlets">InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie" id="internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie">InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence" id="internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence">InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols" id="internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols">InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes" id="internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes">InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/NotificationBarInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/PreventManagingSmartScreenFilter</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/PreventPerUserInstallationOfActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictFileDownloadInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources" id="internetexplorer-restrictedsiteszoneallowaccesstodatasources">InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowActiveScripting</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols">InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads" id="internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads">InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowfontdownloads" id="internetexplorer-restrictedsiteszoneallowfontdownloads">InternetExplorer/RestrictedSitesZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites" id="internetexplorer-restrictedsiteszoneallowlessprivilegedsites">InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents" id="internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents">InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets" id="internetexplorer-restrictedsiteszoneallowscriptlets">InternetExplorer/RestrictedSitesZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie" id="internetexplorer-restrictedsiteszoneallowsmartscreenie">InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence" id="internetexplorer-restrictedsiteszoneallowuserdatapersistence">InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneEnableMIMESniffing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols" id="internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols">InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneLogonOptions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes" id="internetexplorer-restrictedsiteszonenavigatewindowsandframes">InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneWRONG</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneWRONG2</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneWRONG3</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneWRONG4</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/RestrictedSitesZoneWRONG5</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist" id="internetexplorer-searchproviderlist">InternetExplorer/SearchProviderList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/SecurityZonesUseOnlyMachineSettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/SpecifyUseOfActiveXInstallerService</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources" id="internetexplorer-trustedsiteszoneallowaccesstodatasources">InternetExplorer/TrustedSitesZoneAllowAccessToDataSources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols" id="internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols">InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads" id="internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads">InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads" id="internetexplorer-trustedsiteszoneallowfontdownloads">InternetExplorer/TrustedSitesZoneAllowFontDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites" id="internetexplorer-trustedsiteszoneallowlessprivilegedsites">InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents" id="internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents">InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets" id="internetexplorer-trustedsiteszoneallowscriptlets">InternetExplorer/TrustedSitesZoneAllowScriptlets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie" id="internetexplorer-trustedsiteszoneallowsmartscreenie">InternetExplorer/TrustedSitesZoneAllowSmartScreenIE</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence" id="internetexplorer-trustedsiteszoneallowuserdatapersistence">InternetExplorer/TrustedSitesZoneAllowUserDataPersistence</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols" id="internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols">InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/TrustedSitesZoneJavaPermissions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes" id="internetexplorer-trustedsiteszonenavigatewindowsandframes">InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/TrustedSitesZoneWRONG1</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-internetexplorer.md#None" id="None">InternetExplorer/TrustedSitesZoneWRONG2</a>
+  </dd>
+</dl>
+
+### Kerberos policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-kerberos.md#kerberos-allowforestsearchorder" id="kerberos-allowforestsearchorder">Kerberos/AllowForestSearchOrder</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor" id="kerberos-kerberosclientsupportsclaimscompoundarmor">Kerberos/KerberosClientSupportsClaimsCompoundArmor</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-kerberos.md#kerberos-requirekerberosarmoring" id="kerberos-requirekerberosarmoring">Kerberos/RequireKerberosArmoring</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation" id="kerberos-requirestrictkdcvalidation">Kerberos/RequireStrictKDCValidation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize" id="kerberos-setmaximumcontexttokensize">Kerberos/SetMaximumContextTokenSize</a>
+  </dd>
+</dl>
+
+### Licensing policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-licensing.md#licensing-allowwindowsentitlementreactivation" id="licensing-allowwindowsentitlementreactivation">Licensing/AllowWindowsEntitlementReactivation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-licensing.md#licensing-disallowkmsclientonlineavsvalidation" id="licensing-disallowkmsclientonlineavsvalidation">Licensing/DisallowKMSClientOnlineAVSValidation</a>
+  </dd>
+</dl>
+
+### Location policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-location.md#location-enablelocation" id="location-enablelocation">Location/EnableLocation</a>
+  </dd>
+</dl>
+
+### LockDown policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-lockdown.md#lockdown-allowedgeswipe" id="lockdown-allowedgeswipe">LockDown/AllowEdgeSwipe</a>
+  </dd>
+</dl>
+
+### Maps policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-maps.md#maps-allowofflinemapsdownloadovermeteredconnection" id="maps-allowofflinemapsdownloadovermeteredconnection">Maps/AllowOfflineMapsDownloadOverMeteredConnection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-maps.md#maps-enableofflinemapsautoupdate" id="maps-enableofflinemapsautoupdate">Maps/EnableOfflineMapsAutoUpdate</a>
+  </dd>
+</dl>
+
+### Messaging policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-messaging.md#messaging-allowmms" id="messaging-allowmms">Messaging/AllowMMS</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-messaging.md#messaging-allowmessagesync" id="messaging-allowmessagesync">Messaging/AllowMessageSync</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-messaging.md#messaging-allowrcs" id="messaging-allowrcs">Messaging/AllowRCS</a>
+  </dd>
+</dl>
+
+### NetworkIsolation policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterprisecloudresources" id="networkisolation-enterprisecloudresources">NetworkIsolation/EnterpriseCloudResources</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterpriseiprange" id="networkisolation-enterpriseiprange">NetworkIsolation/EnterpriseIPRange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterpriseiprangesareauthoritative" id="networkisolation-enterpriseiprangesareauthoritative">NetworkIsolation/EnterpriseIPRangesAreAuthoritative</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterpriseinternalproxyservers" id="networkisolation-enterpriseinternalproxyservers">NetworkIsolation/EnterpriseInternalProxyServers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterprisenetworkdomainnames" id="networkisolation-enterprisenetworkdomainnames">NetworkIsolation/EnterpriseNetworkDomainNames</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterpriseproxyservers" id="networkisolation-enterpriseproxyservers">NetworkIsolation/EnterpriseProxyServers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-enterpriseproxyserversareauthoritative" id="networkisolation-enterpriseproxyserversareauthoritative">NetworkIsolation/EnterpriseProxyServersAreAuthoritative</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-networkisolation.md#networkisolation-neutralresources" id="networkisolation-neutralresources">NetworkIsolation/NeutralResources</a>
+  </dd>
+</dl>
+
+### Notifications policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-notifications.md#notifications-disallownotificationmirroring" id="notifications-disallownotificationmirroring">Notifications/DisallowNotificationMirroring</a>
+  </dd>
+</dl>
+
+### Power policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-power.md#power-allowstandbywhensleepingpluggedin" id="power-allowstandbywhensleepingpluggedin">Power/AllowStandbyWhenSleepingPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-displayofftimeoutonbattery" id="power-displayofftimeoutonbattery">Power/DisplayOffTimeoutOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-displayofftimeoutpluggedin" id="power-displayofftimeoutpluggedin">Power/DisplayOffTimeoutPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-hibernatetimeoutonbattery" id="power-hibernatetimeoutonbattery">Power/HibernateTimeoutOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-hibernatetimeoutpluggedin" id="power-hibernatetimeoutpluggedin">Power/HibernateTimeoutPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery" id="power-requirepasswordwhencomputerwakesonbattery">Power/RequirePasswordWhenComputerWakesOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin" id="power-requirepasswordwhencomputerwakespluggedin">Power/RequirePasswordWhenComputerWakesPluggedIn</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-standbytimeoutonbattery" id="power-standbytimeoutonbattery">Power/StandbyTimeoutOnBattery</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-power.md#power-standbytimeoutpluggedin" id="power-standbytimeoutpluggedin">Power/StandbyTimeoutPluggedIn</a>
+  </dd>
+</dl>
+
+### Printers policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-printers.md#printers-pointandprintrestrictions" id="printers-pointandprintrestrictions">Printers/PointAndPrintRestrictions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-printers.md#printers-pointandprintrestrictions_user" id="printers-pointandprintrestrictions_user">Printers/PointAndPrintRestrictions_User</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-printers.md#printers-publishprinters" id="printers-publishprinters">Printers/PublishPrinters</a>
+  </dd>
+</dl>
+
+### Privacy policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-allowautoacceptpairingandprivacyconsentprompts" id="privacy-allowautoacceptpairingandprivacyconsentprompts">Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-allowinputpersonalization" id="privacy-allowinputpersonalization">Privacy/AllowInputPersonalization</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-disableadvertisingid" id="privacy-disableadvertisingid">Privacy/DisableAdvertisingId</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessaccountinfo" id="privacy-letappsaccessaccountinfo">Privacy/LetAppsAccessAccountInfo</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forceallowtheseapps" id="privacy-letappsaccessaccountinfo-forceallowtheseapps">Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-forcedenytheseapps" id="privacy-letappsaccessaccountinfo-forcedenytheseapps">Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessaccountinfo-userincontroloftheseapps" id="privacy-letappsaccessaccountinfo-userincontroloftheseapps">Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscalendar" id="privacy-letappsaccesscalendar">Privacy/LetAppsAccessCalendar</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscalendar-forceallowtheseapps" id="privacy-letappsaccesscalendar-forceallowtheseapps">Privacy/LetAppsAccessCalendar_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscalendar-forcedenytheseapps" id="privacy-letappsaccesscalendar-forcedenytheseapps">Privacy/LetAppsAccessCalendar_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscalendar-userincontroloftheseapps" id="privacy-letappsaccesscalendar-userincontroloftheseapps">Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscallhistory" id="privacy-letappsaccesscallhistory">Privacy/LetAppsAccessCallHistory</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forceallowtheseapps" id="privacy-letappsaccesscallhistory-forceallowtheseapps">Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscallhistory-forcedenytheseapps" id="privacy-letappsaccesscallhistory-forcedenytheseapps">Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscallhistory-userincontroloftheseapps" id="privacy-letappsaccesscallhistory-userincontroloftheseapps">Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscamera" id="privacy-letappsaccesscamera">Privacy/LetAppsAccessCamera</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscamera-forceallowtheseapps" id="privacy-letappsaccesscamera-forceallowtheseapps">Privacy/LetAppsAccessCamera_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscamera-forcedenytheseapps" id="privacy-letappsaccesscamera-forcedenytheseapps">Privacy/LetAppsAccessCamera_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscamera-userincontroloftheseapps" id="privacy-letappsaccesscamera-userincontroloftheseapps">Privacy/LetAppsAccessCamera_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscontacts" id="privacy-letappsaccesscontacts">Privacy/LetAppsAccessContacts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscontacts-forceallowtheseapps" id="privacy-letappsaccesscontacts-forceallowtheseapps">Privacy/LetAppsAccessContacts_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscontacts-forcedenytheseapps" id="privacy-letappsaccesscontacts-forcedenytheseapps">Privacy/LetAppsAccessContacts_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesscontacts-userincontroloftheseapps" id="privacy-letappsaccesscontacts-userincontroloftheseapps">Privacy/LetAppsAccessContacts_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessemail" id="privacy-letappsaccessemail">Privacy/LetAppsAccessEmail</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessemail-forceallowtheseapps" id="privacy-letappsaccessemail-forceallowtheseapps">Privacy/LetAppsAccessEmail_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessemail-forcedenytheseapps" id="privacy-letappsaccessemail-forcedenytheseapps">Privacy/LetAppsAccessEmail_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessemail-userincontroloftheseapps" id="privacy-letappsaccessemail-userincontroloftheseapps">Privacy/LetAppsAccessEmail_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesslocation" id="privacy-letappsaccesslocation">Privacy/LetAppsAccessLocation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesslocation-forceallowtheseapps" id="privacy-letappsaccesslocation-forceallowtheseapps">Privacy/LetAppsAccessLocation_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesslocation-forcedenytheseapps" id="privacy-letappsaccesslocation-forcedenytheseapps">Privacy/LetAppsAccessLocation_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesslocation-userincontroloftheseapps" id="privacy-letappsaccesslocation-userincontroloftheseapps">Privacy/LetAppsAccessLocation_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmessaging" id="privacy-letappsaccessmessaging">Privacy/LetAppsAccessMessaging</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmessaging-forceallowtheseapps" id="privacy-letappsaccessmessaging-forceallowtheseapps">Privacy/LetAppsAccessMessaging_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmessaging-forcedenytheseapps" id="privacy-letappsaccessmessaging-forcedenytheseapps">Privacy/LetAppsAccessMessaging_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmessaging-userincontroloftheseapps" id="privacy-letappsaccessmessaging-userincontroloftheseapps">Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmicrophone" id="privacy-letappsaccessmicrophone">Privacy/LetAppsAccessMicrophone</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forceallowtheseapps" id="privacy-letappsaccessmicrophone-forceallowtheseapps">Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmicrophone-forcedenytheseapps" id="privacy-letappsaccessmicrophone-forcedenytheseapps">Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmicrophone-userincontroloftheseapps" id="privacy-letappsaccessmicrophone-userincontroloftheseapps">Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmotion" id="privacy-letappsaccessmotion">Privacy/LetAppsAccessMotion</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmotion-forceallowtheseapps" id="privacy-letappsaccessmotion-forceallowtheseapps">Privacy/LetAppsAccessMotion_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmotion-forcedenytheseapps" id="privacy-letappsaccessmotion-forcedenytheseapps">Privacy/LetAppsAccessMotion_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessmotion-userincontroloftheseapps" id="privacy-letappsaccessmotion-userincontroloftheseapps">Privacy/LetAppsAccessMotion_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessnotifications" id="privacy-letappsaccessnotifications">Privacy/LetAppsAccessNotifications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessnotifications-forceallowtheseapps" id="privacy-letappsaccessnotifications-forceallowtheseapps">Privacy/LetAppsAccessNotifications_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessnotifications-forcedenytheseapps" id="privacy-letappsaccessnotifications-forcedenytheseapps">Privacy/LetAppsAccessNotifications_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessnotifications-userincontroloftheseapps" id="privacy-letappsaccessnotifications-userincontroloftheseapps">Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessphone" id="privacy-letappsaccessphone">Privacy/LetAppsAccessPhone</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessphone-forceallowtheseapps" id="privacy-letappsaccessphone-forceallowtheseapps">Privacy/LetAppsAccessPhone_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessphone-forcedenytheseapps" id="privacy-letappsaccessphone-forcedenytheseapps">Privacy/LetAppsAccessPhone_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessphone-userincontroloftheseapps" id="privacy-letappsaccessphone-userincontroloftheseapps">Privacy/LetAppsAccessPhone_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessradios" id="privacy-letappsaccessradios">Privacy/LetAppsAccessRadios</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessradios-forceallowtheseapps" id="privacy-letappsaccessradios-forceallowtheseapps">Privacy/LetAppsAccessRadios_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessradios-forcedenytheseapps" id="privacy-letappsaccessradios-forcedenytheseapps">Privacy/LetAppsAccessRadios_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccessradios-userincontroloftheseapps" id="privacy-letappsaccessradios-userincontroloftheseapps">Privacy/LetAppsAccessRadios_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstasks" id="privacy-letappsaccesstasks">Privacy/LetAppsAccessTasks</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstasks-forceallowtheseapps" id="privacy-letappsaccesstasks-forceallowtheseapps">Privacy/LetAppsAccessTasks_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstasks-forcedenytheseapps" id="privacy-letappsaccesstasks-forcedenytheseapps">Privacy/LetAppsAccessTasks_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstasks-userincontroloftheseapps" id="privacy-letappsaccesstasks-userincontroloftheseapps">Privacy/LetAppsAccessTasks_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices" id="privacy-letappsaccesstrusteddevices">Privacy/LetAppsAccessTrustedDevices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forceallowtheseapps" id="privacy-letappsaccesstrusteddevices-forceallowtheseapps">Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-forcedenytheseapps" id="privacy-letappsaccesstrusteddevices-forcedenytheseapps">Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsaccesstrusteddevices-userincontroloftheseapps" id="privacy-letappsaccesstrusteddevices-userincontroloftheseapps">Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo" id="privacy-letappsgetdiagnosticinfo">Privacy/LetAppsGetDiagnosticInfo</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forceallowtheseapps" id="privacy-letappsgetdiagnosticinfo-forceallowtheseapps">Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-forcedenytheseapps" id="privacy-letappsgetdiagnosticinfo-forcedenytheseapps">Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps" id="privacy-letappsgetdiagnosticinfo-userincontroloftheseapps">Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsruninbackground" id="privacy-letappsruninbackground">Privacy/LetAppsRunInBackground</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsruninbackground-forceallowtheseapps" id="privacy-letappsruninbackground-forceallowtheseapps">Privacy/LetAppsRunInBackground_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsruninbackground-forcedenytheseapps" id="privacy-letappsruninbackground-forcedenytheseapps">Privacy/LetAppsRunInBackground_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappsruninbackground-userincontroloftheseapps" id="privacy-letappsruninbackground-userincontroloftheseapps">Privacy/LetAppsRunInBackground_UserInControlOfTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappssyncwithdevices" id="privacy-letappssyncwithdevices">Privacy/LetAppsSyncWithDevices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappssyncwithdevices-forceallowtheseapps" id="privacy-letappssyncwithdevices-forceallowtheseapps">Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappssyncwithdevices-forcedenytheseapps" id="privacy-letappssyncwithdevices-forcedenytheseapps">Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-privacy.md#privacy-letappssyncwithdevices-userincontroloftheseapps" id="privacy-letappssyncwithdevices-userincontroloftheseapps">Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps</a>
+  </dd>
+</dl>
+
+### RemoteAssistance policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages" id="remoteassistance-customizewarningmessages">RemoteAssistance/CustomizeWarningMessages</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteassistance.md#remoteassistance-sessionlogging" id="remoteassistance-sessionlogging">RemoteAssistance/SessionLogging</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance" id="remoteassistance-solicitedremoteassistance">RemoteAssistance/SolicitedRemoteAssistance</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance" id="remoteassistance-unsolicitedremoteassistance">RemoteAssistance/UnsolicitedRemoteAssistance</a>
+  </dd>
+</dl>
+
+### RemoteDesktopServices policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely" id="remotedesktopservices-allowuserstoconnectremotely">RemoteDesktopServices/AllowUsersToConnectRemotely</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel" id="remotedesktopservices-clientconnectionencryptionlevel">RemoteDesktopServices/ClientConnectionEncryptionLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection" id="remotedesktopservices-donotallowdriveredirection">RemoteDesktopServices/DoNotAllowDriveRedirection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving" id="remotedesktopservices-donotallowpasswordsaving">RemoteDesktopServices/DoNotAllowPasswordSaving</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection" id="remotedesktopservices-promptforpassworduponconnection">RemoteDesktopServices/PromptForPasswordUponConnection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication" id="remotedesktopservices-requiresecurerpccommunication">RemoteDesktopServices/RequireSecureRPCCommunication</a>
+  </dd>
+</dl>
+
+### RemoteManagement policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowBasicAuthentication_Client</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowBasicAuthentication_Service</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowCredSSPAuthenticationClient</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowCredSSPAuthenticationService</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowRemoteServerManagement</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowUnencryptedTraffic_Client</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/AllowUnencryptedTraffic_Service</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/DisallowDigestAuthentication</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/DisallowNegotiateAuthenticationClient</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/DisallowNegotiateAuthenticationService</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/DisallowStoringOfRunAsCredentials</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/SpecifyChannelBindingTokenHardeningLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/TrustedHosts</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/TurnOnCompatibilityHTTPListener</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotemanagement.md#None" id="None">RemoteManagement/TurnOnCompatibilityHTTPSListener</a>
+  </dd>
+</dl>
+
+### RemoteProcedureCall policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication" id="remoteprocedurecall-rpcendpointmapperclientauthentication">RemoteProcedureCall/RPCEndpointMapperClientAuthentication</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients" id="remoteprocedurecall-restrictunauthenticatedrpcclients">RemoteProcedureCall/RestrictUnauthenticatedRPCClients</a>
+  </dd>
+</dl>
+
+### RemoteShell policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/AllowRemoteShellAccess</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/MaxConcurrentUsers</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/SpecifyIdleTimeout</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/SpecifyMaxMemory</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/SpecifyMaxProcesses</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/SpecifyMaxRemoteShells</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remoteshell.md#None" id="None">RemoteShell/SpecifyShellTimeout</a>
+  </dd>
+</dl>
+
+### Search policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-search.md#search-allowindexingencryptedstoresoritems" id="search-allowindexingencryptedstoresoritems">Search/AllowIndexingEncryptedStoresOrItems</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-allowsearchtouselocation" id="search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-allowusingdiacritics" id="search-allowusingdiacritics">Search/AllowUsingDiacritics</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-alwaysuseautolangdetection" id="search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-disablebackoff" id="search-disablebackoff">Search/DisableBackoff</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-disableremovabledriveindexing" id="search-disableremovabledriveindexing">Search/DisableRemovableDriveIndexing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-preventindexinglowdiskspacemb" id="search-preventindexinglowdiskspacemb">Search/PreventIndexingLowDiskSpaceMB</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-preventremotequeries" id="search-preventremotequeries">Search/PreventRemoteQueries</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-search.md#search-safesearchpermissions" id="search-safesearchpermissions">Search/SafeSearchPermissions</a>
+  </dd>
+</dl>
+
+### Security policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-security.md#security-allowaddprovisioningpackage" id="security-allowaddprovisioningpackage">Security/AllowAddProvisioningPackage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-allowautomaticdeviceencryptionforazureadjoineddevices" id="security-allowautomaticdeviceencryptionforazureadjoineddevices">Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-allowmanualrootcertificateinstallation" id="security-allowmanualrootcertificateinstallation">Security/AllowManualRootCertificateInstallation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-allowremoveprovisioningpackage" id="security-allowremoveprovisioningpackage">Security/AllowRemoveProvisioningPackage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-antitheftmode" id="security-antitheftmode">Security/AntiTheftMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-preventautomaticdeviceencryptionforazureadjoineddevices" id="security-preventautomaticdeviceencryptionforazureadjoineddevices">Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-requiredeviceencryption" id="security-requiredeviceencryption">Security/RequireDeviceEncryption</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-requireprovisioningpackagesignature" id="security-requireprovisioningpackagesignature">Security/RequireProvisioningPackageSignature</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-security.md#security-requireretrievehealthcertificateonboot" id="security-requireretrievehealthcertificateonboot">Security/RequireRetrieveHealthCertificateOnBoot</a>
+  </dd>
+</dl>
+
+### Settings policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowautoplay" id="settings-allowautoplay">Settings/AllowAutoPlay</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowdatasense" id="settings-allowdatasense">Settings/AllowDataSense</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowdatetime" id="settings-allowdatetime">Settings/AllowDateTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-alloweditdevicename" id="settings-alloweditdevicename">Settings/AllowEditDeviceName</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowlanguage" id="settings-allowlanguage">Settings/AllowLanguage</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowpowersleep" id="settings-allowpowersleep">Settings/AllowPowerSleep</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowregion" id="settings-allowregion">Settings/AllowRegion</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowsigninoptions" id="settings-allowsigninoptions">Settings/AllowSignInOptions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowvpn" id="settings-allowvpn">Settings/AllowVPN</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowworkplace" id="settings-allowworkplace">Settings/AllowWorkplace</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-allowyouraccount" id="settings-allowyouraccount">Settings/AllowYourAccount</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-configuretaskbarcalendar" id="settings-configuretaskbarcalendar">Settings/ConfigureTaskbarCalendar</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-settings.md#settings-pagevisibilitylist" id="settings-pagevisibilitylist">Settings/PageVisibilityList</a>
+  </dd>
+</dl>
+
+### SmartScreen policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-smartscreen.md#smartscreen-enableappinstallcontrol" id="smartscreen-enableappinstallcontrol">SmartScreen/EnableAppInstallControl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-smartscreen.md#smartscreen-enablesmartscreeninshell" id="smartscreen-enablesmartscreeninshell">SmartScreen/EnableSmartScreenInShell</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-smartscreen.md#smartscreen-preventoverrideforfilesinshell" id="smartscreen-preventoverrideforfilesinshell">SmartScreen/PreventOverrideForFilesInShell</a>
+  </dd>
+</dl>
+
+### Speech policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-speech.md#speech-allowspeechmodelupdate" id="speech-allowspeechmodelupdate">Speech/AllowSpeechModelUpdate</a>
+  </dd>
+</dl>
+
+### Start policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfolderdocuments" id="start-allowpinnedfolderdocuments">Start/AllowPinnedFolderDocuments</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfolderdownloads" id="start-allowpinnedfolderdownloads">Start/AllowPinnedFolderDownloads</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfolderfileexplorer" id="start-allowpinnedfolderfileexplorer">Start/AllowPinnedFolderFileExplorer</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfolderhomegroup" id="start-allowpinnedfolderhomegroup">Start/AllowPinnedFolderHomeGroup</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfoldermusic" id="start-allowpinnedfoldermusic">Start/AllowPinnedFolderMusic</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfoldernetwork" id="start-allowpinnedfoldernetwork">Start/AllowPinnedFolderNetwork</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfolderpersonalfolder" id="start-allowpinnedfolderpersonalfolder">Start/AllowPinnedFolderPersonalFolder</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfolderpictures" id="start-allowpinnedfolderpictures">Start/AllowPinnedFolderPictures</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfoldersettings" id="start-allowpinnedfoldersettings">Start/AllowPinnedFolderSettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-allowpinnedfoldervideos" id="start-allowpinnedfoldervideos">Start/AllowPinnedFolderVideos</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-forcestartsize" id="start-forcestartsize">Start/ForceStartSize</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hideapplist" id="start-hideapplist">Start/HideAppList</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidechangeaccountsettings" id="start-hidechangeaccountsettings">Start/HideChangeAccountSettings</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidefrequentlyusedapps" id="start-hidefrequentlyusedapps">Start/HideFrequentlyUsedApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidehibernate" id="start-hidehibernate">Start/HideHibernate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidelock" id="start-hidelock">Start/HideLock</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidepowerbutton" id="start-hidepowerbutton">Start/HidePowerButton</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hiderecentjumplists" id="start-hiderecentjumplists">Start/HideRecentJumplists</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hiderecentlyaddedapps" id="start-hiderecentlyaddedapps">Start/HideRecentlyAddedApps</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hiderestart" id="start-hiderestart">Start/HideRestart</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hideshutdown" id="start-hideshutdown">Start/HideShutDown</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidesignout" id="start-hidesignout">Start/HideSignOut</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hidesleep" id="start-hidesleep">Start/HideSleep</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hideswitchaccount" id="start-hideswitchaccount">Start/HideSwitchAccount</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-hideusertile" id="start-hideusertile">Start/HideUserTile</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-importedgeassets" id="start-importedgeassets">Start/ImportEdgeAssets</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-nopinningtotaskbar" id="start-nopinningtotaskbar">Start/NoPinningToTaskbar</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-start.md#start-startlayout" id="start-startlayout">Start/StartLayout</a>
+  </dd>
+</dl>
+
+### Storage policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-storage.md#storage-enhancedstoragedevices" id="storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
+  </dd>
+</dl>
+
+### System policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowbuildpreview" id="system-allowbuildpreview">System/AllowBuildPreview</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowembeddedmode" id="system-allowembeddedmode">System/AllowEmbeddedMode</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowexperimentation" id="system-allowexperimentation">System/AllowExperimentation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowfontproviders" id="system-allowfontproviders">System/AllowFontProviders</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowlocation" id="system-allowlocation">System/AllowLocation</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowstoragecard" id="system-allowstoragecard">System/AllowStorageCard</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowtelemetry" id="system-allowtelemetry">System/AllowTelemetry</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-allowusertoresetphone" id="system-allowusertoresetphone">System/AllowUserToResetPhone</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-bootstartdriverinitialization" id="system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-disableonedrivefilesync" id="system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-disablesystemrestore" id="system-disablesystemrestore">System/DisableSystemRestore</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-system.md#system-telemetryproxy" id="system-telemetryproxy">System/TelemetryProxy</a>
+  </dd>
+</dl>
+
+### TextInput policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowimelogging" id="textinput-allowimelogging">TextInput/AllowIMELogging</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowimenetworkaccess" id="textinput-allowimenetworkaccess">TextInput/AllowIMENetworkAccess</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowinputpanel" id="textinput-allowinputpanel">TextInput/AllowInputPanel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowjapaneseimesurrogatepaircharacters" id="textinput-allowjapaneseimesurrogatepaircharacters">TextInput/AllowJapaneseIMESurrogatePairCharacters</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowjapaneseivscharacters" id="textinput-allowjapaneseivscharacters">TextInput/AllowJapaneseIVSCharacters</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowjapanesenonpublishingstandardglyph" id="textinput-allowjapanesenonpublishingstandardglyph">TextInput/AllowJapaneseNonPublishingStandardGlyph</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowjapaneseuserdictionary" id="textinput-allowjapaneseuserdictionary">TextInput/AllowJapaneseUserDictionary</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowkeyboardtextsuggestions" id="textinput-allowkeyboardtextsuggestions">TextInput/AllowKeyboardTextSuggestions</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowkoreanextendedhanja" id="textinput-allowkoreanextendedhanja">TextInput/AllowKoreanExtendedHanja</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-allowlanguagefeaturesuninstall" id="textinput-allowlanguagefeaturesuninstall">TextInput/AllowLanguageFeaturesUninstall</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208" id="textinput-excludejapaneseimeexceptjis0208">TextInput/ExcludeJapaneseIMEExceptJIS0208</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-excludejapaneseimeexceptjis0208andeudc" id="textinput-excludejapaneseimeexceptjis0208andeudc">TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-textinput.md#textinput-excludejapaneseimeexceptshiftjis" id="textinput-excludejapaneseimeexceptshiftjis">TextInput/ExcludeJapaneseIMEExceptShiftJIS</a>
+  </dd>
+</dl>
+
+### TimeLanguageSettings policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-timelanguagesettings.md#timelanguagesettings-allowset24hourclock" id="timelanguagesettings-allowset24hourclock">TimeLanguageSettings/AllowSet24HourClock</a>
+  </dd>
+</dl>
+
+### Update policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-update.md#update-activehoursend" id="update-activehoursend">Update/ActiveHoursEnd</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-activehoursmaxrange" id="update-activehoursmaxrange">Update/ActiveHoursMaxRange</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-activehoursstart" id="update-activehoursstart">Update/ActiveHoursStart</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-allowautoupdate" id="update-allowautoupdate">Update/AllowAutoUpdate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-allowmuupdateservice" id="update-allowmuupdateservice">Update/AllowMUUpdateService</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-allownonmicrosoftsignedupdate" id="update-allownonmicrosoftsignedupdate">Update/AllowNonMicrosoftSignedUpdate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-allowupdateservice" id="update-allowupdateservice">Update/AllowUpdateService</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-autorestartdeadlineperiodindays" id="update-autorestartdeadlineperiodindays">Update/AutoRestartDeadlinePeriodInDays</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-autorestartnotificationschedule" id="update-autorestartnotificationschedule">Update/AutoRestartNotificationSchedule</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-autorestartrequirednotificationdismissal" id="update-autorestartrequirednotificationdismissal">Update/AutoRestartRequiredNotificationDismissal</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-branchreadinesslevel" id="update-branchreadinesslevel">Update/BranchReadinessLevel</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-deferfeatureupdatesperiodindays" id="update-deferfeatureupdatesperiodindays">Update/DeferFeatureUpdatesPeriodInDays</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-deferqualityupdatesperiodindays" id="update-deferqualityupdatesperiodindays">Update/DeferQualityUpdatesPeriodInDays</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-deferupdateperiod" id="update-deferupdateperiod">Update/DeferUpdatePeriod</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-deferupgradeperiod" id="update-deferupgradeperiod">Update/DeferUpgradePeriod</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-detectionfrequency" id="update-detectionfrequency">Update/DetectionFrequency</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-engagedrestartdeadline" id="update-engagedrestartdeadline">Update/EngagedRestartDeadline</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-engagedrestartsnoozeschedule" id="update-engagedrestartsnoozeschedule">Update/EngagedRestartSnoozeSchedule</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-engagedrestarttransitionschedule" id="update-engagedrestarttransitionschedule">Update/EngagedRestartTransitionSchedule</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-excludewudriversinqualityupdate" id="update-excludewudriversinqualityupdate">Update/ExcludeWUDriversInQualityUpdate</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-fillemptycontenturls" id="update-fillemptycontenturls">Update/FillEmptyContentUrls</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-ignoremoappdownloadlimit" id="update-ignoremoappdownloadlimit">Update/IgnoreMOAppDownloadLimit</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-ignoremoupdatedownloadlimit" id="update-ignoremoupdatedownloadlimit">Update/IgnoreMOUpdateDownloadLimit</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-pausedeferrals" id="update-pausedeferrals">Update/PauseDeferrals</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-pausefeatureupdates" id="update-pausefeatureupdates">Update/PauseFeatureUpdates</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-PauseFeatureUpdatesStartTime" id="update-PauseFeatureUpdatesStartTime">Update/PauseFeatureUpdatesStartTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-pausequalityupdates" id="update-pausequalityupdates">Update/PauseQualityUpdates</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-PauseQualityUpdatesStartTime" id="update-PauseQualityUpdatesStartTime">Update/PauseQualityUpdatesStartTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-requiredeferupgrade" id="update-requiredeferupgrade">Update/RequireDeferUpgrade</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-requireupdateapproval" id="update-requireupdateapproval">Update/RequireUpdateApproval</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduleimminentrestartwarning" id="update-scheduleimminentrestartwarning">Update/ScheduleImminentRestartWarning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-schedulerestartwarning" id="update-schedulerestartwarning">Update/ScheduleRestartWarning</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstallday" id="update-scheduledinstallday">Update/ScheduledInstallDay</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstalleveryweek" id="update-scheduledinstalleveryweek">Update/ScheduledInstallEveryWeek</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstallfirstweek" id="update-scheduledinstallfirstweek">Update/ScheduledInstallFirstWeek</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstallfourthweek" id="update-scheduledinstallfourthweek">Update/ScheduledInstallFourthWeek</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstallsecondweek" id="update-scheduledinstallsecondweek">Update/ScheduledInstallSecondWeek</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstallthirdweek" id="update-scheduledinstallthirdweek">Update/ScheduledInstallThirdWeek</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-scheduledinstalltime" id="update-scheduledinstalltime">Update/ScheduledInstallTime</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-setautorestartnotificationdisable" id="update-setautorestartnotificationdisable">Update/SetAutoRestartNotificationDisable</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-setedurestart" id="update-setedurestart">Update/SetEDURestart</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-updateserviceurl" id="update-updateserviceurl">Update/UpdateServiceUrl</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-update.md#update-updateserviceurlalternate" id="update-updateserviceurlalternate">Update/UpdateServiceUrlAlternate</a>
+  </dd>
+</dl>
+
+### Wifi policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-allowwifihotspotreporting" id="wifi-allowwifihotspotreporting">WiFi/AllowWiFiHotSpotReporting</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-allowautoconnecttowifisensehotspots" id="wifi-allowautoconnecttowifisensehotspots">Wifi/AllowAutoConnectToWiFiSenseHotspots</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-allowinternetsharing" id="wifi-allowinternetsharing">Wifi/AllowInternetSharing</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-allowmanualwificonfiguration" id="wifi-allowmanualwificonfiguration">Wifi/AllowManualWiFiConfiguration</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-allowwifi" id="wifi-allowwifi">Wifi/AllowWiFi</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-allowwifidirect" id="wifi-allowwifidirect">Wifi/AllowWiFiDirect</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wifi.md#wifi-wlanscanmode" id="wifi-wlanscanmode">Wifi/WLANScanMode</a>
+  </dd>
+</dl>
+
+### WindowsInkWorkspace policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace">WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowsinkworkspace.md#windowsinkworkspace-allowwindowsinkworkspace" id="windowsinkworkspace-allowwindowsinkworkspace">WindowsInkWorkspace/AllowWindowsInkWorkspace</a>
+  </dd>
+</dl>
+
+### WindowsLogon policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications" id="windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui" id="windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-windowslogon.md#windowslogon-hidefastuserswitching" id="windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
+  </dd>
+</dl>
+
+### WirelessDisplay policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectionfrompc" id="wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectionfrompcoverinfrastructure" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure">WirelessDisplay/AllowProjectionFromPCOverInfrastructure</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowprojectiontopc" id="wirelessdisplay-allowprojectiontopc">WirelessDisplay/AllowProjectionToPC</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-Allowprojectiontopcoverinfrastructure" id="wirelessdisplay-Allowprojectiontopcoverinfrastructure">WirelessDisplay/AllowProjectionToPCOverInfrastructure</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver">WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-wirelessdisplay.md#wirelessdisplay-requirepinforpairing" id="wirelessdisplay-requirepinforpairing">WirelessDisplay/RequirePinForPairing</a>
+  </dd>
+</dl>
+
+
+## ADMX backed policies
+
+-   [ActiveXControls/ApprovedInstallationSites](./policy-csp-activexcontrols.md#activexcontrols-approvedinstallationsites)
+-   [AppVirtualization/AllowAppVClient](./policy-csp-appvirtualization.md#appvirtualization-allowappvclient)
+-   [AppVirtualization/AllowDynamicVirtualization](./policy-csp-appvirtualization.md#appvirtualization-allowdynamicvirtualization)
+-   [AppVirtualization/AllowPackageCleanup](./policy-csp-appvirtualization.md#appvirtualization-allowpackagecleanup)
+-   [AppVirtualization/AllowPackageScripts](./policy-csp-appvirtualization.md#appvirtualization-allowpackagescripts)
+-   [AppVirtualization/AllowPublishingRefreshUX](./policy-csp-appvirtualization.md#appvirtualization-allowpublishingrefreshux)
+-   [AppVirtualization/AllowReportingServer](./policy-csp-appvirtualization.md#appvirtualization-allowreportingserver)
+-   [AppVirtualization/AllowRoamingFileExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingfileexclusions)
+-   [AppVirtualization/AllowRoamingRegistryExclusions](./policy-csp-appvirtualization.md#appvirtualization-allowroamingregistryexclusions)
+-   [AppVirtualization/AllowStreamingAutoload](./policy-csp-appvirtualization.md#appvirtualization-allowstreamingautoload)
+-   [AppVirtualization/ClientCoexistenceAllowMigrationmode](./policy-csp-appvirtualization.md#appvirtualization-clientcoexistenceallowmigrationmode)
+-   [AppVirtualization/IntegrationAllowRootGlobal](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootglobal)
+-   [AppVirtualization/IntegrationAllowRootUser](./policy-csp-appvirtualization.md#appvirtualization-integrationallowrootuser)
+-   [AppVirtualization/PublishingAllowServer1](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver1)
+-   [AppVirtualization/PublishingAllowServer2](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver2)
+-   [AppVirtualization/PublishingAllowServer3](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver3)
+-   [AppVirtualization/PublishingAllowServer4](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver4)
+-   [AppVirtualization/PublishingAllowServer5](./policy-csp-appvirtualization.md#appvirtualization-publishingallowserver5)
+-   [AppVirtualization/StreamingAllowCertificateFilterForClient_SSL](./policy-csp-appvirtualization.md#appvirtualization-streamingallowcertificatefilterforclient_ssl)
+-   [AppVirtualization/StreamingAllowHighCostLaunch](./policy-csp-appvirtualization.md#appvirtualization-streamingallowhighcostlaunch)
+-   [AppVirtualization/StreamingAllowLocationProvider](./policy-csp-appvirtualization.md#appvirtualization-streamingallowlocationprovider)
+-   [AppVirtualization/StreamingAllowPackageInstallationRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackageinstallationroot)
+-   [AppVirtualization/StreamingAllowPackageSourceRoot](./policy-csp-appvirtualization.md#appvirtualization-streamingallowpackagesourceroot)
+-   [AppVirtualization/StreamingAllowReestablishmentInterval](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentinterval)
+-   [AppVirtualization/StreamingAllowReestablishmentRetries](./policy-csp-appvirtualization.md#appvirtualization-streamingallowreestablishmentretries)
+-   [AppVirtualization/StreamingSharedContentStoreMode](./policy-csp-appvirtualization.md#appvirtualization-streamingsharedcontentstoremode)
+-   [AppVirtualization/StreamingSupportBranchCache](./policy-csp-appvirtualization.md#appvirtualization-streamingsupportbranchcache)
+-   [AppVirtualization/StreamingVerifyCertificateRevocationList](./policy-csp-appvirtualization.md#appvirtualization-streamingverifycertificaterevocationlist)
+-   [AppVirtualization/VirtualComponentsAllowList](./policy-csp-appvirtualization.md#appvirtualization-virtualcomponentsallowlist)
+-   [AttachmentManager/DoNotPreserveZoneInformation](./policy-csp-attachmentmanager.md#attachmentmanager-donotpreservezoneinformation)
+-   [AttachmentManager/HideZoneInfoMechanism](./policy-csp-attachmentmanager.md#attachmentmanager-hidezoneinfomechanism)
+-   [AttachmentManager/NotifyAntivirusPrograms](./policy-csp-attachmentmanager.md#attachmentmanager-notifyantivirusprograms)
+-   [Autoplay/DisallowAutoplayForNonVolumeDevices](./policy-csp-autoplay.md#autoplay-disallowautoplayfornonvolumedevices)
+-   [Autoplay/SetDefaultAutoRunBehavior](./policy-csp-autoplay.md#autoplay-setdefaultautorunbehavior)
+-   [Autoplay/TurnOffAutoPlay](./policy-csp-autoplay.md#autoplay-turnoffautoplay)
+-   [Cellular/ShowAppCellularAccessUI](./policy-csp-cellular.md#None)
+-   [Connectivity/DiablePrintingOverHTTP](./policy-csp-connectivity.md#None)
+-   [Connectivity/DisableDownloadingOfPrintDriversOverHTTP](./policy-csp-connectivity.md#None)
+-   [Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards](./policy-csp-connectivity.md#None)
+-   [Connectivity/HardenedUNCPaths](./policy-csp-connectivity.md#connectivity-hardeneduncpaths)
+-   [Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge](./policy-csp-connectivity.md#None)
+-   [CredentialProviders/AllowPINLogon](./policy-csp-credentialproviders.md#credentialproviders-allowpinlogon)
+-   [CredentialProviders/BlockPicturePassword](./policy-csp-credentialproviders.md#credentialproviders-blockpicturepassword)
+-   [CredentialsUI/DisablePasswordReveal](./policy-csp-credentialsui.md#credentialsui-disablepasswordreveal)
+-   [CredentialsUI/EnumerateAdministrators](./policy-csp-credentialsui.md#credentialsui-enumerateadministrators)
+-   [DataUsage/SetCost3G](./policy-csp-datausage.md#datausage-setcost3g)
+-   [DataUsage/SetCost4G](./policy-csp-datausage.md#datausage-setcost4g)
+-   [Desktop/PreventUserRedirectionOfProfileFolders](./policy-csp-desktop.md#desktop-preventuserredirectionofprofilefolders)
+-   [DeviceInstallation/PreventInstallationOfMatchingDeviceIDs](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdeviceids)
+-   [DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses](./policy-csp-deviceinstallation.md#deviceinstallation-preventinstallationofmatchingdevicesetupclasses)
+-   [DeviceLock/PreventLockScreenSlideShow](./policy-csp-devicelock.md#devicelock-preventlockscreenslideshow)
+-   [ErrorReporting/CustomizeConsentSettings](./policy-csp-errorreporting.md#errorreporting-customizeconsentsettings)
+-   [ErrorReporting/DisableWindowsErrorReporting](./policy-csp-errorreporting.md#errorreporting-disablewindowserrorreporting)
+-   [ErrorReporting/DisplayErrorNotification](./policy-csp-errorreporting.md#errorreporting-displayerrornotification)
+-   [ErrorReporting/DoNotSendAdditionalData](./policy-csp-errorreporting.md#errorreporting-donotsendadditionaldata)
+-   [ErrorReporting/PreventCriticalErrorDisplay](./policy-csp-errorreporting.md#errorreporting-preventcriticalerrordisplay)
+-   [EventLogService/ControlEventLogBehavior](./policy-csp-eventlogservice.md#eventlogservice-controleventlogbehavior)
+-   [EventLogService/SpecifyMaximumFileSizeApplicationLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizeapplicationlog)
+-   [EventLogService/SpecifyMaximumFileSizeSecurityLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesecuritylog)
+-   [EventLogService/SpecifyMaximumFileSizeSystemLog](./policy-csp-eventlogservice.md#eventlogservice-specifymaximumfilesizesystemlog)
+-   [InternetExplorer/AddSearchProvider](./policy-csp-internetexplorer.md#internetexplorer-addsearchprovider)
+-   [InternetExplorer/AllowActiveXFiltering](./policy-csp-internetexplorer.md#internetexplorer-allowactivexfiltering)
+-   [InternetExplorer/AllowAddOnList](./policy-csp-internetexplorer.md#internetexplorer-allowaddonlist)
+-   [InternetExplorer/AllowAutoComplete](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/AllowCertificateAddressMismatchWarning](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/AllowDeletingBrowsingHistoryOnExit](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/AllowEnhancedProtectedMode](./policy-csp-internetexplorer.md#internetexplorer-allowenhancedprotectedmode)
+-   [InternetExplorer/AllowEnterpriseModeFromToolsMenu](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodefromtoolsmenu)
+-   [InternetExplorer/AllowEnterpriseModeSiteList](./policy-csp-internetexplorer.md#internetexplorer-allowenterprisemodesitelist)
+-   [InternetExplorer/AllowFallbackToSSL3](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/AllowInternetExplorer7PolicyList](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorer7policylist)
+-   [InternetExplorer/AllowInternetExplorerStandardsMode](./policy-csp-internetexplorer.md#internetexplorer-allowinternetexplorerstandardsmode)
+-   [InternetExplorer/AllowInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowinternetzonetemplate)
+-   [InternetExplorer/AllowIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowintranetzonetemplate)
+-   [InternetExplorer/AllowLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlocalmachinezonetemplate)
+-   [InternetExplorer/AllowLockedDownInternetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddowninternetzonetemplate)
+-   [InternetExplorer/AllowLockedDownIntranetZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownintranetzonetemplate)
+-   [InternetExplorer/AllowLockedDownLocalMachineZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownlocalmachinezonetemplate)
+-   [InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowlockeddownrestrictedsiteszonetemplate)
+-   [InternetExplorer/AllowOneWordEntry](./policy-csp-internetexplorer.md#internetexplorer-allowonewordentry)
+-   [InternetExplorer/AllowSiteToZoneAssignmentList](./policy-csp-internetexplorer.md#internetexplorer-allowsitetozoneassignmentlist)
+-   [InternetExplorer/AllowSoftwareWhenSignatureIsInvalid](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/AllowSuggestedSites](./policy-csp-internetexplorer.md#internetexplorer-allowsuggestedsites)
+-   [InternetExplorer/AllowTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowtrustedsiteszonetemplate)
+-   [InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowslockeddowntrustedsiteszonetemplate)
+-   [InternetExplorer/AllowsRestrictedSitesZoneTemplate](./policy-csp-internetexplorer.md#internetexplorer-allowsrestrictedsiteszonetemplate)
+-   [InternetExplorer/CheckServerCertificateRevocation](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/CheckSignaturesOnDownloadedPrograms](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableAdobeFlash](./policy-csp-internetexplorer.md#internetexplorer-disableadobeflash)
+-   [InternetExplorer/DisableBlockingOfOutdatedActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableBypassOfSmartScreenWarnings](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarnings)
+-   [InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles](./policy-csp-internetexplorer.md#internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles)
+-   [InternetExplorer/DisableConfiguringHistory](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableCrashDetection](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation](./policy-csp-internetexplorer.md#internetexplorer-disablecustomerexperienceimprovementprogramparticipation)
+-   [InternetExplorer/DisableDeletingUserVisitedWebsites](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableEnclosureDownloading](./policy-csp-internetexplorer.md#internetexplorer-disableenclosuredownloading)
+-   [InternetExplorer/DisableEncryptionSupport](./policy-csp-internetexplorer.md#internetexplorer-disableencryptionsupport)
+-   [InternetExplorer/DisableFirstRunWizard](./policy-csp-internetexplorer.md#internetexplorer-disablefirstrunwizard)
+-   [InternetExplorer/DisableFlipAheadFeature](./policy-csp-internetexplorer.md#internetexplorer-disableflipaheadfeature)
+-   [InternetExplorer/DisableHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablehomepagechange)
+-   [InternetExplorer/DisableIgnoringCertificateErrors](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableInPrivateBrowsing](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableProcessesInEnhancedProtectedMode](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableProxyChange](./policy-csp-internetexplorer.md#internetexplorer-disableproxychange)
+-   [InternetExplorer/DisableSearchProviderChange](./policy-csp-internetexplorer.md#internetexplorer-disablesearchproviderchange)
+-   [InternetExplorer/DisableSecondaryHomePageChange](./policy-csp-internetexplorer.md#internetexplorer-disablesecondaryhomepagechange)
+-   [InternetExplorer/DisableSecuritySettingsCheck](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DisableUpdateCheck](./policy-csp-internetexplorer.md#internetexplorer-disableupdatecheck)
+-   [InternetExplorer/DoNotAllowActiveXControlsInProtectedMode](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/DoNotAllowUsersToAddSites](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstoaddsites)
+-   [InternetExplorer/DoNotAllowUsersToChangePolicies](./policy-csp-internetexplorer.md#internetexplorer-donotallowuserstochangepolicies)
+-   [InternetExplorer/DoNotBlockOutdatedActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrols)
+-   [InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains](./policy-csp-internetexplorer.md#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains)
+-   [InternetExplorer/IncludeAllLocalSites](./policy-csp-internetexplorer.md#internetexplorer-includealllocalsites)
+-   [InternetExplorer/IncludeAllNetworkPaths](./policy-csp-internetexplorer.md#internetexplorer-includeallnetworkpaths)
+-   [InternetExplorer/InternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowaccesstodatasources)
+-   [InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/InternetZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowfontdownloads)
+-   [InternetExplorer/InternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowlessprivilegedsites)
+-   [InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowscriptlets)
+-   [InternetExplorer/InternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowsmartscreenie)
+-   [InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-internetzoneallowuserdatapersistence)
+-   [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneEnableProtectedMode](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-internetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneJavaPermissionsWRONG1](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneJavaPermissionsWRONG2](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneLogonOptions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-internetzonenavigatewindowsandframes)
+-   [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneUsePopupBlocker](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/IntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowaccesstodatasources)
+-   [InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/IntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowfontdownloads)
+-   [InternetExplorer/IntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowlessprivilegedsites)
+-   [InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/IntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowscriptlets)
+-   [InternetExplorer/IntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowsmartscreenie)
+-   [InternetExplorer/IntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneallowuserdatapersistence)
+-   [InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-intranetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/IntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-intranetzonenavigatewindowsandframes)
+-   [InternetExplorer/LocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowaccesstodatasources)
+-   [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowfontdownloads)
+-   [InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowlessprivilegedsites)
+-   [InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowscriptlets)
+-   [InternetExplorer/LocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowsmartscreenie)
+-   [InternetExplorer/LocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneallowuserdatapersistence)
+-   [InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-localmachinezoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-localmachinezonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownInternetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowfontdownloads)
+-   [InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownInternetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowscriptlets)
+-   [InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownInternetZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowninternetzonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownIntranetZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowfontdownloads)
+-   [InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownIntranetZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowscriptlets)
+-   [InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownintranetzonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowfontdownloads)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowscriptlets)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownLocalMachineZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowscriptlets)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/NotificationBarInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/PreventManagingSmartScreenFilter](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/PreventPerUserInstallationOfActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictFileDownloadInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/RestrictedSitesZoneAllowActiveScripting](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowFileDownloads](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowscriptlets)
+-   [InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneEnableMIMESniffing](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/RestrictedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneLogonOptions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-restrictedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneWRONG](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneWRONG2](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneWRONG3](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneWRONG4](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/RestrictedSitesZoneWRONG5](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/SearchProviderList](./policy-csp-internetexplorer.md#internetexplorer-searchproviderlist)
+-   [InternetExplorer/SecurityZonesUseOnlyMachineSettings](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/SpecifyUseOfActiveXInstallerService](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/TrustedSitesZoneAllowAccessToDataSources](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowaccesstodatasources)
+-   [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols)
+-   [InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads)
+-   [InternetExplorer/TrustedSitesZoneAllowFontDownloads](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowfontdownloads)
+-   [InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowlessprivilegedsites)
+-   [InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents)
+-   [InternetExplorer/TrustedSitesZoneAllowScriptlets](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowscriptlets)
+-   [InternetExplorer/TrustedSitesZoneAllowSmartScreenIE](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowsmartscreenie)
+-   [InternetExplorer/TrustedSitesZoneAllowUserDataPersistence](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneallowuserdatapersistence)
+-   [InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols)
+-   [InternetExplorer/TrustedSitesZoneJavaPermissions](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames](./policy-csp-internetexplorer.md#internetexplorer-trustedsiteszonenavigatewindowsandframes)
+-   [InternetExplorer/TrustedSitesZoneWRONG1](./policy-csp-internetexplorer.md#None)
+-   [InternetExplorer/TrustedSitesZoneWRONG2](./policy-csp-internetexplorer.md#None)
+-   [Kerberos/AllowForestSearchOrder](./policy-csp-kerberos.md#kerberos-allowforestsearchorder)
+-   [Kerberos/KerberosClientSupportsClaimsCompoundArmor](./policy-csp-kerberos.md#kerberos-kerberosclientsupportsclaimscompoundarmor)
+-   [Kerberos/RequireKerberosArmoring](./policy-csp-kerberos.md#kerberos-requirekerberosarmoring)
+-   [Kerberos/RequireStrictKDCValidation](./policy-csp-kerberos.md#kerberos-requirestrictkdcvalidation)
+-   [Kerberos/SetMaximumContextTokenSize](./policy-csp-kerberos.md#kerberos-setmaximumcontexttokensize)
+-   [Power/AllowStandbyWhenSleepingPluggedIn](./policy-csp-power.md#power-allowstandbywhensleepingpluggedin)
+-   [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery)
+-   [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin)
+-   [Power/HibernateTimeoutOnBattery](./policy-csp-power.md#power-hibernatetimeoutonbattery)
+-   [Power/HibernateTimeoutPluggedIn](./policy-csp-power.md#power-hibernatetimeoutpluggedin)
+-   [Power/RequirePasswordWhenComputerWakesOnBattery](./policy-csp-power.md#power-requirepasswordwhencomputerwakesonbattery)
+-   [Power/RequirePasswordWhenComputerWakesPluggedIn](./policy-csp-power.md#power-requirepasswordwhencomputerwakespluggedin)
+-   [Power/StandbyTimeoutOnBattery](./policy-csp-power.md#power-standbytimeoutonbattery)
+-   [Power/StandbyTimeoutPluggedIn](./policy-csp-power.md#power-standbytimeoutpluggedin)
+-   [Printers/PointAndPrintRestrictions](./policy-csp-printers.md#printers-pointandprintrestrictions)
+-   [Printers/PointAndPrintRestrictions_User](./policy-csp-printers.md#printers-pointandprintrestrictions_user)
+-   [Printers/PublishPrinters](./policy-csp-printers.md#printers-publishprinters)
+-   [RemoteAssistance/CustomizeWarningMessages](./policy-csp-remoteassistance.md#remoteassistance-customizewarningmessages)
+-   [RemoteAssistance/SessionLogging](./policy-csp-remoteassistance.md#remoteassistance-sessionlogging)
+-   [RemoteAssistance/SolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-solicitedremoteassistance)
+-   [RemoteAssistance/UnsolicitedRemoteAssistance](./policy-csp-remoteassistance.md#remoteassistance-unsolicitedremoteassistance)
+-   [RemoteDesktopServices/AllowUsersToConnectRemotely](./policy-csp-remotedesktopservices.md#remotedesktopservices-allowuserstoconnectremotely)
+-   [RemoteDesktopServices/ClientConnectionEncryptionLevel](./policy-csp-remotedesktopservices.md#remotedesktopservices-clientconnectionencryptionlevel)
+-   [RemoteDesktopServices/DoNotAllowDriveRedirection](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowdriveredirection)
+-   [RemoteDesktopServices/DoNotAllowPasswordSaving](./policy-csp-remotedesktopservices.md#remotedesktopservices-donotallowpasswordsaving)
+-   [RemoteDesktopServices/PromptForPasswordUponConnection](./policy-csp-remotedesktopservices.md#remotedesktopservices-promptforpassworduponconnection)
+-   [RemoteDesktopServices/RequireSecureRPCCommunication](./policy-csp-remotedesktopservices.md#remotedesktopservices-requiresecurerpccommunication)
+-   [RemoteManagement/AllowBasicAuthentication_Client](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/AllowBasicAuthentication_Service](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/AllowCredSSPAuthenticationClient](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/AllowCredSSPAuthenticationService](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/AllowRemoteServerManagement](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/AllowUnencryptedTraffic_Client](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/AllowUnencryptedTraffic_Service](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/DisallowDigestAuthentication](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/DisallowNegotiateAuthenticationClient](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/DisallowNegotiateAuthenticationService](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/DisallowStoringOfRunAsCredentials](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/SpecifyChannelBindingTokenHardeningLevel](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/TrustedHosts](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/TurnOnCompatibilityHTTPListener](./policy-csp-remotemanagement.md#None)
+-   [RemoteManagement/TurnOnCompatibilityHTTPSListener](./policy-csp-remotemanagement.md#None)
+-   [RemoteProcedureCall/RPCEndpointMapperClientAuthentication](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-rpcendpointmapperclientauthentication)
+-   [RemoteProcedureCall/RestrictUnauthenticatedRPCClients](./policy-csp-remoteprocedurecall.md#remoteprocedurecall-restrictunauthenticatedrpcclients)
+-   [RemoteShell/AllowRemoteShellAccess](./policy-csp-remoteshell.md#None)
+-   [RemoteShell/MaxConcurrentUsers](./policy-csp-remoteshell.md#None)
+-   [RemoteShell/SpecifyIdleTimeout](./policy-csp-remoteshell.md#None)
+-   [RemoteShell/SpecifyMaxMemory](./policy-csp-remoteshell.md#None)
+-   [RemoteShell/SpecifyMaxProcesses](./policy-csp-remoteshell.md#None)
+-   [RemoteShell/SpecifyMaxRemoteShells](./policy-csp-remoteshell.md#None)
+-   [RemoteShell/SpecifyShellTimeout](./policy-csp-remoteshell.md#None)
+-   [Storage/EnhancedStorageDevices](./policy-csp-storage.md#storage-enhancedstoragedevices)
+-   [System/BootStartDriverInitialization](./policy-csp-system.md#system-bootstartdriverinitialization)
+-   [System/DisableSystemRestore](./policy-csp-system.md#system-disablesystemrestore)
+-   [WindowsLogon/DisableLockScreenAppNotifications](./policy-csp-windowslogon.md#windowslogon-disablelockscreenappnotifications)
+-   [WindowsLogon/DontDisplayNetworkSelectionUI](./policy-csp-windowslogon.md#windowslogon-dontdisplaynetworkselectionui)
 
 <!--StartIoTCore-->
-## <a href="" id="iotcore"></a>Policies Supported by IoT Core  
+## <a href="" id="iotcore"></a>Policies supported by IoT Core  
 
 -   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
 -   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
@@ -21567,6 +3160,9 @@ Footnote:
 -   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)  
 -   [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular)  
 -   [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular)  
+-   [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths)  
+-   [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon)  
+-   [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword)  
 -   [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess)  
 -   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
 -   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
@@ -21599,27 +3195,27 @@ Footnote:
 <!--EndIoTCore-->
 
 <!--StartHoloLens-->
-## <a href="" id="hololenspolicies"></a>Policies supported by Windows Holographic for Business
+## <a href="" id="hololenspolicies"></a>Policies supported by Windows Holographic for Business  
 
--   [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)
--   [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)
--   [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)
--   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)
--   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
--   [Browser/AllowCookies](#browser-allowcookies)
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)
--   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)
--   [Browser/AllowPopups](#browser-allowpopups)
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
--   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)
--   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)
--   [Experience/AllowCortana](#experience-allowcortana)
--   [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)
+-   [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)  
+-   [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)  
+-   [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)  
+-   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
+-   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
+-   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+-   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
+-   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
+-   [Browser/AllowCookies](#browser-allowcookies)  
+-   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
+-   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
+-   [Browser/AllowPopups](#browser-allowpopups)  
+-   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
+-   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
+-   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+-   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)  
+-   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
+-   [Experience/AllowCortana](#experience-allowcortana)  
+-   [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)  
 -   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
 -   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
 -   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
@@ -21629,94 +3225,95 @@ Footnote:
 -   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
 -   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
 -   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
+-   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
+-   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
+-   [Settings/AllowDateTime](#settings-allowdatetime)  
+-   [Settings/AllowVPN](#settings-allowvpn)  
 -   [System/AllowFontProviders](#system-allowfontproviders)  
--   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)
--   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)
--   [Settings/AllowDateTime](#settings-allowdatetime)
--   [Settings/AllowVPN](#settings-allowvpn)
--   [System/AllowLocation](#system-allowlocation)
--   [System/AllowTelemetry](#system-allowtelemetry)
--   [Update/AllowAutoUpdate](#update-allowautoupdate)
--   [Update/AllowUpdateService](#update-allowupdateservice)
--   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)
--   [Update/RequireUpdateApproval](#update-requireupdateapproval)
--   [Update/UpdateServiceUrl](#update-updateserviceurl)
+-   [System/AllowLocation](#system-allowlocation)  
+-   [System/AllowTelemetry](#system-allowtelemetry)  
+-   [Update/AllowAutoUpdate](#update-allowautoupdate)  
+-   [Update/AllowUpdateService](#update-allowupdateservice)  
+-   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
+-   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
+-   [Update/UpdateServiceUrl](#update-updateserviceurl)  
 <!--EndHoloLens-->
 
 <!--StartSurfaceHub-->
-## <a href="" id="surfacehubpolicies"></a>Policies supported by Microsoft Surface Hub
+## <a href="" id="surfacehubpolicies"></a>Policies supported by Microsoft Surface Hub  
 
 -   [ApplicationDefaults/DefaultAssociationsConfiguration](#applicationdefaults-defaultassociationsconfiguration)  
--   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)
--   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)
--   [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing)
--   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)
--   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)
+-   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+-   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
+-   [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing)  
+-   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
+-   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
 -   [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown)  
--   [Browser/AllowCookies](#browser-allowcookies)
--   [Browser/AllowDeveloperTools](#browser-allowdevelopertools)
--   [Browser/AllowDoNotTrack](#browser-allowdonottrack)
+-   [Browser/AllowCookies](#browser-allowcookies)  
+-   [Browser/AllowDeveloperTools](#browser-allowdevelopertools)  
+-   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
 -   [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist)  
--   [Browser/AllowPopups](#browser-allowpopups)
--   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)
--   [Browser/AllowSmartScreen](#browser-allowsmartscreen)
+-   [Browser/AllowPopups](#browser-allowpopups)  
+-   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
+-   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
 -   [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit)  
 -   [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines)  
 -   [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages)  
--   [Browser/HomePages](#browser-homepages)
+-   [Browser/HomePages](#browser-homepages)  
 -   [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection)  
--   [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride)
--   [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles)
+-   [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride)  
+-   [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles)  
 -   [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine)  
--   [Camera/AllowCamera](#camera-allowcamera)
--   [ConfigOperations/ADMXInstall](#configoperations-admxinstall)  
--   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)
+-   [Camera/AllowCamera](#camera-allowcamera)  
+-   [ConfigOperations/ADMXInstall](#None)  
+-   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
 -   [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices)  
--   [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)
--   [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)
--   [Defender/AllowArchiveScanning](#defender-allowarchivescanning)
--   [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)
--   [Defender/AllowCloudProtection](#defender-allowcloudprotection)
--   [Defender/AllowEmailScanning](#defender-allowemailscanning)
--   [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives)
--   [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning)
--   [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem)
--   [Defender/AllowIOAVProtection](#defender-allowioavprotection)
--   [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection)
--   [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring)
--   [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles)
--   [Defender/AllowScriptScanning](#defender-allowscriptscanning)
--   [Defender/AllowUserUIAccess](#defender-allowuseruiaccess)
--   [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor)
--   [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware)
--   [Defender/ExcludedExtensions](#defender-excludedextensions)
--   [Defender/ExcludedPaths](#defender-excludedpaths)
--   [Defender/ExcludedProcesses](#defender-excludedprocesses)
--   [Defender/PUAProtection](#defender-puaprotection)
--   [Defender/RealTimeScanDirection](#defender-realtimescandirection)
--   [Defender/ScanParameter](#defender-scanparameter)
--   [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime)
--   [Defender/ScheduleScanDay](#defender-schedulescanday)
--   [Defender/ScheduleScanTime](#defender-schedulescantime)
--   [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval)
--   [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent)
--   [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction)
--   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)
--   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)
--   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)
--   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)
--   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)
--   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)
--   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)
--   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)
--   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)
--   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)
--   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)
--   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)
--   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)
--   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)
--   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)
--   [DeviceGuard/AllowKernelControlFlowGuard](#deviceguard-allowkernelcontrolflowguard)  
+-   [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)  
+-   [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)  
+-   [Defender/AllowArchiveScanning](#defender-allowarchivescanning)  
+-   [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)  
+-   [Defender/AllowCloudProtection](#defender-allowcloudprotection)  
+-   [Defender/AllowEmailScanning](#defender-allowemailscanning)  
+-   [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives)  
+-   [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning)  
+-   [Defender/AllowIOAVProtection](#defender-allowioavprotection)  
+-   [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem)  
+-   [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection)  
+-   [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring)  
+-   [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles)  
+-   [Defender/AllowScriptScanning](#defender-allowscriptscanning)  
+-   [Defender/AllowUserUIAccess](#defender-allowuseruiaccess)  
+-   [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor)  
+-   [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware)  
+-   [Defender/ExcludedExtensions](#defender-excludedextensions)  
+-   [Defender/ExcludedPaths](#defender-excludedpaths)  
+-   [Defender/ExcludedProcesses](#defender-excludedprocesses)  
+-   [Defender/PUAProtection](#defender-puaprotection)  
+-   [Defender/RealTimeScanDirection](#defender-realtimescandirection)  
+-   [Defender/ScanParameter](#defender-scanparameter)  
+-   [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime)  
+-   [Defender/ScheduleScanDay](#defender-schedulescanday)  
+-   [Defender/ScheduleScanTime](#defender-schedulescantime)  
+-   [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval)  
+-   [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent)  
+-   [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction)  
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)  
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)  
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)  
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)  
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)  
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)  
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)  
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)  
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)  
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)  
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)  
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)  
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)  
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)  
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)  
+-   [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)  
+-   [DeviceGuard/AllowKernelControlFlowGuard](#None)  
 -   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
 -   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
 -   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
@@ -21725,40 +3322,41 @@ Footnote:
 -   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
 -   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
 -   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
--   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)
--   [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)
--   [System/AllowFontProviders](#system-allowfontproviders) 
--   [System/AllowLocation](#system-allowlocation)
--   [System/AllowTelemetry](#system-allowtelemetry)
--   [TextInput/AllowIMELogging](#textinput-allowimelogging)
--   [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess)
--   [TextInput/AllowInputPanel](#textinput-allowinputpanel)
--   [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters)
--   [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters)
--   [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph)
--   [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary)
--   [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall)
--   [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)
--   [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)
--   [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)
--   [TimeLanguageSettings/Set24HourClock](#timelanguagesettings-set24hourclock)  
--   [TimeLanguageSettings/SetCountry](#timelanguagesettings-setcountry)  
--   [TimeLanguageSettings/SetLanguage](#timelanguagesettings-setlanguage)  
--   [Update/AllowAutoUpdate](#update-allowautoupdate)
--   [Update/AllowUpdateService](#update-allowupdateservice)
+-   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
+-   [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)  
+-   [System/AllowFontProviders](#system-allowfontproviders)  
+-   [System/AllowLocation](#system-allowlocation)  
+-   [System/AllowTelemetry](#system-allowtelemetry)  
+-   [TextInput/AllowIMELogging](#textinput-allowimelogging)  
+-   [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess)  
+-   [TextInput/AllowInputPanel](#textinput-allowinputpanel)  
+-   [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters)  
+-   [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters)  
+-   [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph)  
+-   [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary)  
+-   [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall)  
+-   [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)  
+-   [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)  
+-   [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)  
+-   [TimeLanguageSettings/Set24HourClock](#None)  
+-   [TimeLanguageSettings/SetCountry](#None)  
+-   [TimeLanguageSettings/SetLanguage](#None)  
+-   [Update/AllowAutoUpdate](#update-allowautoupdate)  
+-   [Update/AllowUpdateService](#update-allowupdateservice)  
 -   [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule)  
 -   [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal)  
--   [Update/BranchReadinessLevel](#update-branchreadinesslevel)
--   [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)
--   [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)
+-   [Update/BranchReadinessLevel](#update-branchreadinesslevel)  
+-   [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)  
+-   [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)  
 -   [Update/DetectionFrequency](#update-detectionfrequency)  
--   [Update/PauseFeatureUpdates](#update-pausefeatureupdates)
--   [Update/PauseQualityUpdates](#update-pausequalityupdates)
+-   [Update/PauseFeatureUpdates](#update-pausefeatureupdates)  
+-   [Update/PauseQualityUpdates](#update-pausequalityupdates)  
 -   [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning)  
 -   [Update/ScheduleRestartWarning](#update-schedulerestartwarning)  
 -   [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable)  
--   [Update/UpdateServiceUrl](#update-updateserviceurl)
+-   [Update/UpdateServiceUrl](#update-updateserviceurl)  
 -   [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate)  
+-   [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
 <!--EndSurfaceHub-->
 
 <!--StartEAS-->
@@ -21778,6 +3376,7 @@ Footnote:
 -   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)  
 -   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)  
 -   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)  
+-   [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow)  
 -   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
 -   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
 -   [System/AllowStorageCard](#system-allowstoragecard)  
@@ -21786,6 +3385,7 @@ Footnote:
 -   [Wifi/AllowWiFi](#wifi-allowwifi)  
 <!--EndEAS-->
 
+
 ## Examples
 
 Set the minimum password length to 4 characters.
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
new file mode 100644
index 0000000000..125546ca2b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -0,0 +1,145 @@
+---
+title: Policy CSP - AboveLock
+description: Policy CSP - AboveLock
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - AboveLock
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## AboveLock policies  
+
+<!--StartPolicy-->
+<a href="" id="abovelock-allowactioncenternotifications"></a>**AboveLock/AllowActionCenterNotifications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Specifies whether to allow Action Center notifications above the device lock screen.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="abovelock-allowcortanaabovelock"></a>**AboveLock/AllowCortanaAboveLock**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="abovelock-allowtoasts"></a>**AboveLock/AllowToasts**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow toast notifications above the device lock screen.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
new file mode 100644
index 0000000000..8e3cbf0a9f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -0,0 +1,186 @@
+---
+title: Policy CSP - Accounts
+description: Policy CSP - Accounts
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Accounts
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Accounts policies  
+
+<!--StartPolicy-->
+<a href="" id="accounts-allowaddingnonmicrosoftaccountsmanually"></a>**Accounts/AllowAddingNonMicrosoftAccountsManually**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether user is allowed to add non-MSA email accounts.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+> [!NOTE]
+> This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="accounts-allowmicrosoftaccountconnection"></a>**Accounts/AllowMicrosoftAccountConnection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="accounts-allowmicrosoftaccountsigninassistant"></a>**Accounts/AllowMicrosoftAccountSignInAssistant**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disabled.
+-   1 (default) – Manual start.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="accounts-domainnamesforemailsync"></a>**Accounts/DomainNamesForEmailSync**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies a list of the domains that are allowed to sync email on the device.
+
+<p style="margin-left: 20px">The data type is a string.
+
+<p style="margin-left: 20px">The default value is an empty string, which allows all email accounts on the device to sync email. Otherwise, the string should contain a pipe-separated list of domains that are allowed to sync email on the device. For example, "contoso.com|fabrikam.net|woodgrove.gov".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Accounts policies supported by Windows Holographic for Business  
+
+-   [Accounts/AllowMicrosoftAccountConnection](#accounts-allowmicrosoftaccountconnection)  
+<!--EndHoloLens-->
+
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
new file mode 100644
index 0000000000..e2cb16c774
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -0,0 +1,74 @@
+---
+title: Policy CSP - ActiveXControls
+description: Policy CSP - ActiveXControls
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - ActiveXControls
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## ActiveXControls policies  
+
+<!--StartPolicy-->
+<a href="" id="activexcontrols-approvedinstallationsites"></a>**ActiveXControls/ApprovedInstallationSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.
+
+If you enable this setting, the administrator can create a list of approved ActiveX Install sites specified by host URL.
+
+If you disable or do not configure this policy setting, ActiveX controls prompt the user for administrative credentials before installation.
+
+Note: Wild card characters cannot be used when specifying the host URLs.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Approved Installation Sites for ActiveX Controls*
+-   GP name: *ApprovedActiveXInstallSites*
+-   GP ADMX file name: *ActiveXInstallService.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
new file mode 100644
index 0000000000..bf34e7343f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -0,0 +1,121 @@
+---
+title: Policy CSP - ApplicationDefaults
+description: Policy CSP - ApplicationDefaults
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - ApplicationDefaults
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## ApplicationDefaults policies  
+
+<!--StartPolicy-->
+<a href="" id="applicationdefaults-defaultassociationsconfiguration"></a>**ApplicationDefaults/DefaultAssociationsConfiguration**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be  base64 encoded before being added to SyncML.
+ 
+<p style="margin-left: 20px">If policy is enabled and the client machine is Azure Active Directory joined, the associations assigned in SyncML will be processed and default associations will be applied.
+
+<p style="margin-left: 20px">To create create the SyncML, follow these steps:
+<ol>
+<li>Install a few apps and change your defaults.</li>
+<li>From an elevated prompt, run "dism /online /export-defaultappassociations:appassoc.xml"</li>
+<li>Take the XML output and put it through your favorite base64 encoder app.</li>
+<li>Paste the base64 encoded XML into the SyncML</li>
+</ol>
+
+<p style="margin-left: 20px">Here is an example output from the dism default association export command:
+
+``` syntax
+<?xml version="1.0" encoding="UTF-8"?>
+<DefaultAssociations>
+  <Association Identifier=".htm" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+  <Association Identifier=".html" ProgId="AppX4hxtad77fbk3jkkeerkrm0ze94wjf3s9" ApplicationName="Microsoft Edge" />
+  <Association Identifier=".pdf" ProgId="AppXd4nrz8ff68srnhf9t5a8sbjyar1cr723" ApplicationName="Microsoft Edge" />
+  <Association Identifier="http" ProgId="AppXq0fevzme2pys62n3e0fbqa7peapykr8v" ApplicationName="Microsoft Edge" />
+  <Association Identifier="https" ProgId="AppX90nv6nhay5n6a98fnetv7tpk64pp35es" ApplicationName="Microsoft Edge" />
+</DefaultAssociations
+```
+
+<p style="margin-left: 20px">Here is the base64 encoded result:
+
+``` syntax
+PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
+```
+
+<p style="margin-left: 20px">Here is the SyncMl example:
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<SyncML xmlns="SYNCML:SYNCML1.1">
+<SyncBody>
+    <Replace>
+      <CmdID>101</CmdID>
+      <Item>
+        <Meta>
+          <Format>chr</Format>
+          <Type>text/plain</Type>
+        </Meta>
+        <Target>
+          <LocURI>./Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration</LocURI>
+        </Target>
+        <Data>PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjxEZWZhdWx0QXNzb2NpYXRpb25zPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iLmh0bSIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIuaHRtbCIgUHJvZ0lkPSJBcHBYNGh4dGFkNzdmYmszamtrZWVya3JtMHplOTR3amYzczkiIEFwcGxpY2F0aW9uTmFtZT0iTWljcm9zb2Z0IEVkZ2UiIC8+DQogIDxBc3NvY2lhdGlvbiBJZGVudGlmaWVyPSIucGRmIiBQcm9nSWQ9IkFwcFhkNG5yejhmZjY4c3JuaGY5dDVhOHNianlhcjFjcjcyMyIgQXBwbGljYXRpb25OYW1lPSJNaWNyb3NvZnQgRWRnZSIgLz4NCiAgPEFzc29jaWF0aW9uIElkZW50aWZpZXI9Imh0dHAiIFByb2dJZD0iQXBwWHEwZmV2em1lMnB5czYybjNlMGZicWE3cGVhcHlrcjh2IiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KICA8QXNzb2NpYXRpb24gSWRlbnRpZmllcj0iaHR0cHMiIFByb2dJZD0iQXBwWDkwbnY2bmhheTVuNmE5OGZuZXR2N3RwazY0cHAzNWVzIiBBcHBsaWNhdGlvbk5hbWU9Ik1pY3Jvc29mdCBFZGdlIiAvPg0KPC9EZWZhdWx0QXNzb2NpYXRpb25zPg0KDQo=
+</Data>
+      </Item>
+    </Replace>
+  <Final/>
+  </SyncBody>
+</SyncML>
+```
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>ApplicationDefaults policies supported by Microsoft Surface Hub  
+
+-   [ApplicationDefaults/DefaultAssociationsConfiguration](#applicationdefaults-defaultassociationsconfiguration)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
new file mode 100644
index 0000000000..805e786817
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -0,0 +1,489 @@
+---
+title: Policy CSP - ApplicationManagement
+description: Policy CSP - ApplicationManagement
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - ApplicationManagement
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## ApplicationManagement policies  
+
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-allowalltrustedapps"></a>**ApplicationManagement/AllowAllTrustedApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether non Windows Store apps are allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Explicit deny.
+-   1 – Explicit allow unlock.
+-   65535 (default) – Not configured.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-allowappstoreautoupdate"></a>**ApplicationManagement/AllowAppStoreAutoUpdate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether automatic update of apps from Windows Store are allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-allowdeveloperunlock"></a>**ApplicationManagement/AllowDeveloperUnlock**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether developer unlock is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Explicit deny.
+-   1 – Explicit allow unlock.
+-   65535 (default) – Not configured.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-allowgamedvr"></a>**ApplicationManagement/AllowGameDVR**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Specifies whether DVR and broadcasting is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-allowshareduserappdata"></a>**ApplicationManagement/AllowSharedUserAppData**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether multiple users of the same app can share data.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-allowstore"></a>**ApplicationManagement/AllowStore**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether app store is allowed at the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-applicationrestrictions"></a>**ApplicationManagement/ApplicationRestrictions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
+
+ 
+<p style="margin-left: 20px">An XML blob that specifies the application restrictions company want to put to the device. It could be an app allow list, app disallow list, allowed publisher IDs, and so on. For a list of Windows apps and product IDs, see [inbox apps](applocker-csp.md#inboxappsandcomponents). For more information about the XML, see the [ApplicationRestrictions XSD](applicationrestrictions-xsd.md).
+
+> [!NOTE]
+> When you upgrade Windows Phone 8.1 devices to Windows 10 Mobile with a list of allowed apps, some Windows inbox apps get blocked causing unexpected behavior. To work around this issue, you must include the [inbox apps](applocker-csp.md#inboxappsandcomponents) that you need to your list of allowed apps.
+>
+> Here's additional guidance for the upgrade process:
+>
+>  -   Use Windows 10 product IDs for the apps listed in [inbox apps](applocker-csp.md#inboxappsandcomponents).
+>  -   Use the new Microsoft publisher name (PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US") and Publisher="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" if you are using the publisher policy. Do not remove the Windows  Phone 8.1 publisher if you are using it.
+>  -   In the SyncML, you must use lowercase product ID.
+>  -   Do not duplicate a product ID. Messaging and Skype Video use the same product ID. Duplicates cause an error.
+>  -   You cannot disable or enable **Contact Support** and **Windows Feedback** apps using ApplicationManagement/ApplicationRestrictions policy, although these are listed in the [inbox apps](applocker-csp.md#inboxappsandcomponents).
+
+
+<p style="margin-left: 20px">An application that is running may not be immediately terminated.
+
+<p style="margin-left: 20px">Value type is chr.
+
+<p style="margin-left: 20px">Value evaluation rule - The information for PolicyManager is opaque. There is no most restricted value evaluation. Whenever there is a change to the value, the device parses the node value and enforces specified policies.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-disablestoreoriginatedapps"></a>**ApplicationManagement/DisableStoreOriginatedApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Windows Store that came pre-installed or were downloaded.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Enable launch of apps.
+-   1 – Disable launch of apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-requireprivatestoreonly"></a>**ApplicationManagement/RequirePrivateStoreOnly**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows disabling of the retail catalog and only enables the Private store.
+
+> [!IMPORTANT]
+> This node must be accessed using the following paths:
+>
+> -   **./User/Vendor/MSFT/Policy/Config/ApplicationManagement/RequirePrivateStoreOnly** to set the policy.
+> -   **./User/Vendor/MSFT/Policy/Result/ApplicationManagement/RequirePrivateStoreOnly** to get the result.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Allow both public and Private store.
+-   1 – Only Private store is enabled.
+
+<p style="margin-left: 20px">This is a per user policy.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-restrictappdatatosystemvolume"></a>**ApplicationManagement/RestrictAppDataToSystemVolume**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether application data is restricted to the system drive.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not restricted.
+-   1 – Restricted.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="applicationmanagement-restrictapptosystemvolume"></a>**ApplicationManagement/RestrictAppToSystemVolume**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether the installation of applications is restricted to the system drive.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not restricted.
+-   1 – Restricted.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>ApplicationManagement policies supported by Windows Holographic for Business  
+
+-   [ApplicationManagement/AllowAllTrustedApps](#applicationmanagement-allowalltrustedapps)  
+-   [ApplicationManagement/AllowAppStoreAutoUpdate](#applicationmanagement-allowappstoreautoupdate)  
+-   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>ApplicationManagement policies supported by IoT Core  
+
+-   [ApplicationManagement/AllowDeveloperUnlock](#applicationmanagement-allowdeveloperunlock)  
+<!--EndIoTCore-->
+
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
new file mode 100644
index 0000000000..3aaaa8966e
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -0,0 +1,1194 @@
+---
+title: Policy CSP - AppVirtualization
+description: Policy CSP - AppVirtualization
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - AppVirtualization
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## AppVirtualization policies  
+
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowappvclient"></a>**AppVirtualization/AllowAppVClient**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable App-V Client*
+-   GP name: *EnableAppV*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowdynamicvirtualization"></a>**AppVirtualization/AllowDynamicVirtualization**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable Dynamic Virtualization*
+-   GP name: *Virtualization_JITVEnable*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowpackagecleanup"></a>**AppVirtualization/AllowPackageCleanup**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable automatic cleanup of unused appv packages*
+-   GP name: *PackageManagement_AutoCleanupEnable*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowpackagescripts"></a>**AppVirtualization/AllowPackageScripts**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Enables scripts defined in the package manifest of configuration files that should run.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable Package Scripts*
+-   GP name: *Scripting_Enable_Package_Scripts*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowpublishingrefreshux"></a>**AppVirtualization/AllowPublishingRefreshUX**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Enables a UX to display to the user when a publishing refresh is performed on the client.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable Publishing Refresh UX*
+-   GP name: *Enable_Publishing_Refresh_UX*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowreportingserver"></a>**AppVirtualization/AllowReportingServer**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Reporting Server URL: Displays the URL of reporting server.
+
+Reporting Time: When the client data should be reported to the server. Acceptable range is 0~23, corresponding to the 24 hours in a day. A good practice is, don't set this time to a busy hour, e.g. 9AM.
+
+Delay reporting for the random minutes: The maximum minutes of random delay on top of the reporting time. For a busy system, the random delay will help reduce the server load.
+
+Repeat reporting for every (days): The periodical interval in days for sending the reporting data.
+
+Data Cache Limit: This value specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The default value is 20 MB. The size applies to the cache in memory. When the limit is reached, the log file will roll over. When a new record is to be added (bottom of the list), one or more of the oldest records (top of the list) will be deleted to make room. A warning will be logged to the Client log and the event log the first time this occurs, and will not be logged again until after the cache has been successfully cleared on transmission and the log has filled up again.
+
+Data Block Size: This value specifies the maximum size in bytes to transmit to the server at once on a reporting upload, to avoid permanent transmission failures when the log has reached a significant size. The  default value is 65536. When transmitting report data to the server, one block at a time of application records that is less than or equal to the block size in bytes of XML data will be removed from the cache and sent to the server. Each block will have the general Client data and global package list data prepended, and these will not factor into the block size calculations; the potential exists for an extremely large package list to result in transmission failures over low bandwidth or unreliable connections.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Reporting Server*
+-   GP name: *Reporting_Server_Policy*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowroamingfileexclusions"></a>**AppVirtualization/AllowRoamingFileExclusions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Roaming File Exclusions*
+-   GP name: *Integration_Roaming_File_Exclusions*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowroamingregistryexclusions"></a>**AppVirtualization/AllowRoamingRegistryExclusions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Roaming Registry Exclusions*
+-   GP name: *Integration_Roaming_Registry_Exclusions*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-allowstreamingautoload"></a>**AppVirtualization/AllowStreamingAutoload**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies how new packages should be loaded automatically by App-V on a specific computer.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify what to load in background (aka AutoLoad)*
+-   GP name: *Steaming_Autoload*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-clientcoexistenceallowmigrationmode"></a>**AppVirtualization/ClientCoexistenceAllowMigrationmode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable Migration Mode*
+-   GP name: *Client_Coexistence_Enable_Migration_mode*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-integrationallowrootglobal"></a>**AppVirtualization/IntegrationAllowRootGlobal**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Integration Root User*
+-   GP name: *Integration_Root_User*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-integrationallowrootuser"></a>**AppVirtualization/IntegrationAllowRootUser**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Integration Root Global*
+-   GP name: *Integration_Root_Global*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-publishingallowserver1"></a>**AppVirtualization/PublishingAllowServer1**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Publishing Server Display Name: Displays the name of publishing server.
+
+Publishing Server URL: Displays the URL of publishing server.
+
+Global Publishing Refresh: Enables global publishing refresh (Boolean).
+
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+
+Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
+
+Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+User Publishing Refresh: Enables user publishing refresh (Boolean).
+
+User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+
+User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
+
+User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Publishing Server 1 Settings*
+-   GP name: *Publishing_Server1_Policy*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-publishingallowserver2"></a>**AppVirtualization/PublishingAllowServer2**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Publishing Server Display Name: Displays the name of publishing server.
+
+Publishing Server URL: Displays the URL of publishing server.
+
+Global Publishing Refresh: Enables global publishing refresh (Boolean).
+
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+
+Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
+
+Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+User Publishing Refresh: Enables user publishing refresh (Boolean).
+
+User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+
+User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
+
+User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Publishing Server 2 Settings*
+-   GP name: *Publishing_Server2_Policy*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-publishingallowserver3"></a>**AppVirtualization/PublishingAllowServer3**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Publishing Server Display Name: Displays the name of publishing server.
+
+Publishing Server URL: Displays the URL of publishing server.
+
+Global Publishing Refresh: Enables global publishing refresh (Boolean).
+
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+
+Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
+
+Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+User Publishing Refresh: Enables user publishing refresh (Boolean).
+
+User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+
+User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
+
+User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Publishing Server 3 Settings*
+-   GP name: *Publishing_Server3_Policy*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-publishingallowserver4"></a>**AppVirtualization/PublishingAllowServer4**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Publishing Server Display Name: Displays the name of publishing server.
+
+Publishing Server URL: Displays the URL of publishing server.
+
+Global Publishing Refresh: Enables global publishing refresh (Boolean).
+
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+
+Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
+
+Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+User Publishing Refresh: Enables user publishing refresh (Boolean).
+
+User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+
+User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
+
+User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Publishing Server 4 Settings*
+-   GP name: *Publishing_Server4_Policy*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-publishingallowserver5"></a>**AppVirtualization/PublishingAllowServer5**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Publishing Server Display Name: Displays the name of publishing server.
+
+Publishing Server URL: Displays the URL of publishing server.
+
+Global Publishing Refresh: Enables global publishing refresh (Boolean).
+
+Global Publishing Refresh On Logon: Triggers a global publishing refresh on logon (Boolean).
+
+Global Publishing Refresh Interval: Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.
+
+Global Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+User Publishing Refresh: Enables user publishing refresh (Boolean).
+
+User Publishing Refresh On Logon: Triggers a user publishing refresh on logon (Boolean).
+
+User Publishing Refresh Interval: Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.
+
+User Publishing Refresh Interval Unit: Specifies the interval unit (Hour 0-23, Day 0-31).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Publishing Server 5 Settings*
+-   GP name: *Publishing_Server5_Policy*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowcertificatefilterforclient_ssl"></a>**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the path to a valid certificate in the certificate store.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Certificate Filter For Client SSL*
+-   GP name: *Streaming_Certificate_Filter_For_Client_SSL*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowhighcostlaunch"></a>**AppVirtualization/StreamingAllowHighCostLaunch**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection*
+-   GP name: *Streaming_Allow_High_Cost_Launch*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowlocationprovider"></a>**AppVirtualization/StreamingAllowLocationProvider**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Location Provider*
+-   GP name: *Streaming_Location_Provider*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowpackageinstallationroot"></a>**AppVirtualization/StreamingAllowPackageInstallationRoot**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies directory where all new applications and updates will be installed.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Package Installation Root*
+-   GP name: *Streaming_Package_Installation_Root*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowpackagesourceroot"></a>**AppVirtualization/StreamingAllowPackageSourceRoot**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Overrides source location for downloading package content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Package Source Root*
+-   GP name: *Streaming_Package_Source_Root*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowreestablishmentinterval"></a>**AppVirtualization/StreamingAllowReestablishmentInterval**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the number of seconds between attempts to reestablish a dropped session.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Reestablishment Interval*
+-   GP name: *Streaming_Reestablishment_Interval*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingallowreestablishmentretries"></a>**AppVirtualization/StreamingAllowReestablishmentRetries**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies the number of times to retry a dropped session.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Reestablishment Retries*
+-   GP name: *Streaming_Reestablishment_Retries*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingsharedcontentstoremode"></a>**AppVirtualization/StreamingSharedContentStoreMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies that streamed package contents will be not be saved to the local hard disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Shared Content Store (SCS) mode*
+-   GP name: *Streaming_Shared_Content_Store_Mode*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingsupportbranchcache"></a>**AppVirtualization/StreamingSupportBranchCache**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable Support for BranchCache*
+-   GP name: *Streaming_Support_Branch_Cache*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-streamingverifycertificaterevocationlist"></a>**AppVirtualization/StreamingVerifyCertificateRevocationList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Verifies Server certificate revocation status before streaming using HTTPS.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Verify certificate revocation list*
+-   GP name: *Streaming_Verify_Certificate_Revocation_List*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="appvirtualization-virtualcomponentsallowlist"></a>**AppVirtualization/VirtualComponentsAllowList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Virtual Component Process Allow List*
+-   GP name: *Virtualization_JITVAllowList*
+-   GP ADMX file name: *appv.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
new file mode 100644
index 0000000000..16d1409a9a
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -0,0 +1,162 @@
+---
+title: Policy CSP - AttachmentManager
+description: Policy CSP - AttachmentManager
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - AttachmentManager
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## AttachmentManager policies  
+
+<!--StartPolicy-->
+<a href="" id="attachmentmanager-donotpreservezoneinformation"></a>**AttachmentManager/DoNotPreserveZoneInformation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
+
+If you enable this policy setting, Windows does not mark file attachments with their zone information.
+
+If you disable this policy setting, Windows marks file attachments with their zone information.
+
+If you do not configure this policy setting, Windows marks file attachments with their zone information.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not preserve zone information in file attachments*
+-   GP name: *AM_MarkZoneOnSavedAtttachments*
+-   GP ADMX file name: *AttachmentManager.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="attachmentmanager-hidezoneinfomechanism"></a>**AttachmentManager/HideZoneInfoMechanism**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.
+
+If you enable this policy setting, Windows hides the check box and Unblock button.
+
+If you disable this policy setting, Windows shows the check box and Unblock button.
+
+If you do not configure this policy setting, Windows hides the check box and Unblock button.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Hide mechanisms to remove zone information*
+-   GP name: *AM_RemoveZoneInfo*
+-   GP ADMX file name: *AttachmentManager.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="attachmentmanager-notifyantivirusprograms"></a>**AttachmentManager/NotifyAntivirusPrograms**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
+
+If you enable this policy setting, Windows tells the registered antivirus program to scan the file when a user opens a file attachment. If the antivirus program fails, the attachment is blocked from being opened.
+
+If you disable this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
+
+If you do not configure this policy setting, Windows does not call the registered antivirus programs when file attachments are opened.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Notify antivirus programs when opening attachments*
+-   GP name: *AM_CallIOfficeAntiVirus*
+-   GP ADMX file name: *AttachmentManager.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
new file mode 100644
index 0000000000..a3abf1e90d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -0,0 +1,165 @@
+---
+title: Policy CSP - Authentication
+description: Policy CSP - Authentication
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Authentication
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Authentication policies  
+
+<!--StartPolicy-->
+<a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
+
+> [!IMPORTANT]
+> This node must be accessed using the following paths:
+>
+> -   **./User/Vendor/MSFT/Policy/Config/Authentication/AllowEAPCertSSO** to set the policy.
+> -   **./User/Vendor/MSFT/Policy/Result/Authentication/AllowEAPCertSSO** to get the result.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="authentication-allowfastreconnect"></a>**Authentication/AllowFastReconnect**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows EAP Fast Reconnect from being attempted for EAP Method TLS.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="authentication-allowsecondaryauthenticationdevice"></a>**Authentication/AllowSecondaryAuthenticationDevice**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 – Allowed.
+
+<p style="margin-left: 20px">The default for this policy must be on for consumer devices (defined as local or Microsoft account connected device) and off for enterprise devices (such as cloud domain-joined, cloud domain-joined in an on-premise only environment, cloud domain-joined in a hybrid environment, and BYOD).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Authentication policies supported by Windows Holographic for Business  
+
+-   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Authentication policies supported by IoT Core  
+
+-   [Authentication/AllowFastReconnect](#authentication-allowfastreconnect)  
+<!--EndIoTCore-->
+
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
new file mode 100644
index 0000000000..94426589fc
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -0,0 +1,175 @@
+---
+title: Policy CSP - Autoplay
+description: Policy CSP - Autoplay
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Autoplay
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Autoplay policies  
+
+<!--StartPolicy-->
+<a href="" id="autoplay-disallowautoplayfornonvolumedevices"></a>**Autoplay/DisallowAutoplayForNonVolumeDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting disallows AutoPlay for MTP devices like cameras or phones.
+
+If you enable this policy setting, AutoPlay is not allowed for MTP devices like cameras or phones.
+
+If you disable or do not configure this policy setting, AutoPlay is enabled for non-volume devices.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disallow Autoplay for non-volume devices*
+-   GP name: *NoAutoplayfornonVolume*
+-   GP ADMX file name: *AutoPlay.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="autoplay-setdefaultautorunbehavior"></a>**Autoplay/SetDefaultAutoRunBehavior**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting sets the default behavior for Autorun commands.
+
+Autorun commands are generally stored in autorun.inf files. They often launch the installation program or other routines.
+
+Prior to Windows Vista, when media containing an autorun command is inserted, the system will automatically execute the program without user intervention.
+
+This creates a major security concern as code may be executed without user's knowledge. The default behavior starting with Windows Vista is to prompt the user whether autorun command is to be run. The autorun command is represented as a handler in the Autoplay dialog.
+
+If you enable this policy setting, an Administrator can change the default Windows Vista or later behavior for autorun to:
+
+a) Completely disable autorun commands, or
+b) Revert back to pre-Windows Vista behavior of automatically executing the autorun command.
+
+If you disable or not configure this policy setting, Windows Vista or later will prompt the user whether autorun command is to be run.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Set the default behavior for AutoRun*
+-   GP name: *NoAutorun*
+-   GP ADMX file name: *AutoPlay.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="autoplay-turnoffautoplay"></a>**Autoplay/TurnOffAutoPlay**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to turn off the Autoplay feature.
+
+Autoplay begins reading from a drive as soon as you insert media in the drive. As a result, the setup file of programs and the music on audio media start immediately.
+
+Prior to Windows XP SP2, Autoplay is disabled by default on removable drives, such as the floppy disk drive (but not the CD-ROM drive), and on network drives.
+
+Starting with Windows XP SP2, Autoplay is enabled for removable drives as well, including Zip drives and some USB mass storage devices.
+
+If you enable this policy setting, Autoplay is disabled on CD-ROM and removable media drives, or disabled on all drives.
+
+This policy setting disables Autoplay on additional types of drives. You cannot use this setting to enable Autoplay on drives on which it is disabled by default.
+
+If you disable or do not configure this policy setting, AutoPlay is enabled.
+
+Note: This policy setting appears in both the Computer Configuration and User Configuration folders. If the policy settings conflict, the policy setting in Computer Configuration takes precedence over the policy setting in User Configuration.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off Autoplay*
+-   GP name: *Autorun*
+-   GP ADMX file name: *AutoPlay.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
new file mode 100644
index 0000000000..c4a361dbf8
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -0,0 +1,71 @@
+---
+title: Policy CSP - Bitlocker
+description: Policy CSP - Bitlocker
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Bitlocker
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Bitlocker policies  
+
+<!--StartPolicy-->
+<a href="" id="bitlocker-encryptionmethod"></a>**Bitlocker/EncryptionMethod**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies the BitLocker Drive Encryption method and cipher strength.
+
+> [!NOTE]
+> XTS-AES 128-bit and XTS-AES 256-bit values are only supported on Windows 10 for desktop.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   3 - AES-CBC 128-bit
+-   4 - AES-CBC 256-bit
+-   6 - XTS-AES 128-bit (Desktop only)
+-   7 - XTS-AES 256-bit (Desktop only)
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
new file mode 100644
index 0000000000..c4f2efa69b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -0,0 +1,241 @@
+---
+title: Policy CSP - Bluetooth
+description: Policy CSP - Bluetooth
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Bluetooth
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Bluetooth policies  
+
+<!--StartPolicy-->
+<a href="" id="bluetooth-allowadvertising"></a>**Bluetooth/AllowAdvertising**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether the device can send out Bluetooth advertisements.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed. When set to 0, the device will not send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is not received by the peripheral.
+-   1 (default) – Allowed. When set to 1, the device will send out advertisements. To verify, use any Bluetooth LE app and enable it to do advertising. Then, verify that the advertisement is received by the peripheral.
+
+<p style="margin-left: 20px">If this is not set or it is deleted, the default value of 1 (Allow) is used.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="bluetooth-allowdiscoverablemode"></a>**Bluetooth/AllowDiscoverableMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether other Bluetooth-enabled devices can discover the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed. When set to 0, other devices will not be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that you cannot see the name of the device.
+-   1 (default) – Allowed. When set to 1, other devices will be able to detect the device. To verify, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel and verify that you can discover it.
+
+<p style="margin-left: 20px">If this is not set or it is deleted, the default value of 1 (Allow) is used.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="bluetooth-allowprepairing"></a>**Bluetooth/AllowPrepairing**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default)– Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="bluetooth-localdevicename"></a>**Bluetooth/LocalDeviceName**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Sets the local Bluetooth device name.
+
+<p style="margin-left: 20px">If this is set, the value that it is set to will be used as the Bluetooth device name. To verify the policy is set, open the Bluetooth control panel on the device. Then, go to another Bluetooth-enabled device, open the Bluetooth control panel, and verify that the value that was specified.
+
+<p style="margin-left: 20px">If this policy is not set or it is deleted, the default local radio name is used.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="bluetooth-servicesallowedlist"></a>**Bluetooth/ServicesAllowedList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
+
+<p style="margin-left: 20px">The default value is an empty string.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Bluetooth policies supported by Windows Holographic for Business  
+
+-   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+-   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
+-   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Bluetooth policies supported by IoT Core  
+
+-   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+-   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
+-   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
+-   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Bluetooth policies supported by Microsoft Surface Hub  
+
+-   [Bluetooth/AllowAdvertising](#bluetooth-allowadvertising)  
+-   [Bluetooth/AllowDiscoverableMode](#bluetooth-allowdiscoverablemode)  
+-   [Bluetooth/AllowPrepairing](#bluetooth-allowprepairing)  
+-   [Bluetooth/LocalDeviceName](#bluetooth-localdevicename)  
+-   [Bluetooth/ServicesAllowedList](#bluetooth-servicesallowedlist)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
new file mode 100644
index 0000000000..ac21e5988b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -0,0 +1,1436 @@
+---
+title: Policy CSP - Browser
+description: Policy CSP - Browser
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Browser
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Browser policies  
+
+<!--StartPolicy-->
+<a href="" id="browser-allowaddressbardropdown"></a>**Browser/AllowAddressBarDropdown**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. 
+
+> [!NOTE]
+> Disabling this setting turns off the address bar drop-down functionality. Because search suggestions are shown in the drop-down list, this setting takes precedence over the Browser/AllowSearchSuggestionsinAddressBar setting.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed. Address bar drop-down is disabled, which also disables the user-defined setting, "Show search and site suggestions as I type." 
+-   1 (default) – Allowed. Address bar drop-down is enabled.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowautofill"></a>**Browser/AllowAutofill**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether autofill on websites is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">To verify AllowAutofill is set to 0 (not allowed):
+
+1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+2.  In the upper-right corner of the browser, click **…**.
+3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+4.  Verify the setting **Save form entries** is greyed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowbrowser"></a>**Browser/AllowBrowser**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
+
+
+<p style="margin-left: 20px">Specifies whether the browser is allowed on the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">When this policy is set to 0 (not allowed), the Microsoft Edge for Windows 10 Mobile tile will appear greyed out, and clicking on the tile will display a message indicating theat Internet browsing has been disabled by your administrator.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowcookies"></a>**Browser/AllowCookies**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether cookies are allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">To verify AllowCookies is set to 0 (not allowed):
+
+1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+2.  In the upper-right corner of the browser, click **…**.
+3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+4.  Verify the setting **Cookies** is greyed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowdevelopertools"></a>**Browser/AllowDeveloperTools**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Specifies whether employees can use F12 Developer Tools on Microsoft Edge. Turning this setting on, or not configuring it, lets employees use F12 Developer Tools. Turning this setting off stops employees from using F12 Developer Tools.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowdonottrack"></a>**Browser/AllowDoNotTrack**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether Do Not Track headers are allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<p style="margin-left: 20px">To verify AllowDoNotTrack is set to 0 (not allowed):
+
+1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+2.  In the upper-right corner of the browser, click **…**.
+3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+4.  Verify the setting **Send Do Not Track requests** is greyed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowextensions"></a>**Browser/AllowExtensions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowflash"></a>**Browser/AllowFlash**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowflashclicktorun"></a>**Browser/AllowFlashClickToRun**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Adobe Flash content is automatically loaded and run by Microsoft Edge.
+-   1 (default) – Users must click the content, click a Click-to-Run button, or have the site appear on an auto-allow list before Microsoft Edge loads and runs Adobe Flash content.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowinprivate"></a>**Browser/AllowInPrivate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether InPrivate browsing is allowed on corporate networks.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowmicrosoftcompatibilitylist"></a>**Browser/AllowMicrosoftCompatibilityList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. 
+By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". 
+
+<p style="margin-left: 20px">If you enable or don’t configure this setting, Microsoft Edge periodically downloads the latest version of the compatibility list from Microsoft, applying the updates during browser navigation. Visiting any site on the compatibility list prompts the employee to use Internet Explorer 11 (or enables/disables certain browser features on mobile), where the site is automatically rendered as though it’s run in the version of Internet Explorer necessary for it to display properly. If you disable this setting, the compatibility list isn’t used during browser navigation.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not enabled.
+-   1 (default) – Enabled.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowpasswordmanager"></a>**Browser/AllowPasswordManager**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether saving and managing passwords locally on the device is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">To verify AllowPasswordManager is set to 0 (not allowed):
+
+1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+2.  In the upper-right corner of the browser, click **…**.
+3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+4.  Verify the settings **Offer to save password** and **Manage my saved passwords** are greyed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowpopups"></a>**Browser/AllowPopups**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether pop-up blocker is allowed or enabled.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Pop-up blocker is not allowed. It means that pop-up browser windows are allowed.
+-   1 – Pop-up blocker is allowed or enabled. It means that pop-up browser windows are blocked.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<p style="margin-left: 20px">To verify AllowPopups is set to 0 (not allowed):
+
+1.  Open Microsoft Edge.
+2.  In the upper-right corner of the browser, click **…**.
+3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+4.  Verify the setting **Block pop-ups** is greyed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowsearchenginecustomization"></a>**Browser/AllowSearchEngineCustomization**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine. 
+  
+<p style="margin-left: 20px">If this setting is turned on or not configured, users can add new search engines and change the default used in the address bar from within Microsoft Edge settings. If this setting is disabled, users will be unable to add search engines or change the default used in the address bar. This policy applies only on domain-joined machines or when the device is MDM-enrolled. For more information, see Microsoft browser extension policy (aka.ms/browserpolicy). 
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowsearchsuggestionsinaddressbar"></a>**Browser/AllowSearchSuggestionsinAddressBar**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether search suggestions are allowed in the address bar.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-allowsmartscreen"></a>**Browser/AllowSmartScreen**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether Windows Defender SmartScreen is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<p style="margin-left: 20px">To verify AllowSmartScreen is set to 0 (not allowed):
+
+1.  Open Microsoft Edge or Microsoft Edge for Windows 10 Mobile.
+2.  In the upper-right corner of the browser, click **…**.
+3.  Click **Settings** in the drop down list, and select **View Advanced Settings**.
+4.  Verify the setting **Help protect me from malicious sites and download with SmartScreen Filter** is greyed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-clearbrowsingdataonexit"></a>**Browser/ClearBrowsingDataOnExit**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – (default) Browsing data is not cleared on exit. The type of browsing data to clear can be configured by the employee in the Clear browsing data options under Settings.
+-   1 – Browsing data is cleared on exit.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<p style="margin-left: 20px">To verify that browsing data is cleared on exit (ClearBrowsingDataOnExit is set to 1): 
+
+1.  Open Microsoft Edge and browse to websites.
+2.  Close the Microsoft Edge window.
+3.  Open Microsoft Edge and start typing the same URL in address bar. Verify that it does not auto-complete from history.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-configureadditionalsearchengines"></a>**Browser/ConfigureAdditionalSearchEngines**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices. 
+ 
+<p style="margin-left: 20px">If this policy is enabled, you can add up to 5 additional search engines for your employees. For each additional search engine you want to add, specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/).
+Employees cannot remove these search engines, but they can set any one as the default. This setting does not affect the default search engine. 
+
+<p style="margin-left: 20px">If this setting is not configured, the search engines used are the ones that are specified in the App settings. If this setting is disabled, the search engines you added will be deleted from your employee's machine.
+ 
+> [!IMPORTANT]
+> Due to Protected Settings (aka.ms/browserpolicy), this setting will apply only on domain-joined machines or when the device is MDM-enrolled. 
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Additional search engines are not allowed.
+-   1 – Additional search engines are allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-disablelockdownofstartpages"></a>**Browser/DisableLockdownOfStartPages**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect. 
+  
+> [!NOTE]
+> This policy has no effect when the Browser/HomePages policy is not configured. 
+ 
+> [!IMPORTANT]
+> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Enable lockdown of the Start pages according to the settings specified in the Browser/HomePages policy. Users cannot change the Start pages. 
+-   1  – Disable lockdown of the Start pages and allow users to modify them.  
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-enterprisemodesitelist"></a>**Browser/EnterpriseModeSiteList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+ 
+<p style="margin-left: 20px">Allows the user to specify an URL of an enterprise site list.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   Not configured. The device checks for updates from Microsoft Update.
+-   Set to a URL location of the enterprise site list.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-enterprisesitelistserviceurl"></a>**Browser/EnterpriseSiteListServiceUrl**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!IMPORTANT]
+> This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-firstrunurl"></a>**Browser/FirstRunURL**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Specifies the URL that Microsoft Edge for Windows 10 Mobile. will use when it is opened the first time.
+
+<p style="margin-left: 20px">The data type is a string.
+
+<p style="margin-left: 20px">The default value is an empty string. Otherwise, the string should contain the URL of the webpage users will see the first time Microsoft Edge is run. For example, “contoso.com”.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-homepages"></a>**Browser/HomePages**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+<p style="margin-left: 20px">Specifies your Start pages for MDM-enrolled devices. Turning this setting on lets you configure one or more corporate Start pages. If this setting is turned on, you must also include URLs to the pages, separating multiple pages by using the XML-escaped characters **&lt;** and **&gt;**. For example, "&lt;support.contoso.com&gt;&lt;support.microsoft.com&gt;"
+
+<p style="margin-left: 20px">Starting in Windows 10, version 1607, this policy will be enforced so that the Start pages specified by this policy cannot be changed by the users.
+
+<p style="margin-left: 20px">Starting in Windows 10, version 1703, if you don’t want to send traffic to Microsoft, you can use the "&lt;about:blank&gt;" value, which is honored for both domain- and non-domain-joined machines, when it’s the only configured URL. 
+
+> [!NOTE]
+> Turning this setting off, or not configuring it, sets your default Start pages to the webpages specified in App settings.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-preventaccesstoaboutflagsinmicrosoftedge"></a>**Browser/PreventAccessToAboutFlagsInMicrosoftEdge**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Users can access the about:flags page in Microsoft Edge.
+-   1 – Users can't access the about:flags page in Microsoft Edge.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-preventfirstrunpage"></a>**Browser/PreventFirstRunPage**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Employees see the First Run webpage. 
+-   1 – Employees don't see the First Run webpage.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-preventlivetiledatacollection"></a>**Browser/PreventLiveTileDataCollection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Microsoft servers will be contacted if a site is pinned to Start from Microsoft Edge.
+-   1 – Microsoft servers will not be contacted if a site is pinned to Start from Microsoft Edge.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-preventsmartscreenpromptoverride"></a>**Browser/PreventSmartScreenPromptOverride**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Off.
+-   1 – On.
+
+<p style="margin-left: 20px">Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from going to the site. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about potentially malicious websites and to continue to the site.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-preventsmartscreenpromptoverrideforfiles"></a>**Browser/PreventSmartScreenPromptOverrideForFiles**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Off.
+-   1 – On.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Specifies whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. Turning this setting on hides an user’s localhost IP address while making phone calls using WebRTC. Turning this setting off, or not configuring it, shows an <p style="margin-left: 20px">user’s localhost IP address while making phone calls using WebRTC.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – The localhost IP address is shown.
+-   1 – The localhost IP address is hidden.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-sendintranettraffictointernetexplorer"></a>**Browser/SendIntranetTraffictoInternetExplorer**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Specifies whether to send intranet traffic over to Internet Explorer.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Intranet traffic is sent to Internet Explorer.
+-   1 – Intranet traffic is sent to Microsoft Edge.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-setdefaultsearchengine"></a>**Browser/SetDefaultSearchEngine**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy.
+
+<p style="margin-left: 20px">You must specify a link to the OpenSearch XML file that contains, at a minimum, the short name and the URL template (HTTPS) of the search engine. For more information about creating the OpenSearch XML file, see [Search provider discovery](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/browser/search-provider-discovery/). If you want your employees to use the Microsoft Edge factory settings for the default search engine for their market, set the string EDGEDEFAULT; otherwise, if you want your employees to use Bing as the default search engine, set the string EDGEBING. 
+ 
+<p style="margin-left: 20px">If this setting is not configured, the default search engine is set to the one specified in App settings and can be changed by your employees. If this setting is disabled, the policy-set search engine will be removed, and, if it is the current default, the default will be set back to the factory Microsoft Edge search engine for the market.   
+ 
+> [!IMPORTANT]
+> This setting can be used only with domain-joined or MDM-enrolled devices. For more information, see the Microsoft browser extension policy (aka.ms/browserpolicy).
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) - The default search engine is set to the one specified in App settings.
+-   1 - Allows you to configure the default search engine for your employees.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-showmessagewhenopeningsitesininternetexplorer"></a>**Browser/ShowMessageWhenOpeningSitesInInternetExplorer**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether users should see a full interstitial page in Microsoft Edge when opening sites that are configured to open in Internet Explorer using the Enterprise Site List.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Interstitial pages are not shown.
+-   1 – Interstitial pages are shown.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="browser-syncfavoritesbetweenieandmicrosoftedge"></a>**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
+
+> [!NOTE]  
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.  
+>
+> Enabling this setting stops Microsoft Edge favorites from syncing between connected Windows 10 devices.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Synchronization is off.
+-   1 – Synchronization is on.
+
+<p style="margin-left: 20px">To verify that favorites are in synchronized between Internet Explorer and Microsoft Edge:
+
+<ol>
+<li>Open Internet Explorer and add some favorites.
+<li>Open Microsoft Edge, then select Hub > Favorites.
+<li>Verify that the favorites added to Internet Explorer show up in the favorites list in Microsoft Edge.
+</ol>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>Browser policies that can be set using Exchange Active Sync (EAS)  
+
+-   [Browser/AllowBrowser](#browser-allowbrowser)  
+<!--EndEAS-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Browser policies supported by Windows Holographic for Business  
+
+-   [Browser/AllowCookies](#browser-allowcookies)  
+-   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
+-   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
+-   [Browser/AllowPopups](#browser-allowpopups)  
+-   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
+-   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Browser policies supported by IoT Core  
+
+-   [Browser/AllowAutofill](#browser-allowautofill)  
+-   [Browser/AllowBrowser](#browser-allowbrowser)  
+-   [Browser/AllowCookies](#browser-allowcookies)  
+-   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
+-   [Browser/AllowInPrivate](#browser-allowinprivate)  
+-   [Browser/AllowPasswordManager](#browser-allowpasswordmanager)  
+-   [Browser/AllowPopups](#browser-allowpopups)  
+-   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
+-   [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist)  
+-   [Browser/EnterpriseSiteListServiceUrl](#browser-enterprisesitelistserviceurl)  
+-   [Browser/SendIntranetTraffictoInternetExplorer](#browser-sendintranettraffictointernetexplorer)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Browser policies supported by Microsoft Surface Hub  
+
+-   [Browser/AllowAddressBarDropdown](#browser-allowaddressbardropdown)  
+-   [Browser/AllowCookies](#browser-allowcookies)  
+-   [Browser/AllowDeveloperTools](#browser-allowdevelopertools)  
+-   [Browser/AllowDoNotTrack](#browser-allowdonottrack)  
+-   [Browser/AllowMicrosoftCompatibilityList](#browser-allowmicrosoftcompatibilitylist)  
+-   [Browser/AllowPopups](#browser-allowpopups)  
+-   [Browser/AllowSearchSuggestionsinAddressBar](#browser-allowsearchsuggestionsinaddressbar)  
+-   [Browser/AllowSmartScreen](#browser-allowsmartscreen)  
+-   [Browser/ClearBrowsingDataOnExit](#browser-clearbrowsingdataonexit)  
+-   [Browser/ConfigureAdditionalSearchEngines](#browser-configureadditionalsearchengines)  
+-   [Browser/DisableLockdownOfStartPages](#browser-disablelockdownofstartpages)  
+-   [Browser/HomePages](#browser-homepages)  
+-   [Browser/PreventLiveTileDataCollection](#browser-preventlivetiledatacollection)  
+-   [Browser/PreventSmartScreenPromptOverride](#browser-preventsmartscreenpromptoverride)  
+-   [Browser/PreventSmartScreenPromptOverrideForFiles](#browser-preventsmartscreenpromptoverrideforfiles)  
+-   [Browser/SetDefaultSearchEngine](#browser-setdefaultsearchengine)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
new file mode 100644
index 0000000000..052c9a0190
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -0,0 +1,86 @@
+---
+title: Policy CSP - Camera
+description: Policy CSP - Camera
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Camera
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Camera policies  
+
+<!--StartPolicy-->
+<a href="" id="camera-allowcamera"></a>**Camera/AllowCamera**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Disables or enables the camera.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>Camera policies that can be set using Exchange Active Sync (EAS)  
+
+-   [Camera/AllowCamera](#camera-allowcamera)  
+<!--EndEAS-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Camera policies supported by IoT Core  
+
+-   [Camera/AllowCamera](#camera-allowcamera)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Camera policies supported by Microsoft Surface Hub  
+
+-   [Camera/AllowCamera](#camera-allowcamera)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
new file mode 100644
index 0000000000..2eacb78000
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -0,0 +1,43 @@
+---
+title: Policy CSP - Cellular
+description: Policy CSP - Cellular
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Cellular
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Cellular policies  
+
+<!--StartPolicy-->
+<a href="" id="None"></a>**Cellular/ShowAppCellularAccessUI**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Set Per-App Cellular Access UI Visibility*
+-   GP name: *ShowAppCellularAccessUI*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
new file mode 100644
index 0000000000..76654d609a
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -0,0 +1,485 @@
+---
+title: Policy CSP - Connectivity
+description: Policy CSP - Connectivity
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Connectivity
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Connectivity policies  
+
+<!--StartPolicy-->
+<a href="" id="connectivity-allowbluetooth"></a>**Connectivity/AllowBluetooth**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows the user to enable Bluetooth or restrict access.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disallow Bluetooth. If this is set to 0, the radio in the Bluetooth control panel will be greyed out and the user will not be able to turn Bluetooth on.
+-   1 – Reserved. If this is set to 1, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
+
+> [!NOTE]
+>  This value is not supported in Windows Phone 8.1 MDM and EAS, Windows 10 for desktop, or Windows 10 Mobile.
+
+-   2 (default) – Allow Bluetooth. If this is set to 2, the radio in the Bluetooth control panel will be functional and the user will be able to turn Bluetooth on.
+
+<p style="margin-left: 20px">If this is not set or it is deleted, the default value of 2 (Allow) is used.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allowcellulardata"></a>**Connectivity/AllowCellularData**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows the cellular data channel on the device. Device reboot is not required to enforce the policy.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Do not allow the cellular data channel. The user can turn it on. This value is not supported in Windows 10, version 1511.
+-   1 (default) – Allow the cellular data channel. The user can turn it off.
+-   2 - Allow the cellular data channel. The user cannot turn it off.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allowcellulardataroaming"></a>**Connectivity/AllowCellularDataRoaming**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Do not allow cellular data roaming. The user can turn it on. This value is not supported in Windows 10, version 1511.
+-   1 (default) – Allow cellular data roaming.
+-   2 - Allow cellular data roaming on. The user cannot turn it off.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">To validate, the enterprise can confirm by observing the roaming enable switch in the UX. It will be inactive if the roaming policy is being enforced by the enterprise policy.
+
+<p style="margin-left: 20px">To validate on mobile devices, do the following:
+
+1.  Go to Cellular & SIM.
+2.  Click on the SIM (next to the signal strength icon) and select **Properties**.
+3.  On the Properties page, select **Data roaming options**.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allowconnecteddevices"></a>**Connectivity/AllowConnectedDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins the ability to disable the Connected Devices Platform (CDP) component. CDP enables discovery and connection to other devices (either proximally with BT/LAN or through the cloud) to support remote app launching, remote messaging, remote app sessions, and other cross-device experiences.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   1 (default) - Allow (CDP service available).
+-   0 - Disable (CDP service not available).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allownfc"></a>**Connectivity/AllowNFC**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows near field communication (NFC) on the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Do not allow NFC capabilities.
+-   1 (default) – Allow NFC capabilities.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allowusbconnection"></a>**Connectivity/AllowUSBConnection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Enables USB connection between the device and a computer to sync files with the device or to use developer tools to deploy or debug applications. Changing this policy does not affect USB charging.
+
+<p style="margin-left: 20px">Both Media Transfer Protocol (MTP) and IP over USB are disabled when this policy is enforced.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allowvpnovercellular"></a>**Connectivity/AllowVPNOverCellular**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies what type of underlying connections VPN is allowed to use.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – VPN is not allowed over cellular.
+-   1 (default) – VPN can use any connection, including cellular.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-allowvpnroamingovercellular"></a>**Connectivity/AllowVPNRoamingOverCellular**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Prevents the device from connecting to VPN when the device roams over cellular networks.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**Connectivity/DiablePrintingOverHTTP**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off printing over HTTP*
+-   GP name: *DisableHTTPPrinting_2*
+-   GP ADMX file name: *ICM.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**Connectivity/DisableDownloadingOfPrintDriversOverHTTP**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off downloading of print drivers over HTTP*
+-   GP name: *DisableWebPnPDownload_2*
+-   GP ADMX file name: *ICM.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off Internet download for Web publishing and online ordering wizards*
+-   GP name: *ShellPreventWPWDownload_2*
+-   GP ADMX file name: *ICM.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="connectivity-hardeneduncpaths"></a>**Connectivity/HardenedUNCPaths**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting configures secure access to UNC paths.
+
+If you enable this policy, Windows only allows access to the specified UNC paths after fulfilling additional security requirements.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Hardened UNC Paths*
+-   GP name: *Pol_HardenedPaths*
+-   GP ADMX file name: *networkprovider.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prohibit installation and configuration of Network Bridge on your DNS domain network*
+-   GP name: *NC_AllowNetBridge_NLA*
+-   GP ADMX file name: *NetworkConnections.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>Connectivity policies that can be set using Exchange Active Sync (EAS)  
+
+-   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+-   [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)  
+-   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)  
+<!--EndEAS-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Connectivity policies supported by Windows Holographic for Business  
+
+-   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Connectivity policies supported by IoT Core  
+
+-   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+-   [Connectivity/AllowCellularDataRoaming](#connectivity-allowcellulardataroaming)  
+-   [Connectivity/AllowNFC](#connectivity-allownfc)  
+-   [Connectivity/AllowUSBConnection](#connectivity-allowusbconnection)  
+-   [Connectivity/AllowVPNOverCellular](#connectivity-allowvpnovercellular)  
+-   [Connectivity/AllowVPNRoamingOverCellular](#connectivity-allowvpnroamingovercellular)  
+-   [Connectivity/HardenedUNCPaths](#connectivity-hardeneduncpaths)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Connectivity policies supported by Microsoft Surface Hub  
+
+-   [Connectivity/AllowBluetooth](#connectivity-allowbluetooth)  
+-   [Connectivity/AllowConnectedDevices](#connectivity-allowconnecteddevices)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
new file mode 100644
index 0000000000..cc99642fbc
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -0,0 +1,162 @@
+---
+title: Policy CSP - CredentialProviders
+description: Policy CSP - CredentialProviders
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - CredentialProviders
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## CredentialProviders policies  
+
+<!--StartPolicy-->
+<a href="" id="credentialproviders-allowpinlogon"></a>**CredentialProviders/AllowPINLogon**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to control whether a domain user can sign in using a convenience PIN.
+
+If you enable this policy setting, a domain user can set up and sign in with a convenience PIN.
+
+If you disable or don't configure this policy setting, a domain user can't set up and use a convenience PIN.
+
+Note: The user's domain password will be cached in the system vault when using this feature.
+
+To configure Windows Hello for Business, use the Administrative Template policies under Windows Hello for Business.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on convenience PIN sign-in*
+-   GP name: *AllowDomainPINLogon*
+-   GP ADMX file name: *credentialproviders.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="credentialproviders-blockpicturepassword"></a>**CredentialProviders/BlockPicturePassword**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to control whether a domain user can sign in using a picture password.
+
+If you enable this policy setting, a domain user can't set up or sign in with a picture password.
+
+If you disable or don't configure this policy setting, a domain user can set up and use a picture password.
+
+Note that the user's domain password will be cached in the system vault when using this feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off picture password sign-in*
+-   GP name: *BlockDomainPicturePassword*
+-   GP ADMX file name: *credentialproviders.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="credentialproviders-enablewindowsautopilotresetcredentials"></a>**CredentialProviders/EnableWindowsAutoPilotResetCredentials**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Added in Windows 10, version 1709. Boolean policy to enable the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. When the policy is enabled, a WNF notification is generated that would schedule a task to update the visibility of the new provider. The admin user is required to authenticate to trigger the refresh on the target device.
+
+The auto pilot reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the auto pilot reset is triggered the devices are for ready for use by information workers or students.
+
+Default value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>CredentialProviders policies supported by IoT Core  
+
+-   [CredentialProviders/AllowPINLogon](#credentialproviders-allowpinlogon)  
+-   [CredentialProviders/BlockPicturePassword](#credentialproviders-blockpicturepassword)  
+<!--EndIoTCore-->
+
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
new file mode 100644
index 0000000000..e51c7be1c8
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -0,0 +1,118 @@
+---
+title: Policy CSP - CredentialsUI
+description: Policy CSP - CredentialsUI
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - CredentialsUI
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## CredentialsUI policies  
+
+<!--StartPolicy-->
+<a href="" id="credentialsui-disablepasswordreveal"></a>**CredentialsUI/DisablePasswordReveal**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to configure the display of the password reveal button in password entry user experiences.
+
+If you enable this policy setting, the password reveal button will not be displayed after a user types a password in the password entry text box.
+
+If you disable or do not configure this policy setting, the password reveal button will be displayed after a user types a password in the password entry text box.
+
+By default, the password reveal button is displayed after a user types a password in the password entry text box. To display the password, click the password reveal button.
+
+The policy applies to all Windows components and applications that use the Windows system controls, including Internet Explorer.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not display the password reveal button*
+-   GP name: *DisablePasswordReveal*
+-   GP ADMX file name: *credui.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="credentialsui-enumerateadministrators"></a>**CredentialsUI/EnumerateAdministrators**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.
+
+If you enable this policy setting, all local administrator accounts on the PC will be displayed so the user can choose one and enter the correct password.
+
+If you disable this policy setting, users will always be required to type a user name and password to elevate.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enumerate administrator accounts on elevation*
+-   GP name: *EnumerateAdministrators*
+-   GP ADMX file name: *credui.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
new file mode 100644
index 0000000000..b010cfdbb9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -0,0 +1,104 @@
+---
+title: Policy CSP - Cryptography
+description: Policy CSP - Cryptography
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Cryptography
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Cryptography policies  
+
+<!--StartPolicy-->
+<a href="" id="cryptography-allowfipsalgorithmpolicy"></a>**Cryptography/AllowFipsAlgorithmPolicy**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows or disallows the Federal Information Processing Standard (FIPS) policy.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1– Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="cryptography-tlsciphersuites"></a>**Cryptography/TLSCipherSuites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Cryptography policies supported by Microsoft Surface Hub  
+
+-   [Cryptography/AllowFipsAlgorithmPolicy](#cryptography-allowfipsalgorithmpolicy)  
+-   [Cryptography/TLSCipherSuites](#cryptography-tlsciphersuites)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
new file mode 100644
index 0000000000..418361ef03
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -0,0 +1,112 @@
+---
+title: Policy CSP - DataProtection
+description: Policy CSP - DataProtection
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - DataProtection
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## DataProtection policies  
+
+<!--StartPolicy-->
+<a href="" id="dataprotection-allowdirectmemoryaccess"></a>**DataProtection/AllowDirectMemoryAccess**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="dataprotection-legacyselectivewipeid"></a>**DataProtection/LegacySelectiveWipeID**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!IMPORTANT]
+> This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time.
+
+ 
+<p style="margin-left: 20px">Setting used by Windows 8.1 Selective Wipe.
+
+> [!NOTE]
+> This policy is not recommended for use in Windows 10.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>DataProtection policies supported by IoT Core  
+
+-   [DataProtection/AllowDirectMemoryAccess](#dataprotection-allowdirectmemoryaccess)  
+<!--EndIoTCore-->
+
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
new file mode 100644
index 0000000000..54687bcb5c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -0,0 +1,126 @@
+---
+title: Policy CSP - DataUsage
+description: Policy CSP - DataUsage
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - DataUsage
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## DataUsage policies  
+
+<!--StartPolicy-->
+<a href="" id="datausage-setcost3g"></a>**DataUsage/SetCost3G**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting configures the cost of 3G connections on the local machine.
+
+If this policy setting is enabled, a drop-down list box presenting possible cost values will be active.  Selecting one of the following values from the list will set the cost of all 3G connections on the local machine:
+
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
+
+- Variable: This connection is costed on a per byte basis.
+
+If this policy setting is disabled or is not configured, the cost of 3G connections is Fixed by default.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Set 3G Cost*
+-   GP name: *SetCost3G*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="datausage-setcost4g"></a>**DataUsage/SetCost4G**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting configures the cost of 4G connections on the local machine.
+
+If this policy setting is enabled, a drop-down list box presenting possible cost values will be active. Selecting one of the following values from the list will set the cost of all 4G connections on the local machine:
+
+- Unrestricted: Use of this connection is unlimited and not restricted by usage charges and capacity constraints.
+
+- Fixed: Use of this connection is not restricted by usage charges and capacity constraints up to a certain data limit.
+
+- Variable: This connection is costed on a per byte basis.
+
+If this policy setting is disabled or is not configured, the cost of 4G connections is Fixed by default.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Set 4G Cost*
+-   GP name: *SetCost4G*
+-   GP ADMX file name: *wwansvc.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
new file mode 100644
index 0000000000..9fdbbe8095
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -0,0 +1,1490 @@
+---
+title: Policy CSP - Defender
+description: Policy CSP - Defender
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Defender
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Defender policies  
+
+<!--StartPolicy-->
+<a href="" id="defender-allowarchivescanning"></a>**Defender/AllowArchiveScanning**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows scanning of archives.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowbehaviormonitoring"></a>**Defender/AllowBehaviorMonitoring**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Allows or disallows Windows Defender Behavior Monitoring functionality.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowcloudprotection"></a>**Defender/AllowCloudProtection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">To best protect your PC, Windows Defender will send information to Microsoft about any problems it finds. Microsoft will analyze that information, learn more about problems affecting you and other customers, and offer improved solutions.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowemailscanning"></a>**Defender/AllowEmailScanning**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows scanning of email.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowfullscanonmappednetworkdrives"></a>**Defender/AllowFullScanOnMappedNetworkDrives**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows a full scan of mapped network drives.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowfullscanremovabledrivescanning"></a>**Defender/AllowFullScanRemovableDriveScanning**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows a full scan of removable drives.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowioavprotection"></a>**Defender/AllowIOAVProtection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Allows or disallows Windows Defender IOAVP Protection functionality.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowintrusionpreventionsystem"></a>**Defender/AllowIntrusionPreventionSystem**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows Windows Defender Intrusion Prevention functionality.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowonaccessprotection"></a>**Defender/AllowOnAccessProtection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows Windows Defender On Access Protection functionality.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowrealtimemonitoring"></a>**Defender/AllowRealtimeMonitoring**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows Windows Defender Realtime Monitoring functionality.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowscanningnetworkfiles"></a>**Defender/AllowScanningNetworkFiles**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Allows or disallows a scanning of network files.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowscriptscanning"></a>**Defender/AllowScriptScanning**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows Windows Defender Script Scanning functionality.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-allowuseruiaccess"></a>**Defender/AllowUserUIAccess**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows user access to the Windows Defender UI. If disallowed, all Windows Defender notifications will also be suppressed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-attacksurfacereductiononlyexclusions"></a>**Defender/AttackSurfaceReductionOnlyExclusions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to prevent Attack Surface reduction rules from matching on files under the paths specified or for the fully qualified resources specified. Paths should be added under the Options for this setting. Each entry must be listed as a name value pair, where the name should be a string representation of a path or a fully qualified resource name. As an example, a path might be defined as: "c:\Windows" to exclude all files in this directory. A fully qualified resource name might be defined as: "C:\Windows\App.exe"..
+
+Value type is string.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-attacksurfacereductionrules"></a>**Defender/AttackSurfaceReductionRules**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting enables setting the state (Block/Audit/Off) for each Attack surface reduction (ASR) rule. Each ASR rule listed can be set to one of the following states (Block/Audit/Off). The ASR rule ID and state should be added under the Options for this setting. Each entry must be listed as a name value pair. The name defines a valid ASR rule ID, while the value contains the status ID indicating the status of the rule.
+
+Value type is string.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-avgcpuloadfactor"></a>**Defender/AvgCPULoadFactor**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Represents the average CPU load factor for the Windows Defender scan (in percent).
+
+<p style="margin-left: 20px">Valid values: 0–100
+
+<p style="margin-left: 20px">The default value is 50.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting determines how aggressive Windows Defender Antivirus will be in blocking and scanning suspicious files. Value type is integer.
+
+<p style="margin-left: 20px">If this setting is on, Windows Defender Antivirus will be more aggressive when identifying suspicious files to block and scan; otherwise, it will be less aggressive and therefore block and scan with less frequency. 
+
+p<p style="margin-left: 20px">For more information about specific values that are supported, see the Windows Defender Antivirus documentation site.
+      
+> [!Note]  
+> This feature requires the "Join Microsoft MAPS" setting enabled in order to function.  
+
+<p style="margin-left: 20px">Possible options are:  
+
+- (0x0) Default windows defender blocking level
+- (0x2) High blocking level - aggressively block unknowns while optimizing client performance (greater chance of false positives)       
+- (0x4) High+ blocking level – aggressively block unknowns and apply additional protection measures (may impact  client performance)
+- (0x6) Zero tolerance blocking level – block all unknown executables
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-cloudextendedtimeout"></a>**Defender/CloudExtendedTimeout**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This feature allows Windows Defender Antivirus to block a suspicious file for up to 60 seconds, and scan it in the cloud to make sure it's safe. Value type is integer, range is 0 - 50.
+
+<p style="margin-left: 20px">The typical cloud check timeout is 10 seconds. To enable the extended cloud check feature, specify the extended time in seconds, up to an additional 50 seconds. 
+
+<p style="margin-left: 20px">For example, if the desired timeout is 60 seconds, specify 50 seconds in this setting, which will enable the extended cloud check feature, and will raise the total time to 60 seconds. 
+
+> [!Note]  
+> This feature depends on three other MAPS settings the must all be enabled- "Configure the 'Block at First Sight' feature; "Join Microsoft MAPS"; "Send file samples when further analysis is required".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-daystoretaincleanedmalware"></a>**Defender/DaysToRetainCleanedMalware**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Time period (in days) that quarantine items will be stored on the system.
+
+<p style="margin-left: 20px">Valid values: 0–90
+
+<p style="margin-left: 20px">The default value is 0, which keeps items in quarantine, and does not automatically remove them.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-enableguardmyfolders"></a>**Defender/EnableGuardMyFolders**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy enables setting the state (On/Off/Audit) for the guard my folders feature. The guard my folders feature removes modify and delete permissions from untrusted applications to certain folders such as My Documents. Value type is integer and the range is 0 - 2.  
+
+- 0 (default) - Off
+- 1 - Audit mode
+- 2 - Enforcement mode
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy allows you to turn network protection on (block/audit) or off in Windows Defender Exploit Guard. Network protection is a feature of Windows Defender Exploit Guard that protects employees using any app from accessing phishing scams, exploit-hosting sites, and malicious content on the Internet. This includes preventing third-party browsers from connecting to dangerous sites. Value type is integer.
+
+<p style="margin-left: 20px">If you enable this setting, network protection is turned on and employees can't turn it off. Its behavior can be controlled by the following options: Block and Audit.
+<p style="margin-left: 20px">If you enable this policy with the ""Block"" option, users/apps will be blocked from connecting to dangerous domains. You will be able to see this activity in Windows Defender Security Center.
+<p style="margin-left: 20px">If you enable this policy with the ""Audit"" option, users/apps will not be blocked from connecting to dangerous domains. However, you will still see this activity in Windows Defender Security Center.
+<p style="margin-left: 20px">If you disable this policy, users/apps will not be blocked from connecting to dangerous domains. You will not see any network activity in Windows Defender Security Center.
+<p style="margin-left: 20px">If you do not configure this policy, network blocking will be disabled by default.
+
+<p>Valid values:
+
+- 0 (default) - Disabled
+- 1 - Enabled (block mode)
+- 2 - Enabled (audit mode)
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-excludedextensions"></a>**Defender/ExcludedExtensions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Allows an administrator to specify a list of file type extensions to ignore during a scan. Each file type in the list must be separated by a **|**. For example, "lib|obj".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-excludedpaths"></a>**Defender/ExcludedPaths**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows an administrator to specify a list of directory paths to ignore during a scan. Each path in the list must be separated by a **|**. For example, "C:\\Example|C:\\Example1".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-excludedprocesses"></a>**Defender/ExcludedProcesses**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows an administrator to specify a list of files opened by processes to ignore during a scan.
+
+> [!IMPORTANT]
+> The process itself is not excluded from the scan, but can be by using the **Defender/ExcludedPaths** policy to exclude its path.
+
+ 
+<p style="margin-left: 20px">Each file type must be separated by a **|**. For example, "C:\\Example.exe|C:\\Example1.exe".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-guardedfoldersallowedapplications"></a>**Defender/GuardedFoldersAllowedApplications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows user-specified applications to the guard my folders feature. Adding an allowed application means the guard my folders feature will allow the application to modify or delete content in certain folders such as My Documents. In most cases it will not be necessary to add entries. Windows Defender Antivirus will automatically detect and dynamically add applications that are friendly. Value type is string. Use the Unicode &#xF000; as the substring separator.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-guardedfolderslist"></a>**Defender/GuardedFoldersList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This policy settings allows adding user-specified folder locations to the guard my folders feature. These folders will complement the system defined folders such as My Documents and My Pictures. The list of system folders will be displayed in the user interface and can not be changed. Value type is string. Use the Unicode &#xF000; as the substring separator.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-puaprotection"></a>**Defender/PUAProtection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the level of detection for potentially unwanted applications (PUAs). Windows Defender alerts you when potentially unwanted software is being downloaded or attempts to install itself on your computer.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – PUA Protection off. Windows Defender will not protect against potentially unwanted applications.
+-   1 – PUA Protection on. Detected items are blocked. They will show in history along with other threats.
+-   2 – Audit mode. Windows Defender will detect potentially unwanted applications, but take no action. You can review information about the applications Windows Defender would have taken action against by searching for events created by Windows Defender in the Event Viewer.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-realtimescandirection"></a>**Defender/RealTimeScanDirection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Controls which sets of files should be monitored.
+
+> [!NOTE]
+> If **AllowOnAccessProtection** is not allowed, then this configuration can be used to monitor specific files.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Monitor all files (bi-directional).
+-   1 – Monitor incoming files.
+-   2 – Monitor outgoing files.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-scanparameter"></a>**Defender/ScanParameter**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Selects whether to perform a quick scan or full scan.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   1 (default) – Quick scan
+-   2 – Full scan
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-schedulequickscantime"></a>**Defender/ScheduleQuickScanTime**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Selects the time of day that the Windows Defender quick scan should run.
+
+> [!NOTE]
+> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
+
+ 
+<p style="margin-left: 20px">Valid values: 0–1380
+
+<p style="margin-left: 20px">For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM.
+
+<p style="margin-left: 20px">The default value is 120
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-schedulescanday"></a>**Defender/ScheduleScanDay**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Selects the day that the Windows Defender scan should run.
+
+> [!NOTE]
+> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Every day
+-   1 – Monday
+-   2 – Tuesday
+-   3 – Wednesday
+-   4 – Thursday
+-   5 – Friday
+-   6 – Saturday
+-   7 – Sunday
+-   8 – No scheduled scan
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-schedulescantime"></a>**Defender/ScheduleScanTime**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Selects the time of day that the Windows Defender scan should run.
+
+> [!NOTE]
+> The scan type will depends on what scan type is selected in the **Defender/ScanParameter** setting.
+
+
+<p style="margin-left: 20px">Valid values: 0–1380.
+
+<p style="margin-left: 20px">For example, a value of 0=12:00AM, a value of 60=1:00AM, a value of 120=2:00, and so on, up to a value of 1380=11:00PM.
+
+<p style="margin-left: 20px">The default value is 120.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Specifies the interval (in hours) that will be used to check for signatures, so instead of using the ScheduleDay and ScheduleTime the check for new signatures will be set according to the interval.
+
+<p style="margin-left: 20px">Valid values: 0–24.
+
+<p style="margin-left: 20px">A value of 0 means no check for new signatures, a value of 1 means to check every hour, a value of 2 means to check every two hours, and so on, up to a value of 24, which means to check every day.
+
+<p style="margin-left: 20px">The default value is 8.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-submitsamplesconsent"></a>**Defender/SubmitSamplesConsent**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Checks for the user consent level in Windows Defender to send data. If the required consent has already been granted, Windows Defender submits them. If not, (and if the user has specified never to ask), the UI is launched to ask for user consent (when **Defender/AllowCloudProtection** is allowed) before sending data.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Always prompt.
+-   1 (default) – Send safe samples automatically.
+-   2 – Never send.
+-   3 – Send all samples automatically.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="defender-threatseveritydefaultaction"></a>**Defender/ThreatSeverityDefaultAction**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop.
+ 
+
+<p style="margin-left: 20px">Allows an administrator to specify any valid threat severity levels and the corresponding default action ID to take.
+
+<p style="margin-left: 20px">This value is a list of threat severity level IDs and corresponding actions, separated by a**|** using the format "*threat level*=*action*|*threat level*=*action*". For example "1=6|2=2|4=10|5=3
+
+<p style="margin-left: 20px">The following list shows the supported values for threat severity levels:
+
+-   1 – Low severity threats
+-   2 – Moderate severity threats
+-   4 – High severity threats
+-   5 – Severe threats
+
+<p style="margin-left: 20px">The following list shows the supported values for possible actions:
+
+-   1 – Clean
+-   2 – Quarantine
+-   3 – Remove
+-   6 – Allow
+-   8 – User defined
+-   10 – Block
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Defender policies supported by Microsoft Surface Hub  
+
+-   [Defender/AllowArchiveScanning](#defender-allowarchivescanning)  
+-   [Defender/AllowBehaviorMonitoring](#defender-allowbehaviormonitoring)  
+-   [Defender/AllowCloudProtection](#defender-allowcloudprotection)  
+-   [Defender/AllowEmailScanning](#defender-allowemailscanning)  
+-   [Defender/AllowFullScanOnMappedNetworkDrives](#defender-allowfullscanonmappednetworkdrives)  
+-   [Defender/AllowFullScanRemovableDriveScanning](#defender-allowfullscanremovabledrivescanning)  
+-   [Defender/AllowIOAVProtection](#defender-allowioavprotection)  
+-   [Defender/AllowIntrusionPreventionSystem](#defender-allowintrusionpreventionsystem)  
+-   [Defender/AllowOnAccessProtection](#defender-allowonaccessprotection)  
+-   [Defender/AllowRealtimeMonitoring](#defender-allowrealtimemonitoring)  
+-   [Defender/AllowScanningNetworkFiles](#defender-allowscanningnetworkfiles)  
+-   [Defender/AllowScriptScanning](#defender-allowscriptscanning)  
+-   [Defender/AllowUserUIAccess](#defender-allowuseruiaccess)  
+-   [Defender/AvgCPULoadFactor](#defender-avgcpuloadfactor)  
+-   [Defender/DaysToRetainCleanedMalware](#defender-daystoretaincleanedmalware)  
+-   [Defender/ExcludedExtensions](#defender-excludedextensions)  
+-   [Defender/ExcludedPaths](#defender-excludedpaths)  
+-   [Defender/ExcludedProcesses](#defender-excludedprocesses)  
+-   [Defender/PUAProtection](#defender-puaprotection)  
+-   [Defender/RealTimeScanDirection](#defender-realtimescandirection)  
+-   [Defender/ScanParameter](#defender-scanparameter)  
+-   [Defender/ScheduleQuickScanTime](#defender-schedulequickscantime)  
+-   [Defender/ScheduleScanDay](#defender-schedulescanday)  
+-   [Defender/ScheduleScanTime](#defender-schedulescantime)  
+-   [Defender/SignatureUpdateInterval](#defender-signatureupdateinterval)  
+-   [Defender/SubmitSamplesConsent](#defender-submitsamplesconsent)  
+-   [Defender/ThreatSeverityDefaultAction](#defender-threatseveritydefaultaction)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
new file mode 100644
index 0000000000..bcd687b62f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -0,0 +1,654 @@
+---
+title: Policy CSP - DeliveryOptimization
+description: Policy CSP - DeliveryOptimization
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - DeliveryOptimization
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## DeliveryOptimization policies  
+
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-doabsolutemaxcachesize"></a>**DeliveryOptimization/DOAbsoluteMaxCacheSize**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum size in GB of Delivery Optimization cache. This policy overrides the DOMaxCacheSize policy. The value 0 (zero) means "unlimited" cache. Delivery Optimization will clear the cache when the device is running low on disk space.
+
+<p style="margin-left: 20px">The default value is 10.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-doallowvpnpeercaching"></a>**DeliveryOptimization/DOAllowVPNPeerCaching**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether the device is allowed to participate in Peer Caching while connected via VPN to the domain network. This means the device can download from or upload to other domain network devices, either on VPN or on the corporate domain network.
+
+<p style="margin-left: 20px">The default value is 0 (FALSE).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dodownloadmode"></a>**DeliveryOptimization/DODownloadMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Specifies the download method that Delivery Optimization can use in downloads of Windows Updates, Apps and App updates.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 –HTTP only, no peering.
+-   1 (default) – HTTP blended with peering behind the same NAT.
+-   2 – HTTP blended with peering across a private group. Peering occurs on devices in the same Active Directory Site (if it exists) or the same domain by default. When this option is selected, peering will cross NATs. To create a custom group use Group ID in combination with Mode 2.
+-   3 – HTTP blended with Internet peering.
+-   99 - Simple download mode with no peering. Delivery Optimization downloads using HTTP only and does not attempt to contact the Delivery Optimization cloud services. Added in Windows 10, version 1607.
+-   100 - Bypass mode. Do not use Delivery Optimization and use BITS instead. Added in Windows 10, version 1607.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dogroupid"></a>**DeliveryOptimization/DOGroupId**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">This Policy specifies an arbitrary group ID that the device belongs to. Use this if you need to create a single group for Local Network Peering for branches that are on different domains or are not on the same LAN. Note that this is a best effort optimization and should not be relied on for an authentication of identity.
+
+> [!NOTE]
+> You must use a GUID as the group ID.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domaxcacheage"></a>**DeliveryOptimization/DOMaxCacheAge**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Specifies the maximum time in seconds that each file is held in the Delivery Optimization cache after downloading successfully. The value 0 (zero) means "unlimited"; Delivery Optimization will hold the files in the cache longer and make the files available for uploads to other devices, as long as the cache size has not exceeded. The value 0 is new in Windows 10, version 1607.
+
+<p style="margin-left: 20px">The default value is 259200 seconds (3 days).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domaxcachesize"></a>**DeliveryOptimization/DOMaxCacheSize**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+ 
+<p style="margin-left: 20px">Specifies the maximum cache size that Delivery Optimization can utilize, as a percentage of disk size (1-100).
+
+<p style="margin-left: 20px">The default value is 20.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domaxdownloadbandwidth"></a>**DeliveryOptimization/DOMaxDownloadBandwidth**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+ 
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum download bandwidth in KiloBytes/second that the device can use across all concurrent download activities using Delivery Optimization.
+
+<p style="margin-left: 20px">The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domaxuploadbandwidth"></a>**DeliveryOptimization/DOMaxUploadBandwidth**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+ 
+<p style="margin-left: 20px">Specifies the maximum upload bandwidth in KiloBytes/second that a device will use across all concurrent upload activity using Delivery Optimization.
+
+<p style="margin-left: 20px">The default value is 0, which permits unlimited possible bandwidth (optimized for minimal usage of upload bandwidth).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dominbackgroundqos"></a>**DeliveryOptimization/DOMinBackgroundQos**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the minimum download QoS (Quality of Service or speed) in KiloBytes/sec for background downloads. This policy affects the blending of peer and HTTP sources. Delivery Optimization complements the download from the HTTP source to achieve the minimum QoS value set.
+
+<p style="margin-left: 20px">The default value is 500.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dominbatterypercentageallowedtoupload"></a>**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies any value between 1 and 100 (in percentage) to allow the device to upload data to LAN and Group peers while on battery power. Uploads will automatically pause when the battery level drops below the set minimum battery level. The recommended value to set is 40 (for 40%) if you allow uploads on battery.
+
+<p style="margin-left: 20px">The default value is 0. The value 0 (zero) means "not limited" and the cloud service default value will be used.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domindisksizeallowedtopeer"></a>**DeliveryOptimization/DOMinDiskSizeAllowedToPeer**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the required minimum disk size (capacity in GB) for the device to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. Recommended values: 64 GB to 256 GB.
+
+> [!NOTE]
+> If the DOMofidyCacheDrive policy is set, the disk size check will apply to the new working directory specified by this policy.
+
+<p style="margin-left: 20px">The default value is 32 GB.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dominfilesizetocache"></a>**DeliveryOptimization/DOMinFileSizeToCache**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the minimum content file size in MB enabled to use Peer Caching. The value 0 means "unlimited" which means the cloud service set default value will be used. Recommended values: 1 MB to 100,000 MB.
+
+<p style="margin-left: 20px">The default value is 100 MB.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dominramallowedtopeer"></a>**DeliveryOptimization/DOMinRAMAllowedToPeer**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the minimum RAM size in GB required to use Peer Caching. The value 0 means "not-limited" which means the cloud service set default value will be used. For example if the minimum set is 1 GB, then devices with 1 GB or higher available RAM will be allowed to use Peer caching. Recommended values: 1 GB to 4 GB.
+
+<p style="margin-left: 20px">The default value is 4 GB.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domodifycachedrive"></a>**DeliveryOptimization/DOModifyCacheDrive**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the drive that Delivery Optimization should use for its cache. The drive location can be specified using environment variables, drive letter or using a full path.
+
+<p style="margin-left: 20px">By default, %SystemDrive% is used to store the cache.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-domonthlyuploaddatacap"></a>**DeliveryOptimization/DOMonthlyUploadDataCap**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum total bytes in GB that Delivery Optimization is allowed to upload to Internet peers in each calendar month.
+
+<p style="margin-left: 20px">The value 0 (zero) means "unlimited"; No monthly upload limit is applied if 0 is set.
+
+<p style="margin-left: 20px">The default value is 20.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
+
+ 
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the maximum download bandwidth that Delivery Optimization uses across all concurrent download activities as a percentage of available download bandwidth.
+
+<p style="margin-left: 20px">The default value 0 (zero) means that Delivery Optimization dynamically adjusts to use the available bandwidth for downloads.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>DeliveryOptimization policies supported by Microsoft Surface Hub  
+
+-   [DeliveryOptimization/DOAbsoluteMaxCacheSize](#deliveryoptimization-doabsolutemaxcachesize)  
+-   [DeliveryOptimization/DOAllowVPNPeerCaching](#deliveryoptimization-doallowvpnpeercaching)  
+-   [DeliveryOptimization/DODownloadMode](#deliveryoptimization-dodownloadmode)  
+-   [DeliveryOptimization/DOGroupId](#deliveryoptimization-dogroupid)  
+-   [DeliveryOptimization/DOMaxCacheAge](#deliveryoptimization-domaxcacheage)  
+-   [DeliveryOptimization/DOMaxCacheSize](#deliveryoptimization-domaxcachesize)  
+-   [DeliveryOptimization/DOMaxDownloadBandwidth](#deliveryoptimization-domaxdownloadbandwidth)  
+-   [DeliveryOptimization/DOMaxUploadBandwidth](#deliveryoptimization-domaxuploadbandwidth)  
+-   [DeliveryOptimization/DOMinBackgroundQos](#deliveryoptimization-dominbackgroundqos)  
+-   [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](#deliveryoptimization-domindisksizeallowedtopeer)  
+-   [DeliveryOptimization/DOMinFileSizeToCache](#deliveryoptimization-dominfilesizetocache)  
+-   [DeliveryOptimization/DOMinRAMAllowedToPeer](#deliveryoptimization-dominramallowedtopeer)  
+-   [DeliveryOptimization/DOModifyCacheDrive](#deliveryoptimization-domodifycachedrive)  
+-   [DeliveryOptimization/DOMonthlyUploadDataCap](#deliveryoptimization-domonthlyuploaddatacap)  
+-   [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](#deliveryoptimization-dopercentagemaxdownloadbandwidth)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
new file mode 100644
index 0000000000..1a2b0575d1
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -0,0 +1,78 @@
+---
+title: Policy CSP - Desktop
+description: Policy CSP - Desktop
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Desktop
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Desktop policies  
+
+<!--StartPolicy-->
+<a href="" id="desktop-preventuserredirectionofprofilefolders"></a>**Desktop/PreventUserRedirectionOfProfileFolders**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Prevents users from changing the path to their profile folders.
+
+By default, a user can change the location of their individual profile folders like Documents, Music etc. by typing a new path in the Locations tab of the folder's Properties dialog box.
+
+If you enable this setting, users are unable to type a new location in the Target box.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prohibit User from manually redirecting Profile Folders*
+-   GP name: *DisablePersonalDirChange*
+-   GP ADMX file name: *desktop.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Desktop policies supported by Microsoft Surface Hub  
+
+-   [Desktop/PreventUserRedirectionOfProfileFolders](#desktop-preventuserredirectionofprofilefolders)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
new file mode 100644
index 0000000000..a33fac0efa
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -0,0 +1,147 @@
+---
+title: Policy CSP - DeviceGuard
+description: Policy CSP - DeviceGuard
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - DeviceGuard
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## DeviceGuard policies  
+
+<!--StartPolicy-->
+<a href="" id="deviceguard-enablevirtualizationbasedsecurity"></a>**DeviceGuard/EnableVirtualizationBasedSecurity**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+ 
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. Supported values:
+<ul>
+<li>0 (default) - disable virtualization based security</li>
+<li>1 - enable virtualization based security</li>
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deviceguard-lsacfgflags"></a>**DeviceGuard/LsaCfgFlags**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+ 
+<p style="margin-left: 20px">Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. Supported values:
+<ul>
+<li>0 (default) - (Disabled) Turns off Credential Guard remotely if configured previously without UEFI Lock</li>
+<li>1 - (Enabled with UEFI lock) Turns on Credential Guard with UEFI lock</li>
+<li>2 - (Enabled without lock) Turns on Credential Guard without UEFI lock</li>
+
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deviceguard-requireplatformsecurityfeatures"></a>**DeviceGuard/RequirePlatformSecurityFeatures**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. Supported values:
+<ul>
+<li>1 (default) - Turns on VBS with Secure Boot. </li>
+<li>3 - Turns on VBS with Secure Boot and direct memory access (DMA). DMA requires hardware support.</li>
+</ul>
+ 
+<p style="margin-left: 20px">
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>DeviceGuard policies supported by Microsoft Surface Hub  
+
+-   [DeviceGuard/AllowKernelControlFlowGuard](#None)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
new file mode 100644
index 0000000000..6fe4218008
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -0,0 +1,114 @@
+---
+title: Policy CSP - DeviceInstallation
+description: Policy CSP - DeviceInstallation
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - DeviceInstallation
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## DeviceInstallation policies  
+
+<!--StartPolicy-->
+<a href="" id="deviceinstallation-preventinstallationofmatchingdeviceids"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceIDs**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+If you enable this policy setting, Windows is prevented from installing a device whose hardware ID or compatible ID appears in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or do not configure this policy setting, devices can be installed and updated as allowed or prevented by other policy settings.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent installation of devices that match any of these device IDs*
+-   GP name: *DeviceInstall_IDs_Deny*
+-   GP ADMX file name: *deviceinstallation.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
+
+If you enable this policy setting, Windows is prevented from installing or updating device drivers whose device setup class GUIDs appear in the list you create. If you enable this policy setting on a remote desktop server, the policy setting affects redirection of the specified devices from a remote desktop client to the remote desktop server.
+
+If you disable or do not configure this policy setting, Windows can install and update devices as allowed or prevented by other policy settings.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent installation of devices using drivers that match these device setup classes*
+-   GP name: *DeviceInstall_Classes_Deny*
+-   GP ADMX file name: *deviceinstallation.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
new file mode 100644
index 0000000000..6aedca4af1
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -0,0 +1,841 @@
+---
+title: Policy CSP - DeviceLock
+description: Policy CSP - DeviceLock
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - DeviceLock
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## DeviceLock policies  
+
+<!--StartPolicy-->
+<a href="" id="devicelock-allowidlereturnwithoutpassword"></a>**DeviceLock/AllowIdleReturnWithoutPassword**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Specifies whether the user must input a PIN or password when the device resumes from an idle state.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+ 
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-allowscreentimeoutwhilelockeduserconfig"></a>**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Specifies whether to show a user-configurable setting to control the screen timeout while on the lock screen of Windows 10 Mobile devices.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+> [!IMPORTANT]
+> If this policy is set to 1 (Allowed), the value set by **DeviceLock/ScreenTimeOutWhileLocked** is ignored. To ensure enterprise control over the screen timeout, set this policy to 0 (Not allowed) and use **DeviceLock/ScreenTimeOutWhileLocked** to set the screen timeout period.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-allowsimpledevicepassword"></a>**DeviceLock/AllowSimpleDevicePassword**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-alphanumericdevicepasswordrequired"></a>**DeviceLock/AlphanumericDevicePasswordRequired**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required).
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+>
+> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions (Home, Pro, Enterprise, and Education).
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Alphanumeric PIN or password required.
+-   1 – Numeric PIN or password required.
+-   2 (default) – Users can choose: Numeric PIN or password, or Alphanumeric PIN or password.
+
+> [!NOTE]
+> If **AlphanumericDevicePasswordRequired** is set to 1 or 2, then MinDevicePasswordLength = 0 and MinDevicePasswordComplexCharacters = 1.
+>
+> If **AlphanumericDevicePasswordRequired** is set to 0, then MinDevicePasswordLength = 4 and MinDevicePasswordComplexCharacters = 2.
+
+ 
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-devicepasswordenabled"></a>**DeviceLock/DevicePasswordEnabled**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether device lock is enabled.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+>
+> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+ 
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Enabled
+-   1 – Disabled
+
+> [!IMPORTANT]
+> The **DevicePasswordEnabled** setting must be set to 0 (device password is enabled) for the following policy settings to take effect:
+>
+> -   AllowSimpleDevicePassword
+> -   MinDevicePasswordLength
+> -   AlphanumericDevicePasswordRequired
+> -   MaxDevicePasswordFailedAttempts
+> -   MaxInactivityTimeDeviceLock
+> -   MinDevicePasswordComplexCharacters
+&nbsp;
+
+> [!IMPORTANT]
+> If **DevicePasswordEnabled** is set to 0 (device password is enabled), then the following policies are set:
+>
+> -   MinDevicePasswordLength is set to 4
+> -   MinDevicePasswordComplexCharacters is set to 1
+>
+> If **DevicePasswordEnabled** is set to 1 (device password is disabled), then the following DeviceLock policies are set to 0:
+>
+> -   MinDevicePasswordLength
+> -   MinDevicePasswordComplexCharacters
+
+> [!Important]
+> **DevicePasswordEnabled** should not be set to Enabled (0) when WMI is used to set the EAS DeviceLock policies given that it is Enabled by default in Policy CSP for back compat with Windows 8.x. If **DevicePasswordEnabled** is set to Enabled(0) then Policy CSP will return an error stating that **DevicePasswordEnabled** already exists. Windows 8.x did not support DevicePassword policy. When disabling **DevicePasswordEnabled** (1) then this should be the only policy set from the DeviceLock group of policies listed below:
+> - **DevicePasswordEnabled** is the parent policy of the following:
+> 	- AllowSimpleDevicePassword
+>	- MinDevicePasswordLength
+>	- AlphanumericDevicePasswordRequired
+>		- MinDevicePasswordComplexCharacters 
+>	- DevicePasswordExpiration
+>	- DevicePasswordHistory
+>   - MaxDevicePasswordFailedAttempts
+>   - MaxInactivityTimeDeviceLock
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-devicepasswordexpiration"></a>**DeviceLock/DevicePasswordExpiration**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies when the password expires (in days).
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   An integer X where 0 &lt;= X &lt;= 730.
+-   0 (default) - Passwords do not expire.
+
+<p style="margin-left: 20px">If all policy values = 0 then 0; otherwise, Min policy value is the most secure value.
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-devicepasswordhistory"></a>**DeviceLock/DevicePasswordHistory**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies how many passwords can be stored in the history that can’t be used.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   An integer X where 0 &lt;= X &lt;= 50.
+-   0 (default)
+
+<p style="margin-left: 20px">The value includes the user's current password. This means that with a setting of 1 the user cannot reuse their current password when choosing a new password, while a setting of 5 means that a user cannot set their new password to their current password or any of their previous four passwords.
+
+<p style="margin-left: 20px">Max policy value is the most restricted.
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-enforcelockscreenandlogonimage"></a>**DeviceLock/EnforceLockScreenAndLogonImage**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
+
+> [!NOTE]
+> This policy is only enforced in Windows 10 Enterprise and Education editions and not supported in Windows 10 Home and Pro.
+
+
+<p style="margin-left: 20px">Value type is a string, which is the full image filepath and filename.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-enforcelockscreenprovider"></a>**DeviceLock/EnforceLockScreenProvider**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider.
+
+> [!NOTE]
+> This policy is only enforced in Windows 10 for mobile devices.
+
+
+<p style="margin-left: 20px">Value type is a string, which is the AppID.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-maxdevicepasswordfailedattempts"></a>**DeviceLock/MaxDevicePasswordFailedAttempts**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">This policy has different behaviors on the mobile device and desktop.
+
+-   On a mobile device, when the user reaches the value set by this policy, then the device is wiped.
+-   On a desktop, when the user reaches the value set by this policy, it is not wiped. Instead, the desktop is put on BitLocker recovery mode, which makes the data inaccessible but recoverable. If BitLocker is not enabled, then the policy cannot be enforced.
+
+    Prior to reaching the failed attempts limit, the user is sent to the lock screen and warned that more failed attempts will lock their computer. When the user reaches the limit, the device automatically reboots and shows the BitLocker recovery page. This page prompts the user for the BitLocker recovery key.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   An integer X where 4 &lt;= X &lt;= 16 for desktop and 0 &lt;= X &lt;= 999 for mobile devices.
+-   0 (default) - The device is never wiped after an incorrect PIN or password is entered.
+
+<p style="margin-left: 20px">Most secure value is 0 if all policy values = 0; otherwise, Min policy value is the most secure value.
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-maxinactivitytimedevicelock"></a>**DeviceLock/MaxInactivityTimeDeviceLock**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   An integer X where 0 &lt;= X &lt;= 999.
+-   0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay"></a>**DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   An integer X where 0 &lt;= X &lt;= 999.
+-   0 (default) - No timeout is defined. The default of "0" is Windows Phone 7.5 parity and is interpreted by as "No timeout is defined."
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-mindevicepasswordcomplexcharacters"></a>**DeviceLock/MinDevicePasswordComplexCharacters**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+>
+> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+
+<p style="margin-left: 20px">PIN enforces the following behavior for desktop and mobile devices:
+
+-   1 - Digits only
+-   2 - Digits and lowercase letters are required
+-   3 - Digits, lowercase letters, and uppercase letters are required
+-   4 - Digits, lowercase letters, uppercase letters, and special characters are required
+
+<p style="margin-left: 20px">The default value is 1. The following list shows the supported values and actual enforced values:
+
+<table style="margin-left: 20px">
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Account Type</th>
+<th>Supported Values</th>
+<th>Actual Enforced Values</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top"><p>Mobile</p></td>
+<td style="vertical-align:top"><p>1,2,3,4</p></td>
+<td style="vertical-align:top"><p>Same as the value set</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>Desktop Local Accounts</p></td>
+<td style="vertical-align:top"><p> 1,2,3</p></td>
+<td style="vertical-align:top"><p>3</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>Desktop Microsoft Accounts</p></td>
+<td style="vertical-align:top"><p>1,2</p></td>
+<td style="vertical-align:top"><p2</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>Desktop Domain Accounts</p></td>
+<td style="vertical-align:top"><p>Not supported</p></td>
+<td style="vertical-align:top">Not supported</p></td>
+</tr>
+</tbody>
+</table>
+
+
+<p style="margin-left: 20px">Enforced values for Local and Microsoft Accounts:
+
+-   Local accounts support values of 1, 2, and 3, however they always enforce a value of 3.
+-   Passwords for local accounts must meet the following minimum requirements:
+
+    -   Not contain the user's account name or parts of the user's full name that exceed two consecutive characters
+    -   Be at least six characters in length
+    -   Contain characters from three of the following four categories:
+
+        -   English uppercase characters (A through Z)
+        -   English lowercase characters (a through z)
+        -   Base 10 digits (0 through 9)
+        -   Special characters (!, $, \#, %, etc.)
+
+<p style="margin-left: 20px">The enforcement of policies for Microsoft accounts happen on the server, and the server requires a password length of 8 and a complexity of 2. A complexity value of 3 or 4 is unsupported and setting this value on the server makes Microsoft accounts non-compliant.
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-mindevicepasswordlength"></a>**DeviceLock/MinDevicePasswordLength**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies the minimum number or characters required in the PIN or password.
+
+> [!NOTE]
+> This policy must be wrapped in an Atomic command.
+>
+> Always use the Replace command instead of Add for this policy in Windows 10 for desktop editions.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   An integer X where 4 &lt;= X &lt;= 16 for mobile devices and desktop. However, local accounts will always enforce a minimum password length of 6.
+-   Not enforced.
+-   The default value is 4 for mobile devices and desktop devices.
+
+<p style="margin-left: 20px">Max policy value is the most restricted.
+
+<p style="margin-left: 20px">For additional information about this policy, see [Exchange ActiveSync Policy Engine Overview](https://technet.microsoft.com/library/dn282287.aspx) and [KB article](https://support.office.com/article/This-device-doesn-t-meet-the-security-requirements-set-by-your-email-administrator-87132fc7-2c7f-4a71-9de0-779ff81c86ca).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.
+
+By default, users can enable a slide show that will run after they lock the machine.
+
+If you enable this setting, users will no longer be able to modify slide show settings in PC Settings, and no slide show will ever start.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent enabling lock screen slide show*
+-   GP name: *CPL_Personalization_NoLockScreenSlideshow*
+-   GP ADMX file name: *ControlPanelDisplay.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="devicelock-screentimeoutwhilelocked"></a>**DeviceLock/ScreenTimeoutWhileLocked**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+ 
+<p style="margin-left: 20px">Allows an enterprise to set the duration in seconds for the screen timeout while on the lock screen of Windows 10 Mobile devices.
+
+<p style="margin-left: 20px">Minimum supported value is 10.
+
+<p style="margin-left: 20px">Maximum supported value is 1800.
+
+<p style="margin-left: 20px">The default value is 10.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>DeviceLock policies that can be set using Exchange Active Sync (EAS)  
+
+-   [DeviceLock/AllowSimpleDevicePassword](#devicelock-allowsimpledevicepassword)  
+-   [DeviceLock/AlphanumericDevicePasswordRequired](#devicelock-alphanumericdevicepasswordrequired)  
+-   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
+-   [DeviceLock/DevicePasswordExpiration](#devicelock-devicepasswordexpiration)  
+-   [DeviceLock/DevicePasswordHistory](#devicelock-devicepasswordhistory)  
+-   [DeviceLock/MaxDevicePasswordFailedAttempts](#devicelock-maxdevicepasswordfailedattempts)  
+-   [DeviceLock/MaxInactivityTimeDeviceLock](#devicelock-maxinactivitytimedevicelock)  
+-   [DeviceLock/MinDevicePasswordComplexCharacters](#devicelock-mindevicepasswordcomplexcharacters)  
+-   [DeviceLock/MinDevicePasswordLength](#devicelock-mindevicepasswordlength)  
+-   [DeviceLock/PreventLockScreenSlideShow](#devicelock-preventlockscreenslideshow)  
+<!--EndEAS-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>DeviceLock policies supported by Windows Holographic for Business  
+
+-   [DeviceLock/AllowIdleReturnWithoutPassword](#devicelock-allowidlereturnwithoutpassword)  
+-   [DeviceLock/DevicePasswordEnabled](#devicelock-devicepasswordenabled)  
+<!--EndHoloLens-->
+
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
new file mode 100644
index 0000000000..142be5ef59
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -0,0 +1,118 @@
+---
+title: Policy CSP - Display
+description: Policy CSP - Display
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Display
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Display policies  
+
+<!--StartPolicy-->
+<a href="" id="display-turnoffgdidpiscalingforapps"></a>**Display/TurnOffGdiDPIScalingForApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
+
+<p style="margin-left: 20px">This policy setting lets you specify legacy applications that have GDI DPI Scaling turned off.
+
+<p style="margin-left: 20px">If you enable this policy setting, GDI DPI Scaling is turned off for all applications in the list, even if they are enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, GDI DPI Scaling might still be turned on for legacy applications.
+
+<p style="margin-left: 20px">If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Configure the setting for an app which has GDI DPI scaling enabled via MDM or any other supported mechanisms.
+2.   Run the app and observe blurry text.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="display-turnongdidpiscalingforapps"></a>**Display/TurnOnGdiDPIScalingForApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
+
+<p style="margin-left: 20px">This policy setting lets you specify legacy applications that have GDI DPI Scaling turned on.
+
+<p style="margin-left: 20px">If you enable this policy setting, GDI DPI Scaling is turned on for all legacy applications in the list.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, GDI DPI Scaling will not be enabled for an application except when an application is enabled by using ApplicationCompatibility database, ApplicationCompatibility UI System (Enhanced) setting, or an application manifest.
+
+<p style="margin-left: 20px">If GDI DPI Scaling is configured to both turn off and turn on an application, the application will be turned off.
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Configure the setting for an app which uses GDI.
+2.   Run the app and observe crisp text.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
new file mode 100644
index 0000000000..76c623cf52
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -0,0 +1,240 @@
+---
+title: Policy CSP - EnterpriseCloudPrint
+description: Policy CSP - EnterpriseCloudPrint
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - EnterpriseCloudPrint
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## EnterpriseCloudPrint policies  
+
+<!--StartPolicy-->
+<a href="" id="enterprisecloudprint-cloudprintoauthauthority"></a>**EnterpriseCloudPrint/CloudPrintOAuthAuthority**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens.
+
+<p style="margin-left: 20px">The datatype is a string.
+
+<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https:<span></span>//azuretenant.contoso.com/adfs".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="enterprisecloudprint-cloudprintoauthclientid"></a>**EnterpriseCloudPrint/CloudPrintOAuthClientId**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority.
+
+<p style="margin-left: 20px">The datatype is a string.
+
+<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain a GUID. For example, "E1CF1107-FF90-4228-93BF-26052DD2C714".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="enterprisecloudprint-cloudprintresourceid"></a>**EnterpriseCloudPrint/CloudPrintResourceId**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication.
+
+<p style="margin-left: 20px">The datatype is a string. 
+
+<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain a URL. For example, "http:<span></span>//MicrosoftEnterpriseCloudPrint/CloudPrint".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="enterprisecloudprint-cloudprinterdiscoveryendpoint"></a>**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers.
+
+<p style="margin-left: 20px">The datatype is a string.
+
+<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain the URL of an endpoint. For example, "https:<span></span>//cloudprinterdiscovery.contoso.com".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="enterprisecloudprint-discoverymaxprinterlimit"></a>**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point.
+
+<p style="margin-left: 20px">The datatype is an integer. 
+
+<p style="margin-left: 20px">For Windows Mobile, the default value is 20.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="enterprisecloudprint-mopriadiscoveryresourceid"></a>**EnterpriseCloudPrint/MopriaDiscoveryResourceId**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication.
+
+<p style="margin-left: 20px">The datatype is a string.
+
+<p style="margin-left: 20px">The default value is an empty string. Otherwise, the value should contain a URL. For example, "http:<span></span>//MopriaDiscoveryService/CloudPrint".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
new file mode 100644
index 0000000000..9420ab52aa
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -0,0 +1,254 @@
+---
+title: Policy CSP - ErrorReporting
+description: Policy CSP - ErrorReporting
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - ErrorReporting
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## ErrorReporting policies  
+
+<!--StartPolicy-->
+<a href="" id="errorreporting-customizeconsentsettings"></a>**ErrorReporting/CustomizeConsentSettings**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
+
+If you enable this policy setting, you can add specific event types to a list by clicking Show, and typing event types in the Value Name column of the Show Contents dialog box. Event types are those for generic, non-fatal errors: crash, no response, and kernel fault errors. For each specified event type, you can set a consent level of 0, 1, 2, 3, or 4.
+
+- 0 (Disable): Windows Error Reporting sends no data to Microsoft for this event type.
+
+- 1 (Always ask before sending data): Windows prompts the user for consent to send reports.
+
+- 2 (Send parameters): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, and Windows prompts the user for consent to send any additional data requested by Microsoft.
+
+- 3 (Send parameters and safe additional data): Windows Error Reporting automatically sends the minimum data required to check for an existing solution, as well as data which Windows has determined (within a high probability) does not contain personally identifiable data, and prompts the user for consent to send any additional data requested by Microsoft.
+
+- 4 (Send all data): Any data requested by Microsoft is sent automatically.
+
+If you disable or do not configure this policy setting, then the default consent settings that are applied are those specified by the user in Control Panel, or in the Configure Default Consent policy setting.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Customize consent settings*
+-   GP name: *WerConsentCustomize_2*
+-   GP ADMX file name: *ErrorReporting.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="errorreporting-disablewindowserrorreporting"></a>**ErrorReporting/DisableWindowsErrorReporting**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
+
+If you enable this policy setting, Windows Error Reporting does not send any problem information to Microsoft. Additionally, solution information is not available in Security and Maintenance in Control Panel.
+
+If you disable or do not configure this policy setting, the Turn off Windows Error Reporting policy setting in Computer Configuration/Administrative Templates/System/Internet Communication Management/Internet Communication settings takes precedence. If Turn off Windows Error Reporting is also either disabled or not configured, user settings in Control Panel for Windows Error Reporting are applied.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disable Windows Error Reporting*
+-   GP name: *WerDisable_2*
+-   GP ADMX file name: *ErrorReporting.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="errorreporting-displayerrornotification"></a>**ErrorReporting/DisplayErrorNotification**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether users are shown an error dialog box that lets them report an error.
+
+If you enable this policy setting, users are notified in a dialog box that an error has occurred, and can display more details about the error. If the Configure Error Reporting policy setting is also enabled, the user can also report the error.
+
+If you disable this policy setting, users are not notified that errors have occurred. If the Configure Error Reporting policy setting is also enabled, errors are reported, but users receive no notification. Disabling this policy setting is useful for servers that do not have interactive users.
+
+If you do not configure this policy setting, users can change this setting in Control Panel, which is set to enable notification by default on computers that are running Windows XP Personal Edition and Windows XP Professional Edition, and disable notification by default on computers that are running Windows Server.
+
+See also the Configure Error Reporting policy setting.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Display Error Notification*
+-   GP name: *PCH_ShowUI*
+-   GP ADMX file name: *ErrorReporting.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="errorreporting-donotsendadditionaldata"></a>**ErrorReporting/DoNotSendAdditionalData**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
+
+If you enable this policy setting, any additional data requests from Microsoft in response to a Windows Error Reporting report are automatically declined, without notification to the user.
+
+If you disable or do not configure this policy setting, then consent policy settings in Computer Configuration/Administrative Templates/Windows Components/Windows Error Reporting/Consent take precedence.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not send additional data*
+-   GP name: *WerNoSecondLevelData_2*
+-   GP ADMX file name: *ErrorReporting.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="errorreporting-preventcriticalerrordisplay"></a>**ErrorReporting/PreventCriticalErrorDisplay**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting prevents the display of the user interface for critical errors.
+
+If you enable this policy setting, Windows Error Reporting does not display any GUI-based error messages or dialog boxes for critical errors.
+
+If you disable or do not configure this policy setting, Windows Error Reporting displays the user interface for critical errors.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent display of the user interface for critical errors*
+-   GP name: *WerDoNotShowUI*
+-   GP ADMX file name: *ErrorReporting.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
new file mode 100644
index 0000000000..a7d3d8bcf3
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -0,0 +1,200 @@
+---
+title: Policy CSP - EventLogService
+description: Policy CSP - EventLogService
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - EventLogService
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## EventLogService policies  
+
+<!--StartPolicy-->
+<a href="" id="eventlogservice-controleventlogbehavior"></a>**EventLogService/ControlEventLogBehavior**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls Event Log behavior when the log file reaches its maximum size.
+
+If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.
+
+If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.
+
+Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Control Event Log behavior when the log file reaches its maximum size*
+-   GP name: *Channel_Log_Retention_1*
+-   GP ADMX file name: *eventlog.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="eventlogservice-specifymaximumfilesizeapplicationlog"></a>**EventLogService/SpecifyMaximumFileSizeApplicationLog**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies the maximum size of the log file in kilobytes.
+
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+
+If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the maximum log file size (KB)*
+-   GP name: *Channel_LogMaxSize_1*
+-   GP ADMX file name: *eventlog.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="eventlogservice-specifymaximumfilesizesecuritylog"></a>**EventLogService/SpecifyMaximumFileSizeSecurityLog**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies the maximum size of the log file in kilobytes.
+
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+
+If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the maximum log file size (KB)*
+-   GP name: *Channel_LogMaxSize_2*
+-   GP ADMX file name: *eventlog.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="eventlogservice-specifymaximumfilesizesystemlog"></a>**EventLogService/SpecifyMaximumFileSizeSystemLog**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies the maximum size of the log file in kilobytes.
+
+If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.
+
+If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the maximum log file size (KB)*
+-   GP name: *Channel_LogMaxSize_4*
+-   GP ADMX file name: *eventlog.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
new file mode 100644
index 0000000000..d0a5edf221
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -0,0 +1,782 @@
+---
+title: Policy CSP - Experience
+description: Policy CSP - Experience
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Experience
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Experience policies  
+
+<!--StartPolicy-->
+<a href="" id="experience-allowcopypaste"></a>**Experience/AllowCopyPaste**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Specifies whether copy and paste is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowcortana"></a>**Experience/AllowCortana**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">Benefit to the customer:
+
+<p style="margin-left: 20px">Before this setting, enterprise customers could not set up Cortana during out-of-box experience (OOBE) at all, even though Cortana is the “voice” that walks you through OOBE. By sending AllowCortana in initial enrollment, enterprise customers can allow their employees to see the Cortana consent page. This enables them to choose to use Cortana and make their lives easier and more productive.
+
+<p style="margin-left: 20px">Sample scenario:
+
+<p style="margin-left: 20px">An enterprise employee customer is going through OOBE and enjoys Cortana’s help in this process. The customer is happy to learn during OOBE that Cortana can help them be more productive, and chooses to set up Cortana before OOBE finishes. When their setup is finished, they are immediately ready to engage with Cortana to help manage their schedule and more.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowdevicediscovery"></a>**Experience/AllowDeviceDiscovery**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows users to turn on/off device discovery UX.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">When set to 0 , the projection pane is disabled. The Win+P and Win+K shortcut keys will not work on.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowmanualmdmunenrollment"></a>**Experience/AllowManualMDMUnenrollment**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow the user to delete the workplace account using the workplace control panel.
+
+> [!NOTE]
+> The MDM server can always remotely delete the account.
+
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowsimerrordialogpromptwhennosim"></a>**Experience/AllowSIMErrorDialogPromptWhenNoSIM**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Specifies whether to display dialog prompt when no SIM card is detected.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – SIM card dialog prompt is not displayed.
+-   1 (default) – SIM card dialog prompt is displayed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowscreencapture"></a>**Experience/AllowScreenCapture**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Specifies whether screen capture is allowed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowsyncmysettings"></a>**Experience/AllowSyncMySettings**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Sync settings is not allowed.
+-   1 (default) – Sync settings allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowtailoredexperienceswithdiagnosticdata"></a>**Experience/AllowTailoredExperiencesWithDiagnosticData**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to prevent Windows from using diagnostic data to provide customized experiences to the user. If you enable this policy setting, Windows will not use diagnostic data from this device to customize content shown on the lock screen, Windows tips, Microsoft consumer features, or other related features. If these features are enabled, users will still see recommendations, tips and offers, but they may be less relevant. If you disable or do not configure this policy setting, Microsoft will use diagnostic data to provide personalized recommendations, tips, and offers to tailor Windows for the user's needs and make it work better for them.
+
+<p style="margin-left: 20px">Diagnostic data can include browser, app and feature usage, depending on the "Diagnostic and usage data" setting value.
+
+> **Note** This setting does not control Cortana cutomized experiences because there are separate policies to configure it.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowtaskswitcher"></a>**Experience/AllowTaskSwitcher**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows or disallows task switching on the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Task switching not allowed.
+-   1 (default) – Task switching allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowthirdpartysuggestionsinwindowsspotlight"></a>**Experience/AllowThirdPartySuggestionsInWindowsSpotlight**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+
+
+<p style="margin-left: 20px">Specifies whether to allow app and content suggestions from third-party software publishers in Windows spotlight features like lock screen spotlight, suggested apps in the Start menu, and Windows tips. Users may still see suggestions for Microsoft features, apps, and services.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Third-party suggestions not allowed.
+-   1 (default) – Third-party suggestions allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowvoicerecording"></a>**Experience/AllowVoiceRecording**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Specifies whether voice recording is allowed for apps.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowwindowsconsumerfeatures"></a>**Experience/AllowWindowsConsumerFeatures**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">This policy allows IT admins to turn on experiences that are typically for consumers only, such as Start suggestions, Membership notifications, Post-OOBE app install and redirect tiles.
+
+> [!IMPORTANT]
+> This node must be accessed using the following paths:
+>
+> -   **./User/Vendor/MSFT/Policy/Config/Experience/AllowWindowsConsumerFeatures** to set the policy.
+> -   **./User/Vendor/MSFT/Policy/Result/Experience/AllowWindowsConsumerFeatures** to get the result.
+
+ 
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowwindowsspotlight"></a>**Experience/AllowWindowsSpotlight**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+
+
+<p style="margin-left: 20px">Specifies whether to turn off all Windows spotlight features at once. If you enable this policy setting, Windows spotlight on lock screen, Windows Tips, Microsoft consumer features and other related features will be turned off. You should enable this policy setting if your goal is to minimize network traffic from target devices. If you disable or do not configure this policy setting, Windows spotlight features are allowed and may be controlled individually using their corresponding policy settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowwindowsspotlightonactioncenter"></a>**Experience/AllowWindowsSpotlightOnActionCenter**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows administrators to prevent Windows spotlight notifications from being displayed in the Action Center. If you enable this policy, Windows spotlight notifications will no longer be displayed in the Action Center. If you disable or do not configure this policy, Microsoft may display notifications in the Action Center that will suggest apps or features to help users be more productive on Windows.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowwindowsspotlightwindowswelcomeexperience"></a>**Experience/AllowWindowsSpotlightWindowsWelcomeExperience**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting lets you turn off the Windows spotlight Windows welcome experience feature. 
+The Windows welcome experience feature introduces onboard users to Windows; for example, launching Microsoft Edge with a webpage that highlights new features. If you enable this policy, the Windows welcome experience will no longer be displayed when there are updates and changes to Windows and its apps. If you disable or do not configure this policy, the Windows welcome experience will be launched to inform onboard users about what's new, changed, and suggested.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-allowwindowstips"></a>**Experience/AllowWindowsTips**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Enables or disables Windows Tips / soft landing.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disabled.
+-   1 (default) – Enabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-configurewindowsspotlightonlockscreen"></a>**Experience/ConfigureWindowsSpotlightOnLockScreen**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only available for Windows 10 Enterprise and Windows 10 Education.
+
+
+<p style="margin-left: 20px">Allows IT admins to specify whether spotlight should be used on the user's lock screen. If your organization does not have an Enterprise spotlight content service, then this policy will behave the same as a setting of 1.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – None.
+-   1 (default) – Windows spotlight enabled.
+-   2 – placeholder only for future extension. Using this value has no effect.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="experience-donotshowfeedbacknotifications"></a>**Experience/DoNotShowFeedbackNotifications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Prevents devices from showing feedback questions from Microsoft.
+
+<p style="margin-left: 20px">If you enable this policy setting, users will no longer see feedback notifications through the Feedback hub app. If you disable or do not configure this policy setting, users may see notifications through the Feedback hub app asking users for feedback.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users can control how often they receive feedback questions.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Feedback notifications are not disabled. The actual state of feedback notifications on the device will then depend on what GP has configured or what the user has configured locally.
+-   1 – Feedback notifications are disabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Experience policies supported by Windows Holographic for Business  
+
+-   [Experience/AllowCortana](#experience-allowcortana)  
+-   [Experience/AllowManualMDMUnenrollment](#experience-allowmanualmdmunenrollment)  
+<!--EndHoloLens-->
+
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
new file mode 100644
index 0000000000..65d798cab5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -0,0 +1,61 @@
+---
+title: Policy CSP - Games
+description: Policy CSP - Games
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Games
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Games policies  
+
+<!--StartPolicy-->
+<a href="" id="games-allowadvancedgamingservices"></a>**Games/AllowAdvancedGamingServices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Placeholder only. Currently not supported.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
new file mode 100644
index 0000000000..096bb1b61b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -0,0 +1,8012 @@
+---
+title: Policy CSP - InternetExplorer
+description: Policy CSP - InternetExplorer
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - InternetExplorer
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## InternetExplorer policies  
+
+<!--StartPolicy-->
+<a href="" id="internetexplorer-addsearchprovider"></a>**InternetExplorer/AddSearchProvider**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to add a specific list of search providers to the user's default list of search providers. Normally, search providers can be added from third-party toolbars or in Setup. The user can also add a search provider from the provider's website.
+
+If you enable this policy setting, the user can add and remove search providers, but only from the set of search providers specified in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Note: This list can be created from a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+
+If you disable or do not configure this policy setting, the user can configure their list of search providers unless another policy setting restricts such configuration.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Add a specific list of search providers to the user's list of search providers*
+-   GP name: *AddSearchProvider*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowactivexfiltering"></a>**InternetExplorer/AllowActiveXFiltering**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls the ActiveX Filtering feature for websites that are running ActiveX controls. The user can choose to turn off ActiveX Filtering for specific websites so that ActiveX controls can run properly.
+
+If you enable this policy setting, ActiveX Filtering is enabled by default for the user. The user cannot turn off ActiveX Filtering, although they may add per-site exceptions.
+
+If you disable or do not configure this policy setting, ActiveX Filtering is not enabled by default for the user. The user can turn ActiveX Filtering on or off.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on ActiveX Filtering*
+-   GP name: *TurnOnActiveXFiltering*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowaddonlist"></a>**InternetExplorer/AllowAddOnList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage a list of add-ons to be allowed or denied by Internet Explorer. Add-ons in this case are controls like ActiveX Controls, Toolbars, and Browser Helper Objects (BHOs) which are specifically written to extend or enhance the functionality of the browser or web pages.
+
+This list can be used with the 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting, which defines whether add-ons not listed here are assumed to be denied.
+
+If you enable this policy setting, you can enter a list of add-ons to be allowed or denied by Internet Explorer. For each entry that you add to the list, enter the following information:
+
+Name of the Value - the CLSID (class identifier) for the add-on you wish to add to the list.  The CLSID should be in brackets for example, {000000000-0000-0000-0000-0000000000000}'. The CLSID for an add-on can be obtained by reading the OBJECT tag from a Web page on which the add-on is referenced.
+
+Value - A number indicating whether Internet Explorer should deny or allow the add-on to be loaded. To specify that an add-on should be denied enter a 0 (zero) into this field. To specify that an add-on should be allowed, enter a 1 (one) into this field. To specify that an add-on should be allowed and also permit the user to manage the add-on through Add-on Manager, enter a 2 (two) into this field.
+
+If you disable this policy setting, the list is deleted. The 'Deny all add-ons unless specifically allowed in the Add-on List' policy setting will still determine whether add-ons not in this list are assumed to be denied.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Add-on List*
+-   GP name: *AddonManagement_AddOnList*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/AllowAutoComplete**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on the auto-complete feature for user names and passwords on forms*
+-   GP name: *RestrictFormSuggestPW*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/AllowCertificateAddressMismatchWarning**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on certificate address mismatch warning*
+-   GP name: *IZ_PolicyWarnCertMismatch*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/AllowDeletingBrowsingHistoryOnExit**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow deleting browsing history on exit*
+-   GP name: *DBHDisableDeleteOnExit*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowenhancedprotectedmode"></a>**InternetExplorer/AllowEnhancedProtectedMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Enhanced Protected Mode provides additional protection against malicious websites by using 64-bit processes on 64-bit versions of Windows. For computers running at least Windows 8, Enhanced Protected Mode also limits the locations Internet Explorer can read from in the registry and the file system.
+
+If you enable this policy setting, Enhanced Protected Mode will be turned on. Any zone that has Protected Mode enabled will use Enhanced Protected Mode. Users will not be able to disable Enhanced Protected Mode.
+
+If you disable this policy setting, Enhanced Protected Mode will be turned off. Any zone that has Protected Mode enabled will use the version of Protected Mode introduced in Internet Explorer 7 for Windows Vista.
+
+If you do not configure this policy, users will be able to turn on or turn off Enhanced Protected Mode on the Advanced tab of the Internet Options dialog.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Enhanced Protected Mode*
+-   GP name: *Advanced_EnableEnhancedProtectedMode*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowenterprisemodefromtoolsmenu"></a>**InternetExplorer/AllowEnterpriseModeFromToolsMenu**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the Tools menu.
+
+If you turn this setting on, users can see and use the Enterprise Mode option from the Tools menu. If you turn this setting on, but don't specify a report location, Enterprise Mode will still be available to your users, but you won't get any reports.
+
+If you disable or don't configure this policy setting, the menu option won't appear and users won't be able to run websites in Enterprise Mode.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Let users turn on and use Enterprise Mode from the Tools menu*
+-   GP name: *EnterpriseModeEnable*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowenterprisemodesitelist"></a>**InternetExplorer/AllowEnterpriseModeSiteList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode IE, instead of Standard mode, because of compatibility issues. Users can't edit this list.
+
+If you enable this policy setting, Internet Explorer downloads the website list from your location (HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode), opening all listed websites using Enterprise Mode IE.
+
+If you disable or don't configure this policy setting, Internet Explorer opens all websites using Standards mode.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Use the Enterprise Mode IE website list*
+-   GP name: *EnterpriseModeSiteList*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/AllowFallbackToSSL3**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow fallback to SSL 3.0 (Internet Explorer)*
+-   GP name: *Advanced_EnableSSL3Fallback*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowinternetexplorer7policylist"></a>**InternetExplorer/AllowInternetExplorer7PolicyList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to add specific sites that must be viewed in Internet Explorer 7 Compatibility View.
+
+If you enable this policy setting, the user can add and remove sites from the list, but the user cannot remove the entries that you specify.
+
+If you disable or do not configure this policy setting, the user can add and remove sites from the list.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Use Policy List of Internet Explorer 7 sites*
+-   GP name: *CompatView_UsePolicyList*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowinternetexplorerstandardsmode"></a>**InternetExplorer/AllowInternetExplorerStandardsMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls how Internet Explorer displays local intranet content. Intranet content is defined as any webpage that belongs to the local intranet security zone.
+
+If you enable this policy setting, Internet Explorer uses the current user agent string for local intranet content. Additionally, all local intranet Standards Mode pages appear in the Standards Mode available with the latest version of Internet Explorer. The user cannot change this behavior through the Compatibility View Settings dialog box.
+
+If you disable this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. The user cannot change this behavior through the Compatibility View Settings dialog box.
+
+If you do not configure this policy setting, Internet Explorer uses an Internet Explorer 7 user agent string (with an additional string appended) for local intranet content. Additionally, all local intranet Standards Mode pages appear in Internet Explorer 7 Standards Mode. This option results in the greatest compatibility with existing webpages, but newer content written to common Internet standards may be displayed incorrectly. This option matches the default behavior of Internet Explorer.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Internet Explorer Standards Mode for local intranet*
+-   GP name: *CompatView_IntranetSites*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowinternetzonetemplate"></a>**InternetExplorer/AllowInternetZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Internet Zone Template*
+-   GP name: *IZ_PolicyInternetZoneTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowintranetzonetemplate"></a>**InternetExplorer/AllowIntranetZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Intranet Zone Template*
+-   GP name: *IZ_PolicyIntranetZoneTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowlocalmachinezonetemplate"></a>**InternetExplorer/AllowLocalMachineZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Local Machine Zone Template*
+-   GP name: *IZ_PolicyLocalMachineZoneTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowlockeddowninternetzonetemplate"></a>**InternetExplorer/AllowLockedDownInternetZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Locked-Down Internet Zone Template*
+-   GP name: *IZ_PolicyInternetZoneLockdownTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowlockeddownintranetzonetemplate"></a>**InternetExplorer/AllowLockedDownIntranetZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Locked-Down Intranet Zone Template*
+-   GP name: *IZ_PolicyIntranetZoneLockdownTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowlockeddownlocalmachinezonetemplate"></a>**InternetExplorer/AllowLockedDownLocalMachineZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Locked-Down Local Machine Zone Template*
+-   GP name: *IZ_PolicyLocalMachineZoneLockdownTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowlockeddownrestrictedsiteszonetemplate"></a>**InternetExplorer/AllowLockedDownRestrictedSitesZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Locked-Down Restricted Sites Zone Template*
+-   GP name: *IZ_PolicyRestrictedSitesZoneLockdownTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowonewordentry"></a>**InternetExplorer/AllowOneWordEntry**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy allows the user to go directly to an intranet site for a one-word entry in the Address bar.
+
+If you enable this policy setting, Internet Explorer goes directly to an intranet site for a one-word entry in the Address bar, if it is available.
+
+If you disable or do not configure this policy setting, Internet Explorer does not go directly to an intranet site for a one-word entry in the Address bar.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Go to an intranet site for a one-word entry in the Address bar*
+-   GP name: *UseIntranetSiteForOneWordEntry*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowsitetozoneassignmentlist"></a>**InternetExplorer/AllowSiteToZoneAssignmentList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage a list of sites that you want to associate with a particular security zone. These zone numbers have associated security settings that apply to all of the sites in the zone.
+
+Internet Explorer has 4 security zones, numbered 1-4, and these are used by this policy setting to associate sites to zones. They are: (1) Intranet zone, (2) Trusted Sites zone, (3) Internet zone, and (4) Restricted Sites zone. Security settings can be set for each of these zones through other policy settings, and their default settings are: Trusted Sites zone (Low template), Intranet zone (Medium-Low template), Internet zone (Medium template), and Restricted Sites zone (High template). (The Local Machine zone and its locked down equivalent have special security settings that protect your local computer.)
+
+If you enable this policy setting, you can enter a list of sites and their related zone numbers. The association of a site with a zone will ensure that the security settings for the specified zone are applied to the site. For each entry that you add to the list, enter the following information:
+
+Valuename  A host for an intranet site, or a fully qualified domain name for other sites. The valuename may also includea specificprotocol. For example, if you enter http://www.contoso.comas the valuename, other protocols are not affected.If you enter just www.contoso.com,then all protocolsare affected for that site, including http, https, ftp, and so on. The site may also be expressed as an IP address (e.g., 127.0.0.1) or range (e.g., 127.0.0.1-10). To avoid creating conflicting policies, do not include additional characters after the domain such as trailing slashes or URL path. For example, policy settings for www.contoso.com and www.contoso.com/mail would be treated as the same policy setting by Internet Explorer, and would therefore be in conflict.
+
+Value - A number indicating the zone with which this site should be associated for security settings. The Internet Explorer zones described above are 1-4.
+
+If you disable or do not configure this policy, users may choose their own site-to-zone assignments.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Site to Zone Assignment List*
+-   GP name: *IZ_Zonemaps*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/AllowSoftwareWhenSignatureIsInvalid**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow software to run or install even if the signature is invalid*
+-   GP name: *Advanced_InvalidSignatureBlock*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowsuggestedsites"></a>**InternetExplorer/AllowSuggestedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls the Suggested Sites feature, which recommends websites based on the users browsing activity. Suggested Sites reports a users browsing history to Microsoft to suggest sites that the user might want to visit.
+
+If you enable this policy setting, the user is not prompted to enable Suggested Sites. The users browsing history is sent to Microsoft to produce suggestions.
+
+If you disable this policy setting, the entry points and functionality associated with this feature are turned off.
+
+If you do not configure this policy setting, the user can turn on and turn off the Suggested Sites feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Suggested Sites*
+-   GP name: *EnableSuggestedSites*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowtrustedsiteszonetemplate"></a>**InternetExplorer/AllowTrustedSitesZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Trusted Sites Zone Template*
+-   GP name: *IZ_PolicyTrustedSitesZoneTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowslockeddowntrustedsiteszonetemplate"></a>**InternetExplorer/AllowsLockedDownTrustedSitesZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Locked-Down Trusted Sites Zone Template*
+-   GP name: *IZ_PolicyTrustedSitesZoneLockdownTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-allowsrestrictedsiteszonetemplate"></a>**InternetExplorer/AllowsRestrictedSitesZoneTemplate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This template policy setting allows you to configure policy settings in this zone consistent with a selected security level, for example, Low, Medium Low, Medium, or High.
+
+If you enable this template policy setting and select a security level, all values for individual settings in the zone will be overwritten by the standard template defaults.
+
+If you disable this template policy setting, no security level is configured.
+
+If you do not configure this template policy setting, no security level is configured.
+
+Note. Local Machine Zone Lockdown Security and Network Protocol Lockdown operate by comparing the settings in the active URL's zone against those in the Locked-Down equivalent zone. If you select a security level for any zone (including selecting no security), the same change should be made to the Locked-Down equivalent.
+
+Note. It is recommended to configure template policy settings in one Group Policy object (GPO) and configure any related individual policy settings in a separate GPO. You can then use Group Policy management features (for example, precedence, inheritance, or enforce) to apply individual settings to specific targets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Restricted Sites Zone Template*
+-   GP name: *IZ_PolicyRestrictedSitesZoneTemplate*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/CheckServerCertificateRevocation**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Check for server certificate revocation*
+-   GP name: *Advanced_CertificateRevocation*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/CheckSignaturesOnDownloadedPrograms**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Check for signatures on downloaded programs*
+-   GP name: *Advanced_DownloadSignatures*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/ConsistentMimeHandlingInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disableadobeflash"></a>**InternetExplorer/DisableAdobeFlash**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting turns off Adobe Flash in Internet Explorer and prevents applications from using Internet Explorer technology to instantiate Flash objects.
+
+If you enable this policy setting, Flash is turned off for Internet Explorer, and applications cannot use Internet Explorer technology to instantiate Flash objects. In the Manage Add-ons dialog box, the Flash status will be 'Disabled', and users cannot enable Flash. If you enable this policy setting, Internet Explorer will ignore settings made for Adobe Flash through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings.
+
+If you disable, or do not configure this policy setting, Flash is turned on for Internet Explorer, and applications can use Internet Explorer technology to instantiate Flash objects. Users can enable or disable Flash in the Manage Add-ons dialog box.
+
+Note that Adobe Flash can still be disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings, even if this policy setting is disabled, or not configured. However, if Adobe Flash is disabled through the "Add-on List" and "Deny all add-ons unless specifically allowed in the Add-on List" policy settings and not through this policy setting, all applications that use Internet Explorer technology to instantiate Flash object can still do so. For more information, see "Group Policy Settings in Internet Explorer 10" in the Internet Explorer TechNet library.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects*
+-   GP name: *DisableFlashInIE*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableBlockingOfOutdatedActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
+-   GP name: *VerMgmtDisable*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablebypassofsmartscreenwarnings"></a>**InternetExplorer/DisableBypassOfSmartScreenWarnings**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter prevents the user from browsing to or downloading from sites that are known to host malicious content. SmartScreen Filter also prevents the execution of files that are known to be malicious.
+
+If you enable this policy setting, SmartScreen Filter warnings block the user.
+
+If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent bypassing SmartScreen Filter warnings*
+-   GP name: *DisableSafetyFilterOverride*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablebypassofsmartscreenwarningsaboutuncommonfiles"></a>**InternetExplorer/DisableBypassOfSmartScreenWarningsAboutUncommonFiles**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether the user can bypass warnings from SmartScreen Filter. SmartScreen Filter warns the user about executable files that Internet Explorer users do not commonly download from the Internet.
+
+If you enable this policy setting, SmartScreen Filter warnings block the user.
+
+If you disable or do not configure this policy setting, the user can bypass SmartScreen Filter warnings.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet*
+-   GP name: *DisableSafetyFilterOverrideForAppRepUnknown*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableConfiguringHistory**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disable "Configuring History"*
+-   GP name: *RestrictHistory*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableCrashDetection**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off Crash Detection*
+-   GP name: *AddonManagement_RestrictCrashDetection*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablecustomerexperienceimprovementprogramparticipation"></a>**InternetExplorer/DisableCustomerExperienceImprovementProgramParticipation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting prevents the user from participating in the Customer Experience Improvement Program (CEIP).
+
+If you enable this policy setting, the user cannot participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.
+
+If you disable this policy setting, the user must participate in the CEIP, and the Customer Feedback Options command does not appear on the Help menu.
+
+If you do not configure this policy setting, the user can choose to participate in the CEIP.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent participation in the Customer Experience Improvement Program*
+-   GP name: *SQM_DisableCEIP*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableDeletingUserVisitedWebsites**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent deleting websites that the user has visited*
+-   GP name: *DBHDisableDeleteHistory*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disableenclosuredownloading"></a>**InternetExplorer/DisableEnclosureDownloading**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting prevents the user from having enclosures (file attachments) downloaded from a feed to the user's computer.
+
+If you enable this policy setting, the user cannot set the Feed Sync Engine to download an enclosure through the Feed property page. A developer cannot change the download setting through the Feed APIs.
+
+If you disable or do not configure this policy setting, the user can set the Feed Sync Engine to download an enclosure through the Feed property page. A developer can change the download setting through the Feed APIs.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent downloading of enclosures*
+-   GP name: *Disable_Downloading_of_Enclosures*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disableencryptionsupport"></a>**InternetExplorer/DisableEncryptionSupport**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to turn off support for Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, Secure Sockets Layer (SSL) 2.0, or SSL 3.0 in the browser. TLS and SSL are protocols that help protect communication between the browser and the target server. When the browser attempts to set up a protected communication with the target server, the browser and server negotiate which protocol and version to use. The browser and server attempt to match each others list of supported protocols and versions, and they select the most preferred match.
+
+If you enable this policy setting, the browser negotiates or does not negotiate an encryption tunnel by using the encryption methods that you select from the drop-down list.
+
+If you disable or do not configure this policy setting, the user can select which encryption method the browser supports.
+
+Note: SSL 2.0 is off by default and is no longer supported starting with Windows 10 Version 1607. SSL 2.0 is an outdated security protocol, and enabling SSL 2.0 impairs the performance and functionality of TLS 1.0.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off encryption support*
+-   GP name: *Advanced_SetWinInetProtocols*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablefirstrunwizard"></a>**InternetExplorer/DisableFirstRunWizard**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting prevents Internet Explorer from running the First Run wizard the first time a user starts the browser after installing Internet Explorer or Windows.
+
+If you enable this policy setting, you must make one of the following choices:
+Skip the First Run wizard, and go directly to the user's home page.
+Skip the First Run wizard, and go directly to the "Welcome to Internet Explorer" webpage.
+
+Starting with Windows 8, the "Welcome to Internet Explorer" webpage is not available. The user's home page will display regardless of which option is chosen.
+
+If you disable or do not configure this policy setting, Internet Explorer may run the First Run wizard the first time the browser is started after installation.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent running First Run wizard*
+-   GP name: *NoFirstRunCustomise*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disableflipaheadfeature"></a>**InternetExplorer/DisableFlipAheadFeature**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.
+
+Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn't available for Internet Explorer for the desktop.
+
+If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn't loaded into the background.
+
+If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.
+
+If you don't configure this setting, users can turn this behavior on or off, using the Settings charm.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off the flip ahead with page prediction feature*
+-   GP name: *Advanced_DisableFlipAhead*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablehomepagechange"></a>**InternetExplorer/DisableHomePageChange**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+The Home page specified on the General tab of the Internet Options dialog box is the default Web page that Internet Explorer loads whenever it is run.
+
+If you enable this policy setting, a user cannot set a custom default home page. You must specify which default home page should load on the user machine. For machines with at least Internet Explorer 7, the home page can be set within this policy to override other home page policies.
+
+If you disable or do not configure this policy setting, the Home page box is enabled and users can choose their own home page.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disable changing home page settings*
+-   GP name: *RestrictHomePage*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableIgnoringCertificateErrors**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent ignoring certificate errors*
+-   GP name: *NoCertError*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableInPrivateBrowsing**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off InPrivate Browsing*
+-   GP name: *DisableInPrivateBrowsing*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableProcessesInEnhancedProtectedMode**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows*
+-   GP name: *Advanced_EnableEnhancedProtectedMode64Bit*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disableproxychange"></a>**InternetExplorer/DisableProxyChange**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies if a user can change proxy settings.
+
+If you enable this policy setting, the user will not be able to configure proxy settings.
+
+If you disable or do not configure this policy setting, the user can configure proxy settings.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent changing proxy settings*
+-   GP name: *RestrictProxy*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablesearchproviderchange"></a>**InternetExplorer/DisableSearchProviderChange**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting prevents the user from changing the default search provider for the Address bar and the toolbar Search box.
+
+If you enable this policy setting, the user cannot change the default search provider.
+
+If you disable or do not configure this policy setting, the user can change the default search provider.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent changing the default search provider*
+-   GP name: *NoSearchProvider*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disablesecondaryhomepagechange"></a>**InternetExplorer/DisableSecondaryHomePageChange**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Secondary home pages are the default Web pages that Internet Explorer loads in separate tabs from the home page whenever the browser is run. This policy setting allows you to set default secondary home pages.
+
+If you enable this policy setting, you can specify which default home pages should load as secondary home pages. The user cannot set custom default secondary home pages.
+
+If you disable or do not configure this policy setting, the user can add secondary home pages.
+
+Note: If the Disable Changing Home Page Settings policy is enabled, the user cannot add secondary home pages.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disable changing secondary home page settings*
+-   GP name: *SecondaryHomePages*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DisableSecuritySettingsCheck**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off the Security Settings Check feature*
+-   GP name: *Disable_Security_Settings_Check*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-disableupdatecheck"></a>**InternetExplorer/DisableUpdateCheck**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Prevents Internet Explorer from checking whether a new version of the browser is available.
+
+If you enable this policy, it prevents Internet Explorer from checking to see whether it is the latest available browser version and notifying users if a new version is available.
+
+If you disable this policy or do not configure it, Internet Explorer checks every 30 days by default, and then notifies users if a new version is available.
+
+This policy is intended to help the administrator maintain version control for Internet Explorer by preventing users from being notified about new versions of the browser.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disable Periodic Check for Internet Explorer software updates*
+-   GP name: *NoUpdateCheck*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/DoNotAllowActiveXControlsInProtectedMode**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not allow ActiveX controls to run in Protected Mode when Enhanced Protected Mode is enabled*
+-   GP name: *Advanced_DisableEPMCompat*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-donotallowuserstoaddsites"></a>**InternetExplorer/DoNotAllowUsersToAddSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Prevents users from adding or removing sites from security zones. A security zone is a group of Web sites with the same security level.
+
+If you enable this policy, the site management settings for security zones are disabled. (To see the site management settings for security zones, in the Internet Options dialog box, click the Security tab, and then click the Sites button.)
+
+If you disable this policy or do not configure it, users can add Web sites to or remove sites from the Trusted Sites and Restricted Sites zones, and alter settings for the Local Intranet zone.
+
+This policy prevents users from changing site management settings for security zones established by the administrator.
+
+Note:  The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from the interface, takes precedence over this policy. If it is enabled, this policy is ignored.
+
+Also, see the "Security zones: Use only machine settings" policy.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Security Zones: Do not allow users to add/delete sites*
+-   GP name: *Security_zones_map_edit*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-donotallowuserstochangepolicies"></a>**InternetExplorer/DoNotAllowUsersToChangePolicies**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Prevents users from changing security zone settings. A security zone is a group of Web sites with the same security level.
+
+If you enable this policy, the Custom Level button and security-level slider on the Security tab in the Internet Options dialog box are disabled.
+
+If you disable this policy or do not configure it, users can change the settings for security zones.
+
+This policy prevents users from changing security zone settings established by the administrator.
+
+Note: The "Disable the Security page" policy (located in \User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel), which removes the Security tab from Internet Explorer in Control Panel, takes precedence over this policy. If it is enabled, this policy is ignored.
+
+Also, see the "Security zones: Use only machine settings" policy.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Security Zones: Do not allow users to change policies*
+-   GP name: *Security_options_edit*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-donotblockoutdatedactivexcontrols"></a>**InternetExplorer/DoNotBlockOutdatedActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether Internet Explorer blocks specific outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
+
+If you enable this policy setting, Internet Explorer stops blocking outdated ActiveX controls.
+
+If you disable or don't configure this policy setting, Internet Explorer continues to block specific outdated ActiveX controls.
+
+For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer*
+-   GP name: *VerMgmtDisable*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains"></a>**InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage a list of domains on which Internet Explorer will stop blocking outdated ActiveX controls. Outdated ActiveX controls are never blocked in the Intranet Zone.
+
+If you enable this policy setting, you can enter a custom list of domains for which outdated ActiveX controls won't be blocked in Internet Explorer. Each domain entry must be formatted like one of the following:
+
+1. "domain.name.TLD". For example, if you want to include *.contoso.com/*, use "contoso.com"
+2. "hostname". For example, if you want to include http://example, use "example"
+3. "file:///path/filename.htm". For example, use "file:///C:/Users/contoso/Desktop/index.htm"
+
+If you disable or don't configure this policy setting, the list is deleted and Internet Explorer continues to block specific outdated ActiveX controls on all domains in the Internet Zone.
+
+For more information, see "Outdated ActiveX Controls" in the Internet Explorer TechNet library.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains*
+-   GP name: *VerMgmtDomainAllowlist*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-includealllocalsites"></a>**InternetExplorer/IncludeAllLocalSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether local sites which are not explicitly mapped into any Security Zone are forced into the local Intranet security zone.
+
+If you enable this policy setting, local sites which are not explicitly mapped into a zone are considered to be in the Intranet Zone.
+
+If you disable this policy setting, local sites which are not explicitly mapped into a zone will not be considered to be in the Intranet Zone (so would typically be in the Internet Zone).
+
+If you do not configure this policy setting, users choose whether to force local sites into the Intranet Zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Intranet Sites: Include all local (intranet) sites not listed in other zones*
+-   GP name: *IZ_IncludeUnspecifiedLocalSites*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-includeallnetworkpaths"></a>**InternetExplorer/IncludeAllNetworkPaths**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether URLs representing UNCs are mapped into the local Intranet security zone.
+
+If you enable this policy setting, all network paths are mapped into the Intranet Zone.
+
+If you disable this policy setting, network paths are not necessarily mapped into the Intranet Zone (other rules might map one there).
+
+If you do not configure this policy setting, users choose whether network paths are mapped into the Intranet Zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Intranet Sites: Include all network paths (UNCs)*
+-   GP name: *IZ_UNCAsIntranet*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowaccesstodatasources"></a>**InternetExplorer/InternetZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/InternetZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/InternetZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowCopyPasteViaScript**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow cut, copy or paste operations from the clipboard via script*
+-   GP name: *IZ_PolicyAllowPasteViaScript_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowDragAndDropCopyAndPasteFiles**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow drag and drop or copy and paste files*
+-   GP name: *IZ_PolicyDropOrPasteFiles_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowfontdownloads"></a>**InternetExplorer/InternetZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowlessprivilegedsites"></a>**InternetExplorer/InternetZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowLoadingOfXAMLFilesWRONG**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow loading of XAML files*
+-   GP name: *IZ_Policy_XAML_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/InternetZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow only approved domains to use ActiveX controls without prompt*
+-   GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Intranet*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow only approved domains to use the TDC ActiveX control*
+-   GP name: *IZ_PolicyAllowTDCControl_Both_LocalMachine*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowScriptInitiatedWindows**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow script-initiated windows without size or position constraints*
+-   GP name: *IZ_PolicyWindowsRestrictionsURLaction_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowScriptingOfInternetExplorerWebBrowserControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scripting of Internet Explorer WebBrowser controls*
+-   GP name: *IZ_Policy_WebBrowserControl_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowscriptlets"></a>**InternetExplorer/InternetZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowsmartscreenie"></a>**InternetExplorer/InternetZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneAllowUpdatesToStatusBarViaScript**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow updates to status bar via script*
+-   GP name: *IZ_Policy_ScriptStatusBar_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneallowuserdatapersistence"></a>**InternetExplorer/InternetZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG1**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Don't run antimalware programs against ActiveX controls*
+-   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneDoNotRunAntimalwareAgainstActiveXControlsWRONG2**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Don't run antimalware programs against ActiveX controls*
+-   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneDownloadSignedActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Download signed ActiveX controls*
+-   GP name: *IZ_PolicyDownloadSignedActiveX_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneDownloadUnsignedActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Download unsigned ActiveX controls*
+-   GP name: *IZ_PolicyDownloadUnsignedActiveX_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneEnableCrossSiteScriptingFilter**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Cross-Site Scripting Filter*
+-   GP name: *IZ_PolicyTurnOnXSSFilter_Both_LocalMachine*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable dragging of content from different domains across windows*
+-   GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Internet*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable dragging of content from different domains within a window*
+-   GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Internet*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneEnableMIMESniffing**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable MIME Sniffing*
+-   GP name: *IZ_PolicyMimeSniffingURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneEnableProtectedMode**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Protected Mode*
+-   GP name: *IZ_Policy_TurnOnProtectedMode_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneIncludeLocalPathWhenUploadingFilesToServer**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Include local path when user is uploading files to a server*
+-   GP name: *IZ_Policy_LocalPathForUpload_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/InternetZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneInitializeAndScriptActiveXControlsNotMarkedSafe**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneJavaPermissionsWRONG1**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneJavaPermissionsWRONG2**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneLaunchingApplicationsAndFilesInIFRAME**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Launching applications and files in an IFRAME*
+-   GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneLogonOptions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Logon options*
+-   GP name: *IZ_PolicyLogon_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-internetzonenavigatewindowsandframes"></a>**InternetExplorer/InternetZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsNotSignedWithAuthenticode**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components signed with Authenticode*
+-   GP name: *IZ_PolicySignedFrameworkComponentsURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneShowSecurityWarningForPotentiallyUnsafeFiles**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Show security warning for potentially unsafe files*
+-   GP name: *IZ_Policy_UnsafeFiles_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneUsePopupBlocker**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Use Pop-up Blocker*
+-   GP name: *IZ_PolicyBlockPopupWindows_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/InternetZoneWebsitesInLessPrivilegedZonesCanNavigateIntoThisZone**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowaccesstodatasources"></a>**InternetExplorer/IntranetZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/IntranetZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/IntranetZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowfontdownloads"></a>**InternetExplorer/IntranetZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowlessprivilegedsites"></a>**InternetExplorer/IntranetZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/IntranetZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowscriptlets"></a>**InternetExplorer/IntranetZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowsmartscreenie"></a>**InternetExplorer/IntranetZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneallowuserdatapersistence"></a>**InternetExplorer/IntranetZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/IntranetZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-intranetzonenavigatewindowsandframes"></a>**InternetExplorer/IntranetZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowaccesstodatasources"></a>**InternetExplorer/LocalMachineZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LocalMachineZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowfontdownloads"></a>**InternetExplorer/LocalMachineZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowlessprivilegedsites"></a>**InternetExplorer/LocalMachineZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LocalMachineZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowscriptlets"></a>**InternetExplorer/LocalMachineZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowsmartscreenie"></a>**InternetExplorer/LocalMachineZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneallowuserdatapersistence"></a>**InternetExplorer/LocalMachineZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/LocalMachineZoneDoNotRunAntimalwareAgainstActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Don't run antimalware programs against ActiveX controls*
+-   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LocalMachineZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/LocalMachineZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-localmachinezonenavigatewindowsandframes"></a>**InternetExplorer/LocalMachineZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownInternetZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownInternetZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowfontdownloads"></a>**InternetExplorer/LockedDownInternetZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownInternetZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownInternetZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowscriptlets"></a>**InternetExplorer/LockedDownInternetZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowsmartscreenie"></a>**InternetExplorer/LockedDownInternetZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownInternetZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownInternetZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/LockedDownInternetZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowninternetzonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownInternetZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_2*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownIntranetZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownIntranetZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowfontdownloads"></a>**InternetExplorer/LockedDownIntranetZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownIntranetZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownIntranetZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowscriptlets"></a>**InternetExplorer/LockedDownIntranetZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowsmartscreenie"></a>**InternetExplorer/LockedDownIntranetZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownIntranetZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownIntranetZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownintranetzonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownIntranetZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_4*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowfontdownloads"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowscriptlets"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowsmartscreenie"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownLocalMachineZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownLocalMachineZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/LockedDownLocalMachineZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownlocalmachinezonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownLocalMachineZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowfontdownloads"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowscriptlets"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowsmartscreenie"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownRestrictedSitesZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownRestrictedSitesZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/LockedDownRestrictedSitesZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddownrestrictedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownRestrictedSitesZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
+
+If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowfontdownloads"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowscriptlets"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowsmartscreenie"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/LockedDownTrustedSitesZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/LockedDownTrustedSitesZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/LockedDownTrustedSitesZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-lockeddowntrustedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/LockedDownTrustedSitesZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/MKProtocolSecurityRestrictionInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_3*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/MimeSniffingSafetyFeatureInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/NotificationBarInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Internet Explorer Processes*
+-   GP name: *IESF_PolicyExplorerProcesses_10*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/PreventManagingSmartScreenFilter**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Download signed ActiveX controls*
+-   GP name: *IZ_PolicyDownloadSignedActiveX_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/PreventPerUserInstallationOfActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Prevent per-user installation of ActiveX controls*
+-   GP name: *DisablePerUserActiveXInstall*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/ProtectionFromZoneElevationInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *All Processes*
+-   GP name: *IESF_PolicyAllProcesses_9*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RemoveRunThisTimeButtonForOutdatedActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Remove "Run this time" button for outdated ActiveX controls in Internet Explorer *
+-   GP name: *VerMgmtDisableRunThisTime*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictActiveXInstallInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *All Processes*
+-   GP name: *IESF_PolicyAllProcesses_11*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictFileDownloadInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *All Processes*
+-   GP name: *IESF_PolicyAllProcesses_12*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/RestrictedSitesZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowActiveScripting**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow active scripting*
+-   GP name: *IZ_PolicyActiveScripting_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/RestrictedSitesZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, file downloads that are not user-initiated will be blocked, and users will see the Notification bar instead of the file download dialog. Users can then click the Notification bar to allow the file download prompt.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowBinaryAndScriptBehaviors**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow binary and script behaviors*
+-   GP name: *IZ_PolicyBinaryBehaviors_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowCopyPasteViaScript**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow cut, copy or paste operations from the clipboard via script*
+-   GP name: *IZ_PolicyAllowPasteViaScript_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowDragAndDropCopyAndPasteFiles**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow drag and drop or copy and paste files*
+-   GP name: *IZ_PolicyDropOrPasteFiles_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowFileDownloads**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow file downloads*
+-   GP name: *IZ_PolicyFileDownload_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowfontdownloads"></a>**InternetExplorer/RestrictedSitesZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, users are queried whether to allow HTML fonts to download.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG1**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowFontDownloadsWRONG2**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/RestrictedSitesZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Internet sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone. The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowLoadingOfXAMLFiles**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow loading of XAML files*
+-   GP name: *IZ_Policy_XAML_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowMETAREFRESH**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow META REFRESH*
+-   GP name: *IZ_PolicyAllowMETAREFRESH_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/RestrictedSitesZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will not execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow only approved domains to use ActiveX controls without prompt*
+-   GP name: *IZ_PolicyOnlyAllowApprovedDomainsToUseActiveXWithoutPrompt_Both_Restricted*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowOnlyApprovedDomainsToUseTDCActiveXControl**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow only approved domains to use the TDC ActiveX control*
+-   GP name: *IZ_PolicyAllowTDCControl_Both_Restricted*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowScriptInitiatedWindows**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow script-initiated windows without size or position constraints*
+-   GP name: *IZ_PolicyWindowsRestrictionsURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowScriptingOfInternetExplorerWebBrowserControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scripting of Internet Explorer WebBrowser controls*
+-   GP name: *IZ_Policy_WebBrowserControl_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowscriptlets"></a>**InternetExplorer/RestrictedSitesZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowsmartscreenie"></a>**InternetExplorer/RestrictedSitesZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneAllowUpdatesToStatusBarViaScript**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow updates to status bar via script*
+-   GP name: *IZ_Policy_ScriptStatusBar_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/RestrictedSitesZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneDoNotRunAntimalwareAgainstActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Don't run antimalware programs against ActiveX controls*
+-   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneDownloadSignedActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Download signed ActiveX controls*
+-   GP name: *IZ_PolicyDownloadSignedActiveX_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneDownloadUnsignedActiveXControls**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Download unsigned ActiveX controls*
+-   GP name: *IZ_PolicyDownloadUnsignedActiveX_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsAcrossWindows**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable dragging of content from different domains across windows*
+-   GP name: *IZ_PolicyDragDropAcrossDomainsAcrossWindows_Both_Restricted*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneEnableDraggingOfContentFromDifferentDomainsWithinWindows**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable dragging of content from different domains within a window*
+-   GP name: *IZ_PolicyDragDropAcrossDomainsWithinWindow_Both_Restricted*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneEnableMIMESniffing**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable MIME Sniffing*
+-   GP name: *IZ_PolicyMimeSniffingURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneIncludeLocalPathWhenUploadingFilesToServer**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Include local path when user is uploading files to a server*
+-   GP name: *IZ_Policy_LocalPathForUpload_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/RestrictedSitesZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneLaunchingApplicationsAndFilesInIFRAME**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Launching applications and files in an IFRAME*
+-   GP name: *IZ_PolicyLaunchAppsAndFilesInIFRAME_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneLogonOptions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Logon options*
+-   GP name: *IZ_PolicyLogon_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-restrictedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open additional windows and frames from other domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow additional windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open other windows and frames from other domains or access applications from different domains.
+
+If you do not configure this policy setting, users cannot open other windows and frames from different domains or access applications from different domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneNavigateWindowsAndFramesAcrossDomains**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneRunActiveXControlsAndPlugins**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run ActiveX controls and plugins*
+-   GP name: *IZ_PolicyRunActiveXControls_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneRunNETFrameworkReliantComponentsSignedWithAuthenticode**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components signed with Authenticode*
+-   GP name: *IZ_PolicySignedFrameworkComponentsURLaction_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneScriptActiveXControlsMarkedSafeForScripting**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Script ActiveX controls marked safe for scripting*
+-   GP name: *IZ_PolicyScriptActiveXMarkedSafe_1*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneWRONG**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Scripting of Java applets*
+-   GP name: *IZ_PolicyScriptingOfJavaApplets_6*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneWRONG2**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Show security warning for potentially unsafe files*
+-   GP name: *IZ_Policy_UnsafeFiles_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneWRONG3**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Cross-Site Scripting Filter*
+-   GP name: *IZ_PolicyTurnOnXSSFilter_Both_Restricted*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneWRONG4**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on Protected Mode*
+-   GP name: *IZ_Policy_TurnOnProtectedMode_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/RestrictedSitesZoneWRONG5**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Use Pop-up Blocker*
+-   GP name: *IZ_PolicyBlockPopupWindows_7*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/ScriptedWindowSecurityRestrictionsInternetExplorerProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *All Processes*
+-   GP name: *IESF_PolicyAllProcesses_8*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-searchproviderlist"></a>**InternetExplorer/SearchProviderList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to restrict the search providers that appear in the Search box in Internet Explorer to those defined in the list of policy keys for search providers (found under [HKCU or HKLM\Software\policies\Microsoft\Internet Explorer\SearchScopes]). Normally, search providers can be added from third-party toolbars or in Setup, but the user can also add them from a search provider's website.
+
+If you enable this policy setting, the user cannot configure the list of search providers on his or her computer, and any default providers installed do not appear (including providers installed from other applications). The only providers that appear are those in the list of policy keys for search providers. Note: This list can be created through a custom administrative template file. For information about creating this custom administrative template file, see the Internet Explorer documentation on search providers.
+
+If you disable or do not configure this policy setting, the user can configure his or her list of search providers.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Restrict search providers to a specific list*
+-   GP name: *SpecificSearchProvider*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/SecurityZonesUseOnlyMachineSettings**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Security Zones: Use only machine settings *
+-   GP name: *Security_HKLM_only*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/SpecifyUseOfActiveXInstallerService**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify use of ActiveX Installer Service for installation of ActiveX controls*
+-   GP name: *OnlyUseAXISForActiveXInstall*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowaccesstodatasources"></a>**InternetExplorer/TrustedSitesZoneAllowAccessToDataSources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Internet Explorer can access data from another security zone using the Microsoft XML Parser (MSXML) or ActiveX Data Objects (ADO).
+
+If you enable this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone. If you select Prompt in the drop-down box, users are queried to choose whether to allow a page to be loaded in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you disable this policy setting, users cannot load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+If you do not configure this policy setting, users can load a page in the zone that uses MSXML or ADO to access data from another site in the zone.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Access data sources across domains*
+-   GP name: *IZ_PolicyAccessDataSourcesAcrossDomains_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowautomaticpromptingforactivexcontrols"></a>**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether users will be automatically prompted for ActiveX control installations.
+
+If you enable this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+If you disable this policy setting, ActiveX control installations will be blocked using the Notification bar. Users can click on the Notification bar to allow the ActiveX control prompt.
+
+If you do not configure this policy setting, users will receive a prompt when a site instantiates an ActiveX control they do not have installed.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for ActiveX controls*
+-   GP name: *IZ_PolicyNotificationBarActiveXURLaction_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowautomaticpromptingforfiledownloads"></a>**InternetExplorer/TrustedSitesZoneAllowAutomaticPromptingForFileDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting determines whether users will be prompted for non user-initiated file downloads. Regardless of this setting, users will receive file download dialogs for user-initiated downloads.
+
+If you enable this setting, users will receive a file download dialog for automatic download attempts.
+
+If you disable or do not configure this setting, users will receive a file download dialog for automatic download attempts.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Automatic prompting for file downloads*
+-   GP name: *IZ_PolicyNotificationBarDownloadURLaction_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowfontdownloads"></a>**InternetExplorer/TrustedSitesZoneAllowFontDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether pages of the zone may download HTML fonts.
+
+If you enable this policy setting, HTML fonts can be downloaded automatically. If you enable this policy setting and Prompt is selected in the drop-down box, users are queried whether to allow HTML fonts to download.
+
+If you disable this policy setting, HTML fonts are prevented from downloading.
+
+If you do not configure this policy setting, HTML fonts can be downloaded automatically.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow font downloads*
+-   GP name: *IZ_PolicyFontDownload_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowlessprivilegedsites"></a>**InternetExplorer/TrustedSitesZoneAllowLessPrivilegedSites**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether Web sites from less privileged zones, such as Restricted Sites, can navigate into this zone.
+
+If you enable this policy setting, Web sites from less privileged zones can open new windows in, or navigate into, this zone.  The security zone will run without the added layer of security that is provided by the Protection from Zone Elevation security feature. If you select Prompt in the drop-down box, a warning is issued to the user that potentially risky navigation is about to occur.
+
+If you disable this policy setting, the possibly harmful navigations are prevented. The Internet Explorer security feature will be on in this zone as set by Protection from Zone Elevation feature control.
+
+If you do not configure this policy setting, a warning is issued to the user that potentially risky navigation is about to occur.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Web sites in less privileged Web content zones can navigate into this zone*
+-   GP name: *IZ_PolicyZoneElevationURLaction_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallownetframeworkreliantcomponents"></a>**InternetExplorer/TrustedSitesZoneAllowNETFrameworkReliantComponents**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether .NET Framework components that are not signed with Authenticode can be executed from Internet Explorer. These components include managed controls referenced from an object tag and managed executables referenced from a link.
+
+If you enable this policy setting, Internet Explorer will execute unsigned managed components. If you select Prompt in the drop-down box, Internet Explorer will prompt the user to determine whether to execute unsigned managed components.
+
+If you disable this policy setting, Internet Explorer will not execute unsigned managed components.
+
+If you do not configure this policy setting, Internet Explorer will execute unsigned managed components.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Run .NET Framework-reliant components not signed with Authenticode*
+-   GP name: *IZ_PolicyUnsignedFrameworkComponentsURLaction_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowscriptlets"></a>**InternetExplorer/TrustedSitesZoneAllowScriptlets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage whether the user can run scriptlets.
+
+If you enable this policy setting, the user can run scriptlets.
+
+If you disable this policy setting, the user cannot run scriptlets.
+
+If you do not configure this policy setting, the user can enable or disable scriptlets.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow scriptlets*
+-   GP name: *IZ_Policy_AllowScriptlets_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowsmartscreenie"></a>**InternetExplorer/TrustedSitesZoneAllowSmartScreenIE**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content.
+
+If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious content.
+
+If you disable this policy setting, SmartScreen Filter does not scan pages in this zone for malicious content.
+
+If you do not configure this policy setting, the user can choose whether SmartScreen Filter scans pages in this zone for malicious content.
+
+Note: In Internet Explorer 7, this policy setting controls whether Phishing Filter scans pages in this zone for malicious content.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on SmartScreen Filter scan*
+-   GP name: *IZ_Policy_Phishing_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneallowuserdatapersistence"></a>**InternetExplorer/TrustedSitesZoneAllowUserDataPersistence**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the preservation of information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk. When a user returns to a persisted page, the state of the page can be restored if this policy setting is appropriately configured.
+
+If you enable this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you disable this policy setting, users cannot preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+If you do not configure this policy setting, users can preserve information in the browser's history, in favorites, in an XML store, or directly within a Web page saved to disk.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Userdata persistence*
+-   GP name: *IZ_PolicyUserdataPersistence_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszoneinitializeandscriptactivexcontrols"></a>**InternetExplorer/TrustedSitesZoneInitializeAndScriptActiveXControls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage ActiveX controls not marked as safe.
+
+If you enable this policy setting, ActiveX controls are run, loaded with parameters, and scripted without setting object safety for untrusted data or scripts. This setting is not recommended, except for secure and administered zones. This setting causes both unsafe and safe controls to be initialized and scripted, ignoring the Script ActiveX controls marked safe for scripting option.
+
+If you enable this policy setting and select Prompt in the drop-down box, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+If you disable this policy setting, ActiveX controls that cannot be made safe are not loaded with parameters or scripted.
+
+If you do not configure this policy setting, users are queried whether to allow the control to be loaded with parameters or scripted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/TrustedSitesZoneJavaPermissions**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Java permissions*
+-   GP name: *IZ_PolicyJavaPermissions_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="internetexplorer-trustedsiteszonenavigatewindowsandframes"></a>**InternetExplorer/TrustedSitesZoneNavigateWindowsAndFrames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to manage the opening of windows and frames and access of applications across different domains.
+
+If you enable this policy setting, users can open windows and frames from othe domains and access applications from other domains. If you select Prompt in the drop-down box, users are queried whether to allow windows and frames to access applications from other domains.
+
+If you disable this policy setting, users cannot open windows and frames to access applications from different domains.
+
+If you do not configure this policy setting, users can open windows and frames from othe domains and access applications from other domains.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Navigate windows and frames across different domains*
+-   GP name: *IZ_PolicyNavigateSubframesAcrossDomains_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/TrustedSitesZoneWRONG1**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Don't run antimalware programs against ActiveX controls*
+-   GP name: *IZ_PolicyAntiMalwareCheckingOfActiveXControls_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**InternetExplorer/TrustedSitesZoneWRONG2**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Initialize and script ActiveX controls not marked as safe*
+-   GP name: *IZ_PolicyScriptActiveXNotMarkedSafe_5*
+-   GP ADMX file name: *inetres.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
new file mode 100644
index 0000000000..a8fbdb51d5
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -0,0 +1,247 @@
+---
+title: Policy CSP - Kerberos
+description: Policy CSP - Kerberos
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Kerberos
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Kerberos policies  
+
+<!--StartPolicy-->
+<a href="" id="kerberos-allowforestsearchorder"></a>**Kerberos/AllowForestSearchOrder**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
+
+If you enable this policy setting, the Kerberos client searches the forests in this list, if it is unable to resolve a two-part SPN. If a match is found, the Kerberos client requests a referral ticket to the appropriate domain.
+
+If you disable or do not configure this policy setting, the Kerberos client does not search the listed forests to resolve the SPN. If the Kerberos client is unable to resolve the SPN because the name is not found, NTLM authentication might be used.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Use forest search order*
+-   GP name: *ForestSearch*
+-   GP ADMX file name: *Kerberos.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="kerberos-kerberosclientsupportsclaimscompoundarmor"></a>**Kerberos/KerberosClientSupportsClaimsCompoundArmor**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
+If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
+
+If you disable or do not configure this policy setting, the client devices will not request claims, provide information required to create compounded authentication and armor Kerberos messages. Services hosted on the device will not be able to retrieve claims for clients using Kerberos protocol transition.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Kerberos client support for claims, compound authentication and Kerberos armoring*
+-   GP name: *EnableCbacAndArmor*
+-   GP ADMX file name: *Kerberos.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
+
+Warning: When a domain does not support Kerberos armoring by enabling "Support Dynamic Access Control and Kerberos armoring", then all authentication for all its users will fail from computers with this policy setting enabled.
+
+If you enable this policy setting, the client computers in the domain enforce the use of Kerberos armoring in only authentication service (AS) and ticket-granting service (TGS) message exchanges with the domain controllers.
+
+Note: The Kerberos Group Policy "Kerberos client support for claims, compound authentication and Kerberos armoring" must also be enabled to support Kerberos armoring.
+
+If you disable or do not configure this policy setting, the client computers in the domain enforce the use of Kerberos armoring when possible as supported by the target domain.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Fail authentication requests when Kerberos armoring is not available*
+-   GP name: *ClientRequireFast*
+-   GP ADMX file name: *Kerberos.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="kerberos-requirestrictkdcvalidation"></a>**Kerberos/RequireStrictKDCValidation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.
+
+If you enable this policy setting, the Kerberos client requires that the KDC's X.509 certificate contains the KDC key purpose object identifier in the Extended Key Usage (EKU) extensions, and that the KDC's X.509 certificate contains a dNSName subjectAltName (SAN) extension that matches the DNS name of the domain. If the computer is joined to a domain, the Kerberos client requires that the KDC's X.509 certificate must be signed by a Certificate Authority (CA) in the NTAuth store. If the computer is not joined to a domain, the Kerberos client allows the root CA certificate on the smart card to be used in the path validation of the KDC's X.509 certificate.
+
+If you disable or do not configure this policy setting, the Kerberos client requires only that the KDC certificate contain the Server Authentication purpose object identifier in the EKU extensions which can be issued to any server.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Require strict KDC validation*
+-   GP name: *ValidateKDC*
+-   GP ADMX file name: *Kerberos.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="kerberos-setmaximumcontexttokensize"></a>**Kerberos/SetMaximumContextTokenSize**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
+
+The size of the context token buffer determines the maximum size of SSPI context tokens an application expects and allocates. Depending upon authentication request processing and group memberships, the buffer might be smaller than the actual size of the SSPI context token.
+
+If you enable this policy setting, the Kerberos client or server uses the configured value, or the locally allowed maximum value, whichever is smaller.
+
+If you disable or do not configure this policy setting, the Kerberos client or server uses the locally configured value or the default value.
+
+Note: This policy setting configures the existing MaxTokenSize registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Kerberos\Parameters, which was added in Windows XP and Windows Server 2003, with a default value of 12,000 bytes. Beginning with Windows 8 the default is 48,000 bytes. Due to HTTP's base64 encoding of authentication context tokens, it is not advised to set this value more than 48,000 bytes.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Set maximum Kerberos SSPI context token buffer size*
+-   GP name: *MaxTokenSize*
+-   GP ADMX file name: *Kerberos.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
new file mode 100644
index 0000000000..8c80b8d3a3
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -0,0 +1,102 @@
+---
+title: Policy CSP - Licensing
+description: Policy CSP - Licensing
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Licensing
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Licensing policies  
+
+<!--StartPolicy-->
+<a href="" id="licensing-allowwindowsentitlementreactivation"></a>**Licensing/AllowWindowsEntitlementReactivation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disable Windows license reactivation on managed devices.
+-   1 (default) – Enable Windows license reactivation on managed devices.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="licensing-disallowkmsclientonlineavsvalidation"></a>**Licensing/DisallowKMSClientOnlineAVSValidation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-location.md b/windows/client-management/mdm/policy-csp-location.md
new file mode 100644
index 0000000000..f645587446
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-location.md
@@ -0,0 +1,74 @@
+---
+title: Policy CSP - Location
+description: Policy CSP - Location
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Location
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Location policies  
+
+<!--StartPolicy-->
+<a href="" id="location-enablelocation"></a>**Location/EnableLocation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page.
+
+> [!IMPORTANT]
+> This policy is not intended to ever be set, pushed, or refreshed more than one time after the first boot of the device because it is meant as initial configuration. Refreshing this policy might result in the Location Service's Device Switch changing state to something the user did not select, which is not an intended use for this policy.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Verify that Settings -> Privacy -> Location -> Location for this device is On/Off as expected.
+2.   Use Windows Maps Application (or similar) to see if a location can or cannot be obtained.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
new file mode 100644
index 0000000000..25dc0413fe
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -0,0 +1,68 @@
+---
+title: Policy CSP - LockDown
+description: Policy CSP - LockDown
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - LockDown
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## LockDown policies  
+
+<!--StartPolicy-->
+<a href="" id="lockdown-allowedgeswipe"></a>**LockDown/AllowEdgeSwipe**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 - disallow edge swipe.
+-   1 (default, not configured) - allow edge swipe.
+
+<p style="margin-left: 20px">The easiest way to verify the policy is to restart the explorer process or to reboot after the policy is applied. And then try to swipe from the right edge of the screen. The desired result is for Action Center to not be invoked by the swipe. You can also enter tablet mode and attempt to swipe from the top of the screen to rearrange. That will also be disabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
new file mode 100644
index 0000000000..71023a8d83
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -0,0 +1,108 @@
+---
+title: Policy CSP - Maps
+description: Policy CSP - Maps
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Maps
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Maps policies  
+
+<!--StartPolicy-->
+<a href="" id="maps-allowofflinemapsdownloadovermeteredconnection"></a>**Maps/AllowOfflineMapsDownloadOverMeteredConnection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the download and update of map data over metered connections.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   65535 (default) – Not configured. User's choice.
+-   0 – Disabled. Force disable auto-update over metered connection.
+-   1 – Enabled. Force enable auto-update over metered connection.
+
+<p style="margin-left: 20px">After the policy is applied, you can verify the settings in the user interface in **System** &gt; **Offline Maps**.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="maps-enableofflinemapsautoupdate"></a>**Maps/EnableOfflineMapsAutoUpdate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Disables the automatic download and update of map data.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   65535 (default) – Not configured. User's choice.
+-   0 – Disabled. Force off auto-update.
+-   1 – Enabled. Force on auto-update.
+
+<p style="margin-left: 20px">After the policy is applied, you can verify the settings in the user interface in **System** &gt; **Offline Maps**.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
new file mode 100644
index 0000000000..0cb1012fa9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -0,0 +1,144 @@
+---
+title: Policy CSP - Messaging
+description: Policy CSP - Messaging
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Messaging
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Messaging policies  
+
+<!--StartPolicy-->
+<a href="" id="messaging-allowmms"></a>**Messaging/AllowMMS**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Enables or disables the MMS send/receive functionality on the device. For enterprises, this policy can be used to disable MMS on devices as part of the auditing or management requirement.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 - Disabled.
+-   1 (default) - Enabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="messaging-allowmessagesync"></a>**Messaging/AllowMessageSync**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 - message sync is not allowed and cannot be changed by the user.
+-   1 - message sync is allowed. The user can change this setting.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="messaging-allowrcs"></a>**Messaging/AllowRCS**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Enables or disables the RCS send/receive functionality on the device. For enterprises, this policy can be used to disable RCS on devices as part of the auditing or management requirement.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 - Disabled.
+-   1 (default) - Enabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
new file mode 100644
index 0000000000..8c7f783b3c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -0,0 +1,297 @@
+---
+title: Policy CSP - NetworkIsolation
+description: Policy CSP - NetworkIsolation
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - NetworkIsolation
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## NetworkIsolation policies  
+
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterprisecloudresources"></a>**NetworkIsolation/EnterpriseCloudResources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|**.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterpriseiprange"></a>**NetworkIsolation/EnterpriseIPRange**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. For example:
+
+``` syntax
+10.0.0.0-10.255.255.255,157.54.0.0-157.54.255.255,
+192.168.0.0-192.168.255.255,2001:4898::-2001:4898:7fff:ffff:ffff:ffff:ffff:ffff,
+2001:4898:dc05::-2001:4898:dc05:ffff:ffff:ffff:ffff:ffff,
+2a01:110::-2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,
+fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
+       
+```
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterpriseiprangesareauthoritative"></a>**NetworkIsolation/EnterpriseIPRangesAreAuthoritative**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterpriseinternalproxyservers"></a>**NetworkIsolation/EnterpriseInternalProxyServers**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterprisenetworkdomainnames"></a>**NetworkIsolation/EnterpriseNetworkDomainNames**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
+
+> [!NOTE]
+> The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
+ 
+
+<p style="margin-left: 20px">Here are the steps to create canonical domain names:
+
+1.  Transform the ASCII characters (A-Z only) to lower case. For example, Microsoft.COM -&gt; microsoft.com.
+2.  Call [IdnToAscii](https://msdn.microsoft.com/library/windows/desktop/dd318149.aspx) with IDN\_USE\_STD3\_ASCII\_RULES as the flags.
+3.  Call [IdnToUnicode](https://msdn.microsoft.com/library/windows/desktop/dd318151.aspx) with no flags set (dwFlags = 0).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterpriseproxyservers"></a>**NetworkIsolation/EnterpriseProxyServers**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-enterpriseproxyserversareauthoritative"></a>**NetworkIsolation/EnterpriseProxyServersAreAuthoritative**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="networkisolation-neutralresources"></a>**NetworkIsolation/NeutralResources**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">List of domain names that can used for work or personal resource.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
new file mode 100644
index 0000000000..1ba72d35a8
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -0,0 +1,77 @@
+---
+title: Policy CSP - Notifications
+description: Policy CSP - Notifications
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Notifications
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Notifications policies  
+
+<!--StartPolicy-->
+<a href="" id="notifications-disallownotificationmirroring"></a>**Notifications/DisallowNotificationMirroring**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
+
+> [!IMPORTANT]
+> This node must be accessed using the following paths:
+>
+> -   **./User/Vendor/MSFT/Policy/Config/Notifications/DisallowNotificationMirroring** to set the policy.
+> -   **./User/Vendor/MSFT/Policy/Result/Notifications/DisallowNotificationMirroring** to get the result.
+
+
+<p style="margin-left: 20px">For each user logged into the device, if you enable this policy (set value to 1) the app and system notifications received by this user on this device will not get mirrored to other devices of the same logged in user. If you disable or do not configure this policy (set value to 0) the notifications received by this user on this device will be mirrored to other devices of the same logged in user. This feature can be turned off by apps that do not want to participate in Notification Mirroring. This feature can also be turned off by the user in the Cortana setting page.
+
+<p style="margin-left: 20px">No reboot or service restart is required for this policy to take effect.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default)– enable notification mirroring.
+-   1 – disable notification mirroring.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
new file mode 100644
index 0000000000..b0b74a08f2
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -0,0 +1,421 @@
+---
+title: Policy CSP - Power
+description: Policy CSP - Power
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Power
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Power policies  
+
+<!--StartPolicy-->
+<a href="" id="power-allowstandbywhensleepingpluggedin"></a>**Power/AllowStandbyWhenSleepingPluggedIn**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
+
+If you enable or do not configure this policy setting, Windows uses standby states to put the computer in a sleep state.
+
+If you disable this policy setting, standby states (S1-S3) are not allowed.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow standby states (S1-S3) when sleeping (plugged in)*
+-   GP name: *AllowStandbyStatesAC_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-displayofftimeoutonbattery"></a>**Power/DisplayOffTimeoutOnBattery**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+
+<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
+
+<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off the display (on battery)*
+-   GP name: *VideoPowerDownTimeOutDC_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-displayofftimeoutpluggedin"></a>**Power/DisplayOffTimeoutPluggedIn**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
+
+<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows turns off the display.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
+
+<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the display from turning off. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off the display (plugged in)*
+-   GP name: *VideoPowerDownTimeOutAC_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-hibernatetimeoutonbattery"></a>**Power/HibernateTimeoutOnBattery**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+
+<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
+
+
+<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the system hibernate timeout (on battery)*
+-   GP name: *DCHibernateTimeOut_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-hibernatetimeoutpluggedin"></a>**Power/HibernateTimeoutPluggedIn**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
+
+<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to hibernate.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
+
+<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the system hibernate timeout (plugged in)*
+-   GP name: *ACHibernateTimeOut_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-requirepasswordwhencomputerwakesonbattery"></a>**Power/RequirePasswordWhenComputerWakesOnBattery**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
+
+If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
+
+If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Require a password when a computer wakes (on battery)*
+-   GP name: *DCPromptForPasswordOnResume_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-requirepasswordwhencomputerwakespluggedin"></a>**Power/RequirePasswordWhenComputerWakesPluggedIn**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
+
+If you enable or do not configure this policy setting, the user is prompted for a password when the system resumes from sleep.
+
+If you disable this policy setting, the user is not prompted for a password when the system resumes from sleep.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Require a password when a computer wakes (plugged in)*
+-   GP name: *ACPromptForPasswordOnResume_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-standbytimeoutonbattery"></a>**Power/StandbyTimeoutOnBattery**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+
+<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
+
+<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the system sleep timeout (on battery)*
+-   GP name: *DCStandbyTimeOut_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="power-standbytimeoutpluggedin"></a>**Power/StandbyTimeoutPluggedIn**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
+
+<p style="margin-left: 20px">If you enable this policy setting, you must provide a value, in seconds, indicating how much idle time should elapse before Windows transitions to sleep.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, users control this setting.
+
+<p style="margin-left: 20px">If the user has configured a slide show to run on the lock screen when the machine is locked, this can prevent the sleep transition from occuring. The "Prevent enabling lock screen slide show" (DeviceLock/PreventLockScreenSlideShow) policy setting can be used to disable the slide show feature.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify the system sleep timeout (plugged in)*
+-   GP name: *ACStandbyTimeOut_2*
+-   GP ADMX file name: *power.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
new file mode 100644
index 0000000000..ac4e6f725f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -0,0 +1,184 @@
+---
+title: Policy CSP - Printers
+description: Policy CSP - Printers
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Printers
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Printers policies  
+
+<!--StartPolicy-->
+<a href="" id="printers-pointandprintrestrictions"></a>**Printers/PointAndPrintRestrictions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
+
+If you enable this policy setting:
+-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+-You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
+
+If you do not configure this policy setting:
+-Windows Vista client computers can point and print to any server.
+-Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+
+If you disable this policy setting:
+-Windows Vista client computers can create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+-The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Point and Print Restrictions*
+-   GP name: *PointAndPrint_Restrictions_Win7*
+-   GP ADMX file name: *Printing.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="printers-pointandprintrestrictions_user"></a>**Printers/PointAndPrintRestrictions_User**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
+
+If you enable this policy setting:
+-Windows XP and later clients will only download print driver components from a list of explicitly named servers. If a compatible print driver is available on the client, a printer connection will be made. If a compatible print driver is not available on the client, no connection will be made.
+-You can configure Windows Vista clients so that security warnings and elevated command prompts do not appear when users Point and Print, or when printer connection drivers need to be updated.
+
+If you do not configure this policy setting:
+-Windows Vista client computers can point and print to any server.
+-Windows Vista computers will show a warning and an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will show a warning and an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server in their forest using Point and Print.
+
+If you disable this policy setting:
+-Windows Vista client computers can create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when users create a printer connection to any server using Point and Print.
+-Windows Vista computers will not show a warning or an elevated command prompt when an existing printer connection driver needs to be updated.
+-Windows Server 2003 and Windows XP client computers can create a printer connection to any server using Point and Print.
+-The "Users can only point and print to computers in their forest" setting applies only to Windows Server 2003 and Windows XP SP1 (and later service packs).
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Point and Print Restrictions*
+-   GP name: *PointAndPrint_Restrictions*
+-   GP ADMX file name: *Printing.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="printers-publishprinters"></a>**Printers/PublishPrinters**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Determines whether the computer's shared printers can be published in Active Directory.
+
+If you enable this setting or do not configure it, users can use the "List in directory" option in the Printer's Properties' Sharing tab to publish shared printers in Active Directory.
+
+If you disable this setting, this computer's shared printers cannot be published in Active Directory, and the "List in directory" option is not available.
+
+Note: This settings takes priority over the setting "Automatically publish new printers in the Active Directory".
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow printers to be published*
+-   GP name: *PublishPrinters*
+-   GP ADMX file name: *Printing2.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
new file mode 100644
index 0000000000..6436a76202
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -0,0 +1,2556 @@
+---
+title: Policy CSP - Privacy
+description: Policy CSP - Privacy
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Privacy
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Privacy policies  
+
+<!--StartPolicy-->
+<a href="" id="privacy-allowautoacceptpairingandprivacyconsentprompts"></a>**Privacy/AllowAutoAcceptPairingAndPrivacyConsentPrompts**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default)– Not allowed.
+-   1 – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-allowinputpersonalization"></a>**Privacy/AllowInputPersonalization**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Updated in Windows 10, version 1709. Allows the usage of cloud based speech services for Cortana, dictation, or Store applications. Setting this policy to 1, lets Microsoft use the user's voice data to improve cloud speech services for all users.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+ 
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-disableadvertisingid"></a>**Privacy/DisableAdvertisingId**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Enables or disables the Advertising ID.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disabled.
+-   1 – Enabled.
+-   65535 (default)- Not configured.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessaccountinfo"></a>**Privacy/LetAppsAccessAccountInfo**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access account information.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessaccountinfo-forceallowtheseapps"></a>**Privacy/LetAppsAccessAccountInfo_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessaccountinfo-forcedenytheseapps"></a>**Privacy/LetAppsAccessAccountInfo_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to account information. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessaccountinfo-userincontroloftheseapps"></a>**Privacy/LetAppsAccessAccountInfo_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the account information privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessAccountInfo policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscalendar"></a>**Privacy/LetAppsAccessCalendar**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access the calendar.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscalendar-forceallowtheseapps"></a>**Privacy/LetAppsAccessCalendar_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscalendar-forcedenytheseapps"></a>**Privacy/LetAppsAccessCalendar_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to the calendar. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscalendar-userincontroloftheseapps"></a>**Privacy/LetAppsAccessCalendar_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the calendar privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCalendar policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscallhistory"></a>**Privacy/LetAppsAccessCallHistory**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access call history.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscallhistory-forceallowtheseapps"></a>**Privacy/LetAppsAccessCallHistory_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are allowed access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscallhistory-forcedenytheseapps"></a>**Privacy/LetAppsAccessCallHistory_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. Listed Windows apps are denied access to call history. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscallhistory-userincontroloftheseapps"></a>**Privacy/LetAppsAccessCallHistory_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows apps. The user is able to control the call history privacy setting for the listed Windows apps. This setting overrides the default LetAppsAccessCallHistory policy setting for the specified Windows apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscamera"></a>**Privacy/LetAppsAccessCamera**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access the camera.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscamera-forceallowtheseapps"></a>**Privacy/LetAppsAccessCamera_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscamera-forcedenytheseapps"></a>**Privacy/LetAppsAccessCamera_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the camera. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscamera-userincontroloftheseapps"></a>**Privacy/LetAppsAccessCamera_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the camera privacy setting for the listed apps. This setting overrides the default LetAppsAccessCamera policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscontacts"></a>**Privacy/LetAppsAccessContacts**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access contacts.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscontacts-forceallowtheseapps"></a>**Privacy/LetAppsAccessContacts_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscontacts-forcedenytheseapps"></a>**Privacy/LetAppsAccessContacts_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to contacts. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesscontacts-userincontroloftheseapps"></a>**Privacy/LetAppsAccessContacts_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the contacts privacy setting for the listed apps. This setting overrides the default LetAppsAccessContacts policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessemail"></a>**Privacy/LetAppsAccessEmail**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access email.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessemail-forceallowtheseapps"></a>**Privacy/LetAppsAccessEmail_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessemail-forcedenytheseapps"></a>**Privacy/LetAppsAccessEmail_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to email. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessemail-userincontroloftheseapps"></a>**Privacy/LetAppsAccessEmail_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the email privacy setting for the listed apps. This setting overrides the default LetAppsAccessEmail policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesslocation"></a>**Privacy/LetAppsAccessLocation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access location.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesslocation-forceallowtheseapps"></a>**Privacy/LetAppsAccessLocation_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesslocation-forcedenytheseapps"></a>**Privacy/LetAppsAccessLocation_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to location. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesslocation-userincontroloftheseapps"></a>**Privacy/LetAppsAccessLocation_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the location privacy setting for the listed apps. This setting overrides the default LetAppsAccessLocation policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmessaging"></a>**Privacy/LetAppsAccessMessaging**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can read or send messages (text or MMS).
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmessaging-forceallowtheseapps"></a>**Privacy/LetAppsAccessMessaging_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmessaging-forcedenytheseapps"></a>**Privacy/LetAppsAccessMessaging_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to read or send messages (text or MMS). This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmessaging-userincontroloftheseapps"></a>**Privacy/LetAppsAccessMessaging_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the messaging privacy setting for the listed apps. This setting overrides the default LetAppsAccessMessaging policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmicrophone"></a>**Privacy/LetAppsAccessMicrophone**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access the microphone.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmicrophone-forceallowtheseapps"></a>**Privacy/LetAppsAccessMicrophone_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmicrophone-forcedenytheseapps"></a>**Privacy/LetAppsAccessMicrophone_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to the microphone. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmicrophone-userincontroloftheseapps"></a>**Privacy/LetAppsAccessMicrophone_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the microphone privacy setting for the listed apps. This setting overrides the default LetAppsAccessMicrophone policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmotion"></a>**Privacy/LetAppsAccessMotion**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access motion data.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmotion-forceallowtheseapps"></a>**Privacy/LetAppsAccessMotion_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmotion-forcedenytheseapps"></a>**Privacy/LetAppsAccessMotion_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to motion data. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessmotion-userincontroloftheseapps"></a>**Privacy/LetAppsAccessMotion_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the motion privacy setting for the listed apps. This setting overrides the default LetAppsAccessMotion policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessnotifications"></a>**Privacy/LetAppsAccessNotifications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access notifications.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessnotifications-forceallowtheseapps"></a>**Privacy/LetAppsAccessNotifications_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessnotifications-forcedenytheseapps"></a>**Privacy/LetAppsAccessNotifications_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to notifications. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessnotifications-userincontroloftheseapps"></a>**Privacy/LetAppsAccessNotifications_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the notifications privacy setting for the listed apps. This setting overrides the default LetAppsAccessNotifications policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessphone"></a>**Privacy/LetAppsAccessPhone**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can make phone calls.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessphone-forceallowtheseapps"></a>**Privacy/LetAppsAccessPhone_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessphone-forcedenytheseapps"></a>**Privacy/LetAppsAccessPhone_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are not allowed to make phone calls. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessphone-userincontroloftheseapps"></a>**Privacy/LetAppsAccessPhone_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the phone call privacy setting for the listed apps. This setting overrides the default LetAppsAccessPhone policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessradios"></a>**Privacy/LetAppsAccessRadios**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps have access to control radios.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessradios-forceallowtheseapps"></a>**Privacy/LetAppsAccessRadios_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessradios-forcedenytheseapps"></a>**Privacy/LetAppsAccessRadios_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to control radios. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccessradios-userincontroloftheseapps"></a>**Privacy/LetAppsAccessRadios_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the radios privacy setting for the listed apps. This setting overrides the default LetAppsAccessRadios policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstasks"></a>**Privacy/LetAppsAccessTasks**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Windows apps can access tasks.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstasks-forceallowtheseapps"></a>**Privacy/LetAppsAccessTasks_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are allowed access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstasks-forcedenytheseapps"></a>**Privacy/LetAppsAccessTasks_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied access to tasks. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstasks-userincontroloftheseapps"></a>**Privacy/LetAppsAccessTasks_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the tasks privacy setting for the listed apps. This setting overrides the default LetAppsAccessTasks policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstrusteddevices"></a>**Privacy/LetAppsAccessTrustedDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can access trusted devices.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstrusteddevices-forceallowtheseapps"></a>**Privacy/LetAppsAccessTrustedDevices_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstrusteddevices-forcedenytheseapps"></a>**Privacy/LetAppsAccessTrustedDevices_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to trusted devices. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsaccesstrusteddevices-userincontroloftheseapps"></a>**Privacy/LetAppsAccessTrustedDevices_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'trusted devices' privacy setting for the listed apps. This setting overrides the default LetAppsAccessTrustedDevices policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsgetdiagnosticinfo"></a>**Privacy/LetAppsGetDiagnosticInfo**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Force allow, force deny or give user control of apps that can get diagnostic information about other running apps.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsgetdiagnosticinfo-forceallowtheseapps"></a>**Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsgetdiagnosticinfo-forcedenytheseapps"></a>**Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to diagnostic information about other running apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsgetdiagnosticinfo-userincontroloftheseapps"></a>**Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'get diagnostic info' privacy setting for the listed apps. This setting overrides the default LetAppsGetDiagnosticInfo policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsruninbackground"></a>**Privacy/LetAppsRunInBackground**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Windows apps can run in the background.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control (default).
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+> [!WARNING]
+> Be careful when determining which apps should have their background activity disabled. Communication apps normally update tiles and notifications through background processes. Turning off background activity for these types of apps could cause text message, email, and voicemail notifications to not function. This could also cause background email syncing to not function properly.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsruninbackground-forceallowtheseapps"></a>**Privacy/LetAppsRunInBackground_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are able to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsruninbackground-forcedenytheseapps"></a>**Privacy/LetAppsRunInBackground_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps are denied the ability to run in the background. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappsruninbackground-userincontroloftheseapps"></a>**Privacy/LetAppsRunInBackground_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the background apps privacy setting for the listed apps. This setting overrides the default LetAppsRunInBackground policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappssyncwithdevices"></a>**Privacy/LetAppsSyncWithDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Windows apps can sync with devices.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – User in control.
+-   1 – Force allow.
+-   2 - Force deny.
+
+<p style="margin-left: 20px">Most restricted value is 2.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappssyncwithdevices-forceallowtheseapps"></a>**Privacy/LetAppsSyncWithDevices_ForceAllowTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappssyncwithdevices-forcedenytheseapps"></a>**Privacy/LetAppsSyncWithDevices_ForceDenyTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. Listed apps will not have access to sync with devices. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="privacy-letappssyncwithdevices-userincontroloftheseapps"></a>**Privacy/LetAppsSyncWithDevices_UserInControlOfTheseApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. List of semi-colon delimited Package Family Names of Windows Store Apps. The user is able to control the 'sync with devices' privacy setting for the listed apps. This setting overrides the default LetAppsSyncWithDevices policy setting for the specified apps.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Privacy policies supported by Windows Holographic for Business  
+
+-   [Privacy/AllowInputPersonalization](#privacy-allowinputpersonalization)  
+-   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
+-   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
+-   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
+-   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
+-   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
+-   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Privacy policies supported by IoT Core  
+
+-   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
+-   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
+-   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
+-   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
+-   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
+-   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Privacy policies supported by Microsoft Surface Hub  
+
+-   [Privacy/LetAppsGetDiagnosticInfo](#privacy-letappsgetdiagnosticinfo)  
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceAllowTheseApps](#privacy-letappsgetdiagnosticinfo-forceallowtheseapps)  
+-   [Privacy/LetAppsGetDiagnosticInfo_ForceDenyTheseApps](#privacy-letappsgetdiagnosticinfo-forcedenytheseapps)  
+-   [Privacy/LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](#privacy-letappsgetdiagnosticinfo-userincontroloftheseapps)  
+-   [Privacy/LetAppsRunInBackground](#privacy-letappsruninbackground)  
+-   [Privacy/LetAppsRunInBackground_ForceAllowTheseApps](#privacy-letappsruninbackground-forceallowtheseapps)  
+-   [Privacy/LetAppsRunInBackground_ForceDenyTheseApps](#privacy-letappsruninbackground-forcedenytheseapps)  
+-   [Privacy/LetAppsRunInBackground_UserInControlOfTheseApps](#privacy-letappsruninbackground-userincontroloftheseapps)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
new file mode 100644
index 0000000000..bae354870c
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -0,0 +1,249 @@
+---
+title: Policy CSP - RemoteAssistance
+description: Policy CSP - RemoteAssistance
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - RemoteAssistance
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## RemoteAssistance policies  
+
+<!--StartPolicy-->
+<a href="" id="remoteassistance-customizewarningmessages"></a>**RemoteAssistance/CustomizeWarningMessages**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting lets you customize warning messages.
+
+The "Display warning message before sharing control" policy setting allows you to specify a custom message to display before a user shares control of his or her computer.
+
+The "Display warning message before connecting" policy setting allows you to specify a custom message to display before a user allows a connection to his or her computer.
+
+If you enable this policy setting, the warning message you specify overrides the default message that is seen by the novice.
+
+If you disable this policy setting, the user sees the default warning message.
+
+If you do not configure this policy setting, the user sees the default warning message.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Customize warning messages*
+-   GP name: *RA_Options*
+-   GP ADMX file name: *remoteassistance.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remoteassistance-sessionlogging"></a>**RemoteAssistance/SessionLogging**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.
+
+If you enable this policy setting, log files are generated.
+
+If you disable this policy setting, log files are not generated.
+
+If you do not configure this setting, application-based settings are used.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn on session logging*
+-   GP name: *RA_Logging*
+-   GP ADMX file name: *remoteassistance.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remoteassistance-solicitedremoteassistance"></a>**RemoteAssistance/SolicitedRemoteAssistance**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
+
+If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.
+
+If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.
+
+If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
+
+If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."
+
+The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
+
+The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.
+
+If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Configure Solicited Remote Assistance*
+-   GP name: *RA_Solicit*
+-   GP ADMX file name: *remoteassistance.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remoteassistance-unsolicitedremoteassistance"></a>**RemoteAssistance/UnsolicitedRemoteAssistance**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.
+
+If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+
+If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+
+If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
+
+If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.
+
+To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:
+
+<Domain Name>\<User Name> or
+
+<Domain Name>\<Group Name>
+
+If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.
+
+Windows Vista and later
+
+Enable the Remote Assistance exception for the domain profile. The exception must contain:
+Port 135:TCP
+%WINDIR%\System32\msra.exe
+%WINDIR%\System32\raserver.exe
+
+Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)
+
+Port 135:TCP
+%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
+%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
+%WINDIR%\System32\Sessmgr.exe
+
+For computers running Windows Server 2003 with Service Pack 1 (SP1)
+
+Port 135:TCP
+%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
+%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
+Allow Remote Desktop Exception
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Configure Offer Remote Assistance*
+-   GP name: *RA_Unsolicit*
+-   GP ADMX file name: *remoteassistance.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
new file mode 100644
index 0000000000..c73c7a4093
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -0,0 +1,314 @@
+---
+title: Policy CSP - RemoteDesktopServices
+description: Policy CSP - RemoteDesktopServices
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - RemoteDesktopServices
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## RemoteDesktopServices policies  
+
+<!--StartPolicy-->
+<a href="" id="remotedesktopservices-allowuserstoconnectremotely"></a>**RemoteDesktopServices/AllowUsersToConnectRemotely**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to configure remote access to computers by using Remote Desktop Services.
+
+If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services.
+
+If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.
+
+If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed.
+
+Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication.
+
+You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow users to connect remotely by using Remote Desktop Services*
+-   GP name: *TS_DISABLE_CONNECTIONS*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remotedesktopservices-clientconnectionencryptionlevel"></a>**RemoteDesktopServices/ClientConnectionEncryptionLevel**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
+
+If you enable this policy setting, all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default, the encryption level is set to High. The following encryption methods are available:
+
+* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example, clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers.
+
+* Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption.
+
+* Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption.
+
+If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy.
+
+Important
+
+FIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption, hashing, and signing settings in Group Policy (under Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options.) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard (FIPS) 140 encryption algorithms, by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Set client connection encryption level*
+-   GP name: *TS_ENCRYPTION_POLICY*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remotedesktopservices-donotallowdriveredirection"></a>**RemoteDesktopServices/DoNotAllowDriveRedirection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).
+
+By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior.
+
+If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server 2003, Windows 8, and Windows XP.
+
+If you disable this policy setting, client drive redirection is always allowed. In addition, Clipboard file copy redirection is always allowed if Clipboard redirection is allowed.
+
+If you do not configure this policy setting, client drive redirection and Clipboard file copy redirection are not specified at the Group Policy level.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not allow drive redirection*
+-   GP name: *TS_CLIENT_DRIVE_M*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remotedesktopservices-donotallowpasswordsaving"></a>**RemoteDesktopServices/DoNotAllowPasswordSaving**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Controls whether passwords can be saved on this computer from Remote Desktop Connection.
+
+If you enable this setting the password saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings, any password that previously existed in the RDP file will be deleted.
+
+If you disable this setting or leave it not configured, the user will be able to save passwords using Remote Desktop Connection.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not allow passwords to be saved*
+-   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remotedesktopservices-promptforpassworduponconnection"></a>**RemoteDesktopServices/PromptForPasswordUponConnection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.
+
+You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services, even if they already provided the password in the Remote Desktop Connection client.
+
+By default, Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client.
+
+If you enable this policy setting, users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on.
+
+If you disable this policy setting, users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client.
+
+If you do not configure this policy setting, automatic logon is not specified at the Group Policy level.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Always prompt for password upon connection*
+-   GP name: *TS_PASSWORD*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remotedesktopservices-requiresecurerpccommunication"></a>**RemoteDesktopServices/RequireSecureRPCCommunication**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.
+
+You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests.
+
+If the status is set to Enabled, Remote Desktop Services accepts requests from RPC clients that support secure requests, and does not allow unsecured communication with untrusted clients.
+
+If the status is set to Disabled, Remote Desktop Services always requests security for all RPC traffic. However, unsecured communication is allowed for RPC clients that do not respond to the request.
+
+If the status is set to Not Configured, unsecured communication is allowed.
+
+Note: The RPC interface is used for administering and configuring Remote Desktop Services.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Require secure RPC communication*
+-   GP name: *TS_RPC_ENCRYPTION*
+-   GP ADMX file name: *terminalserver.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
new file mode 100644
index 0000000000..4c0d02a0fb
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -0,0 +1,225 @@
+---
+title: Policy CSP - RemoteManagement
+description: Policy CSP - RemoteManagement
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - RemoteManagement
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## RemoteManagement policies  
+
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowBasicAuthentication_Client**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow Basic authentication*
+-   GP name: *AllowBasic_2*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowBasicAuthentication_Service**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow Basic authentication*
+-   GP name: *AllowBasic_1*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowCredSSPAuthenticationClient**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow CredSSP authentication*
+-   GP name: *AllowCredSSP_1*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowCredSSPAuthenticationService**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow CredSSP authentication*
+-   GP name: *AllowCredSSP_2*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowRemoteServerManagement**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow remote server management through WinRM*
+-   GP name: *AllowAutoConfig*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowUnencryptedTraffic_Client**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow unencrypted traffic*
+-   GP name: *AllowUnencrypted_2*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/AllowUnencryptedTraffic_Service**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow unencrypted traffic*
+-   GP name: *AllowUnencrypted_1*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/DisallowDigestAuthentication**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disallow Digest authentication*
+-   GP name: *DisallowDigest*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/DisallowNegotiateAuthenticationClient**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disallow Negotiate authentication*
+-   GP name: *DisallowNegotiate_1*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/DisallowNegotiateAuthenticationService**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disallow Negotiate authentication*
+-   GP name: *DisallowNegotiate_2*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/DisallowStoringOfRunAsCredentials**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Disallow WinRM from storing RunAs credentials*
+-   GP name: *DisableRunAs*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify channel binding token hardening level*
+-   GP name: *CBTHardeningLevel_1*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/TrustedHosts**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Trusted Hosts*
+-   GP name: *TrustedHosts*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/TurnOnCompatibilityHTTPListener**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn On Compatibility HTTP Listener*
+-   GP name: *HttpCompatibilityListener*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteManagement/TurnOnCompatibilityHTTPSListener**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn On Compatibility HTTPS Listener*
+-   GP name: *HttpsCompatibilityListener*
+-   GP ADMX file name: *WindowsRemoteManagement.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
new file mode 100644
index 0000000000..56389b3ae7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -0,0 +1,130 @@
+---
+title: Policy CSP - RemoteProcedureCall
+description: Policy CSP - RemoteProcedureCall
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - RemoteProcedureCall
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## RemoteProcedureCall policies  
+
+<!--StartPolicy-->
+<a href="" id="remoteprocedurecall-rpcendpointmapperclientauthentication"></a>**RemoteProcedureCall/RPCEndpointMapperClientAuthentication**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.
+
+If you disable this policy setting, RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Endpoint Mapper Service on Windows NT4 Server.
+
+If you enable this policy setting, RPC clients will authenticate to the Endpoint Mapper Service for calls that contain authentication information.  Clients making such calls will not be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+
+If you do not configure this policy setting, it remains disabled.  RPC clients will not authenticate to the Endpoint Mapper Service, but they will be able to communicate with the Windows NT4 Server Endpoint Mapper Service.
+
+Note: This policy will not be applied until the system is rebooted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Enable RPC Endpoint Mapper Client Authentication*
+-   GP name: *RpcEnableAuthEpResolution*
+-   GP ADMX file name: *rpc.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="remoteprocedurecall-restrictunauthenticatedrpcclients"></a>**RemoteProcedureCall/RestrictUnauthenticatedRPCClients**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
+
+This policy setting impacts all RPC applications.  In a domain environment this policy setting should be used with caution as it can impact a wide range of functionality including group policy processing itself.  Reverting a change to this policy setting can require manual intervention on each affected machine.  This policy setting should never be applied to a domain controller.
+
+If you disable this policy setting, the RPC server runtime uses the value of "Authenticated" on Windows Client, and the value of "None" on Windows Server versions that support this policy setting.
+
+If you do not configure this policy setting, it remains disabled.  The RPC server runtime will behave as though it was enabled with the value of "Authenticated" used for Windows Client and the value of "None" used for Server SKUs that support this policy setting.
+
+If you enable this policy setting, it directs the RPC server runtime to restrict unauthenticated RPC clients connecting to RPC servers running on a machine. A client will be considered an authenticated client if it uses a named pipe to communicate with the server or if it uses RPC Security. RPC Interfaces that have specifically requested to be accessible by unauthenticated clients may be exempt from this restriction, depending on the selected value for this policy setting.
+
+--  "None" allows all RPC clients to connect to RPC Servers running on the machine on which the policy setting is applied.
+
+--  "Authenticated" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied. Exemptions are granted to interfaces that have requested them.
+
+--  "Authenticated without exceptions" allows only authenticated RPC Clients (per the definition above) to connect to RPC Servers running on the machine on which the policy setting is applied.  No exceptions are allowed.
+
+Note: This policy setting will not be applied until the system is rebooted.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Restrict Unauthenticated RPC clients*
+-   GP name: *RpcRestrictRemoteClients*
+-   GP ADMX file name: *rpc.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
new file mode 100644
index 0000000000..08ec87e539
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -0,0 +1,121 @@
+---
+title: Policy CSP - RemoteShell
+description: Policy CSP - RemoteShell
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - RemoteShell
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## RemoteShell policies  
+
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/AllowRemoteShellAccess**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Allow Remote Shell Access*
+-   GP name: *AllowRemoteShellAccess*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/MaxConcurrentUsers**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *MaxConcurrentUsers*
+-   GP name: *MaxConcurrentUsers*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/SpecifyIdleTimeout**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify idle Timeout*
+-   GP name: *IdleTimeout*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/SpecifyMaxMemory**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify maximum amount of memory in MB per Shell*
+-   GP name: *MaxMemoryPerShellMB*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/SpecifyMaxProcesses**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify maximum number of processes per Shell*
+-   GP name: *MaxProcessesPerShell*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/SpecifyMaxRemoteShells**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify maximum number of remote shells per user*
+-   GP name: *MaxShellsPerUser*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="None"></a>**RemoteShell/SpecifyShellTimeout**  
+
+<!--StartDescription-->
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Specify Shell Timeout*
+-   GP name: *ShellTimeOut*
+-   GP ADMX file name: *WindowsRemoteShell.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
new file mode 100644
index 0000000000..73badec791
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -0,0 +1,392 @@
+---
+title: Policy CSP - Search
+description: Policy CSP - Search
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Search
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Search policies  
+
+<!--StartPolicy-->
+<a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
+
+<p style="margin-left: 20px">When the policy is enabled, WIP protected items are indexed and the metadata about them are stored in an unencrypted location. The metadata includes things like file path and date modified.
+
+<p style="margin-left: 20px">When the policy is disabled, the WIP protected items are not indexed and do not show up in the results in Cortana or file explorer. There may also be a performance impact on photos and Groove apps if there are a lot of WIP protected media files on the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether search can leverage location information.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows the use of diacritics.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to always use automatic language detection when indexing content and properties.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Disable.
+-   1 – Enable.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This policy setting configures whether or not locations on removable drives can be added to libraries.
+
+<p style="margin-left: 20px">If you enable this policy setting, locations on removable drives cannot be added to libraries. In addition, locations on removable drives cannot be indexed.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, locations on removable drives can be added to libraries. In addition, locations on removable drives can be indexed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Disable.
+-   1 – Enable.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
+
+<p style="margin-left: 20px">Enable this policy if computers in your environment have extremely limited hard drive space.
+
+<p style="margin-left: 20px">When this policy is disabled or not configured, Windows Desktop Search automatically manages your index size.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disable.
+-   1 (default) – Enable.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disable.
+-   1 (default) – Enable.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="search-safesearchpermissions"></a>**Search/SafeSearchPermissions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Specifies what level of safe search (filtering adult content) is required.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Strict, highest filtering against adult content.
+-   1 (default) – Moderate filtering against adult content (valid search results will not be filtered).
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>Search policies that can be set using Exchange Active Sync (EAS)  
+
+-   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
+<!--EndEAS-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Search policies supported by Windows Holographic for Business  
+
+-   [Search/AllowSearchToUseLocation](#search-allowsearchtouselocation)  
+<!--EndHoloLens-->
+
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
new file mode 100644
index 0000000000..b9da338ad1
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -0,0 +1,426 @@
+---
+title: Policy CSP - Security
+description: Policy CSP - Security
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Security
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Security policies  
+
+<!--StartPolicy-->
+<a href="" id="security-allowaddprovisioningpackage"></a>**Security/AllowAddProvisioningPackage**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to install provisioning packages.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-allowautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy has been deprecated in Windows 10, version 1607
+
+<br>
+
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-allowmanualrootcertificateinstallation"></a>**Security/AllowManualRootCertificateInstallation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Specifies whether the user is allowed to manually install root and intermediate CA certificates.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-allowremoveprovisioningpackage"></a>**Security/AllowRemoveProvisioningPackage**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to remove provisioning packages.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-antitheftmode"></a>**Security/AntiTheftMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
+
+ 
+<p style="margin-left: 20px">Allows or disallow Anti Theft Mode on the device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Don't allow Anti Theft Mode.
+-   1 (default) – Anti Theft Mode will follow the default device configuration (region-dependent).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-preventautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607 to replace the deprecated policy **Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**.
+
+<p style="margin-left: 20px">Specifies whether to allow automatic device encryption during OOBE when the device is Azure AD joined.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Encryption enabled.
+-   1 – Encryption disabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-requiredeviceencryption"></a>**Security/RequireDeviceEncryption**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**.
+
+<p style="margin-left: 20px">Allows enterprise to turn on internal storage encryption.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Encryption is not required.
+-   1 – Encryption is required.
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+> [!IMPORTANT]
+> If encryption has been enabled, it cannot be turned off by using this policy.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-requireprovisioningpackagesignature"></a>**Security/RequireProvisioningPackageSignature**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether provisioning packages must have a certificate signed by a device trusted authority.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not required.
+-   1 – Required.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="security-requireretrievehealthcertificateonboot"></a>**Security/RequireRetrieveHealthCertificateOnBoot**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not required.
+-   1 – Required.
+
+<p style="margin-left: 20px">Setting this policy to 1 (Required):
+
+-   Determines whether a device is capable of Remote Device Health Attestation, by verifying if the device has TPM 2.0.
+-   Improves the performance of the device by enabling the device to fetch and cache data to reduce the latency during Device Health Verification.
+
+> [!NOTE]
+> We recommend that this policy is set to Required after MDM enrollment.
+ 
+
+<p style="margin-left: 20px">Most restricted value is 1.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>Security policies that can be set using Exchange Active Sync (EAS)  
+
+-   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
+<!--EndEAS-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Security policies supported by Windows Holographic for Business  
+
+-   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Security policies supported by IoT Core  
+
+-   [Security/AllowAddProvisioningPackage](#security-allowaddprovisioningpackage)  
+-   [Security/AllowRemoveProvisioningPackage](#security-allowremoveprovisioningpackage)  
+-   [Security/RequireDeviceEncryption](#security-requiredeviceencryption)  
+-   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Security policies supported by Microsoft Surface Hub  
+
+-   [Security/RequireProvisioningPackageSignature](#security-requireprovisioningpackagesignature)  
+-   [Security/RequireRetrieveHealthCertificateOnBoot](#security-requireretrievehealthcertificateonboot)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
new file mode 100644
index 0000000000..aac7fdd2e4
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -0,0 +1,559 @@
+---
+title: Policy CSP - Settings
+description: Policy CSP - Settings
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Settings
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Settings policies  
+
+<!--StartPolicy-->
+<a href="" id="settings-allowautoplay"></a>**Settings/AllowAutoPlay**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows the user to change Auto Play settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+> [!NOTE]
+> Setting this policy to 0 (Not allowed) does not affect the autoplay dialog box that appears when a device is connected.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowdatasense"></a>**Settings/AllowDataSense**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows the user to change Data Sense settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowdatetime"></a>**Settings/AllowDateTime**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows the user to change date and time settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-alloweditdevicename"></a>**Settings/AllowEditDeviceName**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows editing of the device name.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowlanguage"></a>**Settings/AllowLanguage**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows the user to change the language settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowpowersleep"></a>**Settings/AllowPowerSleep**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows the user to change power and sleep settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowregion"></a>**Settings/AllowRegion**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows the user to change the region settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowsigninoptions"></a>**Settings/AllowSignInOptions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows the user to change sign-in options.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowvpn"></a>**Settings/AllowVPN**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows the user to change VPN settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowworkplace"></a>**Settings/AllowWorkplace**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Allows user to change workplace settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-allowyouraccount"></a>**Settings/AllowYourAccount**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows user to change account settings.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-configuretaskbarcalendar"></a>**Settings/ConfigureTaskbarCalendar**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout.  In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – User will be allowed to configure the setting.
+-   1  – Don't show additional calendars.
+-   2  - Simplified Chinese (Lunar).
+-   3  - Traditional Chinese (Lunar).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="settings-pagevisibilitylist"></a>**Settings/PageVisibilityList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo".  Multiple page identifiers are separated by semicolons.
+
+<p style="margin-left: 20px">The following example illustrates a policy that would allow access only to the about and bluetooth pages, which have URI "ms-settings:about" and "ms-settings:bluetooth" respectively:
+
+<p style="margin-left: 20px">showonly:about;bluetooth
+
+<p style="margin-left: 20px">If the policy is not specified, the behavior will be that no pages are affected. If the policy string is formatted incorrectly, it will be ignored entirely (i.e. treated as not set) to prevent the machine from becoming unserviceable if data corruption occurs. Note that if a page is already hidden for another reason, then it will remain hidden even if it is in a "showonly:" list.
+
+<p style="margin-left: 20px">The format of the PageVisibilityList value is as follows:
+
+-   The value is a unicode string up to 10,000 characters long, which will be used without case sensitivity.
+-   There are two variants: one that shows only the given pages and one which hides the given pages.
+-   The first variant starts with the string "showonly:" and the second with the string "hide:".
+-	Following the variant identifier is a semicolon-delimited list of page identifiers, which must not have any extra whitespace.
+-   Each page identifier is the ms-settings:xyz URI for the page, minus the ms-settings: prefix, so the identifier for the page with URI "ms-settings:wi-fi" would be just "wi-fi".
+
+<p style="margin-left: 20px">The default value for this setting is an empty string, which is interpreted as show everything.
+
+<p style="margin-left: 20px">Example 1, specifies that only the wifi and bluetooth pages should be shown (they have URIs ms-settings:wi-fi and ms-settings:bluetooth). All other pages (and the categories they're in) will be hidden:
+
+<p style="margin-left: 20px">showonly:wi-fi;bluetooth
+
+<p style="margin-left: 20px">Example 2, specifies that the wifi page should not be shown:
+
+<p style="margin-left: 20px">hide:wifi
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Open System Settings and verfiy that the About page is visible and accessible.
+2.   Configure the policy with the following string: "hide:about".
+3.   Open System Settings again and verify that the About page is no longer accessible.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Settings policies supported by Windows Holographic for Business  
+
+-   [Settings/AllowDateTime](#settings-allowdatetime)  
+-   [Settings/AllowVPN](#settings-allowvpn)  
+<!--EndHoloLens-->
+
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
new file mode 100644
index 0000000000..968712f98d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -0,0 +1,138 @@
+---
+title: Policy CSP - SmartScreen
+description: Policy CSP - SmartScreen
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - SmartScreen
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## SmartScreen policies  
+
+<!--StartPolicy-->
+<a href="" id="smartscreen-enableappinstallcontrol"></a>**SmartScreen/EnableAppInstallControl**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Turns off Application Installation Control, allowing users to download and install files from anywhere on the web.
+-   1 – Turns on Application Installation Control, allowing users to only install apps from the Store.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="smartscreen-enablesmartscreeninshell"></a>**SmartScreen/EnableSmartScreenInShell**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Turns off SmartScreen in Windows.
+-   1 – Turns on SmartScreen in Windows.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="smartscreen-preventoverrideforfilesinshell"></a>**SmartScreen/PreventOverrideForFilesInShell**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Employees can ignore SmartScreen warnings and run malicious files.
+-   1 – Employees cannot ignore SmartScreen warnings and run malicious files.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
new file mode 100644
index 0000000000..b67d1464b7
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -0,0 +1,66 @@
+---
+title: Policy CSP - Speech
+description: Policy CSP - Speech
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Speech
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Speech policies  
+
+<!--StartPolicy-->
+<a href="" id="speech-allowspeechmodelupdate"></a>**Speech/AllowSpeechModelUpdate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
new file mode 100644
index 0000000000..9c3c33dc73
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -0,0 +1,1192 @@
+---
+title: Policy CSP - Start
+description: Policy CSP - Start
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Start
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Start policies  
+
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfolderdocuments"></a>**Start/AllowPinnedFolderDocuments**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfolderdownloads"></a>**Start/AllowPinnedFolderDownloads**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfolderfileexplorer"></a>**Start/AllowPinnedFolderFileExplorer**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfolderhomegroup"></a>**Start/AllowPinnedFolderHomeGroup**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfoldermusic"></a>**Start/AllowPinnedFolderMusic**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfoldernetwork"></a>**Start/AllowPinnedFolderNetwork**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfolderpersonalfolder"></a>**Start/AllowPinnedFolderPersonalFolder**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfolderpictures"></a>**Start/AllowPinnedFolderPictures**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfoldersettings"></a>**Start/AllowPinnedFolderSettings**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-allowpinnedfoldervideos"></a>**Start/AllowPinnedFolderVideos**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – The shortcut is hidden and disables the setting in the Settings app.
+-   1 – The shortcut is visible and disables the setting in the Settings app.
+-   65535 (default) - There is no enforced configuration and the setting can be changed by the user.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-forcestartsize"></a>**Start/ForceStartSize**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
+
+
+<p style="margin-left: 20px">Forces the start screen size.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Do not force size of Start.
+-   1 – Force non-fullscreen size of Start.
+-   2 - Force a fullscreen size of Start.
+
+<p style="margin-left: 20px">If there is policy configuration conflict, the latest configuration request is applied to the device.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hideapplist"></a>**Start/HideAppList**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by collapsing or removing the all apps list.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – None.
+-   1 – Hide all apps list.
+-   2 - Hide all apps list, and Disable "Show app list in Start menu" in Settings app.
+-   3 - Hide all apps list, remove all apps button, and Disable "Show app list in Start menu" in Settings app.
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+-   1 - Enable policy and restart explorer.exe
+-   2a - If set to '1': Verify that the all apps list is collapsed, and that the Settings toggle is not grayed out.
+-   2b - If set to '2': Verify that the all apps list is collapsed, and that the Settings toggle is grayed out.
+-   2c - If set to '3': Verify that there is no way of opening the all apps list from Start, and that the Settings toggle is grayed out.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidechangeaccountsettings"></a>**Start/HideChangeAccountSettings**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the user tile, and verify that "Change account settings" is not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidefrequentlyusedapps"></a>**Start/HideFrequentlyUsedApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding most used apps.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable "Show most used apps" in the Settings app.
+2.   Use some apps to get them into the most used group in Start.
+3.   Enable policy.
+4.   Restart explorer.exe
+5.   Check that  "Show most used apps" Settings toggle is grayed out.
+6.   Check that most used apps do not appear in Start.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidehibernate"></a>**Start/HideHibernate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Laptop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the Power button, and verify "Hibernate" is not available.
+
+> [!NOTE]
+> This policy can only be verified on laptops as "Hibernate" does not appear on regular PC's.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidelock"></a>**Start/HideLock**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the user tile, and verify "Lock" is not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidepowerbutton"></a>**Start/HidePowerButton**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the Power button from appearing.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, and verify the power button is not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hiderecentjumplists"></a>**Start/HideRecentJumplists**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently opened items in the jumplists from appearing.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable "Show recently opened items in Jump Lists on Start of the taskbar" in Settings.
+2.   Pin Photos to the taskbar, and open some images in the photos app.
+3.   Right click the pinned photos app and verify that a jumplist of recently opened items pops up.
+4.   Toggle "Show recently opened items in Jump Lists on Start of the taskbar" in Settings to clear jump lists.
+5.   Enable policy.
+6.   Restart explorer.exe
+7.   Check that Settings toggle is grayed out.
+8.   Repeat Step 2.
+9.   Right Click pinned photos app and verify that there is no jumplist of recent items.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hiderecentlyaddedapps"></a>**Start/HideRecentlyAddedApps**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding recently added apps.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable "Show recently added apps" in the Settings app.
+2.   Check if there are recently added apps in Start (if not, install some).
+3.   Enable policy.
+4.   Restart explorer.exe
+5.   Check that "Show recently added apps" Settings toggle is grayed out.
+6.   Check that recently added apps do not appear in Start.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hiderestart"></a>**Start/HideRestart**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the Power button, and verify "Restart" and "Update and restart" are not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hideshutdown"></a>**Start/HideShutDown**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the Power button, and verify "Shut down" and "Update and shut down" are not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidesignout"></a>**Start/HideSignOut**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the user tile, and verify "Sign out" is not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hidesleep"></a>**Start/HideSleep**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the Power button, and verify that "Sleep" is not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hideswitchaccount"></a>**Start/HideSwitchAccount**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Open Start, click on the user tile, and verify that "Switch account" is not available.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-hideusertile"></a>**Start/HideUserTile**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding the user tile.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (do not hide).
+-   1 - True (hide).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Log off.
+3.   Log in, and verify that the user tile is gone from Start.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-importedgeassets"></a>**Start/ImportEdgeAssets**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy requires reboot to take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy imports Edge assets (e.g. .png/.jpg files) for secondary tiles into its local app data path which allows the StartLayout policy to pin Edge secondary tiles as weblink that tie to the image asset files.
+
+> [!IMPORTANT]
+> Please note that the import happens only when StartLayout policy is changed. So it is better to always change ImportEdgeAssets policy at the same time as StartLayout policy whenever there are Edge secondary tiles to be pinned from StartLayout policy.
+
+<p style="margin-left: 20px">The value set for this policy is an XML string containing Edge assets.  An example XML string is provided in the [Microsoft Edge assets example](#microsoft-edge-assets-example) later in this topic.
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Set policy with an XML for Edge assets.
+2.   Set StartLayout policy to anything so that it would trigger the Edge assets import.
+3.   Sign out/in.
+4.   Verify that all Edge assets defined in XML show up in %LOCALAPPDATA%\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\LocalState path.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-nopinningtotaskbar"></a>**Start/NoPinningToTaskbar**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (pinning enabled).
+-   1 - True (pinning disabled).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Right click on a program pinned to taskbar.
+3.   Verify that "Unpin from taskbar" menu does not show.
+4.   Open Start and right click on one of the app list icons.
+5.   Verify that More->Pin to taskbar menu does not show.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="start-startlayout"></a>**Start/StartLayout**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!IMPORTANT]
+> This node is set on a per-user basis and must be accessed using the following paths:
+> -   **./User/Vendor/MSFT/Policy/Config/Start/StartLayout** to configure the policy.
+> -   **./User/Vendor/MSFT/Policy/Result/Start/StartLayout** to query the current value of the policy.
+>
+>
+> Added in Windows 10 version 1703: In addition to being able to set this node on a per user-basis, it can now also be set on a per-device basis using the following paths:
+> -   **./Device/Vendor/MSFT/Policy/Config/Start/StartLayout** to configure the policy.
+> -   **./Device/Vendor/MSFT/Policy/Result/Start/StartLayout** to query the current value of the policy.
+
+
+<p style="margin-left: 20px">Allows you to override the default Start layout and prevents the user from changing it. If both user and device policies are set, the user policy will be used. Apps pinned to the taskbar can also be changed with this policy
+
+<p style="margin-left: 20px">This policy is described in [Start/StartLayout Examples](#startlayout-examples) later in this topic.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
new file mode 100644
index 0000000000..7d305a13d9
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -0,0 +1,72 @@
+---
+title: Policy CSP - Storage
+description: Policy CSP - Storage
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Storage
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Storage policies  
+
+<!--StartPolicy-->
+<a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting configures whether or not Windows will activate an Enhanced Storage device.
+
+If you enable this policy setting, Windows will not activate unactivated Enhanced Storage devices.
+
+If you disable or do not configure this policy setting, Windows will activate unactivated Enhanced Storage devices.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not allow Windows to activate Enhanced Storage devices*
+-   GP name: *TCGSecurityActivationDisabled*
+-   GP ADMX file name: *enhancedstorage.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
new file mode 100644
index 0000000000..bfc21c114d
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -0,0 +1,614 @@
+---
+title: Policy CSP - System
+description: Policy CSP - System
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - System
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## System policies  
+
+<!--StartPolicy-->
+<a href="" id="system-allowbuildpreview"></a>**System/AllowBuildPreview**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise.
+
+
+<p style="margin-left: 20px">This policy setting determines whether users can access the Insider build controls in the Advanced Options for Windows Update. These controls are located under "Get Insider builds," and enable users to make their devices available for downloading and installing Windows preview software.
+
+<p style="margin-left: 20px">If you enable or do not configure this policy setting, users can download and install Windows preview software on their devices. If you disable this policy setting, the item "Get Insider builds" will be unavailable.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed. The item "Get Insider builds" is unavailable, users are unable to make their devices available for preview software.
+-   1 – Allowed. Users can make their devices available for downloading and installing preview software.
+-   2 (default) – Not configured. Users can make their devices available for downloading and installing preview software.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowembeddedmode"></a>**System/AllowEmbeddedMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether set general purpose device to be in embedded mode.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Not allowed.
+-   1 – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowexperimentation"></a>**System/AllowExperimentation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is not supported in Windows 10, version 1607.
+
+<p style="margin-left: 20px">This policy setting determines the level that Microsoft can experiment with the product to study user preferences or device behavior.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disabled.
+-   1 (default) – Permits Microsoft to configure device settings only.
+-   2 – Allows Microsoft to conduct full experimentations.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowfontproviders"></a>**System/AllowFontProviders**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
+
+<p style="margin-left: 20px">Supported values:  
+
+-   false - No traffic to fs.microsoft.com and only locally-installed fonts are available.
+-   true (default) - There may be network traffic to fs.microsoft.com and downloadable fonts are available to apps that support them.
+
+<p style="margin-left: 20px">This MDM setting corresponds to the EnableFontProviders Group Policy setting. If both the Group Policy and the MDM settings are configured, the group policy setting takes precedence. If neither is configured, the behavior depends on a DisableFontProviders registry value. In server editions, this registry value is set to 1 by default, so the default behavior is false (disabled). In all other editions, the registry value is not set by default, so the default behavior is true (enabled).
+
+<p style="margin-left: 20px">This setting is used by lower-level components for text display and fond handling and has not direct effect on web browsers, which may download web fonts used in web content.
+
+> [!Note]  
+> Reboot is required after setting the policy; alternatively you can stop and restart the FontCache service.
+
+<p style="margin-left: 20px">To verify if System/AllowFontProviders is set to true:  
+
+-  After a client machine is rebooted, check whether there is any network traffic from client machine to fs.microsoft.com.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowlocation"></a>**System/AllowLocation**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow app access to the Location service.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Force Location Off. All Location Privacy settings are toggled off and greyed out. Users cannot change the settings, and no apps are allowed access to the Location service, including Cortana and Search.
+-   1 (default) – Location service is allowed. The user has control and can change Location Privacy settings on or off.
+-   2 – Force Location On. All Location Privacy settings are toggled on and greyed out. Users cannot change the settings and all consent permissions will be automatically suppressed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">While the policy is set to 0 (Force Location Off) or 2 (Force Location On), any Location service call from an app would trigger the value set by this policy.
+
+<p style="margin-left: 20px">When switching the policy back from 0 (Force Location Off) or 2 (Force Location On) to 1 (User Control), the app reverts to its original Location service setting.
+
+<p style="margin-left: 20px">For example, an app's original Location setting is Off. The administrator then sets the **AllowLocation** policy to 2 (Force Location On.) The Location service starts working for that app, overriding the original setting. Later, if the administrator switches the **AllowLocation** policy back to 1 (User Control), the app will revert to using its original setting of Off.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – SD card use is not allowed and USB drives are disabled. This setting does not prevent programmatic access to the storage card. 
+-   1 (default) – Allow a storage card.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowtelemetry"></a>**System/AllowTelemetry**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allow the device to send diagnostic and usage telemetry data, such as Watson.
+
+<p style="margin-left: 20px">The following tables describe the supported values:
+
+<table style="margin-left: 20px">
+<colgroup>
+<col width="100%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Windows 8.1 Values</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top"><p>0 – Not allowed.</p>
+</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p> 1 – Allowed, except for Secondary Data Requests.</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>2 (default) – Allowed.</p></td>
+</tr>
+</tbody>
+</table>
+
+
+<table style="margin-left: 20px">
+<colgroup>
+<col width="100%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Windows 10 Values</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top"><p>0 – Security. Information that is required to help keep Windows more secure, including data about the Connected User Experience and Telemetry component settings, the Malicious Software Removal Tool, and Windows Defender.</p>
+<div class="alert">
+<strong>Note</strong>  This value is only applicable to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016. Using this setting on other devices is equivalent to setting the value of 1.
+</div>
+</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>1 – Basic. Basic device info, including: quality-related data, app compatibility, app usage data, and data from the Security level.</p></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>2 – Enhanced. Additional insights, including: how Windows, Windows Server, System Center, and apps are used, how they perform, advanced reliability data, and data from both the Basic and the Security levels.</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>3 – Full. All data necessary to identify and help to fix problems, plus data from the Security, Basic, and Enhanced levels.</p></td>
+</tr>
+</tbody>
+</table>
+
+
+> [!IMPORTANT]
+> If you are using Windows 8.1 MDM server and set a value of 0 using the legacy AllowTelemetry policy on a Windows 10 Mobile device, then the value is not respected and the telemetry level is silently set to level 1.
+
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed to reset to factory default settings.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+N/A
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP name: *POL_DriverLoadPolicy_Name*
+-   GP ADMX file name: *earlylauncham.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
+
+* Users cannot access OneDrive from the OneDrive app or file picker.
+* Windows Store apps cannot access OneDrive using the WinRT API.
+* OneDrive does not appear in the navigation pane in File Explorer.
+* OneDrive files are not kept in sync with the cloud.
+* Users cannot automatically upload photos and videos from the camera roll folder. 
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, apps and features can work with OneDrive file storage.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – False (sync enabled).
+-   1 – True (sync disabled).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Restart machine.
+3.   Verify that OneDrive.exe is not running in Task Manager.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-disablesystemrestore"></a>**System/DisableSystemRestore**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+Allows you to disable System Restore.
+
+This policy setting allows you to turn off System Restore.
+
+System Restore enables users, in the event of a problem, to restore their computers to a previous state without losing personal data files. By default, System Restore is turned on for the boot volume.
+
+If you enable this policy setting, System Restore is turned off, and the System Restore Wizard cannot be accessed. The option to configure System Restore or create a restore point through System Protection is also disabled.
+
+If you disable or do not configure this policy setting, users can perform System Restore and configure System Restore settings through System Protection.
+
+Also, see the "Turn off System Restore configuration" policy setting. If the "Turn off System Restore" policy setting is disabled or not configured, the "Turn off System Restore configuration" policy setting is used to determine whether the option to configure System Restore is available.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off System Restore*
+-   GP name: *SR_DisableSR*
+-   GP ADMX file name: *systemrestore.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *&lt;server&gt;:&lt;port&gt;*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.
+
+<p style="margin-left: 20px">If you disable or do not configure this policy setting, Connected User Experiences and Telemetry will go to Microsoft using the default proxy configuration.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>System policies that can be set using Exchange Active Sync (EAS)  
+
+-   [System/AllowStorageCard](#system-allowstoragecard)  
+-   [System/TelemetryProxy](#system-telemetryproxy)  
+<!--EndEAS-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>System policies supported by Windows Holographic for Business  
+
+-   [System/AllowFontProviders](#system-allowfontproviders)  
+-   [System/AllowLocation](#system-allowlocation)  
+-   [System/AllowTelemetry](#system-allowtelemetry)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>System policies supported by IoT Core  
+
+-   [System/AllowEmbeddedMode](#system-allowembeddedmode)  
+-   [System/AllowFontProviders](#system-allowfontproviders)  
+-   [System/AllowStorageCard](#system-allowstoragecard)  
+-   [System/TelemetryProxy](#system-telemetryproxy)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>System policies supported by Microsoft Surface Hub  
+
+-   [System/AllowFontProviders](#system-allowfontproviders)  
+-   [System/AllowLocation](#system-allowlocation)  
+-   [System/AllowTelemetry](#system-allowtelemetry)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
new file mode 100644
index 0000000000..3baa9bb071
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -0,0 +1,580 @@
+---
+title: Policy CSP - TextInput
+description: Policy CSP - TextInput
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - TextInput
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## TextInput policies  
+
+<!--StartPolicy-->
+<a href="" id="textinput-allowimelogging"></a>**TextInput/AllowIMELogging**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowimenetworkaccess"></a>**TextInput/AllowIMENetworkAccess**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowinputpanel"></a>**TextInput/AllowInputPanel**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the IT admin to disable the touch/handwriting keyboard on Windows.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowjapaneseimesurrogatepaircharacters"></a>**TextInput/AllowJapaneseIMESurrogatePairCharacters**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the Japanese IME surrogate pair characters.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowjapaneseivscharacters"></a>**TextInput/AllowJapaneseIVSCharacters**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows Japanese Ideographic Variation Sequence (IVS) characters.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowjapanesenonpublishingstandardglyph"></a>**TextInput/AllowJapaneseNonPublishingStandardGlyph**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the Japanese non-publishing standard glyph.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowjapaneseuserdictionary"></a>**TextInput/AllowJapaneseUserDictionary**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the Japanese user dictionary.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowkeyboardtextsuggestions"></a>**TextInput/AllowKeyboardTextSuggestions**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. When this policy is set to disabled, text prediction is disabled. 
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Disabled.
+-   1 (default) – Enabled.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<p style="margin-left: 20px">To validate that text prediction is disabled on Windows 10 for desktop, do the following:
+
+1.  Search for and launch the on-screen keyboard. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Use Text Prediction” setting is enabled from the options button.
+2.  Launch the input panel/touch keyboard by touching a text input field or launching it from the taskbar. Verify that text prediction is disabled by typing some text. Text prediction on the keyboard will be disabled even if the “Show text suggestions as I type” setting is enabled in the Settings app.
+3.  Launch the handwriting tool from the touch keyboard. Verify that text prediction is disabled when you write using the tool.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This policy has been deprecated.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-allowlanguagefeaturesuninstall"></a>**TextInput/AllowLanguageFeaturesUninstall**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the uninstall of language features, such as spell checkers, on a device.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-excludejapaneseimeexceptjis0208"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the users to restrict character code range of conversion by setting the character filter.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – No characters are filtered.
+-   1 – All characters except JIS0208 are filtered.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-excludejapaneseimeexceptjis0208andeudc"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the users to restrict character code range of conversion by setting the character filter.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – No characters are filtered.
+-   1 – All characters except JIS0208 and EUDC are filtered.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="textinput-excludejapaneseimeexceptshiftjis"></a>**TextInput/ExcludeJapaneseIMEExceptShiftJIS**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> The policy is only enforced in Windows 10 for desktop.
+
+
+<p style="margin-left: 20px">Allows the users to restrict character code range of conversion by setting the character filter.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – No characters are filtered.
+-   1 – All characters except ShiftJIS are filtered.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>TextInput policies supported by Microsoft Surface Hub  
+
+-   [TextInput/AllowIMELogging](#textinput-allowimelogging)  
+-   [TextInput/AllowIMENetworkAccess](#textinput-allowimenetworkaccess)  
+-   [TextInput/AllowInputPanel](#textinput-allowinputpanel)  
+-   [TextInput/AllowJapaneseIMESurrogatePairCharacters](#textinput-allowjapaneseimesurrogatepaircharacters)  
+-   [TextInput/AllowJapaneseIVSCharacters](#textinput-allowjapaneseivscharacters)  
+-   [TextInput/AllowJapaneseNonPublishingStandardGlyph](#textinput-allowjapanesenonpublishingstandardglyph)  
+-   [TextInput/AllowJapaneseUserDictionary](#textinput-allowjapaneseuserdictionary)  
+-   [TextInput/AllowLanguageFeaturesUninstall](#textinput-allowlanguagefeaturesuninstall)  
+-   [TextInput/ExcludeJapaneseIMEExceptJIS0208](#textinput-excludejapaneseimeexceptjis0208)  
+-   [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](#textinput-excludejapaneseimeexceptjis0208andeudc)  
+-   [TextInput/ExcludeJapaneseIMEExceptShiftJIS](#textinput-excludejapaneseimeexceptshiftjis)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
new file mode 100644
index 0000000000..c3bcd16106
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -0,0 +1,74 @@
+---
+title: Policy CSP - TimeLanguageSettings
+description: Policy CSP - TimeLanguageSettings
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - TimeLanguageSettings
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## TimeLanguageSettings policies  
+
+<!--StartPolicy-->
+<a href="" id="timelanguagesettings-allowset24hourclock"></a>**TimeLanguageSettings/AllowSet24HourClock**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Locale default setting.
+-   1 (default) – Set 24 hour clock.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>TimeLanguageSettings policies supported by Microsoft Surface Hub  
+
+-   [TimeLanguageSettings/Set24HourClock](#None)  
+-   [TimeLanguageSettings/SetCountry](#None)  
+-   [TimeLanguageSettings/SetLanguage](#None)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
new file mode 100644
index 0000000000..eb5110a19b
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -0,0 +1,1886 @@
+---
+title: Policy CSP - Update
+description: Policy CSP - Update
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Update
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Update policies  
+
+<!--StartPolicy-->
+<a href="" id="update-activehoursend"></a>**Update/ActiveHoursEnd**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursStart**) to manage a range of active hours where update reboots are not scheduled. This value sets the end time. There is a 12 hour maximum from start time.
+
+> [!NOTE]
+> The default maximum difference from start time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** below for more information.
+
+<p style="margin-left: 20px">Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
+
+<p style="margin-left: 20px">The default is 17 (5 PM).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-activehoursmaxrange"></a>**Update/ActiveHoursMaxRange**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT admin to specify the max active hours range. This value sets max number of active hours from start time.
+
+<p style="margin-left: 20px">Supported values are 8-18.
+
+<p style="margin-left: 20px">The default value is 18 (hours).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-activehoursstart"></a>**Update/ActiveHoursStart**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin (when used with **Update/ActiveHoursEnd**) to manage a range of hours where update reboots are not scheduled. This value sets the start time. There is a 12 hour maximum from end time.
+
+> [!NOTE]
+> The default maximum difference from end time has been increased to 18 in Windows 10, version 1703. In this version of Windows 10, the maximum range of active hours can now be configured.  See **Update/ActiveHoursMaxRange** above for more information.
+
+<p style="margin-left: 20px">Supported values are 0-23, where 0 is 12 AM, 1 is 1 AM, etc.
+
+<p style="margin-left: 20px">The default value is 8 (8 AM).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-allowautoupdate"></a>**Update/AllowAutoUpdate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Enables the IT admin to manage automatic update behavior to scan, download, and install updates.
+
+<p style="margin-left: 20px">Supported operations are Get and Replace.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Notify the user before downloading the update. This policy is used by the enterprise who wants to enable the end-users to manage data usage. With this option users are notified when there are updates that apply to the device and are ready for download. Users can download and install the updates from the Windows Update control panel.
+-   1 – Auto install the update and then notify the user to schedule a device restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates immediately. If the installation requires a restart, the end-user is prompted to schedule the restart time. The end-user has up to seven days to schedule the restart and after that, a restart of the device is forced. Enabling the end-user to control the start time reduces the risk of accidental data loss caused by applications that do not shutdown properly on restart.
+-   2 (default) – Auto install and restart. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This is the default behavior for unmanaged devices. Devices are updated quickly, but it increases the risk of accidental data loss caused by an application that does not shutdown properly on restart.
+-   3 – Auto install and restart at a specified time. The IT specifies the installation day and time. If no day and time are specified, the default is 3 AM daily. Automatic installation happens at this time and device restart happens after a 15-minute countdown. If the user is logged in when Windows is ready to restart, the user can interrupt the 15-minute countdown to delay the restart.
+-   4 – Auto install and restart without end-user control. Updates are downloaded automatically on non-metered networks and installed during "Automatic Maintenance" when the device is not in use and is not running on battery power. If automatic maintenance is unable to install updates for two days, Windows Update will install updates right away. If a restart is required, then the device is automatically restarted when the device is not actively being used. This setting option also sets the end-user control panel to read-only.
+-   5 – Turn off automatic updates.
+
+> [!IMPORTANT]
+> This option should be used only for systems under regulatory compliance, as you will not get security updates as well.
+ 
+
+<p style="margin-left: 20px">If the policy is not configured, end-users get the default behavior (Auto install and restart).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-allowmuupdateservice"></a>**Update/AllowMUUpdateService**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin to manage whether to scan for app updates from Microsoft Update.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed or not configured.
+-   1 – Allowed. Accepts updates received through Microsoft Update.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-allownonmicrosoftsignedupdate"></a>**Update/AllowNonMicrosoftSignedUpdate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Allows the IT admin to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found at the UpdateServiceUrl location. This policy supports using WSUS for 3rd party software and patch distribution.
+
+<p style="margin-left: 20px">Supported operations are Get and Replace.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed or not configured. Updates from an intranet Microsoft update service location must be signed by Microsoft.
+-   1 – Allowed. Accepts updates received through an intranet Microsoft update service location, if they are signed by a certificate found in the "Trusted Publishers" certificate store of the local computer.
+
+<p style="margin-left: 20px">This policy is specific to desktop and local publishing via WSUS for 3rd party updates (binaries and updates not hosted on Microsoft Update) and allows IT to manage whether Automatic Updates accepts updates signed by entities other than Microsoft when the update is found on an intranet Microsoft update service location.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-allowupdateservice"></a>**Update/AllowUpdateService**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Specifies whether the device could use Microsoft Update, Windows Server Update Services (WSUS), or Windows Store.
+
+<p style="margin-left: 20px">Even when Windows Update is configured to receive updates from an intranet update service, it will periodically retrieve information from the public Windows Update service to enable future connections to Windows Update, and other services like Microsoft Update or the Windows Store
+
+<p style="margin-left: 20px">Enabling this policy will disable that functionality, and may cause connection to public services such as the Windows Store to stop working.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Update service is not allowed.
+-   1 (default) – Update service is allowed.
+
+> [!NOTE]
+> This policy applies only when the desktop or device is configured to connect to an intranet update service using the "Specify intranet Microsoft update service location" policy.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-autorestartdeadlineperiodindays"></a>**Update/AutoRestartDeadlinePeriodInDays**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy defines the deadline in days after which a reboot for updates will become mandatory.
+
+<p style="margin-left: 20px">Supported values are 2-30 days.
+
+<p style="margin-left: 20px">The default value is 7 days.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-autorestartnotificationschedule"></a>**Update/AutoRestartNotificationSchedule**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart reminder notifications.
+
+<p style="margin-left: 20px">Supported values are 15, 30, 60, 120, and 240 (minutes).
+
+<p style="margin-left: 20px">The default value is 15 (minutes).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-autorestartrequirednotificationdismissal"></a>**Update/AutoRestartRequiredNotificationDismissal**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the method by which the auto-restart required notification is dismissed.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   1 (default) – Auto Dismissal.
+-   2 – User Dismissal.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-branchreadinesslevel"></a>**Update/BranchReadinessLevel**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the IT admin to set which branch a device receives their updates from.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   16 (default) – User gets all applicable upgrades from Current Branch (CB).
+-   32 – User gets upgrades from Current Branch for Business (CBB).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-deferfeatureupdatesperiodindays"></a>**Update/DeferFeatureUpdatesPeriodInDays**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
+<p style="margin-left: 20px">Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Defers Feature Updates for the specified number of days.
+
+<p style="margin-left: 20px">Supported values are 0-365 days.
+
+> [!IMPORTANT]
+> The default maximum number of days to defer an update has been increased from 180 (Windows 10, version 1607) to 365 in Windows 10, version 1703.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-deferqualityupdatesperiodindays"></a>**Update/DeferQualityUpdatesPeriodInDays**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Defers Quality Updates for the specified number of days.
+
+<p style="margin-left: 20px">Supported values are 0-30.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-deferupdateperiod"></a>**Update/DeferUpdatePeriod**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+>
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpdatePeriod for Windows 10, version 1511 devices.
+
+
+<p style="margin-left: 20px">Allows IT Admins to specify update delays for up to 4 weeks.
+
+<p style="margin-left: 20px">Supported values are 0-4, which refers to the number of weeks to defer updates.
+
+<p style="margin-left: 20px">In Windows 10 Mobile Enterprise version 1511 devices set to automatic updates, for DeferUpdatePeriod to work, you must set the following:
+
+-   Update/RequireDeferUpgrade must be set to 1
+-   System/AllowTelemetry must be set to 1 or higher
+
+<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+<p style="margin-left: 20px">If the Allow Telemetry policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+<table style="margin-left: 20px">
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Update category</th>
+<th>Maximum deferral</th>
+<th>Deferral increment</th>
+<th>Update type/notes</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top"><p>OS upgrade</p></td>
+<td style="vertical-align:top"><p>8 months</p></td>
+<td style="vertical-align:top"><p>1 month</p></td>
+<td style="vertical-align:top"><p>Upgrade - 3689BDC8-B205-4AF4-8D4A-A63924C5E9D5</p></td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top"><p>Update</p></td>
+<td style="vertical-align:top"><p>1 month</p></td>
+<td style="vertical-align:top"><p>1 week</p></td>
+<td style="vertical-align:top"><div class="alert">
+<strong>Note</strong>
+If a machine has Microsoft Update enabled, any Microsoft Updates in these categories will also observe Defer / Pause logic.
+</div>
+<ul>
+<li>Security Update - 0FA1201D-4330-4FA8-8AE9-B877473B6441</li>
+<li>Critical Update - E6CF1350-C01B-414D-A61F-263D14D133B4</li>
+<li>Update Rollup - 28BC880E-0592-4CBF-8F95-C79B17911D5F</li>
+<li>Service Pack - 68C5B0A3-D1A6-4553-AE49-01D3A7827828</li>
+<li>Tools - B4832BD8-E735-4761-8DAF-37F882276DAB</li>
+<li>Feature Pack - B54E7D24-7ADD-428F-8B75-90A396FA584F</li>
+<li>Update - CD5FFD1E-E932-4E3A-BF74-18BF0B1BBD83</li>
+<li>Driver - EBFC1FC5-71A4-4F7B-9ACA-3B9A503104A0</li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top"><p>Other/cannot defer</p></td>
+<td style="vertical-align:top"><p>No deferral</p></td>
+<td style="vertical-align:top"><p>No deferral</p></td>
+<td style="vertical-align:top"><p>Any update category not specifically enumerated above falls into this category.</p>
+<p>Definition Update - E0789628-CE08-4437-BE74-2495B842F43B</p></td>
+</tr>
+</tbody>
+</table>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-deferupgradeperiod"></a>**Update/DeferUpgradePeriod**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
+>
+> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+>
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use DeferUpgradePeriod for Windows 10, version 1511 devices.
+
+
+<p style="margin-left: 20px">Allows IT Admins to specify additional upgrade delays for up to 8 months.
+
+<p style="margin-left: 20px">Supported values are 0-8, which refers to the number of months to defer upgrades.
+
+<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+<p style="margin-left: 20px">If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-detectionfrequency"></a>**Update/DetectionFrequency**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the scan frequency from every 1 - 22 hours. Default is 22 hours.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-engagedrestartdeadline"></a>**Update/EngagedRestartDeadline**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. The deadline can be set between 2 and 30 days from the time the restart becomes pending. If configured, the pending restart will transition from Auto-restart to Engaged restart (pending user schedule) to be automatically executed within the specified period.  If no deadline is specified or deadline is set to 0, the restart will not be automatically executed and will remain Engaged restart (pending user scheduling).
+
+<p style="margin-left: 20px">Supported values are 2-30 days.
+
+<p style="margin-left: 20px">The default value is 0 days (not specified).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-engagedrestartsnoozeschedule"></a>**Update/EngagedRestartSnoozeSchedule**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to control the number of days a user can snooze Engaged restart reminder notifications.
+
+<p style="margin-left: 20px">Supported values are 1-3 days.
+
+<p style="margin-left: 20px">The default value is 3 days.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-engagedrestarttransitionschedule"></a>**Update/EngagedRestartTransitionSchedule**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to control the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. The period can be set between 2 and 30 days from the time the restart becomes pending.
+
+<p style="margin-left: 20px">Supported values are 2-30 days.
+
+<p style="margin-left: 20px">The default value is 7 days.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-excludewudriversinqualityupdate"></a>**Update/ExcludeWUDriversInQualityUpdate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
+> Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to exclude Windows Update (WU) drivers during updates.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Allow Windows Update drivers.
+-   1 – Exclude Windows Update drivers.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-fillemptycontenturls"></a>**Update/FillEmptyContentUrls**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in the April service release of Windows 10, version 1607. Allows Windows Update Agent to determine the download URL when it is missing from the metadata.  This scenario will occur when intranet update service stores the metadata files but the download contents are stored in the ISV file cache (specified as the <a href="#update-updateserviceurlalternate">alternate download URL</a>).
+
+> [!NOTE]
+> This setting should only be used in combination with an alternate download URL and configured to use ISV file cache.  This setting is used when the intranet update service does not provide download URLs in the update metadata for files which are available on the alternate download server.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Disabled.
+-   1 – Enabled.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-ignoremoappdownloadlimit"></a>**Update/IgnoreMOAppDownloadLimit**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for apps and their updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
+
+> [!WARNING]
+> Setting this policy might cause devices to incur costs from MO operators.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Do not ignore MO download limit for apps and their updates.
+-   1 – Ignore MO download limit (allow unlimited downloading) for apps and their updates.
+
+<p style="margin-left: 20px">To validate this policy:
+
+1.  Enable the policy ensure the device is on a cellular network.
+2.  Run the scheduled task on your device to check for app updates in the background. For example, on a mobile device, run the following commands in TShell: 
+      - `regd delete HKEY_USERS\S-1-5-21-2702878673-795188819-444038987-2781\software\microsoft\windows\currentversion\windowsupdate /v LastAutoAppUpdateSearchSuccessTime /f`
+
+      - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\Automatic App Update"""" /I""`
+
+3.   Verify that any downloads that are above the download size limit will complete without being paused.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-ignoremoupdatedownloadlimit"></a>**Update/IgnoreMOUpdateDownloadLimit**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to ignore the MO download limit (allow unlimited downloading) over a cellular network for OS updates. If lower-level limits (for example, mobile caps) are required, those limits are controlled by external policies. 
+
+> [!WARNING]
+> Setting this policy might cause devices to incur costs from MO operators.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Do not ignore MO download limit for OS updates.
+-   1 – Ignore MO download limit (allow unlimited downloading) for OS updates.
+
+<p style="margin-left: 20px">To validate this policy:
+
+1.  Enable the policy and ensure the device is on a cellular network.
+2.  Run the scheduled task on phone to check for OS updates in the background. For example, on a mobile device, run the following commands in TShell: 
+      - `exec-device schtasks.exe -arguments ""/run /tn """"\Microsoft\Windows\WindowsUpdate\AUScheduledInstall"""" /I""`
+
+3.   Verify that any downloads that are above the download size limit will complete without being paused.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-pausedeferrals"></a>**Update/PauseDeferrals**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+>
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use PauseDeferrals for Windows 10, version 1511 devices.
+
+
+<p style="margin-left: 20px">Allows IT Admins to pause updates and upgrades for up to 5 weeks. Paused deferrals will be reset after 5 weeks.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Deferrals are not paused.
+-   1 – Deferrals are paused.
+
+<p style="margin-left: 20px">If the "Specify intranet Microsoft update service location" policy is enabled, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+<p style="margin-left: 20px">If the "Allow Telemetry" policy is enabled and the Options value is set to 0, then the "Defer upgrades by", "Defer updates by" and "Pause Updates and Upgrades" settings have no effect.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-pausefeatureupdates"></a>**Update/PauseFeatureUpdates**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education.
+<p style="margin-left: 20px">Since this policy is not blocked, you will not get a failure message when you use it to configure a Windows 10 Mobile device. However, the policy will not take effect.
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to pause Feature Updates for up to 60 days.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Feature Updates are not paused.
+-   1 – Feature Updates are paused for 60 days or until value set to back to 0, whichever is sooner.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-PauseFeatureUpdatesStartTime"></a>**Update/PauseFeatureUpdatesStartTime**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Feature Updates.
+
+<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-pausequalityupdates"></a>**Update/PauseQualityUpdates**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allows IT Admins to pause Quality Updates.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Quality Updates are not paused.
+-   1 – Quality Updates are paused for 35 days or until value set back to 0, whichever is sooner.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-PauseQualityUpdatesStartTime"></a>**Update/PauseQualityUpdatesStartTime**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the date and time when the IT admin wants to start pausing the Quality Updates.
+
+<p style="margin-left: 20px">Value type is string. Supported operations are Add, Get, Delete, and Replace.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-requiredeferupgrade"></a>**Update/RequireDeferUpgrade**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+>
+> Don't use this policy in Windows 10, version 1607 devices, instead use the new policies listed in [Changes in Windows 10, version 1607 for update management](device-update-management.md#windows10version1607forupdatemanagement). You can continue to use RequireDeferUpgrade for Windows 10, version 1511 devices.
+
+
+<p style="margin-left: 20px">Allows the IT admin to set a device to CBB train.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – User gets upgrades from Current Branch.
+-   1 – User gets upgrades from Current Branch for Business.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-requireupdateapproval"></a>**Update/RequireUpdateApproval**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+<br>
+
+> [!NOTE]
+> If you previously used the **Update/PhoneUpdateRestrictions** policy in previous versions of Windows, it has been deprecated. Please use this policy instead.
+
+
+<p style="margin-left: 20px">Allows the IT admin to restrict the updates that are installed on a device to only those on an update approval list. It enables IT to accept the End User License Agreement (EULA) associated with the approved update on behalf of the end-user. EULAs are approved once an update is approved.
+
+<p style="margin-left: 20px">Supported operations are Get and Replace.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not configured. The device installs all applicable updates.
+-   1 – The device only installs updates that are both applicable and on the Approved Updates list. Set this policy to 1 if IT wants to control the deployment of updates on devices, such as when testing is required prior to deployment.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduleimminentrestartwarning"></a>**Update/ScheduleImminentRestartWarning**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart imminent warning notifications.
+
+<p style="margin-left: 20px">Supported values are 15, 30, or 60 (minutes).
+
+<p style="margin-left: 20px">The default value is 15 (minutes).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-schedulerestartwarning"></a>**Update/ScheduleRestartWarning**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to specify the period for auto-restart warning reminder notifications.
+
+<p style="margin-left: 20px">Supported values are 2, 4, 8, 12, or 24 (hours).
+
+<p style="margin-left: 20px">The default value is 4 (hours).
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstallday"></a>**Update/ScheduledInstallDay**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Enables the IT admin to schedule the day of the update installation.
+
+<p style="margin-left: 20px">The data type is a integer.
+
+<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Every day
+-   1 – Sunday
+-   2 – Monday
+-   3 – Tuesday
+-   4 – Wednesday
+-   5 – Thursday
+-   6 – Friday
+-   7 – Saturday
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstalleveryweek"></a>**Update/ScheduledInstallEveryWeek**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the every week. Value type is integer. Supported values:
+<ul>
+<li>0 - no update in the schedule</li>
+<li>1 - update is scheduled every week</li>
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstallfirstweek"></a>**Update/ScheduledInstallFirstWeek**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the first week of the month. Value type is integer. Supported values:
+<ul>
+<li>0 - no update in the schedule</li>
+<li>1 - update is scheduled every first week of the month</li>
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstallfourthweek"></a>**Update/ScheduledInstallFourthWeek**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the fourth week of the month. Value type is integer. Supported values:
+<ul>
+<li>0 - no update in the schedule</li>
+<li>1 - update is scheduled every fourth week of the month</li>
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstallsecondweek"></a>**Update/ScheduledInstallSecondWeek**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the second week of the month. Value type is integer. Supported values:
+<ul>
+<li>0 - no update in the schedule</li>
+<li>1 - update is scheduled every second week of the month</li>
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstallthirdweek"></a>**Update/ScheduledInstallThirdWeek**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>3</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1709. Enables the IT admin to schedule the update installation on the third week of the month. Value type is integer. Supported values:
+<ul>
+<li>0 - no update in the schedule</li>
+<li>1 - update is scheduled every third week of the month</li>
+</ul>
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-scheduledinstalltime"></a>**Update/ScheduledInstallTime**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Enables the IT admin to schedule the time of the update installation.
+
+<p style="margin-left: 20px">The data type is a integer.
+
+<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
+
+<p style="margin-left: 20px">Supported values are 0-23, where 0 = 12 AM and 23 = 11 PM.
+
+<p style="margin-left: 20px">The default value is 3.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-setautorestartnotificationdisable"></a>**Update/SetAutoRestartNotificationDisable**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allows the IT Admin to disable auto-restart notifications for update installations.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 (default) – Enabled
+-   1 – Disabled
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-setedurestart"></a>**Update/SetEDURestart**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. For devices in a cart, this policy skips the check for battery level to ensure that the reboot will happen at ScheduledInstallTime.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+- 0 - not configured
+- 1 - configured
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-updateserviceurl"></a>**Update/UpdateServiceUrl**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> [!NOTE]
+> This policy is available on Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, and Windows 10 Mobile Enterprise
+
+> [!Important]  
+> Starting in Windows 10, version 1703 this policy is not supported in Windows 10 Mobile Enteprise and IoT Mobile.
+
+<p style="margin-left: 20px">Allows the device to check for updates from a WSUS server instead of Microsoft Update. This is useful for on-premise MDMs that need to update devices that cannot connect to the Internet.
+
+<p style="margin-left: 20px">Supported operations are Get and Replace.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   Not configured. The device checks for updates from Microsoft Update.
+-   Set to a URL, such as `http://abcd-srv:8530`. The device checks for updates from the WSUS server at the specified URL.
+
+Example
+
+``` syntax
+        <Replace>
+            <CmdID>$CmdID$</CmdID>
+            <Item>
+                <Meta>
+                    <Format>chr</Format>
+                    <Type>text/plain</Type>
+                </Meta>
+                <Target>
+                    <LocURI>./Vendor/MSFT/Policy/Config/Update/UpdateServiceUrl</LocURI>
+                </Target>
+                <Data>http://abcd-srv:8530</Data>
+            </Item>
+        </Replace>
+```
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="update-updateserviceurlalternate"></a>**Update/UpdateServiceUrlAlternate**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+> **Note**  This policy is available on Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
+
+<p style="margin-left: 20px">Added in the January service release of Windows 10, version 1607. Specifies an alternate intranet server to host updates from Microsoft Update. You can then use this update service to automatically update computers on your network.
+
+<p style="margin-left: 20px">This setting lets you specify a server on your network to function as an internal update service. The Automatic Updates client will search this service for updates that apply to the computers on your network.
+
+<p style="margin-left: 20px">To use this setting, you must set two server name values: the server from which the Automatic Updates client detects and downloads updates, and the server to which updated workstations upload statistics. You can set both values to be the same server.  An optional server name value can be specified to configure Windows Update agent, and download updates from an alternate download server instead of WSUS Server.
+
+<p style="margin-left: 20px">Value type is string and the default value is an empty string, "". If the setting is not configured, and if Automatic Updates is not disabled by policy or user preference, the Automatic Updates client connects directly to the Windows Update site on the Internet.
+
+> [!Note]  
+> If the "Configure Automatic Updates" Group Policy is disabled, then this policy has no effect.  
+> If the "Alternate Download Server" Group Policy is not set, it will use the WSUS server by default to download updates.  
+> This policy is not supported on Windows RT. Setting this policy will not have any effect on Windows RT PCs.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartHoloLens-->
+## <a href="" id="hololenspolicies"></a>Update policies supported by Windows Holographic for Business  
+
+-   [Update/AllowAutoUpdate](#update-allowautoupdate)  
+-   [Update/AllowUpdateService](#update-allowupdateservice)  
+-   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
+-   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
+-   [Update/UpdateServiceUrl](#update-updateserviceurl)  
+<!--EndHoloLens-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Update policies supported by IoT Core  
+
+-   [Update/AllowNonMicrosoftSignedUpdate](#update-allownonmicrosoftsignedupdate)  
+-   [Update/AllowUpdateService](#update-allowupdateservice)  
+-   [Update/PauseDeferrals](#update-pausedeferrals)  
+-   [Update/RequireDeferUpgrade](#update-requiredeferupgrade)  
+-   [Update/RequireUpdateApproval](#update-requireupdateapproval)  
+-   [Update/ScheduledInstallDay](#update-scheduledinstallday)  
+-   [Update/ScheduledInstallTime](#update-scheduledinstalltime)  
+-   [Update/UpdateServiceUrl](#update-updateserviceurl)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Update policies supported by Microsoft Surface Hub  
+
+-   [Update/AllowAutoUpdate](#update-allowautoupdate)  
+-   [Update/AllowUpdateService](#update-allowupdateservice)  
+-   [Update/AutoRestartNotificationSchedule](#update-autorestartnotificationschedule)  
+-   [Update/AutoRestartRequiredNotificationDismissal](#update-autorestartrequirednotificationdismissal)  
+-   [Update/BranchReadinessLevel](#update-branchreadinesslevel)  
+-   [Update/DeferFeatureUpdatesPeriodInDays](#update-deferfeatureupdatesperiodindays)  
+-   [Update/DeferQualityUpdatesPeriodInDays](#update-deferqualityupdatesperiodindays)  
+-   [Update/DetectionFrequency](#update-detectionfrequency)  
+-   [Update/PauseFeatureUpdates](#update-pausefeatureupdates)  
+-   [Update/PauseQualityUpdates](#update-pausequalityupdates)  
+-   [Update/ScheduleImminentRestartWarning](#update-scheduleimminentrestartwarning)  
+-   [Update/ScheduleRestartWarning](#update-schedulerestartwarning)  
+-   [Update/SetAutoRestartNotificationDisable](#update-setautorestartnotificationdisable)  
+-   [Update/UpdateServiceUrl](#update-updateserviceurl)  
+-   [Update/UpdateServiceUrlAlternate](#update-updateserviceurlalternate)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
new file mode 100644
index 0000000000..61525f5b57
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -0,0 +1,309 @@
+---
+title: Policy CSP - Wifi
+description: Policy CSP - Wifi
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - Wifi
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## Wifi policies  
+
+<!--StartPolicy-->
+<a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">This policy has been deprecated.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wifi-allowautoconnecttowifisensehotspots"></a>**Wifi/AllowAutoConnectToWiFiSenseHotspots**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allow or disallow the device to automatically connect to Wi-Fi hotspots.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Not allowed.
+-   1 (default) – Allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wifi-allowinternetsharing"></a>**Wifi/AllowInternetSharing**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allow or disallow internet sharing.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – Do not allow the use of Internet Sharing.
+-   1 (default) – Allow the use of Internet Sharing.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wifi-allowmanualwificonfiguration"></a>**Wifi/AllowManualWiFiConfiguration**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – No Wi-Fi connection outside of MDM provisioned network is allowed.
+-   1 (default) – Adding new network SSIDs beyond the already MDM provisioned ones is allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+> [!NOTE]
+> Setting this policy deletes any previously installed user-configured and Wi-Fi sense Wi-Fi profiles from the device. Certain Wi-Fi profiles that are not user configured nor Wi-Fi sense might not be deleted. In addition, not all non-MDM profiles are completely deleted.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wifi-allowwifi"></a>**Wifi/AllowWiFi**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allow or disallow WiFi connection.
+
+<p style="margin-left: 20px">The following list shows the supported values:
+
+-   0 – WiFi connection is not allowed.
+-   1 (default) – WiFi connection is allowed.
+
+<p style="margin-left: 20px">Most restricted value is 0.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wifi-allowwifidirect"></a>**Wifi/AllowWiFiDirect**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. Allow WiFi Direct connection..
+
+- 0 - WiFi Direct connection is not allowed.
+- 1 - WiFi Direct connection is allowed.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wifi-wlanscanmode"></a>**Wifi/WLANScanMode**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected.
+
+<p style="margin-left: 20px">Supported values are 0-500, where 100 = normal scan frequency and 500 = low scan frequency.
+
+<p style="margin-left: 20px">The default value is 0.
+
+<p style="margin-left: 20px">Supported operations are Add, Delete, Get, and Replace.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
+<!--StartEAS-->
+## <a href="" id="eas"></a>Wifi policies that can be set using Exchange Active Sync (EAS)  
+
+-   [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
+-   [Wifi/AllowWiFi](#wifi-allowwifi)  
+<!--EndEAS-->
+
+<!--StartIoTCore-->
+## <a href="" id="iotcore"></a>Wifi policies supported by IoT Core  
+
+-   [Wifi/AllowAutoConnectToWiFiSenseHotspots](#wifi-allowautoconnecttowifisensehotspots)  
+-   [Wifi/AllowInternetSharing](#wifi-allowinternetsharing)  
+-   [Wifi/AllowWiFi](#wifi-allowwifi)  
+-   [Wifi/WLANScanMode](#wifi-wlanscanmode)  
+<!--EndIoTCore-->
+
+<!--StartSurfaceHub-->
+## <a href="" id="surfacehubpolicies"></a>Wifi policies supported by Microsoft Surface Hub  
+
+-   [WiFi/AllowWiFiHotSpotReporting](#wifi-allowwifihotspotreporting)  
+<!--EndSurfaceHub-->
+
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
new file mode 100644
index 0000000000..edce18a72e
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -0,0 +1,103 @@
+---
+title: Policy CSP - WindowsInkWorkspace
+description: Policy CSP - WindowsInkWorkspace
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - WindowsInkWorkspace
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## WindowsInkWorkspace policies  
+
+<!--StartPolicy-->
+<a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
+
+<p style="margin-left: 20px">Value type is bool. The following list shows the supported values:
+
+-   0 - app suggestions are not allowed.
+-   1 (default) -allow app suggestions.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
+
+<p style="margin-left: 20px">Value type is int. The following list shows the supported values:
+
+-   0 - access to ink workspace is disabled. The feature is turned off.
+-   1 - ink workspace is enabled (feature is turned on), but the user cannot access it above the lock screen.
+-   2 (default) - ink workspace is enabled (feature is turned on), and the user is allowed to use it above the lock screen.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
new file mode 100644
index 0000000000..29b2de31e3
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -0,0 +1,155 @@
+---
+title: Policy CSP - WindowsLogon
+description: Policy CSP - WindowsLogon
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - WindowsLogon
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## WindowsLogon policies  
+
+<!--StartPolicy-->
+<a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to prevent app notifications from appearing on the lock screen.
+
+If you enable this policy setting, no app notifications are displayed on the lock screen.
+
+If you disable or do not configure this policy setting, users can choose which apps display notifications on the lock screen.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Turn off app notifications on the lock screen*
+-   GP name: *DisableLockScreenAppNotifications*
+-   GP ADMX file name: *logon.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
+
+If you enable this policy setting, the PC's network connectivity state cannot be changed without signing into Windows.
+
+If you disable or don't configure this policy setting, any user can disconnect the PC from the network or can connect the PC to other available networks without signing into Windows.
+
+<!--EndDescription-->
+<!--StartADMX-->
+ADMX Info:  
+-   GP english name: *Do not display network selection UI*
+-   GP name: *DontDisplayNetworkSelectionUI*
+-   GP ADMX file name: *logon.admx*
+
+<!--EndADMX-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
+
+<p style="margin-left: 20px">Value type is bool. The following list shows the supported values:
+
+-   0 (default) - Diabled (visible).
+-   1 - Enabled (hidden).
+
+<p style="margin-left: 20px">To validate on Desktop, do the following:
+
+1.   Enable policy.
+2.   Verify that the Switch account button in Start is hidden.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
new file mode 100644
index 0000000000..ab4b3cb9d6
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -0,0 +1,239 @@
+---
+title: Policy CSP - WirelessDisplay
+description: Policy CSP - WirelessDisplay
+ms.author: maricia
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: nickbrower
+---
+
+# Policy CSP - WirelessDisplay
+
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
+<!--StartPolicies-->
+<hr/>
+
+## WirelessDisplay policies  
+
+<!--StartPolicy-->
+<a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC.  
+
+- 0 - your PC cannot discover or project to other devices.
+- 1 - your PC can discover and project to other devices
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure.  
+
+- 0 - your PC cannot discover or project to other infrastructure devices, although it is possible to discover and project over WiFi Direct.
+- 1 - your PC can discover and project to other devices over infrastructure.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC.
+
+<p style="margin-left: 20px">If you set it to 0 (zero), your PC is not discoverable and you cannot project to it. If you set it to 1, your PC is discoverable and you can project to it above the lock screen. The user has an option to turn it always on or always off except for manual launch. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
+
+<p style="margin-left: 20px">Value type is integer. Valid value:
+
+-   0 - projection to PC is not allowed. Always off and the user cannot enable it.
+-   1 (default) - projection to PC is allowed. Enabled only above the lock screen.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wirelessdisplay-Allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure.  
+
+- 0 - your PC is not discoverable and other devices cannot project to it over infrastructure, although it is possible to project to it over WiFi Direct.
+- 1 - your PC is discoverable and other devices can project to it over infrastructure.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>2</sup></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1703.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<!--StartPolicy-->
+<a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**  
+
+<!--StartSKU-->
+<table>
+<tr>
+	<th>Home</th>
+	<th>Pro</th>
+	<th>Business</th>
+	<th>Enterprise</th>
+	<th>Education</th>
+	<th>Mobile</th>
+	<th>Mobile Enterprise</th>
+</tr>
+<tr>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/checkmark.png" alt="check mark" /><sup>1</sup></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+	<td><img src="images/crossmark.png" alt="cross mark" /></td>
+</tr>
+</table>
+
+<!--EndSKU-->
+<!--StartDescription-->
+<p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing.
+
+<p style="margin-left: 20px">If you turn this on, the pairing ceremony for new devices will always require a PIN. If you turn this off or do not configure it, a PIN is not required for pairing. In PCs that support Miracast, after the policy is applied you can verify the setting from the user interface in **Settings** &gt; **System** &gt; **Projecting to this PC**.
+
+<p style="margin-left: 20px">Value type is integer. Valid value:
+
+-   0 (default) - PIN is not required.
+-   1 - PIN is required.
+
+<!--EndDescription-->
+<!--EndPolicy-->
+<hr/>
+
+Footnote:
+
+-   1 - Added in Windows 10, version 1607.
+-   2 - Added in Windows 10, version 1703.
+-   3 - Added in Windows 10, version 1709.
+
+<!--EndPolicies-->
+

From 4ea78489abe4456a603f38aa7c603cc7c94806e6 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Jul 2017 15:22:18 -0700
Subject: [PATCH 36/49] fixed engaged restart reference

---
 windows/deployment/update/waas-restart.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 1c88ea8fb5..0b33aa08b4 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -7,6 +7,7 @@ ms.sitesec: library
 author: DaniHalfin
 localizationpriority: high
 ms.author: daniha
+ms.date: 07/05/2017
 ---
 
 # Manage device restarts after updates
@@ -130,10 +131,10 @@ In MDM, the warning reminder is configured using [**Update/ScheduleRestartWarnin
 
 ### Engaged restart
 
-Engaged restart is the period of time when users are required to schedule a restart. When this period ends (7 days by default), Windows transitions to auto-restart outside of active hours.
+Engaged restart is the period of time when users are required to schedule a restart. Initially, Windows will auto-restart outside of working hours. Once the set period ends (7 days by default), Windows transitions to user scheduled restarts.
 
 The following settings can be adjusted for engaged restart:
-* Period of time before engaged restart transitions to auto-restart.
+* Period of time before auto-restart transitions to engaged restart.
 * The number of days that users can snooze engaged restart reminder notifications.
 * The number of days before a pending restart automatically executes outside of working hours.
 

From 9f789cb564efb1807347700192a35d8a97a5d811 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Wed, 5 Jul 2017 22:35:31 +0000
Subject: [PATCH 37/49] Merged PR 2063: fixed engaged restart reference

fixed engaged restart reference
---
 windows/deployment/update/waas-restart.md | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/windows/deployment/update/waas-restart.md b/windows/deployment/update/waas-restart.md
index 1c88ea8fb5..0b33aa08b4 100644
--- a/windows/deployment/update/waas-restart.md
+++ b/windows/deployment/update/waas-restart.md
@@ -7,6 +7,7 @@ ms.sitesec: library
 author: DaniHalfin
 localizationpriority: high
 ms.author: daniha
+ms.date: 07/05/2017
 ---
 
 # Manage device restarts after updates
@@ -130,10 +131,10 @@ In MDM, the warning reminder is configured using [**Update/ScheduleRestartWarnin
 
 ### Engaged restart
 
-Engaged restart is the period of time when users are required to schedule a restart. When this period ends (7 days by default), Windows transitions to auto-restart outside of active hours.
+Engaged restart is the period of time when users are required to schedule a restart. Initially, Windows will auto-restart outside of working hours. Once the set period ends (7 days by default), Windows transitions to user scheduled restarts.
 
 The following settings can be adjusted for engaged restart:
-* Period of time before engaged restart transitions to auto-restart.
+* Period of time before auto-restart transitions to engaged restart.
 * The number of days that users can snooze engaged restart reminder notifications.
 * The number of days before a pending restart automatically executes outside of working hours.
 

From 50a991725df4f06ff1300af1eb32f8a81b591a73 Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Wed, 5 Jul 2017 22:35:33 +0000
Subject: [PATCH 38/49] Merged PR 2056: Merge vso-12463293 to master

Reorganize TOC
---
 windows/deployment/TOC.md                     | 181 ++++++++++--------
 windows/deployment/deploy.md                  |  34 ++++
 windows/deployment/index.md                   |  50 ++---
 .../windows-10-deployment-tools-reference.md  |   6 +-
 .../windows-deployment-scenarios-and-tools.md |   2 +-
 5 files changed, 160 insertions(+), 113 deletions(-)
 create mode 100644 windows/deployment/deploy.md

diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index 7dc9c4e629..b6cd2db81d 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -1,19 +1,47 @@
-# [Deploy, Upgrade and Update Windows 10](index.md)
+# [Deploy and update Windows 10](index.md)
 
-## Deploy Windows 10
-### [What's new in Windows 10 deployment](deploy-whats-new.md)
+## [What's new in Windows 10 deployment](deploy-whats-new.md)
+## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
+## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
+## [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
+
+## [Deploy Windows 10](deploy.md)
+### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
+### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
+
+
+### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
+#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
+#### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
+#### [Get started with Upgrade Readiness](upgrade/upgrade-readiness-get-started.md)
+##### [Upgrade Readiness deployment script](upgrade/upgrade-readiness-deployment-script.md)
+#### [Use Upgrade Readiness to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md)
+##### [Upgrade overview](upgrade/upgrade-readiness-upgrade-overview.md)
+##### [Step 1: Identify apps](upgrade/upgrade-readiness-identify-apps.md)
+##### [Step 2: Resolve issues](upgrade/upgrade-readiness-resolve-issues.md)
+##### [Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md)
+##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md)
+#### [Troubleshoot Upgrade Readiness](upgrade/troubleshoot-upgrade-readiness.md)
+
+### [Windows 10 deployment test lab](windows-10-poc.md)
+#### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
+#### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
 
 ### [Plan for Windows 10 deployment](planning/index.md)
 #### [Windows 10 Enterprise FAQ for IT Pros](planning/windows-10-enterprise-faq-itpro.md)
 #### [Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)
 #### [Windows 10 compatibility](planning/windows-10-compatibility.md)
 #### [Windows 10 infrastructure requirements](planning/windows-10-infrastructure-requirements.md)
-#### [Windows To Go: feature overview](planning/windows-to-go-overview.md)
-##### [Best practice recommendations for Windows To Go](planning/best-practice-recommendations-for-windows-to-go.md)
-##### [Deployment considerations for Windows To Go](planning/deployment-considerations-for-windows-to-go.md)
-##### [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md)
-##### [Security and data protection considerations for Windows To Go](planning/security-and-data-protection-considerations-for-windows-to-go.md)
-##### [Windows To Go: frequently asked questions](planning/windows-to-go-frequently-asked-questions.md)
+
+#### [Volume Activation [client]](volume-activation/volume-activation-windows-10.md)
+##### [Plan for volume activation [client]](volume-activation/plan-for-volume-activation-client.md)
+##### [Activate using Key Management Service [client]](volume-activation/activate-using-key-management-service-vamt.md)
+##### [Activate using Active Directory-based activation [client]](volume-activation/activate-using-active-directory-based-activation-client.md)
+##### [Activate clients running Windows 10](volume-activation/activate-windows-10-clients-vamt.md)
+##### [Monitor activation [client]](volume-activation/monitor-activation-client.md)
+##### [Use the Volume Activation Management Tool [client]](volume-activation/use-the-volume-activation-management-tool-client.md)
+##### [Appendix: Information sent to Microsoft during activation [client]](volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md)
+
 #### [Application Compatibility Toolkit (ACT) Technical Reference](planning/act-technical-reference.md)
 ##### [SUA User's Guide](planning/sua-users-guide.md)
 ###### [Using the SUA Wizard](planning/using-the-sua-wizard.md)
@@ -39,15 +67,67 @@
 ####### [Testing Your Application Mitigation Packages](planning/testing-your-application-mitigation-packages.md)
 ###### [Using the Sdbinst.exe Command-Line Tool](planning/using-the-sdbinstexe-command-line-tool.md)
 ##### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
+
 #### [Change history for Plan for Windows 10 deployment](planning/change-history-for-plan-for-windows-10-deployment.md)
 
-### [Overview of Windows AutoPilot](windows-10-auto-pilot.md)
 
-### [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
-### [Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md)
-#### [Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
+
+### [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
+#### [Get started with the Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
+##### [Key features in MDT](deploy-windows-mdt/key-features-in-mdt.md)
+##### [MDT Lite Touch components](deploy-windows-mdt/mdt-lite-touch-components.md)
+##### [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
+#### [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md)
+#### [Deploy a Windows 10 image using MDT](deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md)
+#### [Build a distributed environment for Windows 10 deployment](deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md)
+#### [Refresh a Windows 7 computer with Windows 10](deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md)
+#### [Replace a Windows 7 computer with a Windows 10 computer](deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md)
+#### [Perform an in-place upgrade to Windows 10 with MDT](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
+#### [Configure MDT settings](deploy-windows-mdt/configure-mdt-settings.md)
+##### [Set up MDT for BitLocker](deploy-windows-mdt/set-up-mdt-for-bitlocker.md)
+##### [Configure MDT deployment share rules](deploy-windows-mdt/configure-mdt-deployment-share-rules.md)
+##### [Configure MDT for UserExit scripts](deploy-windows-mdt/configure-mdt-for-userexit-scripts.md)
+##### [Simulate a Windows 10 deployment in a test environment](deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md)
+##### [Use the MDT database to stage Windows 10 deployment information](deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md)
+##### [Assign applications using roles in MDT](deploy-windows-mdt/assign-applications-using-roles-in-mdt.md)
+##### [Use web services in MDT](deploy-windows-mdt/use-web-services-in-mdt.md)
+##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
+
+
+
+### [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
+#### [Integrate Configuration Manager with MDT](deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
+#### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
+#### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
+#### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
+#### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
+#### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
+#### [Create a task sequence with Configuration Manager and MDT](deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
+#### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
+#### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md)
+#### [Monitor the Windows 10 deployment with Configuration Manager](deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md)
+#### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+#### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+#### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
+
+
+
+
+### [Windows 10 deployment tools](windows-10-deployment-tools-reference.md)
+
+#### [Convert MBR partition to GPT](mbr-to-gpt.md)
+#### [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
 #### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
+
+#### [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
+##### [Windows To Go: feature overview](planning/windows-to-go-overview.md)
+###### [Best practice recommendations for Windows To Go](planning/best-practice-recommendations-for-windows-to-go.md)
+###### [Deployment considerations for Windows To Go](planning/deployment-considerations-for-windows-to-go.md)
+###### [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md)
+###### [Security and data protection considerations for Windows To Go](planning/security-and-data-protection-considerations-for-windows-to-go.md)
+###### [Windows To Go: frequently asked questions](planning/windows-to-go-frequently-asked-questions.md)
+
 #### [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)
 ##### [Introduction to VAMT](volume-activation/introduction-vamt.md)
 ##### [Active Directory-Based Activation Overview](volume-activation/active-directory-based-activation-overview.md)
@@ -132,64 +212,7 @@
 ####### [XML Elements Library](usmt/usmt-xml-elements-library.md)
 ###### [Offline Migration Reference](usmt/offline-migration-reference.md)
 
-### [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
-#### [Integrate Configuration Manager with MDT](deploy-windows-mdt/integrate-configuration-manager-with-mdt.md)
-#### [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-sccm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
-#### [Create a custom Windows PE boot image with Configuration Manager](deploy-windows-sccm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-#### [Add a Windows 10 operating system image using Configuration Manager](deploy-windows-sccm/add-a-windows-10-operating-system-image-using-configuration-manager.md)
-#### [Create an application to deploy with Windows 10 using Configuration Manager](deploy-windows-sccm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-#### [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](deploy-windows-sccm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-#### [Create a task sequence with Configuration Manager and MDT](deploy-windows-mdt/create-a-task-sequence-with-configuration-manager-and-mdt.md)
-#### [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](deploy-windows-sccm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md)
-#### [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-sccm/deploy-windows-10-using-pxe-and-configuration-manager.md)
-#### [Monitor the Windows 10 deployment with Configuration Manager](deploy-windows-sccm/monitor-windows-10-deployment-with-configuration-manager.md)
-#### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-sccm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-#### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](deploy-windows-sccm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
-#### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
-#### [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md)
-
-### [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
-#### [Get started with the Microsoft Deployment Toolkit (MDT)](deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md)
-##### [Key features in MDT](deploy-windows-mdt/key-features-in-mdt.md)
-##### [MDT Lite Touch components](deploy-windows-mdt/mdt-lite-touch-components.md)
-##### [Prepare for deployment with MDT](deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
-#### [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md)
-#### [Deploy a Windows 10 image using MDT](deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md)
-#### [Build a distributed environment for Windows 10 deployment](deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md)
-#### [Refresh a Windows 7 computer with Windows 10](deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md)
-#### [Replace a Windows 7 computer with a Windows 10 computer](deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md)
-#### [Perform an in-place upgrade to Windows 10 with MDT](upgrade/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-#### [Configure MDT settings](deploy-windows-mdt/configure-mdt-settings.md)
-##### [Set up MDT for BitLocker](deploy-windows-mdt/set-up-mdt-for-bitlocker.md)
-##### [Configure MDT deployment share rules](deploy-windows-mdt/configure-mdt-deployment-share-rules.md)
-##### [Configure MDT for UserExit scripts](deploy-windows-mdt/configure-mdt-for-userexit-scripts.md)
-##### [Simulate a Windows 10 deployment in a test environment](deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md)
-##### [Use the MDT database to stage Windows 10 deployment information](deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md)
-##### [Assign applications using roles in MDT](deploy-windows-mdt/assign-applications-using-roles-in-mdt.md)
-##### [Use web services in MDT](deploy-windows-mdt/use-web-services-in-mdt.md)
-##### [Use Orchestrator runbooks with MDT](deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md)
-#### [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-
-### [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
-
-## Upgrade to Windows 10
-### [Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md)
-### [Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md)
-### [Deploy Windows To Go in your organization](deploy-windows-to-go.md)
-### [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)
-### [Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md)
-#### [Upgrade Readiness architecture](upgrade/upgrade-readiness-architecture.md)
-#### [Upgrade Readiness requirements](upgrade/upgrade-readiness-requirements.md)
-#### [Get started with Upgrade Readiness](upgrade/upgrade-readiness-get-started.md)
-##### [Upgrade Readiness deployment script](upgrade/upgrade-readiness-deployment-script.md)
-#### [Use Upgrade Readiness to manage Windows upgrades](upgrade/use-upgrade-readiness-to-manage-windows-upgrades.md)
-##### [Upgrade overview](upgrade/upgrade-readiness-upgrade-overview.md)
-##### [Step 1: Identify apps](upgrade/upgrade-readiness-identify-apps.md)
-##### [Step 2: Resolve issues](upgrade/upgrade-readiness-resolve-issues.md)
-##### [Step 3: Deploy Windows](upgrade/upgrade-readiness-deploy-windows.md)
-##### [Additional insights](upgrade/upgrade-readiness-additional-insights.md)
-#### [Troubleshoot Upgrade Readiness](upgrade/troubleshoot-upgrade-readiness.md)
-### [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
+### [Change history for deploy Windows 10](change-history-for-deploy-windows-10.md)
 
 ## [Update Windows 10](update/index.md)
 ### [Quick guide to Windows as a service](update/waas-quick-start.md)
@@ -218,18 +241,8 @@
 #### [Windows Insider Program for Business Frequently Asked Questions](update/waas-windows-insider-for-business-faq.md)
 ### [Change history for Update Windows 10](update/change-history-for-update-windows-10.md)
 
-## [Convert MBR partition to GPT](mbr-to-gpt.md)
-## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md)
-## [Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)
-## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
 
-## [Volume Activation [client]](volume-activation/volume-activation-windows-10.md)
-### [Plan for volume activation [client]](volume-activation/plan-for-volume-activation-client.md)
-### [Activate using Key Management Service [client]](volume-activation/activate-using-key-management-service-vamt.md)
-### [Activate using Active Directory-based activation [client]](volume-activation/activate-using-active-directory-based-activation-client.md)
-### [Activate clients running Windows 10](volume-activation/activate-windows-10-clients-vamt.md)
-### [Monitor activation [client]](volume-activation/monitor-activation-client.md)
-### [Use the Volume Activation Management Tool [client]](volume-activation/use-the-volume-activation-management-tool-client.md)
-### [Appendix: Information sent to Microsoft during activation [client]](volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md)
 
-## [Change history for Deploy, Upgrade and Update Windows 10](change-history-for-deploy-windows-10.md)
\ No newline at end of file
+
+## [Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md)
+
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
new file mode 100644
index 0000000000..429f29de1a
--- /dev/null
+++ b/windows/deployment/deploy.md
@@ -0,0 +1,34 @@
+---
+title: Deploy Windows 10 (Windows 10)
+description: Deploying Windows 10 for IT professionals.
+ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+localizationpriority: high
+author: greg-lindsay
+---
+
+# Deploy Windows 10
+
+Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and topics are available.
+
+
+|Topic |Description |
+|------|------------|
+|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
+|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
+|[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
+|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
+|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
+|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
+|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
+|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/deployment/index.md b/windows/deployment/index.md
index 6b815392d2..cfd9442f73 100644
--- a/windows/deployment/index.md
+++ b/windows/deployment/index.md
@@ -1,6 +1,6 @@
 ---
-title: Deploy Windows 10 (Windows 10)
-description: Learn about deploying Windows 10 for IT professionals.
+title: Deploy and update Windows 10 (Windows 10)
+description: Deploying and updating Windows 10 for IT professionals.
 ms.assetid: E9E2DED5-DBA7-4300-B411-BA0FD39BE18C
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,34 +9,37 @@ localizationpriority: high
 author: greg-lindsay
 ---
 
-# Deploy, Upgrade and Update Windows 10
-Learn about deployment in Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10.
+# Deploy and Update Windows 10
 
-## In this section
+Learn about deployment in Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10. The following sections and topics are available.
 
-
-### Deploy Windows 10
 |Topic |Description |
 |------|------------|
 |[What's new in Windows 10 deployment](deploy-whats-new.md) |See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. |
-|[Plan for Windows 10 deployment](planning/index.md) | This topic provides information about Windows 10 deployment considerations. It also provides details to assist in Windows 10 deployment planning. |
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
-|[Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md) |Learn about the tools available to deploy Windows 10. |
-|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
-|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
-|[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
+|[Windows 10 Enterprise E3 in CSP Overview](deploy-whats-new.md) |Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. |
+|[Resolve Windows 10 upgrade errors](windows-10-enterprise-e3-overview.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
+
+
+## Deploy Windows 10
+
+Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment.
 
-### Upgrade to Windows 10
 |Topic |Description |
 |------|------------|
-|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |You can upgrade directly to Windows 10 from a previous operating system. |
-|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. |
-|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
-|[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) |This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. |
+|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
+|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
 |[Manage Windows upgrades with Upgrade Readiness](upgrade/manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
-|[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
+|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). |
+|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
+|[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
+|[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-sccm/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
+|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
+
+## Update Windows 10
+
+Information is provided about keeping Windows 10 up-to-date.
 
-### Update Windows 10
 |Topic |Description |
 |------|------------|
 | [Quick guide to Windows as a service](update/waas-quick-start.md) | Provides a brief summary of the key points for the new servicing model for Windows 10. |
@@ -54,14 +57,11 @@ Learn about deployment in Windows 10 for IT professionals. This includes deploy
 | [Manage additional Windows Update settings](update/waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
 | [Windows Insider Program for Business](update/waas-windows-insider-for-business.md) | Explains how the Windows Insider Program for Business works and how to become an insider. |
 
-### Additional topics
+## Additional topics
+
 |Topic |Description |
 |------|------------|
-|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
-|[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
-|[Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10) |Sideload line-of-business apps in Windows 10. |
-|[Volume Activation [client]](volume-activation/volume-activation-windows-10.md) |This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows. |
-|[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md) |This topic lists new and updated topics in the Deploy Windows 10 documentation for [Windows 10 and Windows 10 Mobile](/windows/windows-10). |
+|[Upgrade a Windows Phone 8.1 to Windows 10 Mobile with Mobile Device Management](upgrade/upgrade-windows-phone-8-1-to-10.md) |This topic describes how to upgrade eligible Windows Phone 8.1 devices to Windows 10 Mobile. |
 
  
 
diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md
index a6b000c3e9..2a08717439 100644
--- a/windows/deployment/windows-10-deployment-tools-reference.md
+++ b/windows/deployment/windows-10-deployment-tools-reference.md
@@ -1,5 +1,5 @@
 ---
-title: Windows 10 deployment tools reference (Windows 10)
+title: Windows 10 deployment tools (Windows 10)
 description: Learn about the tools available to deploy Windows 10.
 ms.assetid: 5C4B0AE3-B2D0-4628-9E73-606F3FAA17BB
 ms.prod: w10
@@ -8,7 +8,7 @@ ms.sitesec: library
 author: greg-lindsay
 ---
 
-# Windows 10 deployment tools reference
+# Windows 10 deployment tools
 
 
 Learn about the tools available to deploy Windows 10.
@@ -29,7 +29,7 @@ Learn about the tools available to deploy Windows 10.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)</p></td>
+<td align="left"><p>[Windows 10 deployment tools reference](windows-deployment-scenarios-and-tools.md)</p></td>
 <td align="left"><p>To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.</p></td>
 </tr>
 <tr class="even">
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index a159244f1a..d1fe29aa6f 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 author: mtniehaus
 ---
 
-# Windows 10 deployment tools
+# Windows 10 deployment tools reference
 
 
 To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment.

From 3ee0c59fbd8c57a5c1aa02fa88212c17bfd77cf2 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Wed, 5 Jul 2017 15:37:03 -0700
Subject: [PATCH 39/49] updates from review

---
 store-for-business/add-profile-to-devices.md |  12 +++++-------
 store-for-business/images/add-devices.png    | Bin 11228 -> 15731 bytes
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 3e3d833c08..45c892d672 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -55,20 +55,20 @@ Columns in the device information file need to use this naming and be in this or
 - Column 2: Windows Product ID 
 - Column 3: Hardware Hash
 
-When you add devices, you need to add them to a *device group*. Device groups allow you to apply an AutoPilot deployment profile to mutliple devices. The first time you add devices to a group, you'll need to create a device group. 
+When you add devices, you need to add them to an *AutoPilot deployment group*. AutoPilot deployment groups allow you to apply an AutoPilot deployment profile to multiple devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group. 
 
 > [!NOTE]
-> You can only add devices to a group when you add devices to **Micrososft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. 
+> You can only add devices to a group when you add devices to **Microsoft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. 
 
 **Add and group devices**
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **Add devices**, navigate to the *.csv file and select it. 
-4. Type a name for a new device group, or choose one from the list, and then click **Add**. </br>
+4. Type a name for a new AutoPilot deployment group, or choose one from the list, and then click **Add**. </br>
 If you don't add devices to a group, you can select the individual devices to apply a profile to. <br>  
 ![Screenshot of Add devices to a group dialog. You can create a new group, or select a current group.](images/add-devices.png)</br>
  
-5. Click the devices or device group that you want to manage. You need to select devices before you can apply an AutoPilot deployment profile. 
+5. Click the devices or AutoPilot deployment group that you want to manage. You need to select devices before you can apply an AutoPilot deployment profile. You can switch between seeing groups or devices by clicking **View groups** or **View devices**. 
 
 **Apply AutoPilot deployment profile**
 1. When you have devices selected, click **AutoPilot deployment**. 
@@ -78,7 +78,6 @@ If you don't add devices to a group, you can select the individual devices to ap
     > The first time you use AutoPilot deployment profiles, you'll need to create one. See [Create AutoPilot profile](#create-autopilot-profile).
      
 3. Microsoft Store for Business applies the profile to your selected devices, and shows the profile name on **Devices**.
-TBD: art 
 
 ## Manage AutoPilot deployment profiles
 You can manage the AutoPilot deployment profiles created in Microsoft Store. You can create a new profile, edit, or delete a profile. 
@@ -88,7 +87,6 @@ You can manage the AutoPilot deployment profiles created in Microsoft Store. You
 1. Sign in to [Microsoft Store for Business](http://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com). 
 2. Click **Manage**, and then click **Devices**.
 3. Click **AutoPilot deployment**, and then click **Create new profile**. 
-TBD: art. 
 4. Name the profile, choose the settings to include, and then click **Create**.</br>
 The new profile is added to the **AutoPilot deployment** list.  
 
@@ -115,7 +113,7 @@ Here's more info on some of the errors you might see while working with AutoPilo
 | ---------- | ------------------- |
 | wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
 | wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multliple .csv files. |
+| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
 | wadp004    | Try that again. Something happened on our end. Waiting a bit might help. |
 | wadp005    | Check with your device provider for your csv file. One of the devices on your list has been claimed by another organization. |
 | wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file
diff --git a/store-for-business/images/add-devices.png b/store-for-business/images/add-devices.png
index 14093fd6490ebb4efbb14f0d537aa60aedab0c2e..b8f274c60000a3e0ca152bf7393f3be9b9493800 100644
GIT binary patch
literal 15731
zcmdtJWl$Z__a%zEyK8WFces!Qxkzv)z{MfB2Z!K6gS)%CySsC-;ChkZFv;)Dhnf1n
zd9P;Px7SrIr~2&Pr+4?MUcJ{|5kO^mbQBU4C@3iOj|#GCP*Bk6e~+7y5dLll0&bxH
z?x3C3<fWmirpS)}HsCC!l%$}bYGYAfOyK{vksTFuoS~p_T>h=lU<*nQC@3+ckFru4
z9){<eh(37cPl#7re>QKy-bcB#orL(Z@KUmnGxXZi)pt!+_pB`UEcDuOCesu!OmG^O
zv^4W^=lz+*^VIvVRdl!k5r{UHZ&&u-#KeWN=V9jkeHTwcv?7&p6xYzkk@iZ1tDdT^
z!*{u~Ng}hTS7B@7IHD6|3CtuL<?0$wD|M#pF%c}n3%bspf2T>z8@<pX?)%N^_Y9o9
zLMEM0Bb}VoIEMxwKXGsl5t(%lz13mZj@t~WJL4KSL$#iE$BloTNw=+H`g`(h8M|I~
zA`u)Df^HVYb-+%>|8EE}{h?e#sq0QFf9;(`Fi8J)v>!I<|J$8`tcYKOud%Jj%Q>et
z7sa6X5gqD3Hh$8MD?krHVkUUkDj{X_U+Zx{wUD2!{AP*6{$9B@8|VRNHZ%a?Ot}Dz
z%>t|p<(4$bY!^(%1|qKJ73%%C{^O+h!%ft{gq1pV`NzREbes73<DkeQB|zNTUFdwz
zfBajHib-P=QVq|(;CO`6_g!kiMTh?z?8>xb4yz5zoNkcg-ee>-%X+{j{9V<uGUor~
z9g7l+adaaz2%SVRQ;<OFZ6}r63P+KSNnx~l7ZL7X6fe)7yfo5%xt!PV;94mV;ygpm
zmKq{}E}D6RM;Z5@{}YO5<U$p^q8ReXo`j3pa7=VXG7)TQiYnr6tbbm(n)hl<{>ISl
z|0RYK=YqC>J+_knPe$FxHKkKZG6x_1>8ipEjKUgT!)9!sF1HXYPb;KO0%SlUlM-fY
z`IX$L-fHzGZc04vwL738!vaE)cc8kf6hYm1T4DAyqcaQlp9}d+@I@Mg1!;3cBr#x2
zvkE`z73c7SZBwT=<;C0KeN9`D|I}0WR_y-eg`-mDh(;|eCiqbhgYWgeW|q)y$oF16
zW`ln@YTm`=8PQ{>@yn5;QhU&*X~>|pvr?wWzR1>4Uf5gA*!<&9v0mu%)!WE!c(<(+
z0mscdft{vxhrz~WaG<|$`}7yWsE4QXeGeP;Cf>%k%#^EUj`_muchdAhwDQfJw5RFd
zrT&L*y-V3|t)qO0S~bf%*|8EKm-V{(JbvkLy$A`b((kU5#%E+grzU1L!cmu9D-n}M
z{;{w4?~h-Xk3@48OZ3$l)R-2pu4bejQU6F5e(TbrcAgYeGOKzQS@MP81RBg=)Ldk9
znC%zgEH4O|UiK7Kcga1uZ<%aXnJ!Nl<p`mwh&>7<zBYq{WP9Q>ZJY|kkRq#ff=7e;
zYYyJ+hs;>q`Y|{}pDu(e^!YQvmSLaDgOu}K{LUoi_B!`f%nS@uY@Q?%R5xcmy(H=0
zlklZ!!jeylbsxJ~`(K6Yx_f1+eNomOym?kBdvq|<D<+M4y+&z0>|=1Y>_0hAicQUE
zhc>{LGFlx4>XwJ-FSUQR=$oAgQkWF|!5)U9n-rK<l|3IF7{yy)f!_~>&&&LX+}U1K
zr(aN1MBa{OYF#ensnm}=erj7L?dnWOmTce9M563b*;ocu+K{Oe@`aP~6i6DM691zi
zD*sm9fj{w}fc9>iTBDgr|HexYsP!|#j%ie3wLaxfB~+$Z%JW2};5W`B@syB*ckVe5
z>vTW#TJ}%jP8*DKbxYh65k;&hHbKSe{iOH9&uW=Mr?o16*kG?Wnlo@+z^C>w*h=(9
z(21z{@Qh~clcpHi5(e377rdVP`7qd^bfj7kJnv97;hv-#Z4;yLUF|d?z>L9U={B<V
z7D5P_<w32v3FDZd83Cp1<y^kCE^y~RC<vb)N+k-owjbyK<9`KCirkytUu-H&R|fAV
zCiPv2A{+}HagH+%lw90;WtSGhSe2HJR0<jb4yp(i_~s#XuG9=-_+j71K}?+)8{gA)
z<LD@=Z)rhJ_(_HN6oX$H8GNQTz~MjA2vXbERk!lO7H5Ld%1HO4r+m5jlBoIE$QREU
zjP6}?SnshqlOy)DE^R@1W@ZKW4VnkkY_FV)_?98O&CAAz$#yHvBJd(sTg>UP%hBKp
zaz4RSukSGiJa+1c)+8AzP^=B_N_Lq?wv2-TuR=%P&Vx$})x7+l;`0n$g99sD5zx=Y
zhC{&1v%$j4brYGBpd4R(ee+*V-*oD>#0KkSU#JU9&}ZLtKfq-k+yk;P<Y_fK+E6}f
ziHCdomI^%0+AHdKaQWa*r8qBlg@{mkU?cuOiLZ6waJvwK+mdqT^!M^F8!hyJToiiT
zlpBn&j7X3D$sDnrF@0-{#5#4|)p2kb9sYd3@k5|X;(NZ3&PpQ>u^c)@%Wh~nR&Kq?
z^Vq(}!+vahddd&~_h%LljI_Yirb%s=^;06B$1mZxIs2=mkO`$_Y6cKN-ne-GX0_#R
z9m|l63|Ae5GIl3dOI&toR<z)QW&Y*wNNf|9zR&JkA@>3W)V}M>+L^kMvkCOnl7^A)
z$r2&%%eF(g<XcpQnqiSeXhA0{^y_g?cb|N2&-pb3_;S{^ds08*8c!R=K3{ZEZk><H
zYhDXzL%wkL0TiXSwi9Aw(VxZrC{#M0h-1E945nXJ2j*>QL`6a5dSk1%llLj}D;uy#
z`Tb(GjJzpBXSh;%83*oG!DQO)yGEe!j3DpisJ>+ff4HrPo7rU}GMyvHG~(ruvbz5S
z2?=|ri06K%haINlBgm-2=MVlFBdd&z47n}%mCH#1iofd>>B8R%|2oncayNWwY7>H3
zq(Tluetw@DZIsvN%}bzs!N68de<S~*oij9N!#;E(pJMDg4mClB9n!zvB_F*E)aMt6
zZW_{O-V(Vwi1h}_?$mwT4?BvXh^~zQuUt=SLCnXf7t|m5NIN-A=71iz7l2=<HM`U9
zyMrnM+a)d&Zacs%Y{E@P@+U-Q)x>L|i>`ONv+2p+*m7~nU(C?zVFP(SHz*r#eS{^Y
zV}nDkq%}`_%{7e!xIC6<A)0{v9*$-jk3PB<swLFMFoA9GI%QuhqO(<dcmEhi6OGdb
zYw)qVF_=$<+H1*_`EzYvdhPCxO>G-L_FfVqr1;rL{)-Jdf0Y+uwO<`6^xL-zy&EP!
z{dR=Qj&5|=qA6M1@5wm1&@4tRgdF}I@Sdf5kjv`1S^qvf*#}+7y?phM{5pziS|{RG
zr5CBgy9grgp+3@dlSaqOeQdmeB6&!fwZ~BOP@J~E<*ybEa@}aXWbugK71F<pE_;XH
zJ)n&U%bhmQW*N7x>FxcuvrBT%%ElaqdLsH&n;?`eH}T!34u)KARgX~bV7(C4gd(a`
zjI(Z|4vKP?JT7;ajE1xR@~px7?3A6c&%?Q2U$>4k^rGi}s@a0CX~o}-;ob18xXcbX
znLi(&pSc$#dJXfPTPPl{mv<qvPgipgG#v=E7j5L9Us?8<M_%ClsMyu`<#_n=t8d+#
zq+odhUnJNwKNOY2KZR}u)YfQP&DpII=y+#lQ@HH!;Z@6dTqhq==T=XpEgW)J4Q6~`
z&}Tm@byujSw8YjFbNa;zSt|}6W7mx@ReE^(WfLqOQ6FNPX1jKu<+w9J*9X>hVhfCW
z9?b7sV96p_JFD!IA&kYRczy}z?H1cpH(6^a4<QSp!t=Z7;Jja3294gnRcGT5MYjO8
zy$dw4mTf^+IJXx0SC6<_sF4&NMsaRRAi}Ixx6rGZVIk?$c+B7eKiuHW%w3-Zpt=@^
zwler@FI9)%`j@_Jt)e#iSd{StG+g_qbxi5>7B%(qnx|H|zEl=UeCrIBqe8uvW|Pi1
zBg@1h{_YM1BLByE-jpWqyL{>H)ZD&9t1lWw{3g$*%g7&j9B|48%(E(J^;*uy9{W!8
znT@We#8Ob)JK|YiS&=gPBAZ!pC?0R)Y;>{sU-rCq$`~Y){F?UtIVQ5aBOPnLq~W0~
zb$y5;l91O<ITvlJENl;kR|g=!-@8`vzRm_|A>pQo(pMO?Yd$=69)>{70LasR2};$1
z!2&6UG@^gH>dC}Cek1JsS$3aMAu!qBBt+$@_LeHai|y`b{pxp<!RdBpF8!%8)36#Z
znXN<G!`ZU&wiQ<>*x+54IqH{FLfoP(;`}Vz+2fHa^^#dfP1PLr${GfWfIjbM51!Uf
zUd_ixDSaUc)mUmLw$lAg-AH~Bdm%}q^6<2kMfsvSsbco2S1&`~yey*~FFRO5@Sk;$
zWa#?lj%h>IjaI2#W*|;P#~xx`3aQ`r>s`K1_I=h;!cOk2m)Gs;v@fo4d>ZTv{ggh_
zdPpfP*<IT=Y~>obxWUxn{LU*yDyIIxRV?SI-5z{M7>j!#aZ`EQD#k*AXTk2N=J-W#
zCsMu|??4Rl%eeT}+fS;1^F(D@bu|?(Jy)Z}X$)$o$^HK0B}=Xu*XcoVFhT89rp6^%
zW@{h%{4mnztu-d1V?JNAm>OHJ7EbG9(z#RfQ$w6QTnl8<@&RrFIJ39dzKYrYkY)aZ
z8N*ro=0v1-_epJ&-g%pXWeJZLZj<A5F;@VV+Lkx4<)mr3Fgw!UM>QOol*6YXKYR*?
zdAyFiZ!ljTb-J1*(a^G+L+?5*gm5XPr6^<S#JnMMt1^f!N5X~euEb%+*fEjdw0n)U
zQ`5^>1kK60#^ntd{wndFirn(e-iYz{E?t0|t?)+F<Nao&pb=lr_0So-ma%OM8esk7
zvZC$2f{<~~PxE`)wMegh5(#~;JD-6;5Op)u<MFfVjDDDdp+DaJmcImeOEb7_j8|jz
zrS|KNLV^7TBl@NLyuS>+Vax{-h15!z-=FX`uxiZJnE@MbtnB1C>;`fWB&5LNGU#>p
zulZff=&@oR5*PlCLf^_sRe^EH1`8S!M8<<gmws3_ZYi`htPRU0MPY%-D(}Cio^j7T
zz2moph%mv<LN5b)nk4?LhHYrjNyLIcuWMg+@}X&>u%(K-hh-a%JsT3$U+9%{`{<BR
z-?NE9ZBF4IOF2Ek#P!$;<~p0lFJB!B+m~~5#E@Qn)>VzRzW4S&ZEuHO0vQbA<3Fw!
zB~n(ie+y~poFZ2Zml($bw%S*pt+pWsv3DXmBZ|la-yrHWw)XyH`YEhR<@nz;4hu}q
zpU@Si&im{*{Js|xq7`Y`#?1=<uG@qEpbmr<EUTd%jyipR!O9!l<4`wS32f(DYKA?<
zOq_3T&`<$k8tl90DSx<R9++6C=mR<}u+N+9zC048e+ZgXzAJvfawAyWzFHHwf?5n?
z0B?p4J^A1*5t-DF#kurq=nHjHHZ+`y*Um$VBOrnu0+Gq(i80;Mg`tfel-&41M>o#f
zGU-(FbC5PmriD8u!I_GopEmTg4$s2jguwbH+wVet1Qr06nML#7oLpR|(IZaAMR2O%
z2@Dz;ABy@<7%Fuylk1}$5L-2YI}GBzgN(BQvZ4R2R9Q2osh%oZ84s#e#@CP>rGb}_
zWwljM&Q<tu2BaUTrNQj0{L!4P*nh6FFyX}DGuU3k24N>xr07#V>h$&p*0vY!ht<p!
zu1W$Hgy=4){QQjJ*O4kaEF6NptksWL?^((8RM7659Y~GdO?d%DU##gCL-t%{MJZ6U
z$ZOLkk0e}44pdHIA+h3514{j_39#|?&o#Hg&#xlhCT2|iPj>P%z|<(jWVZe~^LrCL
zKiWEXd&$~gQ?O;*)+(7A*xrHz#gPS}!!Y$Z-;0Zv9$}nT&K+0uIqvCGOR-gZ$8R2f
zlDUx%22*9)020Wdkw2yi`yv!6W<`BW*$lpaYb4`ZC_>NX!4$s>bIjqy6yat~?LNXe
zJS=>7=hh|zdLHSkv-9(uF_R-ir$rIZ7nxiSAh+z)E?=D~x!^oA>_#u1I_?oU_&l8{
zwY<g0&b}ptO_Akn3N3l`@8kfqL{&2raDI_7f7(gNX6ELj7%+$=*vY*6brnSs$Q87g
zyEsz#{CSt6{KZAhBl64?_T!H2+bA10OH<`$)X4$P%YJ~!@d|5y`svL~Tq9z7-GJrQ
zf=1C3?nMZag$UfToO@WbUy<u9y>Rid?~knCPS~WPzfRxMS55m<L)^^<MI81j{W}8F
zEzq4CgBZ>?xOk1$-f>Z6tw%B<8$S1XRlF!07oHPrE4iK$A=*`IHy+8C&!QP<lhG@u
z2Uw{ynDrI3dfaWgb2fJ~w3SwQfW%4@oHCNeR0{DAZ`U*-9!vwAZc33LZ+yHAgiom}
zkp#4BaWcKS0h!*;oCnvQYG!s#<vWFcMBH%J$i8`$<5w}<47duFux37gtz(Ld<0YB5
zR2=?2itDthq_Q`;FQ7U>VvIXYYIk|9sV3$QzO0SFk8CQuFS_G&b(aE|l%AGS4Jac{
zUkI0iYG5TY4^}J(m+=;kg`EWO)#4%!!;Kqyz~w(zjx#QfNoGq>3|+t(z~qMfPj?^v
z5q`efXO>~K$sHeXILeApQ2IO~Yj(Xui$56CiR-*#TRaf%=A#!XknxdJJ_~Gnlk|oQ
zmtpRPRhqlhg{KpJr+x!eJRaF7+>4(h*sgbA6Dzral>G)2@xun<=zZ=WB!`!S+IK5Y
zo0=M$Y1=ton+`yK#*;NHF$)X=R{e1Jn*-B@E0e3j!4WIGZ?l|2hJM#v3xiR^8M$3^
zG=l_&SpCsy#S!_Ywa>53@q2BswzKXt$oMh2PGFE#lG&gAn_9;mn2Agwd>Pz)<70c7
z_I^UtOD~M_tZtOjE#J_N7(?_VS*dXcz!%?yg<#M7PN>-*LE4aG`yV<qM736n!=OmA
zm|EmvSS^k0CJd&=E{}ug{g%hFRiv6@6K?GcC2G57A~-P<CZKTmjf#E3B>w1wcz*z)
z!~+?Nmf!b#i3cbai8r!XBMRC52eD3>Xe<MUKj)h)e8EdoYCg^4q?rVkIpcU34UNgU
zrAhQ9)Ra6<NEojzFwbQfm@-797<&olbVOX<WxRHT;|XAQX5KY%f|A{7jM@~o*gp7K
zf(oxgvD*zE4)7B)hWq1oUM&~ze$K2uUm2;@2!M%({asMv!=Q)h`EYiwob}+O!e$3D
zVk8+*?fEQ|6G@d`jI5WI^YTZCc8f8^P%LFECkOF@wFm~qMxc^>hU*-#13LSXtv`4)
zA2deKH{@o`^(7)dZYDVbpOPY{H8^HDG*+t@Pmm;^2DD~|bfENOAZ$Fl2YTFC-&fTL
zVlZV_NTEKxgo3B*_O#ruLojt*0R0MFE*ef1N>P2)4fk{|HhzdBVzNEg5IFCocy<fl
zIYdDVnTVPC@ridn^v*AqQP7@~bzcOsN^r<HvY;D0IjT3S6hMQ0ADg^b@B2C&BjXMx
zeE9v{xq;3_V0(U1g35NoC3v<Wb}XPGF>_`fk*vt8;xjnVYq^eBn2r0VyQxi<_QwqK
zM@RsD)Gz8}x@TI!&n9L)hvnV!55GN$D9#X#{QV!EANxcYk(UkTC`ly@A};*2wrAJn
zcNg^zcalXedaj%KWiBqII^}9rwRS`0Ddi<c5mQCpy*6&HcvcKSQW{WqF#dBEo;%45
z*+GAL)>~X=(Y2qhJ}Z>-_c08>dRa&A9)KeXdA_vl%@Mb_t{Su)ABbEnwPodY5Ztg+
zMkZFf(^{?BKD3gU*P1k}v0`P{|7yAw+K5|-SU;TZxBKicC>HyQD`x<1*<0Pe8udUV
zoHB@Nzv#dh0Kao{pR(30p7n`+W*>@n2ZwlrS3<@qTEYTv3YM}+ZmgW?w`VN<hXN4|
zWkM{73_T!R8r4rc2S&~!_J(zE?;9M$>Kvk>C13*?9C2$3dimw;w(;s=UrdR}#Ge?9
zq77=*o2{FjDB&dR<zH++7|gRX8C6TWu6)%O=0+3m@<Y114{BDSA}|smO!DsPc_R=Z
z0DDQmV0H!wX>A3|XBnZ>-W7>;W=5y5T7M{#{pGmzGsNSrJcy|2!AVqHFA_1Cwa?Cd
zGeBbVno~plvY%E9z0h497C@_1e!kGH{<}semak<ue8B>LUM{F`x;xPCi_t8|nJano
z8{5UB9(S_n4NZ~!53wi7iL8uZj_eM2_pTb0NrsocSRAd5cQ}N!CevPXt-UGl>^{un
zN+k4@eh{Y&u@LI?+oP$E<E5y+>rH0MYceThVBN+9i;((Wsw0*_PuvfC{GtV2YvYQQ
zrpgPaSrIumIv<<&JZMq+Zk`r-`t{BP&+mnbz|fo2K5y^Nq6}ra^A?Flf7s?v-ebwy
z1KonzVNSJ899?L)hmTj&(vGm9*nFV2a>M)XZQ*#<km4e{zOWfZ@}?_;eb=6N1+EOR
zDAa(p-VmB4IbDz$Cj=uq0(uBf-+!N`0!(Z8O;j1zpDTGw0#ib?mS}myiy_PNT*k#?
zfU0MaIs9&T$;KN7U>MZB;Y}_6e1oI!`)tr+F{-36uQ+@iRvmw`-atwL_<HA_+P>{2
z`f%M1w8NB6WMMrIB!f_MR~SLGHslT`%>~3_R~}>clC5UvPS5UD=)o=6{@Pu+aC^8f
zoHmj<w|&3N0Ur(78+Ja1-(LFWMlt7hQRwWS6LES#4IEaC)!*-eqOpAeG4eI}&`O#{
z9{?iFqhOtAvC>wo7gH`b1w8BVQ>?@p#IBPBQil`Y<}aoyUgEz4kcmVX@fPvXk)khA
z9jq4Y<!5(%8SOYF_XtC<`w{!JPTP`=k0ssQ$n!wnUi^*ig$Rr1-#*ZXwzGfKiSxgL
zV%Cd73MURXfi<JD4>T?reuI^tu}Y$4b;1h0i~c?Vj?S0I$nVHS1)IEbns@{@1ZUUf
zG5T_hvH1}RSO|8MqVqK;nr!7tYbS~mNp+sbB~*d$YMQ>xb{$CJ&k@q%_yE<b<$bmU
zS9HsOrCNDL6*q4`JKNzy@GHYlWcFuR8cxRQW^-eDzK<lth(%L5e;dP26pZtF`gUX!
zy9=d+2vqTtjDx>3u>K$m|Iwk*O~dpuH~%V<GGYfZwV!BlE~9F|;6saOyn%Iy`^j{L
zR}(K+20OS*6}rk(430N({>=+OExdxOlvFrV4vS5BKw_e+8{Z~DZbuJ~6BaGMRb!}f
zAk^mQaVh2EHE7xwK7h-<te_ap%RMgJ%#XImeiW2khvG5#M<(Z#M9s{Ko;&iS6uu~a
zX2v8OZ6<g7w0nEDlBDB)SM+xQp%m^CWkP8C9~sX4yb_$YEA3!G7JS9Y!j)`QxX3ZY
z{38$eJBncbi(YAzGP+Cqo<8WTIaX(Hu`$rdY_STS9F6N}8jI>Iy-au4?3|0d9kF$k
zFq$G-LJVallwb!3IywUBOWu>oLk=8h-%TTlKnfcx7D>V~#IBSTkgy#FT{~qquVe82
z_Jw%>GduhtTXa$(UDE|g$9yuJgd2I$=Azf=Cd_2M{l0feH>k`F8iG7^embk4782Db
z%y_)<i_@OdbvA~FUp-SyAF2ANmx!ba;G0ekaWWZsySD16TPOARJ^1unHFIgMmD9?j
z<5d0Z-onNYb#6@f>Nnl+dV4({e^jPFO4lRm#j{jTbGA5!rRa+nlLPypQS9w-+C9ZX
zc8co(67RS8k14oxMK~LRci$d1{)mHHTsv$Ieo==`UQaUnJnX1neVa7vHY!F*uXmdc
zt-XofGz|tDi@No{E!QlN58b#M#xitQ_h#O2JdmQ0s4{fDj_+xEEz4-XZREFH*Gc3S
zzT=3xoC_|WTE=Y7q4&RQC!f8zx%rnS)ZT;-2@t&|{G4H+|Gk3iTl|?`dv?WiFhh@W
z;EcNX$$ZWEBl;Fprpx8W(!0T<&kjSlm_|X{+2ZN%67x@?d6(PN3gH;9i{_(Kl*Lbl
z%3V?ac)_UManN5Xa0>Z<VE_K_nXCUb-Q~X2RaI19k84qXdpPlz^2#(LiAE3?7q2Si
zIn8*D2uMyQ@VOpkK*Gcf>sa2ZwT$9&`xD_m*;rMDA+X^H3j;gtlkPv&S5#Mrb9{WP
zU1J<zgYlP3bUt2p=pKY8)c>AJ1W_r^);T<j6dddhyBOpBM|VP-rn5FpTA~`woBltu
zarfyc=|v~fzYhs>I%@m*4!>d$t*sk32<p#IRKke}i<EX$b}wEx<u?^zHJ)!)9nV|x
zxaL>plfG1ZFuS;0M<VTw>R4b~@uPxm^=w_qP7Y!(-@G$*Kp=Z?<Etz8v)VJ2({Y23
zsw$NrApODeW7fh|>CF@)F)=ZJQCecGt=4lqMR4wR9W8xq;#@%}E(if7a^A$wK~hdN
z=+^mpmbXGDJEHy`iqXt6w9AD<vvNJ=UE{f&+pj0hK&YzJ`7?wS+h2jnTBf0!09lG+
z4%PDK!xz543lT3U&SokCP92@!*BuG>-368&jX0PZvIAtqi&IAhs=E-i$|=n}BJ|48
z=J4)uF4Xp8<L3b64TxiYQ-rAQM?-N`Hn94d;m3R>%vod(>a0iFss@K@He&V#!sdQy
zOT+8^G(HJ1bRz$)>+j*sn0XV+l`klOyN?bS(SU&q!C?N3s4KjtYNQDr$&O@5!h%v)
z57b{o3UNT{SmZuRKh14s%$YAU=4;5yUq?V^Ybz{7H8^h^nPv;>3llH@(y}z)A3B#o
zE2wLT=mFO!U;KS_Ce%XL$m|OfYnr6)7G#=i%Ykyu0UeF^X@;~-RmTf&@mx|nM?km?
z!)!8^bQbhS`l~FF%e6fo`KTn<d4fbzh_1biyfdxtX*zK0YapdB;LOwI@2u0>vXyFF
z#8vIhDyd`*{B#)BbfQL-_!q-yd|aRTqW5VXh}1cUDAj;IjKts2+>qN|jxX<wVzT(u
zw=AQ?)<F>>B*a){6EY+Lm-Q)NX)AE*j|CYUW6*>E8nX;BxASM}dkpcW?(>E>+DAIh
zvO(ARZ~AR|%r$pmcfdcH!L>oVIhre_X!Rv%r_?uSftX3PrS-&>8ljEmiwzT!M;b0K
zRw5V|8{xkV<abDkk)tcg3!~j0j@y8`vk~8CpcEEmIn~HVBvlKc->9WD45#jXD3VVe
z<y}{?ut<JMM~0Sqi)&h13#gc|U6@s12_Mtmnng;O2s+99-qa?Xnsi$~7W%a0#;8F7
zywkN%H)pSlOh1Y$7#zXBid&so1OGTkvu+^Szq+5DeY%d*(?$sDBb5S^l$qIqtazjk
z3xg(>qBV7^bc<yyokh?#&l$&9B#RA#B)53{mFu^lLePXpvrP=*$;?9O`aCTtw6eQM
zs{OJ<a&g&ZcbV4iUS51;=Y+OTPfydF4-)xFRp;%861(22gu3Hv;+YmX7rxR|c971h
znp`cE73MHatwqqfdNGy+jO6zq$D+#NM*Fx#(C!p+40Qz+;(d~o^W#sX_RXEA9DGuG
zHYu8JA|byjj0c*ivMuzQghyh8g`J-9pW4JF7{R8u!iL2X(0(Y&#v@SP99gM@K3+s9
z`HJv?p%`km9~<0;$)aT!u)z^bV!?-^=0?@Mh!R!`O}x5~bea(UWMD+yK1lew8#JR^
z16w)>xJ6Ie%XF8J$qyoNHiPBniS1*d$s$qK>On>*pmUH?wi7sO!uU!#8f3(qq&`UB
z@qX?GdJWtr#8ZmSt%ulEjtmC4ps+c0qt@jjE6Z9=-Fvt@L&L!Gj;wn_4Sg4U5J`*I
z0iraj!0npB0R0>Z%g|9)*2?3SK{8t)wxxF)I=gC|0KYDz=&O{zqViHW`D^A<2&Nnj
zd1TR<9V1A+cYP_U)2cO`I2DffV5cVlXQTw4ooy;)f&-;@7^WCjqT&VV7hht!H2EJ&
zcImJ0Qou$6>f$!ogFoNM*p4N$yHr=24{!?-iAqiEhN@gefM)f5V2w~;&q*RqLF~|L
zRx(iy<k~_G_OTFQPJ)1{8Xi|(s#p@Ye15#y*{+eT?5GVAW*Hli7&0bFNn8J;`mX*%
z(z<POA_Zz3Xbvu}5>@uGX*s3(kP~&7Ko`4}CW+XwRZ>?SMBvvyy*-SSWFI$UP&&!3
zV}y09u(_P@LaUh7JdN4J-=C;NWjf=sn_`7|APPv0ChvbVcu~2vPd?4e6z24BNSfp`
zJjssNS`4CSczvK|%E7jAKa&CZ;B**N%DDbvw-pDnW+H|lCd8Ye^o=O+i2EP<YUuf3
zV-bCi*>yP^wfSx=pk7Renqzjh`3)=GO(SRP$`9z0Xl!{6Eeq7S)UC(SLsdf3NOR(4
zK|N119zgIG(Him-z#}n2BNZZZ^_J+z4Ed%=l>9x*-gz>Y?_nLYRoi1dKQ-&<FwHx!
zo}9n)N%Iiv?rmsNFYs*);BzzjyrK_8)h4NB5F#Xa0Gb@l{B(vYbhQJPB`!Sj<a3&_
zFi&E5Jb3kQs78zNrj1Hu{MfEd*`8}n*}g8#pLJhBLW?2|wVIcw9qC`yj^qV%5eYIv
z>snu}r|SaO=?r<kom7ea$S_4^H{ivrFPfB9Go^y-#ptD$#03))PN#nV-ULHd`Q`8b
z5uwRN20T$|eO^Z}fKK<k_R=pw^-?1@uAf>k=MJeSwN%{+Qh39~+k)<y)Zou<fd6Zx
zoYVAApirvFvzj6bA<$4msZ)>7hX%oHDbXstP&Ffg{PDQ+PkSd0)8iMc-z35E7=2L@
zJdTeIAiTsSDn=)`Crr|)kMs0Y3yyfC^DH2|Lu5)7;!p0DIaT9mNnrw^QyC%g`7v5^
z+rg?tal9}I^h%N~**KeSY)=@!qK@mU2jb!|erqhuhnowauyK1lcu0XNhAv!Cf(`MQ
z@t>m8e;lW<0VGI>lb2njNaKU0AYHt9syVHNa0u-|F@+2W(OFTb9KXWCk>FvT4Z>GZ
z3G=)22-q}K>$%l|7r?&pVc6s}lrs@&<bz$MVbiNP@l+p(M(_!0oYvAgYrjy6iF8S3
zj65AH3i`{_3?y5WAlI;JuNu-{V$#n^V}%C5j0oKL8XD#gSETYQY7liOzqAGh9i48a
zv-xM!G-{ShmL}OsbXv?_3XW9;YIjROD!)1XfeLZdMV;D0%I|FjWu^{M(H*(`l!Xqo
zqmEAFQ$~Qi87wa}^cBcX(jX{6nu?-Vc)9P4ZDb`qmYS!kZv&OVq;EtJh+q8Z*2998
z&yf{EjSR!B_L(#0kKF~GGpB<rD>H^VF*6@9q7x%t5hFzHCFenJM;DEV3t`@3dWg;}
zNL4pc#uDw>KrL)H%{<oB_?f=r<yiArP=M?Sr`k6=h{fKMEWxxR<MJ8(!7dm*zTAiN
z_$Q0gX5MkhN-b&Oz7ntWY+t0;t!6vI9(#JU?8!%6JC`{T#UtL8ot^WK`Ou`h@`k}W
zL9a8i&{+6$r|p|(1lkn@sgwN6Xz@W_kE1K`KVeB5t`<C{00A@o8|EQP3_k#JG{hYx
z3~UBpa{U9Ox~4uWvAI3K$>$eyTwd-W%WDac;qfvj-Tc-XIUXn;{INB+w~rqnsWm(&
zF$4SQ5pws7@#v+qZ+8Cj_GVGKhS(Te;|d8y^cYIVuWbvq-?#wU#ki&((IlVI4G7C@
zh|-`_QKLKPdy<2G{XJ|Bqg|NHnLtsB%C2Kb2GwZuV~|7d88Z(gi}>~Ck6cdd4Njq=
zOs*wQ{<tJMuU$}d6Sdob%LMu6X?s!$>*AU*+~be&MyaX-m>M@KXLoM5!v%FJZ^^^L
zJS+mn)Wxfr@IsqFVNtSPHLWd}MvwD&fRNW3W@ZD0$WwG?L}XY<gpFfupY*dO|7y-9
z=PXyapkb(=F3HXj^@s)%%FA){+K(-9_KSQE#dA0OBu}IPL3izaAWI@Asjx}BcaOSV
zm=ZzYFRdv+%OQkTYEno#F!OGLx_*v}Kc~Ku6s0jH*(`{a3Y$<lD?t3URG-X1VccQx
zJGI&Np-xOczU$0~A<FLGCVaijsB+qI^<dC(s=}8M_MYMFKAnoM=b7Kxaj2`v7apHv
zEc1kSbI!l07l$5<g4)ghV!{(5rbMZ5Bqx4uT@+CVOfHJm%VZiPtt|)<LYmv&@xIFL
zC23?K_GDs97R97PzXOdeSu#eV20t)vrKFiG+_9GH8U-L7PU5!%`<I3#x{Zwq5#UqQ
zjEqor<Or4vn;ZFnWHuBvm`WY*VhW&Q)enuDAhR~E1lgSy><gDnp2((TktCa0ro%Q4
z7G6;b65tMFe6L#%2V?4ahCKBH#P<6LP;Em=$fgLr&ovY=L?#GO`J5zyK2&X|-&EI>
zFS+>gTXNCCv)D*Q*b3@4<g5*pA)aBX%S<y79P)aWbe~SzO!%5}a^^zAbAVO`G+QMK
zL~Y}7Tawj!?Q!b!$d@^e)(ue$j1-hkLRKnkm!L5i6(mg_MNP{b;WNz@&;k`g;pU9e
zc_MOIk2cBbF&4igTGBp9HaN6T<{*y5fRxXgq2B#CxA+@2Y%gHENnt$SZPqk2(`$Y<
zxAtm5xY^`3+{453zG@-xR=oU{_^D$>h_flbAdmP}-YD1!mUhODcb)|X9ww>yq3wZq
zjo{Fd?ABA*kVIDnh!)}--jEe9v$rkvJd>UY69Go49#J@I|D-yjFg!OGvT?%xfFLJj
zbs4()g`FWsa*<Tnxack-U$Zu&uo5e_c2t_0GJwdRPWs8<d+pv36?^Jf1^^^Bz}?gm
z6WwngG<qcIsDbAKZ5U3;AKK)Ow;ROhAu5Btq82@oXDW;FF>t6v9-RB>!w|eeb`l77
z`%)+DEYOP?mA1|~CU0JWn!`CMLVJf1&G#$c$b>_Y6=}4_kL~a%DJ1yP-nnp#e021}
zU%YD<!9S&k?H#23JjIea;UDE(7r4R``VwDbN`q=14!k+}xe!v`j-?c%ATFI(>yY#o
zOW0h}V^RS#BLD*TjWrgR7fvXBFg1;KOpu<y%nNISwpbh%dCb(4@KGM3iE;K{q^vA;
z4Gv-~<Dy~a!iG3;l}xV3W_qiuIxHGX`jBZ9!JLhiNNelU_%xa}jqMQTNDf_OGP2o+
zY;Zt9kReDe1{Ug|SL`#hp#XBd_$@^-=T>|vE*Y#+TX|eN86VpZ4TjW6GflKYo(y%@
zKd=SAlCd9=qHy?2XcSz?tj(&GbogN5;H#LI$=WLmp&fV?TucOSeP<#P;ne78KGe^S
z>06xtLB8(3jm5`%GJwh%-#5Rc8q5D+BI$Ao?m)}k!7dqdId`u_cJke$niuFVz>vyD
zl1RN{1J!$)N$SICR5mIoO#-&BB8YZ3Lo2r&a$SG-Uwn+VDq+yIPREYpgnAQR9tsEX
z<}7NN8d-?L^qJ*yHunltP)dv9gY3#eX=)@w?_=f8cMMi)CCEeeH^YzQ$pf<5Hv^LZ
zsdh+FDzZ7nXqB#aGlL&YfQ|xg=L!I>kQO6Js;7a${PtRG3T!8&JN2B>5OG|RFv(1E
zJ9MS17~)_*E-6N(&4A6)Frb>9l*<;82St1Ng`~VXY(p<HQqdL0Juj{2vohHfOK{UP
zC`#o=aBCr;tvCV8Z&%=#4X8m^%@K>P(l8u(IcHPWwNQoVYZ3cGgHRl=C^B}N+u2GD
z{PF5)&5<;d@oV98c-}=5Lh6^^@JRHZ6mV8NCGotba2=EQD>ZcR#I161kMgwKJz)S&
zCD7UR;L46~u5~pah&43Ep@CP|O^uqD8H)~4z{JRe<?AOF4Zm6<vLYGZdWs#$?yD?0
zO<qS_qk{-Wfo0zjWf(CoV*h+UWzh-Enc~MFspEj{8pna*dCz!nJhmZ>-xQ+ZZgQeU
zD#XysY!ZLG>F)=6s0pc-E(^->CH8E$>V;VRO>@f1P^_%1v|Ai=ZKg_R7-i4)$M6<J
zP8S~{#0=7^HJH6KbB0$-P8rloa*p@_xbpnFcQ&o3q)Oy&?Jk)6!5o5xh80S2*$wOr
z?TbjASpbsE=#?%BSlUBYfYDY~JIOHeLV084c+Tu+huwWTCvQ5XRu6Ai>Vr)uA?cDv
zwai<v85uu`NksK~o#u|lvoCX?$9cEqmK8a_ZrC+ph0NJLstc<Z$%=ZdDu-T&&&^g-
zZkQkn*6-W5_nHay$H7yfN$!UE5kN=vpZbF9K8V>PYPf43{mZo-7Ba8e3ICBv9Z`II
z9eP;+q3K$W<8pcDY^!9yW0H&dp&;aE*~`k~Y-qKnt>jU~XHM#+=Z2=t*IJ*ONdaCI
z%Alho&~gUP;lEUq5x}+~sTlOK@3NaE43hn{s6wibKY5Bw60h&1HWOX~E&gRjl5=MS
z?E2t$?qv)95-x?yE|;wi7p-6mrGh~+i_Fk6gox}*Q({^A@R)<GO6wzxzEJw-S>tQx
zedZG6b0FYD=#4)LN&IcikktZJD-qGV`LE*Z$Ytj=^9RZxz=x#eW4<NROu<Y$tVM!?
z?J!FJp0>vJ+^DoD<X2^UUK&W&wo0@7nKn6xCSM*-9`^52p>sRSiA+Bk+JE);mgAHj
zU;kC$-~ad@i}Ty-ark%ba<jH7{$<ZDBJAo;lV5e5G%2t^*4BN+*?!EM;kz>?f0Jh8
zJB|vN_6Gj1cSsl*Zj)lp%6H#;bdX6^KYxzAB|ZI@>l2Fx1ocSXH{2ic{;N=b<+{qB
z{{NZ-{Euwle>ZXX|9hiMMXFuQae+i*pFm0rbfiQ>!TEv37R|vGPkH);kMFV=Rl{fQ
z->rEUt(FIfoA|ont<1?iu7AQUXVeq%Pfkvjl$8Za=Q>WBoV^$~uVWJvN5sWpt&qXQ
z@Dmx=quPt85<3fsEbf8)$pbqys)Q_;gwWGNLlF{_lch^F+739~{AyNh!y_YQJUm+P
z_~or{@%S+?NZr6Vr%uvwh|-;l|J`P22#}bR<g`+A6GOybTU(2SikhH2m!ZpL`}bv>
zGBOp5!CavJ%^Hd>LG@RQ@?Rda5aNTbgxOhaX#YV4PRRiN%!z1@<_|fQ`CEyQPw0ia
zDU>LX2#gSE<U)M}2n3^07d9!-&#lYH3*@~(!YBB?vdR#o$o~E~Mc6rW)2`Gx`t_E0
zdHU?7*Tk8CDN%RDdLA;8oh|)IPN1U!4@VgOy4mkX=C34R*?=Y3JZ>JD@$I=aA?_P|
z=#*OnG5Jhs<x1;;oh=6_pjZ>#vl=skq0m{V%Cjm#OSE?%PXncp<e-hr=V@vgR9Bjl
z=P8yg(S$ySXJ(m7MC68>#xg!@UPoD-&(3`Ur}Oudc{z9Q6@9{fc4S={HanyOo8=&A
zJ4I6)FW^q9+Ud?9Zg59_VoL&AL}}3Yom*Cl`>ha#q!C9`U7#)6f&>Dh!thWgs-5{*
zmXIFzvPa_6RZPZQ`8{n{f1!!gL?C@TCqaXZE`p&XNcq4%|D&)|VL*Z+bka{{Q{ApX
z>aZVullCCMTRaVsxiyL1sB!HYs6h6nlAg$llx(Vz+YJyQWl{@#<s~-B@fRDVb`32V
z5+S>dJ;_-$Eo_~7VnxDuvJ9KtKqvj8IF)u2xvN9-7N@ol3i7YKjTFBy<|LW{gW2zr
z-%Ea@zzdf%=cdrn$a>?gMt7xh@lzBcx=UY5z|lU3P}>Z5Lv{{H<C?s2KM9M)FLYxj
z){vu;6%N5p!mnTLFi7O(6rg}1zPS}6vWBkcb?&zP%~tpdBzy?sP1ZhlJLxN3HkcU6
zu4W@gT#V}w0?i5)sgF<WKCSi=fltwZ;5=w69lKPIS>TyIgn4Q4WJZf|xLdQT?@dg^
z7?V8W4coA0{k^4j&rxvu@DP!Mg9At!KExh*Yozr&;s-C}YKBIBKJ$Rs173wM3~P3=
zTD9l;t6L%<_o9W5CjM4-3C_}WX%@(9Eky>@!)un4>vH%5CC--(ge}xw@9u%U>U&uZ
zE=+d(c}1I1OunxM&K_T#F|<vR5lu&<wQ|MmaMi}pXJ&Qs)yij6Yq2jYD+lus-!Z4(
zJc-wC_>IjB=aKRIEVyWVdcNv=?C>fYI>H{r{s7phiwQ6KI==I$7}wCDp1M&6Oz<G#
zT5t@W3rxtn+Y@kqS~Iq0me!0wM!odMjzrX}@qIVcHWx0z<3D@aktra~bGlEGiR<tZ
z2@K`vd1v#->8Ew!U8`+hnpz>2%y({=!^~GgH=^_>*%ZmSEHaK?odvJJwOTUf(e~%6
z&mQT=^)GG49Jryr(C%U5Y|9{<rCfZeyFm?`)L{skv<=kic53-rf@0)fhrMadwy^M-
zy_7lNat4`*pe%ryilQIkLry^j26r@|O=Vt&UR_~}s~E^kosX+>Oc;tfqz^?&>F@#I
z)oZ&Tb7VX4R#^`DbHY|q#VL7F(^rPtGlPtaeR=p7k|Q;oq=QNd<jkhLIvTqumN$J-
z`^0=Xy_T>R&R(%t#6K5P6vU7~FaIDGf&HqH%Noj_I%xoMunQRlh0Yp(@3#o}IMXw~
z9t1834pT-=(*GVYMc5jKDXQ^pL_^mDH0Yh4!GB1Kk?t(naj~(v-&4R+B_Dha)wN;3
zD27e2eU9oYBc{mg;8A`K0@+JRerG_-%;eN28@30l`(tV*;D0N`5RT??B;zl?4T;xG
zM@v*%dED0ng?AA-bY3IT|3M91G|k5pHg;brxL>W{*FN8Mb)xmjmp8G<z&Z8X2qZwA
zx$G;4G;6)VbeA<g42Q}9=Sw1Md1MfNZK4IOVk8ZzlN5qFJE-!py_@B}t62m^mz7CV
z_n7j3zPCtRsKu$!L_(qa9hfAnev8m$<_zAc5gLa><a=;I5F#Vc?xd*&Eh*p?7UwQd
z$<MXu5C!&ocs_1H*2*37X2F!GVUOE4)9(Skiv%7egZ*?p0BYQ0^shee)Jqhl310rY
z%`HE4e%H)@J4ca4BMTpDi1ygKb9X8U2FQQH&s;X`2{)o*%0I99d~b4wC(J!fv~fMd
z1}yTA^zW!c*{blvtoCh!zk8!rK>Cw&|Bd5kCb8*eJyAQTAy3v(77ivz8jFYknKByR
z0FOr8(AtGxGyiXSK;|a>F*q<3u&x_MahLREu6a1U^y1r6hW|sP;4}?H^=o-9d2}Uz
z@DQBTN4n~t>p;y6%wI;71EJ6TV8eig1+t@^2vzl>o@y4ta`DX{ADg!##dT3Z-(i1c
zjLj?r_Y(^NhcToII&d|oIfI|AX4Uj!>|L=;VHO1Iyd}~WyTT*G1O0O-;mpX_$iROk
ze8IVmBzN?5c|MILm8X)j@3J|$aGr9RS4GS~RUOnXD^QBWB$(}kFJWDvUZVj|ga~pP
zl0t3rU8IbYT8-KP28Kyq753<bXajOQMwFul>$1~b^#p5@)zn-<%AlpA991SNt&)f9
zi}!7PA8dxd^NU_Qv_fsvm~WM8WFU{we^i~pV2WGsJdR~?=9qVGUYMXB-hlkBgt?L0
z$>YOs{`Q-V0vUSTt>VQVd;UJ<9ol^C=n#P7r$z#lUKCW<H<v7mICYL004)h==60M-
z!8jg$BsxkVf;9>DFDsXPO_q{otI#O%@?5+6dCNs+I=FQBP5N=lw-dpzNn!vz1477y
zhcl+r04+{BErbl4(%-E~u}Y$i(GTGBGs!RcATm}elB3=zr2Fm>Q?kRyoGVg_RypGR
z@cSqzE>OCy!@N09uR6?di|utPa)|{mh&^1Kf;TVgp7@q?-iI_=bl{m|_walH7B7V^
zD+-_+lbbF*VH@)ByKd7W8Aiz`+oN^zgCSz^Iag!=%~bw0NxM>mFTJjWZ*ov*D{P_M
zWe#>k!0yTYCs#F}jg3cdzN-6(>|Dc{+Q+HZGtoYi8&Zalgb3+gzQ01*L)!m|s-9Yd
z{hMD!XJlg9kwBfC64`}?fj}UCx#kr63X3o95LlSA4*I3N0V>Skrx%QDfQ^lfjFJ+1
z7`n)1xCt$SlCg2l?Xx1?Bw$6zcExi7FzHuN4S4e7br&rDj}kRDfYR6EFXmQu{4Xlm
z|AK@5&t;+iYjXX+V`OC{(q9vIuz%&Je^@e^KYxY6_V+j$rioIy>X!=&EFk=g<7<t~
zob7r3RWxku`|AIb2tRw5*NW9+cfIKz!~Y}umybX^JAFI3EuN+Y|1`$fI<^=qWW)5t
ve~ssh6325ivmO+BkpJCxRHkRoJM1UhaQ}+_m(IUJX{e8K%Cc3`#)1D0fL5XD

literal 11228
zcmZ8{Wn5KH)HNj_UD5*53esJdl9KMegmg>im2QzP2}$Xa?v@si?(Xim_dM7C`{8+h
z?}rn6X3joqPV8BG%|xmy%VJ}YV;~?PV9U!%t0N#FYQfL*(UIW$`YG}u_yN&XT~-pI
za-8x2ZlG96C`lk7)Wl&vo4$bCFP-J|ToDim-2QEdtCrMW2nZ}L^3oETUdAU`FWoff
z()UL6cIgjB3tV?Ujk_^TkEDAo`!9POpDHpDGQBQNY+9-@C#K_|i9xKRBYw$Y68+(e
z$IF-Wfw%q^_z_x?1lF>4Hs;CS5Ngtte6>mx>PLaqr^AC1O>{gYg{ixXvds?PPTw{E
zvlYO|IN7*l)N<q=VRp^w_~2mj=*H{p^z`)T$h?NQ03%qcbJAL~Ph^1A@?(y2*`zJr
z>FL4jA&(b-`j|}Oq#2+4od?-tEP0l8+4POAPrbiSUH{*i>B31HRm8dl6#n~*#Wz%B
zN<RKzeig1alQ9XSqV1xh?JFyyMn1uaB}PVBLVv;e5+8(peH2IgW9SYK4<*Oqv9*x$
zRLSs5r2EX-+Zd1ObG<0h6}qU@N|mdoH|BqlOMy0hAFut%9h`8#RyDS&R2}gjj_n3S
zzt|hb3O_wn-k!1c@pb-<8mwK$drjd}uTK<%QR7KTfHQ0_DN@T^dMlmlGtd6@byc<_
zrGM3GF8}S_-L0E>r@(sw4^0XtvNL}lkJ9xxf7|-@Cg$IcTz8)Co<A^zbivfC&g)If
z$JaGRUELwvRo#eoyaF{oM3pnQnb*wI5kd2Ta!k00{+&N^vh0Xcwk)>27$U-d_&Ma@
zJZ&jSPERjIo8j$GQ{e5No}A3wZgx4NAKTmhLj7J9AQe}X`pU#I7NfYGL`g2V^fvGP
zhFtxkW3bv<#Yy*$jy5uxt|O1kCn-zH=UmOdQT;5Y#X&hZ>4;F=VIkCmLGR-O;>(m+
zBUm8aCovhi4Bq96c#QMf$Ur)BYPTR(Yt8Zt>-v3t=M(2FJZT%}KXs_#b|v8^KD<rJ
zP-k&86e~kjHC#i7zu3a2@<v9gg!)X2%vcwa8`h5zvZQ43Fa5Dubjl>uXbGM+3Ps7R
z5g8L@@-1WszP3}BiX()Y6k9{~U;oj4iWLwq;xFJDvhn#PK%6g89NwlU(IQslq5Zu-
zhy(9+NCR%N^rS$KRUx&NA|`e&qLd){G16;nWleVBUR2`QT4h8l3Q-~vB}=-i?#P1^
zNefl%zFb-H9ekTw(wnf3@l(g7Fv5tDK%@Pqo8LXSJwcitGy)ieKAf>yz*J4zys(+B
zxD5RemeNi#Kbab~TYme#OuC!95cUAVH6v?LF$E{8IatTZs<G%}*<9Yyfu*P+|6y1@
zNBSSGF{q3bHK^t%ld^Cnh|h)K50*4<@{HHx)x^@TdUs@bV5=)va`H=9y^G7wPjTGA
z3lU-;7QKe}ehqPAZ-Nw2XvFYuHXXzPbWhvsA9_2+HZMBJLdDGSs;(u^VkFm~p<)LO
z^2l9G?Fe#W9-{D%`)ktLN#6PO81t<X`z0dTbJh#I34Syrk#h8Vt|&p;(S&V|%^fAR
zAlgV-F{EsvZ#o_+TMMgqu6xiAt627*3%mpo(Cn~QEA)sMm}{|;y3A46;}y!Yn>@NQ
zjN(I+tI*HbFOz$MYex`MGSs${jjKg(SaD=O6DCulVAO<t7@~B_oli2o2(EFdei0h+
z*;&ECOjmdDV4R1to|2s{+_@T6TG##^ovd=8m5kbYU|wrhnu7#j`RWX!NaEz7crh%X
zIqhb+;%AS=B~zv(!ZaZ5>vfSVQtBvF)FCv(Qg__LTLg)gpMq?SeVySHWR;VV;j46z
zl9X`C|I_LI?9{e!K#*RsSB781L4$7g{mm&~dGt7o;KWVb11P#WZG7!mAKzWy&(Jb4
zoF?KT@DH$<)@CLT5GQMw9i1I%fgw$_?_?*`hkpMasFMK9p2JJ9j#)S#TPRLOXjN_^
zVSzC*_KF$h;M+nPtOv7RnVHLbT*4~|_bf1yp9_J-26ell2GI;4aZKMF&GG1C=PYv1
zG}hOPTA!I<?1|+u=~5&b_;qMW<17PoP{O|X0W%w$=8RNN?K1PmOZ`f|y`7!ATU%XP
zPa1e_Q~&Q9{~OznYA!>CBdJ#t+tE&bbyc#iXj34G7=!BFvpoWkj(!u1wP#~k^jZ(>
zP+9=14ESyTuUc;&d@nJolUbES^vcM_c34;=cMF0v5;EZ*HVt6>Yhjv}R0Ersm>{Wj
zvauNlx$er(0R@mC(q4{(41Ill9=|d6mf!}8IchO`5_K#5e^tfjt$xe*IgfR6L*EAc
z<p2~;mp5>neLI|wbBVB*X3t!0FqL@t38lF#z#4R|f=7rT{5W@WXTS>GbMpA}oI^9f
z?{U4BKdm?F^ACgXaV&ru+;9J1ZwJ4^e4noK%OIwF@g8{Y-UWN-CBgWWD*GZKRzn~0
z%+Y-x=Z<7upt#)WikETc)lJ<vNTx$WLpoIrG$#DK3=BI{J0s}x1&atrXJ>KI(XIYZ
zx8_+V-7$b_lG3v^?I>dcjWLJE^#ou!FA(*(R%0IC+A54$v$DXhG~W{%J)WE;)#Z4&
z*&ls%d4*psUyo?XLHa!_i-Me->PQ471#q_9ohls3HYe#i{N3_l$t%dKW_}VB$N6=5
z4^n-5dt0JW9B{u8j!Pv%BwUT``l;db&Tv$e0?KhwrG9;BZZ1NgM2XZF2>_FXO#}ja
zHqQ!2va`1z9Uk879I(k0N{T<BWjV68+%?Vi{C(hmiIg*cRl@RcjmFzmx6NS8Drq#K
z1{@q5z+f<AW8=3aZ_Uv7a1>l!TuRC*|8&Ow@boHxg@*Tt0ne^_fRxf#iVi${(BI<$
zx}JbG=H;mBcHg_xrAC#I<O_wwx_R0{+_WrZX_~?%@`Nz*&EsTN(>fbM^SMtdJ*N1n
z%ayPkcNlIjk>|lw;mpj8g@py_H$91911$Q(jT--<1P0&R<7Nl|d%QVfdH1e>CwfO=
zIyoy_IF(h8oRrjSZ#*lOf<If-m-r$Nh0Ih-OH0?n#1kJMKh2F5+|d?)1lBb*eS-mR
zu-E(iIiZOxa7IE&2^*;m&k{W~DQUUgm*gp-^^IwBb8{x2gXHZ>t0&0oTwMC@_I9AZ
z-&7XtcM*C{5|)SaT4=lW^UmRn-S~IGUUPaAI1kt-w1OK;3xc#<Tuic$@eHi|w`Xf-
zySrh^99&$N8&YCM>f7}_3KC;b<mXgYqr;sY|Fc!m-J!THR9%0m-q{KR7kx=dN#`&%
zl{UJL*4C%x=F9Bt?6kBr_oLbR`g%?$<J$AJ4u4-b(})P!P~d$xt5IE4RCGncR{gC%
z=xAwja&p##o0%DX<X4ukr*W&t>x(vZb>bdGG8tgv5ek_P#U%M|H6g?PXKwE9Vvsrq
zG?5Yg-DmrEd<iv#^3|&s^(Zf1ROxMDXrU|h&<L_p_Vo6~lM@q%@d=p^#JKJquf2|l
zQxUgSS10)H?+>k37gtMVtH}(lK97j-zS^S}a9&^U4z^y{M|YOn$G05ISebwfW&klQ
zFNSl({81mj9v|DwrCM2l@H#9;h!sV@kr3nI(Kxc?l8DElmYBp{TwLg`f3o6c*fQZ<
z(`&YU^_`G_Kox>caq(HJ)z>E>F){1=cU39MxuHZR{Dp;u$d{O3@talG8yuFz9<~!_
zwGR@Q17D>k2?$Tf%q6C$H=7TRA50hLk1N_piPZF^?QRoMP(*Wio-BrD?*!wD{j92z
zRsZ-A^ANZBbn#V)zhp~<bZ78%gl+yO%A~~U>tDZkw7>NusW>?~p=|d|y5xc_-$Yy7
zl+O4{N{Wbx5D*g9uzwE(J#XM1F6z@`SCDQ9h=8GJXlPGpDF5Dw%j(hyCStakO}huS
z(#hdWnO`*7!0H?rVx+j}w9<l&nEQk$&rv=Ed7RF9r-OEB{KrE4qgfY`$Nl*R|EgDh
zeX{5jrAF8TCh`74IC;WYCO>X3*X4K)XicAnh55}J{2r<GzDUBOxeBXFV$3k5m}lDZ
zU+`8VgkEX-6$2aA^@~-VF!G?jzv2q(p(FJ>Po}7aA7o`eQV@@XVN>Li*#sMynGskL
z?<?VHTgvK@o^$$O^3N~U+i9q)<EyrGXJlqh?yWYt1Uop7jEwkhjqz6*HV1JWK8%22
z1itw4)z8m<#Rt>L#TQ4dp2bQ}x`v^D{-|Elp#R>HI!vptfj@)v$)pmENv0?zQXw3x
zJ;C9QIA`(fRG3<&a&d5%v|X_2{PU+>rl~F2=1NIPDg1BG&F^)q5vILRIPSfCF2{ok
z6^6cD{J8;P^(xyQenBu%75?jWFvSqUDG2huB#N#lN9F${fq=0L52_J7<Vqh?-xFS8
z?n735iXhC`b#8JmOn0c>lnT1;k`no2VCA#a+VPO@gT-tGQwd0u>O9YkPtBS=PRMs(
zi?)q?d!75-?7Fwu8akBN{3eD9EfF0An)PH}F-a?>k#8DGSG9ako#M3C0X=O!i&~YS
zZ*6HY+uzMZ4$VayOh7{{0&-;!sS`;?-SEVtn8!>wOneyF0)I;i&`c-+X+^{&0PL=F
zaI^C}g^WH=Q(hizie-)8!%nK%;mBbZ)HKafN4xe0&;k30avDkx$9l$=9W8V}?wN9<
zQXlt|PndBYv+DoS<>`2<Q8fBp5Hpy5ksk{&CW?aJQF^MvpfMLsF&lq?-s~ajm04Tz
zO`MQ9Z#05pvj*k3fm3_E$BGb9lg}7AE3s<h8tk?)&sWIf_<sAXMs=kGICqp8SpyCo
zpE3yjqnJp{4uZ^apq!mCDKWc!a?R(Rs8=kjzGtGGo}|uOVrAMDeGK2W^t#N9YrP_M
zO@B;FoU!h{mFp)nsQnZ<##F??YU@0JC$7U415+bBP)2jbd$LMI`kVMcACsOEds15l
zfKiXG_+L>2_p<0VGo>>e<t;TY7wUMT`^UzxS^Q9RUpIlUjyyPFQYwQg-^ITaD-7Aq
zmXno2m^~)*KGfGAD<>b1UUzz3?2M$wA08jaG&3iCsVv4LA|`%CVt!2+YPOk`oE-Wk
zuFA<w5-E=255&giE#n5Qdb7qp<yG`lEtfV8+N-kiQi7mx)A5)})64Cl{kPR`_mV%V
z9#ZdhpBm3XE<)X+Q1@aZA`Bbsy%iKNv@abT9N?pVKtO;3ziBiHyV_|M+9+Q09}uzZ
z{^B+j1~=n9xXnxLmPAh#(S-%29vcHALBmvDUcMIQvXSH|6#Cw%rF?X?Q4oD_qj{e?
zES($G_@T0vW0Vi{eBRsYxd63|Ik)acuNFFIt)3uZE8l(m7wkW25+R9bDHu07{}_7)
zlMbZ&t=^l^5>%wG0p?qvu%gm;e8Sb7@xn|@XhsB|z6^Dy?e%hSc9$X|?wj5oFKk{R
z!G8cJO_@bf`_B%h#VR@3JT?h8uxA7g#Zn8Xc|zPw$S;!9w^&<se*Bu_=vG#&qFBcb
zg&Z-Xn+>7o@uEg6%Q)16w3`;@SCD%0z}Z>t>&#l1=}2l7>7&gDY3Y#0MqH%$c(o`!
z)Q`PU;vGPv+rpIj;MX@aXQi#JzO&_e{7$t?QJ(`t^53w{=kEe^5AbgMa^Nm{X>k6q
zM_PsVTgZnfS_c0umh1f-7+|{i@tT}AglRL>^aJ#;tO}<Y7#!~Bq9SxYWmt$zWLopu
z!d7&_m%(h14?U=O?0zKEK;W_948aJ7;YT9u;$Q97;NnQP+57wZTQ5I6k3`ho+)?yj
zO4wZOjuDb;|4r{VH+oG*HY9mG8;svR)E#Vp@}9yH_NTMSp=2~dFXpnXdm}$i?2>?A
z8|{pij&7@NVz=ho4982KtFfF&UqZeu5LT+9@iDs8Mia*7_r2}!1IrS9n7v#Ivq0Vl
zOqT*$R#rwvRBjrSq<UJ)*u6Z+FABxD8Z2UlcZoPuBKzChAsd+L_|ZWvEkeKKtVdT?
zpc4>ST^eAX3a1=Bo5aCduCA`yv+)%M4IKdNY4}BjAtMh~iT%~NwY_~`T29h;tQ*)t
zFfN;+Nu6GWGXGuOM1%c8&}&{^-Yg++3=Q0ed|p!hLkg#kw<|X0_{8PthK7b--~3O%
z==To{nDM&6dS0+Hgajxke5{GSzIIEBOyEp2mm8F*Z*0sLr+iTwi(pB;nNqBj#d-F{
zgr;J|FCnPZtmaE41~+C>T>CnTwoY_6HIo#Vy_>uHSoR5)N)lL2El^Of^l)oy1d1A1
zR^8KYu_APURc!TXJ;_Wxj4tSECWROt{VyM>L-XqlS{+x&b>=RkqU<Uv-~=zND>@Ux
z;pQzcl!lbc?9!&I8yXT4@t1wJO4df$^Hkbu?(Z@s1qr{!u;wK2u1s2heBuM}r>n#N
z$;Zb>I&!$+>sK85jn}3;B}Rd*9M{cF<<iseFg|{<HE7_SA84wHg^k@Cf%4MZ%PW`j
zH7H>7(xOPzB0X<@ypk=c+G~g)0x@_B`gAurx!mC&Ug$Dr5@J|wf*2(k7wlqSEx+9!
z0QJ$-BzmeKa{2k3k8zac-0(8A%BYoinvB$P(erHe1ATczgGXUBrZ#oN-Ngldj>Tp!
zM}zsgyI%9>tKIiKWc^q{sWDey-kI{z-%d?UA^EczwGg#aX;aS%@6pEZt!K`6m59$p
zLN|5)+VT>=-TWxsBaa$3EMAkwp35bG+<3OES7(V`OLMT%8%}zje1%EHVXhs-5_BU{
z`sOsIS~KPMtlLjgOGG)*<SZjF7_8dmc-F1Tnqs++{V?Muq4Tva%8RfHv{4<?0qgG4
z7!0S^+tN$#`Gdmw<s-$iS7}mAdXS%nQkop)mo+3Jc_E{m=Z8Fwrr~5$;VG<RIW`GC
zyBH#d6FK{HJ=AUb9$I<Q&CsZ%FxwF{hVN)}76ad+@jSnosX{8Wz0ql1y0&`{W~{5<
z_Hbk~W2DBb?{LSgjDb18<wK#^x2d#~SG742HI5?;m{Mw}u#%3c?I$=h^=o%Fn$Hoy
zUVX8lij@yowEz=UZ4L!SA(0$TY-XODkf8#l)jISEL@!~&5^bxOb~daQs_#}`IZBcK
z&ikb5acW92ktnU3Mr4CFR4&HKteP>eSrGMw<1|ons9QwSM&Nxy;tZUz8EMzL$No0k
zVyDYgYU^T@C%w)|<#*<nmNrL|vil%Fw5cv?`%K*oizEq!mLd20yyI}zF*c?u+SIK<
zLqYlX-^oBR1$#J7NWhQ=c?L?#Dc~L@Y(_!fwzRD5Xp`aN{o2*>H>wC)SS+!<PRjhe
zu8YAWU$V2k9I!>a@K}Kh4$`Y?s<^6qb7JpI&xuL{jdMjEB`1zo$g#5ei%D;cRRFw1
z<o==VBKVNZ7-4!15}E+$C|^v8aE5FQ0#^Po5(&JoSO+;YjBN1KIIT%U7MgEOyxyuh
zK!~zIgH;8@uK-&wzQxD4qj0}`DfZ^}dP4n?!pVb`x&-$0gq`*J<OKJk3X1rY1D6!8
zPu|cEXofYS;ZlqJvG!#pZeK8?q#csw$^~S8K<Y>V*-D76jl7LXF2vs6P1D}*lReU^
zx%rkET&R#)pket@z8~@Xy!t14yF~PmFwkpfV7j=Y_DKEkOr7F=t?L-jp<Q+|bA4;e
zgT%#EyZ1@IqNqLJT*d2?l?wmd_4E<s*DO$7zQv?4JggfL6LTDzX6%F>7wdGkf$O%Z
z5I_KDiqRhxbX|@e`=(dE(V%Zenm8qN<nm@!I=S6|dd`5JuT&tmgPet2%^(^XwA+De
zcIoozgP!~?AsP2)>Y+WLdTTH)Rql}qee<DfwfvDk(_P5H%S|!dYk!yU<5}oIPUid)
zq0Xt`2D&><1k<3S>jz5U7dQq`1fD20fVLDF!Zj^-rJH`1DW?E4ib6UnW8@BzuB?a3
z__;+_xgl+p4hDxPX=0NOMm0tdCv9AW6+@4YuWzf5j~)?=Aw5Azz8Tl;Me$;uR;KQf
zC1$|ny}Lj8tqsTt(BB6!7ER+1LTU)33)gaSqoWi-qXD-QpZE^2k>lcLE@Y2x4+_za
zdtzjeab6<Yy&2^}o=CBn_{Dh+KI6-bZQt}{?JMD|^DMG=Y$tD^4Z1k(`ds<T>!4>M
zk&6qjH>+ZYFhnY-DBGK+J`G67h>Xp*UL7S!*nD@Nzq}E|{{v8?1cYT=U`~IIHfir3
zo{kOIYd1ehECfG+(atV!&aa!jpOgc}FTPcC#GMG^P>E5JlW%Vw&CNO4JGAV#Pn%B{
zu}3S+n_`ZLd7IU>wpLXEf#n)AuNYPXR^O;iR=n4N`uX$u9T=+``rNIa6hP57^fc2n
zG_{kn{8>fbeJ&epxZl<cC@6oYlUZ3XAlpwr&>ibwU?+!%gW;QGx1>Cg#jx`{Sam<=
zySYVcZf5T8(=Os429x!Kf-au`sa+t2E}YA+4eGek)@<85kl*axirjD(9TgSxb@3G?
z5&8BR39+7rk?0Lw@sUG?ut+17SbUvBw6C7`!_G$%ol1{Z?^Gx)bY>*BOsCbjGeA^~
zZFWU?-$da#A(>^#apm*cuQzA*-Sx96>>aw0=f5RN#)!_!N*MAJA_oV}V=T-C6%`I+
zE%mQ%rd*v&LyPOo2>RkM6JRf8(J(^Xe?i)Nm+A_FphDV`_Fms_8f_<oHbTEB7e~iX
z?K}WK4?te2dk09jy{nuhZ^LVGs`U5<g{|+hzpa;-_j0Oj2p$fso>IlJH_*u1>U+5v
zes5)ZDv?hMAN(4HdYcInl;wsZ1>;*=Yx;&uQx3~13-*Qi%xT#@VcAo+2K&+GZ8f0P
zQO^h`;b*%D2=nkXty2nvO-&K?1fRou&ueurRj8trB6c$iAU%_TNU`>#jcy`sgiRxm
z;#4bJA0emT$YLD(pm##0b*-8GED2$IFAhLY_wnu&{5nag5H3&0-ID1VwN`UNg5h^%
z@Q3wsX$w+Nu(<&ZKhkN^WA)!qgOR1{b-+3zZ4LyBm5;BlPd{~rn|HX}3~ySny$B6O
zgk>8%dz`7L#K<X2F9c)@)8(06T`8YjFRRUYnND6N_cK_fzR$``NpBba?U^5L)xA*X
zXr}{y$^g*WLCeSG*Zyk9jh=cZ<ui=vXrb?)`d_<z9E2_vD_gkAyIAN43f96dxG2Yl
zV`5{+gxp(7P8zhQ38|^;_}`t*W>p>8zGGW!$)7nK-_7PVz&dP+Dw;hKHNwryr=`o!
zJFTY1v|4a!!@jAHyx?rTL-7uk0XMt-NCC{OJnwo7LYn;JH*_&g>e_xW)4qG2FCkQ#
za|{i8ctAx94VBIA{2M|~nH2f@YhnF^nL|5yC>N?uHVq}&!aU;{k~BL)Ff2bmza<og
zwnvT{|L|~_1KsNJP0}kvw7Tewy~!8zF|yMCEFu(o19oICsU&<Uvt)*5ad)xg(vYNu
zJn%d!<5H~o)s$k^mavah%CWaiG_Dpl(dgb1qX`Vo-vJ--@u+q5K{e7D_(1fxnJkAZ
zC0IiDN5A<Y^$)KVvE2`$XgECe=TUizb(4K!yXH=_5BMVkd|vSt@5k;I7uuyfdXowx
zrRlE>M;FLt@yv0`VCf<S50GDJ0B+yXC$b=~ir66*F?OhK>z_`Wr0a>IWkcW#b|>FB
zpYsQWdHRbW2J?eiuLbJg@#+cADg0=3gM@u)(j~6ZA26YVeIi+~Lih;d*ZMedKp4t=
zC4w{0d3y)SuYlliXQr9f(kR!IT%!!r2a)>fei)~Jca#H#cG9jgMq{g!#r*})2Z3^P
z+31hyF!(5B9CLvE7_tBJYqq1DDytVb0|wWtpI$sN6*4ju(K9eIF%{7dGBNfsFs?&)
z^vy(iZGS2yB&Qm2bJZ6Ay6@}j`^3hn>}KyK?(FOYrY5r6_8iYP0_f5K<O*e9=)g_N
zY)Z<kwuFZ3RdNyI`R59~M=)u_C%8<X!OPF>VpKP^=yM12&rcsRjsO;}A$6`h5d#o$
z8JSyktW9&Q`0ad?RpP6bw6+AbzaR-bb0oO>tZ4YZ3bus+H17Bc1efkHHtRip!YG!6
zbfmxYRKo({BK8)3kt5c5O8unw>>5A|7rasal@gNtuaEd^r-mv>YJ>*#pG@8vk!l3>
z{07&-{d%v*c7f)91i|^Ay(#&~6cIT>cLT{jTI+JceaDT5!s)pF$iFlV0$?CGn;76!
z6`BVA>;XLR_yxaS2J-JNivI^GDRlY@f^N1<XY7#;NWlHM;ASHJxdPD5%>MI^`F}Wx
zI`I5Jef>-g$Hd`o{-t;ig5QS{^8bM+Gyd1=AMi%;m99$I!2=kDbKLaNatkC1#L+NP
z{l{<q5B&Tal?mWY#0Ab7!u%B|YT}>tFWKEUfuanjNT`7%jS}&FURw_b;G_>R@1>(@
zDDo{`d8sF^ra&x#@Y$1+wLgoCKCsRHkyJLrHv{PKeUs}R4qHwILHJ(HBlW@+=rMNS
z>(_Cd(E4ak7+9E}iqnKv-9|mArvRl)z6K+apq#P)9hQrF#>{^O$c+6Xj2~DO6{<6c
z$~fM3+s>!JTQD#yDtuFn(#%Mr%_I^vQE!_m&<&M;sqK4z{zJLAH}uTb2}lJ$A9g}l
zj({ub0NB>tD(q+urgv^WumlP?dEaCDjcp7JY)wGUK>;F=ZX`xSHXX-c`UmuLg2xGp
z`aMW5T<Ox%a`*Q34)rhFo}d4dMq<KlQT)}qu&|KdX{D#W6<A+g1E$#nuBjbC-#d=N
zm0`hYr+2*v9U;BzK=1+Lx@=t#<o@byVwNSxNp}-Yasnl)m=5*K9;7=LI6SodRjN?S
zX$Du*;gcDBl`Fw$cL9&Loj||rYN_CpR-Hskh--^2&W3eC$?hjV*VVvIFRRI4>8|Ow
zCWhe(@;Jx`IWc6@Ah5WYpYz#FBjgDh*Jdnnm63Hje5@HboX*V@>P$4hgJ83koqDn2
zNt^&1l5sQy?4Qq?AZPWBs}EJw4m$qtc;Y-{1h`7pGE!mfp2PxU&q+3MWF(s=T4ESe
zfQIfXew(ey+Ym<_i(1&y;13uYb-(@BHbE9|8WF}o7`F@<IEDcc*#M%e7c}4Ul@@O@
z342ymrRhz%+T7pS8HHDsr3lCy3Lc576_q8GmG9WuS$a_m#{30FBYTlWN+>@EB|0Zg
zHP;~<EHt||Ho-Un$cfdNU(Nw&%=9{^JOeqIv6dtAPK+~+N+nutEMliw6)EwNe~&)k
zNyEOVw7Swo`GMUv5uBdL!#qbCd;qkbv8FK|t=R|RIA}gFd!f;s0!uLH1bPne!qpk7
zqp77iGy8p9u*GNWFsL>vEbLJVO?{Iv(eCKb&eryj;&Afy@5k`RnZx0rx)-rG*pZyR
zji@Nb);1D~-WJ};Ev1z|lq<BQmU-)W_u;D#j@S%;F4eL3LGD&DN!Uy6%F0Sv?2eA`
zeoEt@@fE^=34_i@7(MRb6i|+0Bi18?l=)Y7i%9fs?e$95pw@Jr7T!bg(7WO^T#uYA
z3gf&C^8AeS+x8bFAM4nl>(jb3$2G#3>yN-q#P!7A*q0p^JUIXwyc?-HTBQ_6wKxNv
zkJFtC)hmF^QmiP93f$z&(`Yy{F%}sS@p}wppaW(<1RIsHy&ZSYcy>8I{S%=I@ESA}
ze4-LePSjXa_1zsk*x&zo{9S|@#LmB`J3Cph{Wm(5ydAl%@$uN!-d-TdTh2%${Tpej
z%elA~Zwta8uj~v+2A1SB8gai0@hi+|(Ydi{A??kHNFM^FrGE1%p=+sr5T5SUs!P=5
z&g<YdpJ@B7kx77|1vKv&aBo4by+^+W?E+%_QP-fr>$qlb2PtTG((fC)lu>Zov+8Wk
z{?A+ou>is1ukY{uU=0-pmJp%4^%{G3qxauu+z;EP^#B<B?JjTDu=A`>On(;<5iM5E
z^eAfL5PV}fl1h=a$0nBOYkPW3mf5k~V6tksmfN)+!BO?)3;PQH!wJUXZb!F!mcjX|
zv)E&_MG##E@)1bsreiJR+po~T^it4^3;l)rd1P)NZb7w^4L169v=(UPyh=XUVAG2Y
z>?ct%Y-xSBy*<JA8t11q=6ma}Wla~*g(v&EI0iXD#l{f8MoXaMb958-V6|JAD(wCd
zm<>ZT;A;*W=&Sc!zPq{8Z}lGBDH^dq0BgDIsGmG0AAP>UAfS^>DPQn<T3wl8!`z%w
zS65GL6K#aT*2H4sqIBD=B^*t)PHTckmbJtCWS)=MVKcqLxjO@~N{%ecv;Jy^+FJRQ
zi5_R)cAKssF%M@CUJR7Hq_NbF3aZez=gAXO<wp<Q*}-yJN^uyht@W%tR!jIdhXr|!
ze6O*D=bm*m+E=(0I-@4;gk3j04K!9gV&jD79)kr*0S(P#ZsknL0Tj5pzI6l3`2)ZT
z&UebR4clkQ*LPs8ppK(PCi|t`8<^>n<4SYQwB3<Tc0e-k%+9Nw<e67{6s4&XV2{hb
zgOJ~%l~l$$`WgJq?{ToM)9XzF0$c*GlA7b+_-dEC4ZSZH4WO~<M{Ugg=}+ATz~0R%
zF(hm49kI~fou=OoEkE~6Wss8tIaHOvdwew2MzO?&Av!JIw`ockVO2}lA)W4`Zr8Tq
zDzk;6Rt5wtnU-On&IDF}`glHFhPVn(WA;Xm1JJy4>i3bWo~MgoAr(z1cRg2N-0l^`
z6bGJw8yP`={7So_n4K|hG6ZYg@8JT~WBj?*G<#S5(b}z*9tNGKe<pj6_#DL0Zgi6Q
zdH$Zdd4g+(-}BI0=f|z>q!d+9=r9gQv%0$Iwc2cjL%tJ}ygq4h^bd%C?CaKS90Naw
zhlhuRzPNv?Fl;ncaqdEGoN=URAWGKK)=7lrWUFv%o;~;sQhPh!oyH%xt-W7-tQbNp
zZ6+&soSHL1rK4q%4WLYDd{-)db2L^8EW>6t67D<;yeV1NymDze+H5Ly7B$zTT9tJi
zg|(@^ubdk(jRHCLdK(c~Goa}o>IuDF*ABn~XiFc^jfAHcM6YrxewJ3M=_I9OiE0>X
zuH~}5e=m}ju4kl^>dw4ir4!L|VfLZFxpesQ@N&wWNtuY4gd{0NYgUt(WJgCcB{hkd
z`okwv@3*zDUM1`N92rr-h>DI@n0S?%Tw+&N>#DN1yGtpS6sd>eL3gtFX3XUV#I%(>
z^yZB13c4phGK<F4Dbx!!;Lg9lTP;^_yx9}zSANOj0{ZNtHn8&ojm_V?z-8-47&h9W
z6ehcmRY|9aYA0)<rOxRKKm*$#&e-Ru%zozDD_mecUi=ZFU{1ZhRY5*gC6n7$+NM8-
zy7!q%&%nSy%ScaOT~*VgGOtDE6MXzBw*Vvl)UM-f%hNZ~&@<A~(x|Acs2KRwQ540H
zr&Cg@Zk`z&OYW|OJqvZe;XQs5$62Nj`UOkuys&ArRnN6m@5;RL2WOI8W8Zp<0Wx2V
zpqQ2nu;Vff<<<%1m*Y7EewLrbSChKh;(|Vd(0^wUIa^*<ib&Hw2SUbWC0;=Gd~|Q*
zk#dk?`q{o*10q;PQcBooZy7@bt6_R1U8fKJDWw_sw<ia_9fD~3N@h8GxcQJim1uQ;
zqPz^E(hQ=a3`!vcKK!8`5h~N!AM0|1`vh=5l;xC(0ayzKkfqt%o_Oi(QJx7goRH&-
z?0ZruW`Uq2d21wd{J`1kqP8Hh7iZ%oU56@<R-Co4ekgz+08kSe!}fsZvIcV;n1$$<
zFAh@zh2`an`#^WFZ&k-l=9$W^rhfzY=I!tGGxkhDn&3D6;zMy2q|eiZtgg7uc-4$Q
zP_%au!?xMc1~3FLJlxg{zddBFvAWd4pgFNr;j(S_P~gWJKs|ZYX=3(FJ^h$E#%J@L
z>--M5JA<8oV4J=WXMc-D$C<%au<5a>;>y)<lIWUOjY*u@S!oHu&#>5ud=u~H&i9ua
z^U_gwoPB>+*3!shFt1NkdO99%V}_LL(r#&1n9h*q_a~NRA08kwi6zCw#nJYP>0U4$
zE8iz}$jzw=Yy%u{x!Vc7kM#_=9H<h2&)17}0X~6k<xn93$khNlnG@`>3U+rCox*C>
z6KV)<fqB3DWIo}1q9`+6k;!jRY3yKQ<7i{EX&B!mBz}asXK^z3!^ZTNp+nD2izk3M
zofQjbx!wmkq;=KA(tLc_I^(;xVyIIfQ)J+l89*xGrN8<+cC@fDrZI$mXrj?0uv?-s
z&hbcnaRrIsjHOiXLnMszA$yO=TiZRbQ8WLEdT^fdo{+}aPWA%M+a+RN={9n<z<D^j
zS-JSXWaIy(1HDHO`Za(7UPxo?5dg$N0AL#(27@nxszKD?NA()97K2lLxbeTq!+(UI
zs~jerQuhRmqVBvwH)}(1L2i^i08jJ;bNx$P@GMmTeqjsfl~@o>gbNzv?X^?N_1d4=
z8lFvh14@p>m6t)J{OC3Y+Om7Ec%7jJiV3i))g$Pit8cz$9kS}HvweQ>jEl^G;Hr^f
z$5H;Rm(x;UMoLvPj1yK@*<H?^&az0gYt-g)t8M@@xePl$#xZewef)@(gOP-zvT2@3
z@AVF?RjjudsjxTkex4rDqSOeDqXoyqKYInS%>-T*=Z=80?~EE4?NB&(dUtJJIdS@u
z13JQw`uq29#)y|2A0MrZ5G3#jk@apouGt6Y`$j}skx7l<SAJbbpgP(@$62rW&wsE{
zj+G}uuQ0R5iO`qg&(%j)x@a72!CW(y$p2x8Q%I&AO961tQi#a$)PXJdid+Qw56aS&
Ik|sg_0|R)zu>b%7


From 9afd0546d289f9ca4d0a5fe53e54e5f295bf7d63 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Wed, 5 Jul 2017 15:46:16 -0700
Subject: [PATCH 40/49] fix pub date

---
 store-for-business/add-profile-to-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 45c892d672..1fb8b493b6 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -7,7 +7,7 @@ ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
 ms.author: TrudyHa
-ms.date: 06/26/2107
+ms.date: 07/05/2107
 localizationpriority: high
 ---
 

From fc7133f8fc4ec338985c442f810c5c186c86a573 Mon Sep 17 00:00:00 2001
From: Iaan D'Souza-Wiltshire <iaan.wiltshire@microsoft.com>
Date: Wed, 5 Jul 2017 19:26:59 -0700
Subject: [PATCH 41/49] wdav server into client changes

---
 windows/threat-protection/TOC.md              |   39 +-
 ...e-exclusions-windows-defender-antivirus.md |    7 +-
 ...e-exclusions-windows-defender-antivirus.md |    3 +
 ...e-exclusions-windows-defender-antivirus.md |    3 +
 ...r-exclusions-windows-defender-antivirus.md |  329 ++-
 ...troubleshoot-windows-defender-antivirus.md | 2166 ++++++++---------
 ...indows-defender-antivirus-compatibility.md |    2 +
 ...indows-defender-antivirus-in-windows-10.md |   22 +-
 ...fender-antivirus-on-windows-server-2016.md |  119 +-
 9 files changed, 1513 insertions(+), 1177 deletions(-)

diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
index 9714c77347..0e0d0232d6 100644
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@@ -82,9 +82,15 @@
 
 ##	[Windows Defender Antivirus in Windows 10](windows-defender-antivirus\windows-defender-antivirus-in-windows-10.md)
 ### [Windows Defender AV in the Windows Defender Security Center app](windows-defender-antivirus\windows-defender-security-center-antivirus.md)
-### [Windows Defender Antivirus on Windows Server](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
-### [Windows Defender Antivirus and Advanced Threat Protection: Better together](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+
+### [Windows Defender AV on Windows Server 2016](windows-defender-antivirus\windows-defender-antivirus-on-windows-server-2016.md)
+
+### [Windows Defender Antivirus compatibility](windows-defender-antivirus\windows-defender-antivirus-compatibility.md)
+
+
 ### [Evaluate Windows Defender Antivirus protection](windows-defender-antivirus\evaluate-windows-defender-antivirus.md)
+
+
 ### [Deploy, manage updates, and report on Windows Defender Antivirus](windows-defender-antivirus\deploy-manage-report-windows-defender-antivirus.md)
 #### [Deploy and enable Windows Defender Antivirus](windows-defender-antivirus\deploy-windows-defender-antivirus.md)
 ##### [Deployment guide for VDI environments](windows-defender-antivirus\deployment-vdi-windows-defender-antivirus.md)
@@ -95,6 +101,8 @@
 ##### [Manage updates for endpoints that are out of date](windows-defender-antivirus\manage-outdated-endpoints-windows-defender-antivirus.md)
 ##### [Manage event-based forced updates](windows-defender-antivirus\manage-event-based-updates-windows-defender-antivirus.md)
 ##### [Manage updates for mobile devices and VMs](windows-defender-antivirus\manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
+
+
 ### [Configure Windows Defender Antivirus features](windows-defender-antivirus\configure-windows-defender-antivirus-features.md)
 #### [Utilize Microsoft cloud-delivered protection](windows-defender-antivirus\utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 ##### [Enable cloud-delivered protection](windows-defender-antivirus\enable-cloud-protection-windows-defender-antivirus.md)
@@ -109,6 +117,8 @@
 ##### [Configure the notifications that appear on endpoints](windows-defender-antivirus\configure-notifications-windows-defender-antivirus.md)
 ##### [Prevent users from seeing or interacting with the user interface](windows-defender-antivirus\prevent-end-user-interaction-windows-defender-antivirus.md)
 ##### [Prevent or allow users to locally modify policy settings](windows-defender-antivirus\configure-local-policy-overrides-windows-defender-antivirus.md)
+
+
 ### [Customize, initiate, and review the results of scans and remediation](windows-defender-antivirus\customize-run-review-remediate-scans-windows-defender-antivirus.md)
 #### [Configure and validate exclusions in Windows Defender AV scans](windows-defender-antivirus\configure-exclusions-windows-defender-antivirus.md)
 ##### [Configure and validate exclusions based on file name, extension, and folder location](windows-defender-antivirus\configure-extension-file-exclusions-windows-defender-antivirus.md)
@@ -120,24 +130,28 @@
 #### [Configure and run scans](windows-defender-antivirus\run-scan-windows-defender-antivirus.md)
 #### [Review scan results](windows-defender-antivirus\review-scan-results-windows-defender-antivirus.md)
 #### [Run and review the results of a Windows Defender Offline scan](windows-defender-antivirus\windows-defender-offline.md)
+
+
 ### [Review event logs and error codes to troubleshoot issues](windows-defender-antivirus\troubleshoot-windows-defender-antivirus.md)
+
+
+
 ### [Reference topics for management and configuration tools](windows-defender-antivirus\configuration-management-reference-windows-defender-antivirus.md)
 #### [Use Group Policy settings to configure and manage Windows Defender AV](windows-defender-antivirus\use-group-policy-windows-defender-antivirus.md)
 #### [Use System Center Configuration Manager and Microsoft Intune to configure and manage Windows Defender AV](windows-defender-antivirus\use-intune-config-manager-windows-defender-antivirus.md)
 #### [Use PowerShell cmdlets to configure and manage Windows Defender AV](windows-defender-antivirus\use-powershell-cmdlets-windows-defender-antivirus.md)
 #### [Use Windows Management Instrumentation (WMI) to configure and manage Windows Defender AV](windows-defender-antivirus\use-wmi-windows-defender-antivirus.md)
 #### [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender AV](windows-defender-antivirus\command-line-arguments-windows-defender-antivirus.md)
+
 ## [Windows Defender SmartScreen](windows-defender-smartscreen\windows-defender-smartscreen-overview.md)
 ### [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen\windows-defender-smartscreen-available-settings.md)
 ### [Set up and use Windows Defender SmartScreen on individual devices](windows-defender-smartscreen\windows-defender-smartscreen-set-individual-device.md)
+
 ## [Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection\protect-enterprise-data-using-wip.md)
 ### [Create a Windows Information Protection (WIP) policy](windows-information-protection\overview-create-wip-policy.md)
-#### [Create a Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
-##### [Deploy your Windows Information Protection (WIP) policy using the classic console for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune.md)
-##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the classic console for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
-#### [Create a Windows Information Protection (WIP) with enrollment policy using the Azure portal for Microsoft Intune](windows-information-protection\create-wip-policy-using-intune-azure.md)
-##### [Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](windows-information-protection\deploy-wip-policy-using-intune-azure.md)
-##### [Associate and deploy a VPN policy for Windows Information Protection (WIP) using the Azure portal for Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune-azure.md)
+#### [Create a Windows Information Protection (WIP) policy using Microsoft Intune](windows-information-protection\create-wip-policy-using-intune.md)
+##### [Deploy your Windows Information Protection (WIP) policy](windows-information-protection\deploy-wip-policy-using-intune.md)
+##### [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](windows-information-protection\create-vpn-and-wip-policy-using-intune.md)
 #### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](windows-information-protection\create-wip-policy-using-sccm.md)
 #### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](windows-information-protection\create-and-verify-an-efs-dra-certificate.md)
 #### [Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](windows-information-protection\wip-app-enterprise-context.md)
@@ -150,10 +164,13 @@
 #### [Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)](windows-information-protection\app-behavior-with-wip.md)
 #### [Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)](windows-information-protection\recommended-network-definitions-for-wip.md)
 #### [Using Outlook Web Access with Windows Information Protection (WIP)](windows-information-protection\using-owa-with-wip.md)
+
 ## [Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md)
+
 ## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
-## [How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md)
-## [Secure the windows 10 boot process](secure-the-windows-10-boot-process.md)
+
 ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
+
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-## [Change history for Threat Protection](change-history-for-threat-protection.md)
\ No newline at end of file
+
+## [Change history for Threat Protection](change-history-for-threat-protection.md)
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
index db1498b7bd..eaaccf94c2 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
@@ -10,14 +10,17 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
-# Configure and validate file, folder, and process-opened file exclusions in Windows Defender AV scans
+# Configure and validate exclusions for Windows Defender AV scans (client)
 
 
 **Applies to:**
 
 - Windows 10
+- Windows Server 2016
 
 **Audience**
 
@@ -39,6 +42,8 @@ The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defen
 
 Exclusions can be useful to avoid incorrect detections on files or software that are unique or customized to your organization.
 
+Windows Server 2016 also features automatic exclusions that are defined by the server roles you enable. See the [Windows Defender AV exclusions on Windows Server 2016](configure-server-exclusions-windows-defender-antivirus.md) topic for more information and a list of the automatic exclusions.
+
 >[!WARNING]
 >Defining exclusions lowers the protection offered by Windows Defender AV. You should always evaluate the risks that are associated with implementing exclusions, and you should only exclude files that you are confident are not malicious.
 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
index 3d78deccde..193a5043bf 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 # Configure and validate exclusions based on file extension and folder location
@@ -18,6 +20,7 @@ author: iaanw
 **Applies to:**
 
 - Windows 10
+- Windows Server 2016
 
 **Audience**
 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
index 50dbbe12a6..7e45146ca4 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 # Configure exclusions for files opened by processes
@@ -17,6 +19,7 @@ author: iaanw
 **Applies to:**
 
 - Windows 10
+- Windows Server 2016
 
 **Audience**
 
diff --git a/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
index c293dd3358..6302c7bd01 100644
--- a/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
@@ -10,9 +10,11 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
-# Configure exclusions in Windows Defender AV on Windows Server 2016
+# Configure exclusions in Windows Defender AV on Windows Server
 
 
 **Applies to:**
@@ -30,14 +32,28 @@ author: iaanw
 - PowerShell
 - Windows Management Instrumentation (WMI)
 
-If you are using Windows Defender Antivirus to protect Windows Server 2016 machines, you are [automatically enrolled in certain exclusions](https://technet.microsoft.com/en-us/windows-server-docs/security/windows-defender/automatic-exclusions-for-windows-defender), as defined by your specified Windows Server Role.
+If you are using Windows Defender Antivirus to protect Windows Server 2016 machines, you are automatically enrolled in certain exclusions, as defined by your specified Windows Server Role. A list of these exclusions is provided at [the end of this topic](#list-of-automatic-exclusions).
 
 These exclusions will not appear in the standard exclusion lists shown in the [Windows Defender Security Center app](windows-defender-security-center-antivirus.md#exclusions).
 
-You can still add or remove custom exclusions (in addition to the Server Role-defined auto exclusions) as described in the other exclusion-related topics:
+You can still add or remove custom exclusions (in addition to the Server Role-defined automatic exclusions) as described in the other exclusion-related topics:
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 
+Custom exclusions take precedence over the automatic exclusions.
+
+> [!TIP]
+> Custom and duplicate exclusions do not conflict with automatic exclusions.
+
+Windows Defender AV uses the Deployment Image Servicing and Management (DSIM) tools to determine which roles are installed on your computer.
+
+
+## Opt out of automatic exclusions
+
+In Windows Server 2016 the predefined exclusions delivered by definition updates only exclude the default paths for a role or feature. If you installed a role or feature in a custom path, or you want to manually control the set of exclusions, you need to opt-out of the automatic exclusions delivered in definition updates.
+
+> [!WARNING]
+> Opting out of automatic exclusions may adversely impact performance, or result in data corruption. The exclusions that are delivered automatically are optimized for Windows Server 2016 roles.
 
 You can disable the auto-exclusions lists with Group Policy, PowerShell cmdlets, and WMI.
 
@@ -58,7 +74,7 @@ You can disable the auto-exclusions lists with Group Policy, PowerShell cmdlets,
 Use the following cmdlets:
 
 ```PowerShell
-Set-MpPreference -DisableAutoExclusions
+Set-MpPreference -DisableAutoExclusions $true
 ```
 
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
@@ -75,9 +91,312 @@ See the following for more information and allowed parameters:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/dn439477(v=vs.85).aspx)
 
 
+
+
+
+## List of automatic exclusions
+The following sections contain the exclusions that are delivered with automatic exclusions file paths and file types.
+
+### Default exclusions for all roles
+This section lists the default exclusions for all Windows Server 2016 roles.
+
+-   Windows "temp.edb" files:
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\tmp.edb
+
+    -   *%ProgramData%*\Microsoft\Search\Data\Applications\Windows\\*\\\*.log
+
+-   Windows Update files or Automatic Update files:
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\Datastore.edb
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\edb.chk
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\edb\*.log
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\Edb\*.jrs
+
+    -   *%windir%*\SoftwareDistribution\Datastore\\*\Res\*.log
+
+-   Windows Security files:
+
+    -   *%windir%*\Security\database\\*.chk
+
+    -   *%windir%*\Security\database\\*.edb
+
+    -   *%windir%*\Security\database\\*.jrs
+
+    -   *%windir%*\Security\database\\*.log
+
+    -   *%windir%*\Security\database\\*.sdb
+
+-   Group Policy files:
+
+    -   *%allusersprofile%*\NTUser.pol
+
+    -   *%SystemRoot%*\System32\GroupPolicy\Machine\registry.pol
+
+    -   *%SystemRoot%*\System32\GroupPolicy\User\registry.pol
+
+-   WINS files:
+
+    -   *%systemroot%*\System32\Wins\\*\\\*.chk
+
+    -   *%systemroot%*\System32\Wins\\*\\\*.log
+
+    -   *%systemroot%*\System32\Wins\\*\\\*.mdb
+
+    -   *%systemroot%*\System32\LogFiles\
+
+    -   *%systemroot%*\SysWow64\LogFiles\
+
+-   File Replication Service (FRS) exclusions:
+
+    -   Files in the File Replication Service (FRS) working folder. The FRS working folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory`
+
+        -   *%windir%*\Ntfrs\jet\sys\\*\edb.chk
+
+        -   *%windir%*\Ntfrs\jet\\*\Ntfrs.jdb
+
+        -   *%windir%*\Ntfrs\jet\log\\*\\\*.log
+
+    -   FRS Database log files. The FRS Database log file folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory`
+
+        -   *%windir%*\Ntfrs\\*\Edb\*.log
+
+    -   The FRS staging folder. The staging folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage`
+
+        -   *%systemroot%*\Sysvol\\*\Nntfrs_cmp\*\
+
+    -   The FRS preinstall folder. This folder is specified by the folder `Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory`
+
+        -   *%systemroot%*\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\\*\Ntfrs\*\
+
+    -   The Distributed File System Replication (DFSR) database and working folders. These folders are specified by the registry key `HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File`
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_normal$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\FileIDTable_*
+
+        -   *%systemdrive%*\System Volume Information\DFSR\SimilarityTable_*
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\*.XML
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_dirty$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_clean$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\$db_lostl$
+
+        -   *%systemdrive%*\System Volume Information\DFSR\Dfsr.db
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\*.frx
+
+        -   *%systemdrive%*\System Volume Information\DFSR\\*.log
+
+        -   *%systemdrive%*\System Volume Information\DFSR\Fsr*.jrs
+
+        -   *%systemdrive%*\System Volume Information\DFSR\Tmp.edb
+
+-   Process exclusions
+
+    -   *%systemroot%*\System32\dfsr.exe
+
+    -   *%systemroot%*\System32\dfsrs.exe
+
+-   Hyper-V exclusions:
+
+    -   This section lists the file type exclusions, folder exclusions, and process exclusions that are delivered automatically when you install the Hyper-V role
+
+        -   File type exclusions:
+
+            -   *.vhd
+
+            -   *.vhdx
+
+            -   *.avhd
+
+            -   *.avhdx
+
+            -   *.vsv
+
+            -   *.iso
+
+            -   *.rct
+
+            -   *.vmcx
+
+            -   *.vmrs
+
+        -   Folder exclusions:
+
+            -   *%ProgramData%*\Microsoft\Windows\Hyper-V
+
+            -   *%ProgramFiles%*\Hyper-V
+
+            -   *%SystemDrive%*\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
+
+            -   *%Public%*\Documents\Hyper-V\Virtual Hard Disks
+
+        -   Process exclusions:
+
+            -   *%systemroot%*\System32\Vmms.exe
+
+            -   *%systemroot%*\System32\Vmwp.exe
+
+-   SYSVOL files:
+
+    -   *%systemroot%*\Sysvol\Domain\\*.adm
+
+    -   *%systemroot%*\Sysvol\Domain\\*.admx
+
+    -   *%systemroot%*\Sysvol\Domain\\*.adml
+
+    -   *%systemroot%*\Sysvol\Domain\Registry.pol
+
+    -   *%systemroot%*\Sysvol\Domain\\*.aas
+
+    -   *%systemroot%*\Sysvol\Domain\\*.inf
+
+    -   *%systemroot%*\Sysvol\Domain\\*.Scripts.ini
+
+    -   *%systemroot%*\Sysvol\Domain\\*.ins
+
+    -   *%systemroot%*\Sysvol\Domain\Oscfilter.ini
+
+### Active Directory exclusions
+This section lists the exclusions that are delivered automatically when you install Active Directory Domain Services.
+
+-   NTDS database files. The database files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File`
+
+    -   %windir%\Ntds\ntds.dit
+
+    -   %windir%\Ntds\ntds.pat
+
+-   The AD DS transaction log files. The transaction log files are specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files`
+
+    -   %windir%\Ntds\EDB*.log
+
+    -   %windir%\Ntds\Res*.log
+
+    -   %windir%\Ntds\Edb*.jrs
+
+    -   %windir%\Ntds\Ntds*.pat
+
+    -   %windir%\Ntds\EDB*.log
+
+    -   %windir%\Ntds\TEMP.edb
+
+-   The NTDS working folder. This folder is specified in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory`
+
+    -   %windir%\Ntds\Temp.edb
+
+    -   %windir%\Ntds\Edb.chk
+
+-   Process exclusions for AD DS and AD DS-related support files:
+
+    -   %systemroot%\System32\ntfrs.exe
+
+    -   %systemroot%\System32\lsass.exe
+
+### DHCP Server exclusions
+This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the *DatabasePath*, *DhcpLogFilePath*, and *BackupDatabasePath* parameters in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters`
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.mdb
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.pat
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.log
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.chk
+
+-   *%systemroot%*\System32\DHCP\\*\\\*.edb
+
+### DNS Server exclusions
+This section lists the file and folder exclusions and the process exclusions that are delivered automatically when you install the DNS Server role.
+
+-   File and folder exclusions for the DNS Server role:
+
+    -   *%systemroot%*\System32\Dns\\*\\\*.log
+
+    -   *%systemroot%*\System32\Dns\\*\\\*.dns
+
+    -   *%systemroot%*\System32\Dns\\*\\\*.scc
+
+    -   *%systemroot%*\System32\Dns\\*\BOOT
+
+-   Process exclusions for the DNS Server role:
+
+    -   *%systemroot%*\System32\dns.exe
+
+    
+
+### File and Storage Services exclusions
+This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role.
+
+-   *%SystemDrive%*\ClusterStorage
+
+-   *%clusterserviceaccount%*\Local Settings\Temp
+
+-   *%SystemDrive%*\mscs
+
+### Print Server exclusions
+This section lists the file type exclusions, folder exclusions, and the process exclusions that are delivered automatically when you install the Print Server role.
+
+-   File type exclusions:
+
+    -   *.shd
+
+    -   *.spl
+
+-   Folder exclusions. This folder is specified in the registry key `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Printers\DefaultSpoolDirectory`
+
+    -   *%system32%*\spool\printers\\*
+
+-   Process exclusions:
+
+    -   spoolsv.exe
+
+### Web Server exclusions
+This section lists the folder exclusions and the process exclusions that are delivered automatically when you install the Web Server role.
+
+-   Folder exclusions:
+
+    -   *%SystemRoot%*\IIS Temporary Compressed Files
+
+    -   *%SystemDrive%*\inetpub\temp\IIS Temporary Compressed Files
+
+    -   *%SystemDrive%*\inetpub\temp\ASP Compiled Templates
+
+    -   *%systemDrive%*\inetpub\logs
+
+    -   *%systemDrive%*\inetpub\wwwroot
+
+-   Process exclusions:
+
+    -   *%SystemRoot%*\system32\inetsrv\w3wp.exe
+
+    -   *%SystemRoot%*\SysWOW64\inetsrv\w3wp.exe
+
+    -   *%SystemDrive%*\PHP5433\php-cgi.exe
+
+### Windows Server Update Services exclusions
+This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup`
+
+-   *%systemroot%*\WSUS\WSUSContent
+
+-   *%systemroot%*\WSUS\UpdateServicesDBFiles
+
+-   *%systemroot%*\SoftwareDistribution\Datastore
+
+-   *%systemroot%*\SoftwareDistribution\Download
+
+
+
+
 ## Related topics
 
-- [Configure and validate exclusions in Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
+- [Configure and validate exclusions for Windows Defender AV scans](configure-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions for files opened by processes](configure-process-opened-file-exclusions-windows-defender-antivirus.md)
 - [Customize, initiate, and review the results of Windows Defender AV scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
diff --git a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
index 4e7c275117..ed872bc01d 100644
--- a/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 # Review event logs and error codes to troubleshoot issues with Windows Defender AV
@@ -17,6 +19,7 @@ author: iaanw
 
 **Applies to**
 -   Windows 10
+-   Windows Server 2016
 
 **Audience**
 
@@ -27,55 +30,58 @@ If you encounter a problem with Windows Defender Antivirus, you can search the t
 
 The tables list:
 
-- [Windows Defender AV client event IDs](#windows-defender-av-ids)
+- [Windows Defender AV event IDs](#windows-defender-av-ids) (these apply to both Windows 10 and Windows Server 2016)
 - [Windows Defender AV client error codes](#error-codes)
 - [Internal Windows Defender AV client error codes (used by Microsoft during development and testing)](#internal-error-codes)
 
 
 <a id="windows-defender-av-ids"></a>
-## Windows Defender AV client event IDs
+## Windows Defender AV event IDs
 
 Windows Defender AV records event IDs in the Windows event log.
 
 You can directly view the event log, or if you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client event IDs](troubleshoot-windows-defender-antivirus.md#windows-defender-av-ids) to review specific events and errors from your endpoints.
 
-The table in this section lists the main Windows Defender Antivirus client event IDs and, where possible, provides suggested solutions to fix or resolve the error. 
+The table in this section lists the main Windows Defender AV event IDs and, where possible, provides suggested solutions to fix or resolve the error. 
 
-**To view a Windows Defender client event**
+**To view a Windows Defender AV event**
 
 1.  Open **Event Viewer**.
-2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**.
+2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender Antivirus**.
 3.  Double-click on **Operational**.
 4.  In the details pane, view the list of individual events to find your event.
 5.  Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs.
 
 
 
-<table>
+
+<style type='text/css'> table.oridealign td,th { vertical-align: top; text-align: left; } </style>
+ <table class="oridealign"> 
+<tr>
+<th colspan="2" >Event ID: 1000</th>
+</tr>
 <tr>
-<th rowspan="3">Event ID: 1000</th>
 <td>
-<p>Symbolic name:</p>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_STARTED</b></p>
+<td>
+<b>MALWAREPROTECTION_SCAN_STARTED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan started.
-</b></p>
+<td >
+<b>An antimalware scan started.
+</b>
 </td>
 </tr>
 <tr>
-<td>
-<p>Description:</p>
+<td >
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -93,32 +99,31 @@ The table in this section lists the main Windows Defender Antivirus client event
 <dt>Scan Resources: &lt;Resources (such as files/directories/BHO) that were scanned.&gt;</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1001</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1001</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_COMPLETED</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_COMPLETED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan finished.</b></p>
+<td >
+<b>An antimalware scan finished.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -136,34 +141,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 <dt>Scan Time: &lt;The duration of a scan.&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1002</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1002</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_CANCELLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_CANCELLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan was stopped before it finished.
-</b></p>
+<td >
+<b>An antimalware scan was stopped before it finished.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -181,34 +185,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 <dt>User: &lt;Domain&gt;\&lt;User&gt;</dt>
 <dt>Scan Time: &lt;The duration of a scan.&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1003</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1003</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_PAUSED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_PAUSED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan was paused.
-</b></p>
+<td >
+<b>An antimalware scan was paused.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -225,34 +228,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 </dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1004</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1004</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_RESUMED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_RESUMED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan was resumed.
-</b></p>
+<td >
+<b>An antimalware scan was resumed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -269,34 +271,33 @@ The table in this section lists the main Windows Defender Antivirus client event
 </dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1005</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1005</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SCAN_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SCAN_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>An antimalware scan failed. 
-</b></p>
+<td >
+<b>An antimalware scan failed. 
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
+<td >
 <dl>
 <dt>Scan ID: &lt;ID number of the relevant scan.&gt;</dt>
 <dt>Scan Type: &lt;Scan type&gt;, for example:<ul>
@@ -317,52 +318,49 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error.
-</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client encountered an error, and the current scan has stopped. The scan might fail due to a client-side issue. This event record includes the scan ID, type of scan (antivirus, antispyware, antimalware), scan parameters, the user that started the scan, the error code, and a description of the error.
+To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
 <li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1006</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1006</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_DETECTED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_DETECTED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine found malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware engine found malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>For more information please see the following:</p>
+<td >
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -408,35 +406,34 @@ UAC</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_ACTION_TAKEN
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_ACTION_TAKEN
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:</p>
+<td >
+Windows Defender has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:
 <dl>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 <dt>Name: &lt;Threat name&gt;</dt>
@@ -463,33 +460,32 @@ UAC</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1008</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1008</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_ACTION_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_ACTION_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.</b></p>
+<td >
+<b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:</p>
+<td >
+Windows Defender has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:
 <dl>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 <dt>Name: &lt;Threat name&gt;</dt>
@@ -521,35 +517,34 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1009</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1009</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_RESTORE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_RESTORE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform restored an item from quarantine.
-</b></p>
+<td >
+<b>The antimalware platform restored an item from quarantine.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has restored an item from quarantine. For more information please see the following:</p>
+<td >
+Windows Defender has restored an item from quarantine. For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -566,35 +561,34 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1010</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1010</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_RESTORE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_RESTORE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform could not restore an item from quarantine.
-</b></p>
+<td >
+<b>The antimalware platform could not restore an item from quarantine.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to restore an item from quarantine. For more information please see the following:</p>
+<td >
+Windows Defender has encountered an error trying to restore an item from quarantine. For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -615,35 +609,34 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1011</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1011</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_DELETE</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_DELETE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform deleted an item from quarantine.
-</b></p>
+<td >
+<b>The antimalware platform deleted an item from quarantine.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has deleted an item from quarantine.  
-For more information please see the following:</p>
+<td >
+Windows Defender has deleted an item from quarantine.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -660,35 +653,34 @@ For more information please see the following:</p>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1012</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1012</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_QUARANTINE_DELETE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_QUARANTINE_DELETE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform could not delete an item from quarantine.</b></p>
+<td >
+<b>The antimalware platform could not delete an item from quarantine.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to delete an item from quarantine.  
-For more information please see the following:</p>
+<td >
+Windows Defender has encountered an error trying to delete an item from quarantine.
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -709,66 +701,64 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1013</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1013</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform deleted history of malware and other potentially unwanted software.</b></p>
+<td >
+<b>The antimalware platform deleted history of malware and other potentially unwanted software.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has removed history of malware and other potentially unwanted software.</p>
+<td >
+Windows Defender has removed history of malware and other potentially unwanted software.
 <dl>
 <dt>Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1014</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1014</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_MALWARE_HISTORY_DELETE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p>The antimalware platform could not delete history of malware and other potentially unwanted software.</p>
+<td >
+The antimalware platform could not delete history of malware and other potentially unwanted software.
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to remove history of malware and other potentially unwanted software.</p>
+<td >
+Windows Defender has encountered an error trying to remove history of malware and other potentially unwanted software.
 <dl>
 <dt>Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
@@ -777,35 +767,34 @@ Result code associated with threat status. Standard HRESULT values. </dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 1015</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1015</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_BEHAVIOR_DETECTED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_BEHAVIOR_DETECTED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform detected suspicious behavior.</b></p>
+<td >
+<b>The antimalware platform detected suspicious behavior.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has detected a suspicious behavior.  
-For more information please see the following:</p>
+<td >
+Windows Defender has detected a suspicious behavior.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -856,35 +845,34 @@ UAC</dt>
 <dt>Target File Name: &lt;File name&gt;
 Name of the file.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1116</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1116</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_DETECTED</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_DETECTED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform detected malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware platform detected malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has detected malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has detected malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -930,44 +918,43 @@ UAC</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is required. Windows Defender can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender interface, click <b>Clean Computer</b>.</p>
+<td >
+No action is required. Windows Defender can suspend and take routine action on this threat. If you want to remove the threat manually, in the Windows Defender interface, click <b>Clean Computer</b>.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1117</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1117</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
-</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_ACTION_TAKEN
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
-</b></p>
+<td >
+<b>The antimalware platform performed an action to protect your system from malware or other potentially unwanted software.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has taken action to protect this machine from malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has taken action to protect this machine from malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -1027,8 +1014,8 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
-<p>NOTE:
-<p>Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
+NOTE:
+Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
 <li>Default Internet Explorer or Microsoft Edge setting</li>
 <li>User Access Control settings</li>
 <li>Chrome settings</li>
@@ -1044,59 +1031,58 @@ The above context applies to the following client and server versions:
 </tr>
 <tr>
 <td>
-<p>Client Operating System </p>
+Client Operating System 
 </td>
 <td>
-<p>Windows Vista (Service Pack 1, or Service Pack 2), Windows 7 and later</p>
+Windows Vista (Service Pack 1, or Service Pack 2), Windows 7 and later
 </td>
 </tr>
 <tr>
 <td>
-<p>Server Operating System</p>
+Server Operating System
 </td>
 <td>
-<p>Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016</p>
+Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016
 </td>
 </tr>
 </table>
-</p>
 </dl>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. Windows Defender removed or quarantined a threat. </p>
+<td >
+No action is necessary. Windows Defender removed or quarantined a threat. 
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1118</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1118</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_ACTION_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.
-</b></p>
+<td >
+<b>The antimalware platform attempted to perform an action to protect your system from malware or other potentially unwanted software, but the action failed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered a non-critical error when taking action on malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has encountered a non-critical error when taking action on malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -1157,43 +1143,42 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. Windows Defender failed to complete a task related to the malware remediation. This is not a critical failure.</p>
+<td >
+No action is necessary. Windows Defender failed to complete a task related to the malware remediation. This is not a critical failure.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1119</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1119</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_STATE_MALWARE_ACTION_CRITICALLY_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform encountered a critical error when trying to take action on malware or other potentially unwanted software. There are more details in the event message.</b></p>
+<td >
+<b>The antimalware platform encountered a critical error when trying to take action on malware or other potentially unwanted software. There are more details in the event message.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.  
-For more information please see the following:</p>
+<td >
+Windows Defender has encountered a critical error when taking action on malware or other potentially unwanted software.  
+For more information please see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@@ -1254,15 +1239,14 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant <b>User action</b> steps below.</p>
+<td >
+The Windows Defender client encountered this error due to critical issues. The endpoint might not be protected. Review the error description then follow the relevant <b>User action</b> steps below.
 <table>
 <tr>
 <th>Action</th>
@@ -1270,153 +1254,150 @@ Description of the error. </dt>
 </tr>
 <tr>
 <td>
-<p><b>Remove</b></p>
+<b>Remove</b>
 </td>
 <td>
-<p>Update the definitions then verify that the removal was successful.</p>
+Update the definitions then verify that the removal was successful.
 </td>
 </tr>
 <tr>
 <td>
-<p><b>Clean</b></p>
+<b>Clean</b>
 </td>
 <td>
-<p>Update the definitions then verify that the remediation was successful.</p>
+Update the definitions then verify that the remediation was successful.
 </td>
 </tr>
 <tr>
 <td>
-<p><b>Quarantine</b></p>
+<b>Quarantine</b>
 </td>
 <td>
-<p>Update the definitions and verify that the user has permission to access the necessary resources.</p>
+Update the definitions and verify that the user has permission to access the necessary resources.
 </td>
 </tr>
 <tr>
 <td>
-<p><b>Allow</b></p>
+<b>Allow</b>
 </td>
 <td>
-<p>Verify that the user has permission to access the necessary resources.</p>
+Verify that the user has permission to access the necessary resources.
 </td>
 </tr>
 </table>
-<p> </p>
-<p>If this event persists:<ol>
+ 
+If this event persists:<ol>
 <li>Run the scan again.</li>
 <li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1120</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1120</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_THREAT_HASH</b></p>
+<td >
+<b>MALWAREPROTECTION_THREAT_HASH</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Windows Defender has deduced the hashes for a threat resource.</b></p>
+<td >
+<b>Windows Defender has deduced the hashes for a threat resource.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender client is up and running in a healthy state.</p>
+<td >
+Windows Defender client is up and running in a healthy state.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Threat Resource Path: &lt;Path&gt;</dt>
 <dt>Hashes: &lt;Hashes&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td></td>
-<td colspan="2">
+<td >
 <div class="alert"><b>Note</b>  This event will only be logged if the following policy is set: <b>ThreatFileHashLogging 	unsigned</b>.</div>
 <div> </div>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 1150</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 1150</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SERVICE_HEALTHY</b></p>
+<td >
+<b>MALWAREPROTECTION_SERVICE_HEALTHY</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>If your antimalware platform reports status to a monitoring platform, this event indicates that the antimalware platform is running and in a healthy state.
-</b></p>
+<td >
+<b>If your antimalware platform reports status to a monitoring platform, this event indicates that the antimalware platform is running and in a healthy state.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender client is up and running in a healthy state.</p>
+<td >
+Windows Defender client is up and running in a healthy state.
 <dl>
 <dt>Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.</p>
+<td >
+No action is necessary. The Windows Defender Antivirus client is in a healthy state. This event is reported on an hourly basis.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2000</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2000</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_UPDATED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_UPDATED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware definitions updated successfully.
-</b></p>
+<td >
+<b>The antimalware definitions updated successfully.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender signature version has been updated.</p>
+<td >
+Windows Defender signature version has been updated.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Previous Signature Version: &lt;Previous signature version&gt;</dt>
@@ -1432,42 +1413,41 @@ Description of the error. </dt>
 <dt>Current Engine Version: &lt;Current engine version&gt;</dt>
 <dt>Previous Engine Version: &lt;Previous engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender client is in a healthy state. This event is reported when signatures are successfully updated.</p>
+<td >
+No action is necessary. The Windows Defender client is in a healthy state. This event is reported when signatures are successfully updated.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2001</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2001</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_UPDATE_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_UPDATE_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware definition update failed. 
-</b></p>
+<td >
+<b>The antimalware definition update failed. 
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to update signatures.</p>
+<td >
+Windows Defender has encountered an error trying to update signatures.
 <dl>
 <dt>New Signature Version: &lt;New version number&gt;</dt>
 <dt>Previous Signature Version: &lt;Previous signature version&gt;</dt>
@@ -1504,99 +1484,89 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>This error occurs when there is a problem updating definitions.</p>
-<p>To troubleshoot this event:
+<td >
+This error occurs when there is a problem updating definitions.
+To troubleshoot this event:
 <ol>
-<li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
-</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
-</li>
-</ol>
-</li>
+<li>[Update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.</li>
 <li>Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2002</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2002</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_UPDATED</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_UPDATED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine updated successfully.
-</b></p>
+<td >
+<b>The antimalware engine updated successfully.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender engine version has been updated.</p>
+<td >
+Windows Defender engine version has been updated.
 <dl>
 <dt>Current Engine Version: &lt;Current engine version&gt;</dt>
 <dt>Previous Engine Version: &lt;Previous engine version&gt;</dt>
 <dt>Engine Type: &lt;Engine type&gt;, either antimalware engine or Network Inspection System engine.</dt>
 <dt>User: &lt;Domain&gt;\\&lt;User&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the antimalware engine is successfully updated.</p>
+<td >
+No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the antimalware engine is successfully updated.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2003</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2003</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_UPDATE_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_UPDATE_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine update failed.
-</b></p>
+<td >
+<b>The antimalware engine update failed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to update the engine.</p>
+<td >
+Windows Defender has encountered an error trying to update the engine.
 <dl>
 <dt>New Engine Version:</dt>
 <dt>Previous Engine Version: &lt;Previous engine version&gt;</dt>
@@ -1607,55 +1577,46 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client update failed. This event occurs when the client fails to update itself. This event is usually due to an interruption in network connectivity during an update.
+To troubleshoot this event:
 <ol>
-<li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
-</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
-</li>
-</ol>
-</li>
+<li>[Update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2004</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2004</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_REVERSION</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_REVERSION</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>There was a problem loading antimalware definitions. The antimalware engine will attempt to load the last-known good set of definitions.</b></p>
+<td >
+<b>There was a problem loading antimalware definitions. The antimalware engine will attempt to load the last-known good set of definitions.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.</p>
+<td >
+Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.
 <dl>
 <dt>Signatures Attempted:</dt>
 <dt>Error Code: &lt;Error code&gt;
@@ -1665,83 +1626,80 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender will attempt to revert back to a known-good set of definitions.</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client attempted to download and install the latest definitions file and failed. This error can occur when the client encounters an error while trying to load the definitions, or if the file is corrupt. Windows Defender will attempt to revert back to a known-good set of definitions.
+To troubleshoot this event:
 <ol>
 <li>Restart the computer and try again.</li>
 <li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.
 </li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2005</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2005</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_UPDATE_PLATFORMOUTOFDATE</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_UPDATE_PLATFORMOUTOFDATE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine failed to load because the antimalware platform is out of date. The antimalware platform will load the last-known good antimalware engine and attempt to update.</b></p>
+<td >
+<b>The antimalware engine failed to load because the antimalware platform is out of date. The antimalware platform will load the last-known good antimalware engine and attempt to update.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender could not load antimalware engine because current platform version is not supported. Windows Defender will revert back to the last known-good engine and a platform update will be attempted.</p>
+<td >
+Windows Defender could not load antimalware engine because current platform version is not supported. Windows Defender will revert back to the last known-good engine and a platform update will be attempted.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2006</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2006</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_PLATFORM_UPDATE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_PLATFORM_UPDATE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The platform update failed.
-</b></p>
+<td >
+<b>The platform update failed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to update the platform.</p>
+<td >
+Windows Defender has encountered an error trying to update the platform.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 <dt>Error Code: &lt;Error code&gt;
@@ -1749,65 +1707,63 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_PLATFORM_ALMOSTOUTOFDATE</b></p>
+<td >
+<b>MALWAREPROTECTION_PLATFORM_ALMOSTOUTOFDATE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The platform will soon be out of date. Download the latest platform to maintain up-to-date protection.</b></p>
+<td >
+<b>The platform will soon be out of date. Download the latest platform to maintain up-to-date protection.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender platform to maintain the best level of protection available.</p>
+<td >
+Windows Defender will soon require a newer platform version to support future versions of the antimalware engine. Download the latest Windows Defender platform to maintain the best level of protection available.
 <dl>
 <dt>Current Platform Version: &lt;Current platform version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2010</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2010</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine used the Dynamic Signature Service to get additional definitions.
-</b></p>
+<td >
+<b>The antimalware engine used the Dynamic Signature Service to get additional definitions.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender used <i>Dynamic Signature Service</i> to retrieve additional signatures to help protect your machine.</p>
+<td >
+Windows Defender used <i>Dynamic Signature Service</i> to retrieve additional signatures to help protect your machine.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Signature Type: &lt;Signature type&gt;, for example: <ul>
@@ -1838,35 +1794,34 @@ Description of the error. </dt>
 </dt>
 <dt>Persistence Limit: Persistence limit of the fastpath signature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2011</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2011</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The Dynamic Signature Service deleted the out-of-date dynamic definitions.
-</b></p>
+<td >
+<b>The Dynamic Signature Service deleted the out-of-date dynamic definitions.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender used <i>Dynamic Signature Service</i> to discard obsolete signatures.</p>
+<td >
+Windows Defender used <i>Dynamic Signature Service</i> to discard obsolete signatures.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Signature Type: &lt;Signature type&gt;, for example: <ul>
@@ -1898,43 +1853,42 @@ Description of the error. </dt>
 </dt>
 <dt>Persistence Limit: Persistence limit of the fastpath signature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.</p>
+<td >
+No action is necessary. The Windows Defender client is in a healthy state. This event is reported when the Dynamic Signature Service successfully deletes out-of-date dynamic definitions.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2012</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2012</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATE_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_UPDATE_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine encountered an error when trying to use the Dynamic Signature Service.
-</b></p>
+<td >
+<b>The antimalware engine encountered an error when trying to use the Dynamic Signature Service.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to use <i>Dynamic Signature Service</i>.</p>
+<td >
+Windows Defender has encountered an error trying to use <i>Dynamic Signature Service</i>.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Signature Type: &lt;Signature type&gt;, for example: <ul>
@@ -1969,109 +1923,106 @@ Description of the error. </dt>
 </dt>
 <dt>Persistence Limit: Persistence limit of the fastpath signature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>Check your Internet connectivity settings.</p>
+<td >
+Check your Internet connectivity settings.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2013</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2013</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED_ALL
-</b></p>
+<td >
+<b>MALWAREPROTECTION_SIGNATURE_FASTPATH_DELETED_ALL
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The Dynamic Signature Service deleted all dynamic definitions.
-</b></p>
+<td >
+<b>The Dynamic Signature Service deleted all dynamic definitions.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender discarded all <i>Dynamic Signature Service</i> signatures.</p>
+<td >
+Windows Defender discarded all <i>Dynamic Signature Service</i> signatures.
 <dl>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2020</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2020</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOADED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOADED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine downloaded a clean file.
-</b></p>
+<td >
+<b>The antimalware engine downloaded a clean file.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender downloaded a clean file.</p>
+<td >
+Windows Defender downloaded a clean file.
 <dl>
 <dt>Filename: &lt;File name&gt;
 Name of the file.</dt>
 <dt>Current Signature Version: &lt;Current signature version&gt;</dt>
 <dt>Current Engine Version: &lt;Current engine version&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 2021</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2021</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOAD_FAILED</b></p>
+<td >
+<b>MALWAREPROTECTION_CLOUD_CLEAN_RESTORE_FILE_DOWNLOAD_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine failed to download a clean file.
-</b></p>
+<td >
+<b>The antimalware engine failed to download a clean file.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to download a clean file.</p>
+<td >
+Windows Defender has encountered an error trying to download a clean file.
 <dl>
 <dt>Filename: &lt;File name&gt;
 Name of the file.</dt>
@@ -2082,185 +2033,185 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>Check your Internet connectivity settings.
-</p>
-<p>The Windows Defender client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. 
-</p>
+<td >
+Check your Internet connectivity settings.
+The Windows Defender client encountered an error when using the Dynamic Signature Service to download the latest definitions to a specific threat. This error is likely caused by a network connectivity issue. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2030</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2030</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALLED</b></p>
+<td >
+<b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine was downloaded and is configured to run offline on the next system restart.</b></p>
+<td >
+<b>The antimalware engine was downloaded and is configured to run offline on the next system restart.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender downloaded and configured Windows Defender Offline to run on the next reboot.</p>
+<td >
+Windows Defender downloaded and configured Windows Defender Offline to run on the next reboot.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2031</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2031</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALL_FAILED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_OFFLINE_SCAN_INSTALL_FAILED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine was unable to download and configure an offline scan.</b></p>
+<td >
+<b>The antimalware engine was unable to download and configure an offline scan.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender has encountered an error trying to download and configure Windows Defender Offline.</p>
+<td >
+Windows Defender has encountered an error trying to download and configure Windows Defender Offline.
 <dl>
 <dt>Error Code: &lt;Error code&gt;
 Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2040</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2040</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OS_EXPIRING
-</b></p>
+<td >
+<b>MALWAREPROTECTION_OS_EXPIRING
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Antimalware support for this operating system version will soon end.
-</b></p>
+<td >
+<b>Antimalware support for this operating system version will soon end.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>The support for your operating system will expire shortly. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.</p>
+<td >
+The support for your operating system will expire shortly. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2041</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2041</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_OS_EOL
-</b></p>
+<td >
+<b>MALWAREPROTECTION_OS_EOL
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Antimalware support for this operating system has ended. You must upgrade the operating system for continued support.
-</b></p>
+<td >
+<b>Antimalware support for this operating system has ended. You must upgrade the operating system for continued support.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>The support for your operating system has expired. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.</p>
+<td >
+The support for your operating system has expired. Running Windows Defender on an out of support operating system is not an adequate solution to protect against threats.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 2042</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 2042</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_PROTECTION_EOL
-</b></p>
+<td >
+<b>MALWAREPROTECTION_PROTECTION_EOL
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine no longer supports this operating system, and is no longer protecting your system from malware.
-</b></p>
+<td >
+<b>The antimalware engine no longer supports this operating system, and is no longer protecting your system from malware.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.</p>
+<td >
+The support for your operating system has expired. Windows Defender is no longer supported on your operating system, has stopped functioning, and is not protecting against malware threats.
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 3002</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 3002</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_FEATURE_FAILURE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_FEATURE_FAILURE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection encountered an error and failed.</b></p>
+<td >
+<b>Real-time protection encountered an error and failed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Real-Time Protection feature has encountered an error and failed.</p>
+<td >
+Windows Defender Real-Time Protection feature has encountered an error and failed.
 <dl>
 <dt>Feature: &lt;Feature&gt;, for example:
 <ul>
@@ -2276,47 +2227,43 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 Description of the error. </dt>
 <dt>Reason: The reason Windows Defender real-time protection has restarted a feature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>You should restart the system then run a full scan because it's possible the system was not protected for some time.
-</p>
-<p>The Windows Defender client's real-time protection feature encountered an error because one of the services failed to start. 
-</p>
-<p>If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure. 
-</p>
+<td >
+You should restart the system then run a full scan because it's possible the system was not protected for some time.
+The Windows Defender client's real-time protection feature encountered an error because one of the services failed to start. 
+If it is followed by a 3007 event ID, the failure was temporary and the antimalware client recovered from the failure. 
 </td>
 </tr>
 <tr>
-<th rowspan="4">Event ID: 3007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 3007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_FEATURE_RECOVERED</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_FEATURE_RECOVERED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection recovered from a failure. We recommend running a full system scan when you see this error.
-</b></p>
+<td >
+<b>Real-time protection recovered from a failure. We recommend running a full system scan when you see this error.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.</p>
+<td >
+Windows Defender Real-time Protection has restarted a feature. It is recommended that you run a full system scan to detect any items that may have been missed while this agent was down.
 <dl>
 <dt>Feature: &lt;Feature&gt;, for example:
 <ul>
@@ -2328,96 +2275,97 @@ Description of the error. </dt>
 </dt>
 <dt>Reason: The reason Windows Defender real-time protection has restarted a feature.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The real-time protection feature has restarted. If this event happens again, contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. </p>
+<td >
+The real-time protection feature has restarted. If this event happens again, contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5000</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5000</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_ENABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_ENABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection is enabled.
-</b></p>
+<td >
+<b>Real-time protection is enabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was enabled.</p>
+<td >
+Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was enabled.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5001</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5001</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_DISABLED</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_DISABLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Real-time protection is disabled.
-</b></p>
+<td >
+<b>Real-time protection is disabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled. </p>
+<td >
+Windows Defender Real-time Protection scanning for malware and other potentially unwanted software was disabled. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5004</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5004</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_RTP_FEATURE_CONFIGURED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_RTP_FEATURE_CONFIGURED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The real-time protection configuration changed.
-</b></p>
+<td >
+<b>The real-time protection configuration changed.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Real-time Protection feature configuration has changed.</p>
+<td >
+Windows Defender Real-time Protection feature configuration has changed.
 <dl>
 <dt>Feature: &lt;Feature&gt;, for example:
 <ul>
@@ -2429,67 +2377,65 @@ Description of the error. </dt>
 </dt>
 <dt>Configuration: </dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5007</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5007</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_CONFIG_CHANGED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_CONFIG_CHANGED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform configuration changed.</b></p>
+<td >
+<b>The antimalware platform configuration changed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.</p>
+<td >
+Windows Defender Configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
 <dl>
 <dt>Old value: &lt;Old value number&gt;
 Old Windows Defender configuration value.</dt>
 <dt>New value: &lt;New value number&gt;
 New Windows Defender configuration value.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="5">Event ID: 5008</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5008</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ENGINE_FAILURE</b></p>
+<td >
+<b>MALWAREPROTECTION_ENGINE_FAILURE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware engine encountered an error and failed.</b></p>
+<td >
+<b>The antimalware engine encountered an error and failed.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender  engine has been terminated due to an unexpected error.</p>
+<td >
+Windows Defender  engine has been terminated due to an unexpected error.
 <dl>
 <dt>Failure Type: &lt;Failure type&gt;, for example:
 Crash
@@ -2497,15 +2443,14 @@ or Hang</dt>
 <dt>Exception Code: &lt;Error code&gt;</dt>
 <dt>Resource: &lt;Resource&gt;</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>To troubleshoot this event:<ol>
+<td >
+To troubleshoot this event:<ol>
 <li>Try to restart the service.<ul>
 <li>For antimalware, antivirus and spyware, at an elevated command prompt, type <b>net stop msmpsvc</b>, and then type <b>net start msmpsvc</b> to restart the antimalware engine.</li>
 <li>For the <i>Network Inspection System</i>, at an elevated command prompt, type <b>net start nissrv</b>, and then type <b>net start nissrv</b> to restart the <i>Network Inspection System</i> engine by using the NiSSRV.exe file.
@@ -2514,189 +2459,190 @@ or Hang</dt>
 </li>
 <li>If it fails in the same way, look up the error code by accessing the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support Site</a>  and entering the error number in the <b>Search</b> box, and contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.</li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
 <td>
-<p>User action:</p>
+User action:
 </td>
-<td colspan="2">
-<p>The Windows Defender client engine stopped due to an unexpected error.</p>
-<p>To troubleshoot this event:
+<td >
+The Windows Defender client engine stopped due to an unexpected error.
+To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
 <li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
 <li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5009</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5009</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTISPYWARE_ENABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTISPYWARE_ENABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for malware and other potentially unwanted software is enabled.
-</b></p>
+<td >
+<b>Scanning for malware and other potentially unwanted software is enabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for malware and other potentially unwanted software has been enabled.</p>
+<td >
+Windows Defender scanning for malware and other potentially unwanted software has been enabled.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5010</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5010</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTISPYWARE_DISABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTISPYWARE_DISABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for malware and other potentially unwanted software is disabled.</b></p>
+<td >
+<b>Scanning for malware and other potentially unwanted software is disabled.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for malware and other potentially unwanted software is disabled.</p>
+<td >
+Windows Defender scanning for malware and other potentially unwanted software is disabled.
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5011</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5011</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTIVIRUS_ENABLED</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTIVIRUS_ENABLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for viruses is enabled.</b></p>
+<td >
+<b>Scanning for viruses is enabled.</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for viruses has been enabled. </p>
+<td >
+Windows Defender scanning for viruses has been enabled. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5012</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5012</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_ANTIVIRUS_DISABLED
-</b></p>
+<td >
+<b>MALWAREPROTECTION_ANTIVIRUS_DISABLED
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>Scanning for viruses is disabled.
-</b></p>
+<td >
+<b>Scanning for viruses is disabled.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>Windows Defender scanning for viruses is disabled. </p>
+<td >
+Windows Defender scanning for viruses is disabled. 
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5100</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5100</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_EXPIRATION_WARNING_STATE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_EXPIRATION_WARNING_STATE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform will expire soon.
-</b></p>
+<td >
+<b>The antimalware platform will expire soon.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description:</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender  has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.</p>
+<td >
+Windows Defender  has entered a grace period and will soon expire. After expiration, this program will disable protection against viruses, spyware, and other potentially unwanted software.
 <dl>
 <dt>Expiration Reason: The reason Windows Defender will expire.</dt>
 <dt>Expiration Date: The date Windows Defender will expire.</dt>
 </dl>
-</p>
 </td>
 </tr>
 <tr>
-<th rowspan="3">Event ID: 5101</th>
-<td>
-<p>Symbolic name:</p>
+<th colspan="2">Event ID: 5101</th>
+</tr>
+<tr><td>
+Symbolic name:
 </td>
-<td colspan="2">
-<p><b>MALWAREPROTECTION_DISABLED_EXPIRED_STATE
-</b></p>
+<td >
+<b>MALWAREPROTECTION_DISABLED_EXPIRED_STATE
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Message:</p>
+Message:
 </td>
-<td colspan="2">
-<p><b>The antimalware platform is expired.
-</b></p>
+<td >
+<b>The antimalware platform is expired.
+</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>Description::</p>
+Description:
 </td>
-<td colspan="2">
-<p>
-<p>Windows Defender  grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.</p>
+<td >
+Windows Defender  grace period has expired. Protection against viruses, spyware, and other potentially unwanted software is disabled.
 <dl>
 <dt>Expiration Reason:</dt>
 <dt>Expiration Date: </dt>
@@ -2705,7 +2651,6 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 <dt>Error Description: &lt;Error description&gt;
 Description of the error. </dt>
 </dl>
-</p>
 </td>
 </tr>
 </table>
@@ -2719,58 +2664,52 @@ This section provides the following information about Windows Defender Antivirus
 -   Advice on what to do now
 
 Use the information in these tables to help troubleshoot Windows Defender Antivirus error codes.
-<table>
+
+
+ <table class="oridealign"> 
 <tr>
-<th colspan="4">External error codes</th>
+<th colspan="2">Error code: 0x80508007</th>
 </tr>
 <tr>
-<th>Error code</th>
-<th>Message displayed</th>
-<th>Possible reason for error</th>
-<th>What to do now</th>
+<td>Message</td>
+<td>
+<b>ERR_MP_NO_MEMORY </b>
+</td>
 </tr>
 <tr>
 <td>
-<p>0x80508007 
-</p>
+Possible reason
 </td>
 <td>
-<p><b>ERR_MP_NO_MEMORY 
-</b></p>
+This error indicates that you might have run out of memory. 
 </td>
+</tr>
+<tr>
+<td>Resolution</td>
 <td>
-<p>This error indicates that you might have run out of memory. 
-</p>
-</td>
-<td>
-<p>
 <ol>
 <li>Check the available memory on your device.</li>
 <li>Close any unused applications that are running to free up memory on your device.</li>
 <li>Restart the device and run the scan again. 
 </li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x8050800C</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_BAD_INPUT_DATA</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x8050800C</p>
+This error indicates that there might be a problem with your security product.
 </td>
-<td>
-<p><b>ERR_MP_BAD_INPUT_DATA</b></p>
-</td>
-<td>
-<p>This error indicates that there might be a problem with your security product.</p>
-</td>
-<td rowspan="4">
-<p>
+</tr><tr><td>Resolution</td><td>
 <ol>
 <li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
+<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/>Or,
 </li>
 <li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.
 </li>
 </ol>
 </li>
@@ -2778,195 +2717,149 @@ Use the information in these tables to help troubleshoot Windows Defender Antivi
 </li>
 <li>Restart the device and try again.</li>
 </ol>
-</p>
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508020</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_BAD_CONFIGURATION 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508020</p>
-</td>
-<td>
-<p><b>ERR_MP_BAD_CONFIGURATION 
-</b></p>
-</td>
-<td>
-<p>This error indicates that there might be an engine configuration error; commonly, this is related to input 
+This error indicates that there might be an engine configuration error; commonly, this is related to input 
 data that does not allow the engine to function properly. 
-</p>
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x805080211 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_QUARANTINE_FAILED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x805080211 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_QUARANTINE_FAILED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that Windows Defender failed to quarantine a threat. 
-</p>
+This error indicates that Windows Defender failed to quarantine a threat. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508022 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_REBOOT_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508022 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_REBOOT_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that a reboot is required to complete threat removal. 
-</p>
+This error indicates that a reboot is required to complete threat removal. 
 </td>
 </tr>
 <tr>
-<td rowspan="2">
-<p>0x80508023 
-</p>
+<th colspan="2">
+0x80508023 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_THREAT_NOT_FOUND 
+</b>
+</td></tr><tr><td>Possible reason</td>
+<td>
+This error indicates that the threat might no longer be present on the media, or malware might be stopping you from scanning your device. 
+</tr><tr><td>Resolution
 </td>
 <td>
-<p><b>ERR_MP_THREAT_NOT_FOUND 
-</b></p>
-</td>
-<td>
-<p>This error indicates that the threat might no longer be present on the media, or malware might be stopping you from scanning your device. 
-</p>
-</td>
-<td>
-<p>Run the <a href="https://www.microsoft.com/security/scanner/default.aspx">Microsoft Safety Scanner</a> then update your security software and try again. 
-</p>
+Run the <a href="https://www.microsoft.com/security/scanner/default.aspx">Microsoft Safety Scanner</a> then update your security software and try again. 
 </td>
 </tr>
 <tr>
-<td rowspan="2">
-<p><b>ERR_MP_FULL_SCAN_REQUIRED 
-</b></p>
-</td>
-<td rowspan="2">
-<p>This error indicates that a full system scan might be required. 
-</p>
-</td>
-<td rowspan="2">
-<p>Run a full system scan. 
-</p>
+<th colspan="2">Error code: 0x80508024 </th></tr>
+<tr>
+<td>Message</td>
+<td><b>ERR_MP_FULL_SCAN_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
+<td>
+This error indicates that a full system scan might be required. 
+</td></tr>
+<tr>
+<td>Resolution</td><td>
+Run a full system scan. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508025 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_MANUAL_STEPS_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508024 
-</p>
+This error indicates that manual steps are required to complete threat removal. 
+</td></tr><tr><td>Resolution</td><td>
+Follow the manual remediation steps outlined in the <a href="https://www.microsoft.com/security/portal/threat/Threats.aspx">Microsoft Malware Protection Encyclopedia</a>. You can find a threat-specific link in the event history.  
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508026 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_REMOVE_NOT_SUPPORTED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508025 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_MANUAL_STEPS_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that manual steps are required to complete threat removal. 
-</p>
-</td>
-<td>
-<p>Follow the manual remediation steps outlined in the <a href="https://www.microsoft.com/security/portal/threat/Threats.aspx">Microsoft Malware Protection Encyclopedia</a>. You can find a threat-specific link in the event history.  
-</p>
+This error indicates that removal inside the container type might not be not supported. 
+</td></tr><tr><td>Resolution</td><td>
+Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508027 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERR_MP_REMOVE_LOW_MEDIUM_DISABLED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508026 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_REMOVE_NOT_SUPPORTED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that removal inside the container type might not be not supported. 
-</p>
-</td>
-<td>
-<p>Windows Defender is not able to remediate threats detected inside the archive. Consider manually removing the detected resources. 
-</p>
+This error indicates that removal of low and medium threats might be disabled. 
+</td></tr><tr><td>Resolution</td><td>
+Check the detected threats and resolve them as required. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508029 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERROR_MP_RESCAN_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508027 
-</p>
-</td>
-<td>
-<p><b>ERR_MP_REMOVE_LOW_MEDIUM_DISABLED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that removal of low and medium threats might be disabled. 
-</p>
-</td>
-<td>
-<p>Check the detected threats and resolve them as required. 
-</p>
+This error indicates a rescan of the threat is required. 
+</td></tr><tr><td>Resolution</td><td>
+Run a full system scan. 
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508030 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERROR_MP_CALLISTO_REQUIRED 
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508029 
-</p>
-</td>
-<td>
-<p><b>ERROR_MP_RESCAN_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates a rescan of the threat is required. 
-</p>
-</td>
-<td>
-<p>Run a full system scan. 
-</p>
+This error indicates that an offline scan is required. 
+</td></tr><tr><td>Resolution</td><td>
+Run Windows Defender Offline. You can read about how to do this in the <a href="http://windows.microsoft.com/windows/what-is-windows-defender-offline">Windows Defender Offline 
+article</a>.
 </td>
 </tr>
 <tr>
+<th colspan="2">Error code: 0x80508031 
+</th>
+</tr><tr><td>Message</td>
+<td><b>ERROR_MP_PLATFORM_OUTDATED  
+</b>
+</td></tr><tr><td>Possible reason</td>
 <td>
-<p>0x80508030 
-</p>
-</td>
-<td>
-<p><b>ERROR_MP_CALLISTO_REQUIRED 
-</b></p>
-</td>
-<td>
-<p>This error indicates that an offline scan is required. 
-</p>
-</td>
-<td>
-<p>Run Windows Defender Offline. You can read about how to do this in the <a href="http://windows.microsoft.com/windows/what-is-windows-defender-offline">Windows Defender Offline 
-article</a>.</p>
-</td>
-</tr>
-<tr>
-<td>
-<p>0x80508031 
-</p>
-</td>
-<td>
-<p><b>ERROR_MP_PLATFORM_OUTDATED  
-</b></p>
-</td>
-<td>
-<p>This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform. 
-</p>
-</td>
-<td>
-<p>You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use <a href="https://www.microsoft.com/server-cloud/system-center/endpoint-protection-2012.aspx">System Center Endpoint Protection</a>.  
-</p>
+This error indicates that Windows Defender does not support the current version of the platform and requires a new version of the platform. 
+</td></tr><tr><td>Resolution</td><td>
+You can only use Windows Defender in Windows 10. For Windows 8, Windows 7 and Windows Vista, you can use <a href="https://www.microsoft.com/server-cloud/system-center/endpoint-protection-2012.aspx">System Center Endpoint Protection</a>.  
 </td>
 </tr>
 </table>
@@ -2974,349 +2867,330 @@ article</a>.</p>
 <a id="internal-error-codes"></a>
 The following error codes are used during internal testing of Windows Defender AV.
 
-<table>
+If you see these errors, you can try to [update definitions](manage-updates-baselines-windows-defender-antivirus.md) and force a rescan directly on the endpoint.
+
+
+<table class="oridealign"> 
 <tr>
-<th colspan="4">Internal error codes</th>
+<th colspan="3">Internal error codes</th>
 </tr>
 <tr>
-<th>Error code</th>
+<th><b>Error code</b></th>
 <th>Message displayed</th>
-<th>Possible reason for error</th>
-<th>What to do now</th>
+<th>Possible reason for error and resolution</th>
 </tr>
 <tr>
 <td>
-<p>0x80501004</p>
+0x80501004
 </td>
 <td>
-<p><b>ERROR_MP_NO_INTERNET_CONN 
-</b></p>
+<b>ERROR_MP_NO_INTERNET_CONN 
+</b>
 </td>
 <td>
-<p>Check your Internet connection, then run the scan again.</p>
-</td>
-<td>
-<p>Check your Internet connection, then run the scan again.</p>
+Check your Internet connection, then run the scan again.
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501000</p>
+0x80501000
 </td>
 <td>
-<p><b>ERROR_MP_UI_CONSOLIDATION_BAS</b>E</p>
+<b>ERROR_MP_UI_CONSOLIDATION_BAS</b>E
 </td>
 <td rowspan="34">
-<p>This is an internal error. The cause is not clearly defined.</p>
+This is an internal error. The cause is not clearly defined.
 </td>
 <td rowspan="36">
-<p>
-<ol>
-<li>Update the definitions. Either:<ol>
-<li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
-</li>
-<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
-</li>
-</ol>
-</li>
-<li>Run a full scan.
-</li>
-<li>Restart the device and try again.</li>
-</ol>
-</p>
+
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501001</p>
+0x80501001
 </td>
 <td>
-<p><b>ERROR_MP_ACTIONS_FAILED</b></p>
+<b>ERROR_MP_ACTIONS_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501002</p>
+0x80501002
 </td>
 <td>
-<p><b>ERROR_MP_NOENGINE</b></p>
+<b>ERROR_MP_NOENGINE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501003</p>
+0x80501003
 </td>
 <td>
-<p><b>ERROR_MP_ACTIVE_THREATS</b></p>
+<b>ERROR_MP_ACTIVE_THREATS</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x805011011</p>
+0x805011011
 </td>
 <td>
-<p><b>MP_ERROR_CODE_LUA_CANCELLED </b></p>
+<b>MP_ERROR_CODE_LUA_CANCELLED </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501101</p>
+0x80501101
 </td>
 <td>
-<p><b>ERROR_LUA_CANCELLATION </b></p>
+<b>ERROR_LUA_CANCELLATION </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501102</p>
+0x80501102
 </td>
 <td>
-<p><b>MP_ERROR_CODE_ALREADY_SHUTDOWN</b></p>
+<b>MP_ERROR_CODE_ALREADY_SHUTDOWN</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501103</p>
+0x80501103
 </td>
 <td>
-<p><b>MP_ERROR_CODE_RDEVICE_S_ASYNC_CALL_PENDING </b></p>
+<b>MP_ERROR_CODE_RDEVICE_S_ASYNC_CALL_PENDING </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501104</p>
+0x80501104
 </td>
 <td>
-<p><b>MP_ERROR_CODE_CANCELLED</b></p>
+<b>MP_ERROR_CODE_CANCELLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501105</p>
+0x80501105
 </td>
 <td>
-<p><b>MP_ERROR_CODE_NO_TARGETOS</b></p>
+<b>MP_ERROR_CODE_NO_TARGETOS</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501106</p>
+0x80501106
 </td>
 <td>
-<p><b>MP_ERROR_CODE_BAD_REGEXP</b></p>
+<b>MP_ERROR_CODE_BAD_REGEXP</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501107</p>
+0x80501107
 </td>
 <td>
-<p><b>MP_ERROR_TEST_INDUCED_ERROR</b></p>
+<b>MP_ERROR_TEST_INDUCED_ERROR</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80501108</p>
+0x80501108
 </td>
 <td>
-<p><b>MP_ERROR_SIG_BACKUP_DISABLED</b></p>
+<b>MP_ERROR_SIG_BACKUP_DISABLED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508001</p>
+0x80508001
 </td>
 <td>
-<p><b>ERR_MP_BAD_INIT_MODULES</b></p>
+<b>ERR_MP_BAD_INIT_MODULES</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508002</p>
+0x80508002
 </td>
 <td>
-<p><b>ERR_MP_BAD_DATABASE</b></p>
+<b>ERR_MP_BAD_DATABASE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508004</p>
+0x80508004
 </td>
 <td>
-<p><b>ERR_MP_BAD_UFS </b></p>
+<b>ERR_MP_BAD_UFS </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800C</p>
+0x8050800C
 </td>
 <td>
-<p><b>ERR_MP_BAD_INPUT_DATA</b></p>
+<b>ERR_MP_BAD_INPUT_DATA</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800D</p>
+0x8050800D
 </td>
 <td>
-<p><b>ERR_MP_BAD_GLOBAL_STORAGE</b></p>
+<b>ERR_MP_BAD_GLOBAL_STORAGE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800E</p>
+0x8050800E
 </td>
 <td>
-<p><b>ERR_MP_OBSOLETE</b></p>
+<b>ERR_MP_OBSOLETE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800F</p>
+0x8050800F
 </td>
 <td>
-<p><b>ERR_MP_NOT_SUPPORTED</b></p>
+<b>ERR_MP_NOT_SUPPORTED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050800F
+0x8050800F
 0x80508010
-</p>
 </td>
 <td>
-<p><b>ERR_MP_NO_MORE_ITEMS </b></p>
+<b>ERR_MP_NO_MORE_ITEMS </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508011</p>
+0x80508011
 </td>
 <td>
-<p><b>ERR_MP_DUPLICATE_SCANID</b></p>
+<b>ERR_MP_DUPLICATE_SCANID</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508012</p>
+0x80508012
 </td>
 <td>
-<p><b>ERR_MP_BAD_SCANID</b></p>
+<b>ERR_MP_BAD_SCANID</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508013</p>
+0x80508013
 </td>
 <td>
-<p><b>ERR_MP_BAD_USERDB_VERSION</b></p>
+<b>ERR_MP_BAD_USERDB_VERSION</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508014</p>
+0x80508014
 </td>
 <td>
-<p><b>ERR_MP_RESTORE_FAILED</b></p>
+<b>ERR_MP_RESTORE_FAILED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508016</p>
+0x80508016
 </td>
 <td>
-<p><b>ERR_MP_BAD_ACTION</b></p>
+<b>ERR_MP_BAD_ACTION</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508019</p>
+0x80508019
 </td>
 <td>
-<p><b>ERR_MP_NOT_FOUND</b></p>
+<b>ERR_MP_NOT_FOUND</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80509001</p>
+0x80509001
 </td>
 <td>
-<p><b>ERR_RELO_BAD_EHANDLE</b></p>
+<b>ERR_RELO_BAD_EHANDLE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80509003</p>
+0x80509003
 </td>
 <td>
-<p><b>ERR_RELO_KERNEL_NOT_LOADED</b></p>
+<b>ERR_RELO_KERNEL_NOT_LOADED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A001</p>
+0x8050A001
 </td>
 <td>
-<p><b>ERR_MP_BADDB_OPEN</b></p>
+<b>ERR_MP_BADDB_OPEN</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A002</p>
+0x8050A002
 </td>
 <td>
-<p><b>ERR_MP_BADDB_HEADER</b></p>
+<b>ERR_MP_BADDB_HEADER</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A003</p>
+0x8050A003
 </td>
 <td>
-<p><b>ERR_MP_BADDB_OLDENGINE</b></p>
+<b>ERR_MP_BADDB_OLDENGINE</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A004</p>
+0x8050A004
 </td>
 <td>
-<p><b>ERR_MP_BADDB_CONTENT </b></p>
+<b>ERR_MP_BADDB_CONTENT </b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050A005</p>
+0x8050A005
 </td>
 <td>
-<p><b>ERR_MP_BADDB_NOTSIGNED</b></p>
+<b>ERR_MP_BADDB_NOTSIGNED</b>
 </td>
 </tr>
 <tr>
 <td>
-<p>0x8050801</p>
+0x8050801
 </td>
 <td>
-<p><b>ERR_MP_REMOVE_FAILED</b></p>
+<b>ERR_MP_REMOVE_FAILED</b>
 </td>
 <td>
-<p>This is an internal error. It might be triggered when malware removal is not successful. 
-</p>
+This is an internal error. It might be triggered when malware removal is not successful. 
 </td>
 </tr>
 <tr>
 <td>
-<p>0x80508018 
-</p>
+0x80508018 
 </td>
 <td>
-<p><b>ERR_MP_SCAN_ABORTED 
-</b></p>
+<b>ERR_MP_SCAN_ABORTED 
+</b>
 </td>
 <td>
-<p>This is an internal error. It might have triggered when a scan fails to complete. 
-</p>
+This is an internal error. It might have triggered when a scan fails to complete. 
 </td>
 </tr>
 </table>
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
index 6bef064955..7eba149ae9 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@@ -10,6 +10,8 @@ ms.sitesec: library
 ms.pagetype: security
 localizationpriority: medium
 author: iaanw
+ms.author: iawilt
+ms.date: 06/13/2017
 ---
 
 
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
index d331e9d39e..942587b25b 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Antivirus
-description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10.
+description: Learn how to manage, configure, and use Windows Defender AV, the built-in antimalware and antivirus product available in Windows 10 and Windows Server 2016
 keywords: windows defender antivirus, windows defender, antimalware, scep, system center endpoint protection, system center configuration manager, virus, malware, threat, detection, protection, security
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -12,16 +12,17 @@ localizationpriority: medium
 author: iaanw
 ---
 
-# Windows Defender Antivirus in Windows 10
+# Windows Defender Antivirus in Windows 10 and Windows Server 2016
 
 **Applies to**
 -   Windows 10
+-   Windows Server 2016
 
 Windows Defender Antivirus is a built-in antimalware solution that provides security and antimalware management for desktops, portable computers, and servers.
 
 This library of documentation is aimed for enterprise security administrators who are either considering deployment, or have already deployed and are wanting to manage and configure Windows Defender AV on PC endpoints in their network.
 
-For more important information about running Windows Defender AV on a server platform, see [Windows Defender Overview for Windows Server](https://technet.microsoft.com/library/dn765478.aspx).
+For more important information about running Windows Defender on a server platform, see [Windows Defender Antivirus on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md).
 
 Windows Defender AV can be managed with:
 - System Center Configuration Manager (as System Center Endpoint Protection, or SCEP) 
@@ -57,14 +58,14 @@ See the [In this library](#in-this-library) list at the end of this topic for li
 <a id="sysreq"></a>
 ## Minimum system requirements
 
-Windows Defender has the same hardware requirements as Windows 10. For more information, see:
+Windows Defender AV has the same hardware requirements as Windows 10. For more information, see:
 -   [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086.aspx)
 -   [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049.aspx)
 
 
 Some features require a certain version of Windows 10 - the minimum version required is specified at the top of each topic.
 
-Functionality, configuration, and management is largely the same when using Windows Defender Antivirus on Windows Server 2016, however [there are some differences](windows-defender-antivirus-on-windows-server-2016.md).
+Functionality, configuration, and management is largely the same when using Windows Defender AV on Windows Server 2016, however [there are some differences](windows-defender-antivirus-on-windows-server-2016.md).
 
 
 
@@ -73,10 +74,13 @@ Functionality, configuration, and management is largely the same when using Wind
 
 Topic | Description
 :---|:---
-[Evaluate Windows Defender Antivirus protection](evaluate-windows-defender-antivirus.md) | Evaluate the protection capabilities of Windows Defender Antivirus with a specialized evaluation guide and PowerShell script
-[Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md) | While traditional client deployment is not required for Windows Defender AV, you will need to enable the service. You can also manage how protection and product updates are applies, and receive reports from Configuration Manager, Intune, and with some security information and event monitoring (SIEM) tools
-[Configure Windows Defender features](configure-windows-defender-antivirus-features.md) | Windows Defender AV has a large set of configurable features and options. You can configure options such as cloud-delivered protection, always-on monitoring and scanning, and how end-users can interact or override global policy settings
+[Windows Defender AV in the Windows Defender Security Center app](windows-defender-security-center-antivirus.md) | The Windows Defender Security Center combines the settings and notifications from the previous Windows Defender AV app and Windows Settings in one easy-to-manage place
+[Windows Defender AV on Windows Server 2016](windows-defender-antivirus-on-windows-server-2016.md) | Windows Defender AV can be used on Windows Server 2016, and features the same configuration and management capabilities as the Windows 10 version - with some added features for automatic exclusions
+[Windows Defender AV compatibility](windows-defender-antivirus-compatibility.md) | Windows Defender AV operates in different modes depending on whether it detects other AV products or if you are using Windows Defender Advanced Threat Protection
+[Evaluate Windows Defender AV protection](evaluate-windows-defender-antivirus.md) | Evaluate the protection capabilities of Windows Defender Antivirus with a specialized evaluation guide and PowerShell script
+[Deploy, manage updates, and report on Windows Defender AV](deploy-manage-report-windows-defender-antivirus.md) | While traditional client deployment is not required for Windows Defender AV, you will need to enable the service. You can also manage how protection and product updates are applies, and receive reports from Configuration Manager, Intune, and with some security information and event monitoring (SIEM) tools
+[Configure Windows Defender AV features](configure-windows-defender-antivirus-features.md) | Windows Defender AV has a large set of configurable features and options. You can configure options such as cloud-delivered protection, always-on monitoring and scanning, and how end-users can interact or override global policy settings
 [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md) | You can set up scheduled scans, run on-demand scans, and configure how remediation works when threats are detected
-[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-antivirus.md)|Review event IDs and error codes in Windows Defender Antivirus to determine causes of problems and troubleshoot issues
+[Review event logs and error codes to troubleshoot issues](troubleshoot-windows-defender-antivirus.md)|Review event IDs and error codes in Windows Defender Antivirus to determine causes of problems and troubleshoot issues
 [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)|The management and configuration tools that you can use with Windows Defender AV are listed and described here
 
diff --git a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
index b3305b6b1c..29fbb9377a 100644
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@@ -1,6 +1,6 @@
 ---
 title: Windows Defender Antivirus on Windows Server 2016
-description: Compare the differences when Windows Defender AV is on a Windows Server SKU versus a Windows 10 endpoint
+description: Enable and configure Windows Defender AV on Windows Server 2016 
 keywords: windows defender, server, scep, system center endpoint protection, server 2016, current branch, server 2012
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@@ -13,7 +13,7 @@ author: iaanw
 ---
 
 
-# Windows Defender Antivirus on Windows Server
+# Windows Defender Antivirus on Windows Server 2016
 
 
 **Applies to:**
@@ -36,15 +36,124 @@ author: iaanw
 
 Windows Defender Antivirus is available on Windows Server 2016. In some instances it is referred to as Endpoint Protection - however, the protection engine is the same.
 
-See the [Windows Defender Overview for Windows Server](https://technet.microsoft.com/windows-server-docs/security/windows-defender/windows-defender-overview-windows-server) for more information on enabling the client interface and configuring roles and specific server features.
-
 While the functionality, configuration, and management is largely the same for Windows Defender AV either on Windows 10 or Windows Server 2016, there are a few key differences:
 
 - In Windows Server 2016, [automatic exclusions](configure-server-exclusions-windows-defender-antivirus.md) are applied based on your defined Server Role.
 - In Windows Server 2016, Windows Defender AV will not disable itself if you are running another antivirus product.
 
+This topic includes the following instructions for setting up and running Windows Defender AV on a server platform:
+
+-   [Enable the interface](#BKMK_UsingDef)
+
+-   [Verify Windows Defender AV is running](#BKMK_DefRun)
+
+-   [Update antimalware definitions](#BKMK_UpdateDef)
+
+-   [Submit Samples](#BKMK_DefSamples)
+
+-   [Configure automatic exclusions](#BKMK_DefExclusions)
+
+<a name="BKMK_UsingDef"></a>
+## Enable the interface
+By default, Windows Defender AV is installed and functional on Windows Server 2016. The user interface is installed by default on some SKUs. 
+
+You can enable or disable the interface by using the **Add Roles and Features Wizard** or PowerShellCmdlets, as described in the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic.
+
+The following PowerShell cmdlet will enable the interface: 
+
+```PowerShell
+Install-WindowsFeature -Name Windows-Defender-GUI
+```
+
+The following cmdlet will disable the interface:
+
+```PS
+Uninstall-WindowsFeature -Name Windows-Server-Antimalware
+```
+
+> [!TIP]
+> Event messages for the antimalware engine included with Windows Defender AV can be found in [Windows Defender AV Events](troubleshoot-windows-defender-antivirus.md).
+
+
+<a name="BKMK_DefRun"></a>
+## Verify Windows Defender is running
+To verify that Windows Defender AV is running on the server, run the following command from a command prompt: 
+
+```DOS
+sc query Windefend
+```
+
+The `sc query` command returns information about the Windows Defender service. If Windows Defender is running, the `STATE` value displays `RUNNING`.
+
+<a name="BKMK_UpdateDef"></a>
+## Update antimalware definitions
+In order to get updated antimalware definitions, you must have the Windows Update service running. If you use an update management service, like Windows Server Update Services (WSUS), make sure that updates for Windows Defender AV definitions are approved for the computers you manage.
+
+By default, Windows Update does not download and install updates automatically on Windows Server 2016. You can change this configuration by using one of the following methods:
+
+-   **Windows Update** in Control Panel.
+
+    -   **Install updates automatically** results in all updates being automatically installed, including Windows Defender definition updates.
+
+    -   **Download updates but let me choose whether to install them** allows Windows Defender to download and install definition updates automatically, but other updates are not automatically installed.
+
+-   **Group Policy**. You can set up and manage Windows Update by using the settings available in Group Policy, in the following path: **Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates**
+
+-   The **AUOptions** registry key. The following two values allow Windows Update to automatically download and install definition updates.
+
+    -   **4** Install updates automatically. This value results in all updates being automatically installed, including Windows Defender definition updates.
+
+    -   **3** Download updates but let me choose whether to install them.  This value allows Windows Defender to download and install definition updates automatically, but other updates are not automatically installed.
+
+To ensure that protection from malware is maintained, we recommend that you enable the following services:
+
+-   Windows Defender Network Inspection service
+
+-   Windows Error Reporting service
+
+-   Windows Update service
+
+The following table lists the services for Windows Defender and the dependent services.
+
+|Service Name|File Location|Description|
+|--------|---------|--------|
+|Windows Defender Service (Windefend)|C:\Program Files\Windows Defender\MsMpEng.exe|This is the main Windows Defender Antivirus service that needs to be running at all times.|
+|Windows Defender Network Inspection Service (Wdnissvc)|C:\Program Files\Windows Defender\NisSrv.exe|This service is invoked when Windows Defender Antivirus encounters a trigger to load it.|
+|Windows Error Reporting Service (Wersvc)|C:\WINDOWS\System32\svchost.exe -k WerSvcGroup|This service sends error reports back to Microsoft.|
+|Windows Firewall (MpsSvc)|C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork|We recommend leaving the Windows Firewall service enabled.|
+|Windows Update (Wuauserv)|C:\WINDOWS\system32\svchost.exe -k netsvcs|Windows Update is needed to get definition updates and antimalware engine updates|
+
+
+
+<a name="BKMK_DefSamples"></a>
+## Submit Samples
+Sample submission allows Microsoft to collect samples of potentially malicious software. To help provide continued and up-to-date protection, Microsoft researchers use these samples to analyze suspicious activities and produce updated antimalware definitions.
+
+We collect program executable files, such as .exe files and .dll files. We do not collect files that contain personal data, like Microsoft Word documents and PDF files.
+
+### Enable automatic sample submission
+
+-   To enable automatic sample submission, start a Windows PowerShell console as an administrator, and set the **SubmitSamplesConsent** value data according to one of the following settings:
+
+    -   **0** Always prompt. The Windows Defender service prompts you to confirm submission of all required files. This is the default setting for Windows Defender, but is not recommended for Windows Server 2016 installations without a GUI.
+
+    -   **1** Send safe samples automatically. The Windows Defender service sends all files marked as "safe" and prompts for the remainder of the files.
+
+    -   **2** Never send. The Windows Defender service does not prompt and does not send any files.
+
+    -   **3** Send all samples automatically. The Windows Defender service sends all files without a prompt for confirmation.
+
+<a name="BKMK_DefExclusions"></a>
+## Configure automatic exclusions
+To help ensure security and performance, certain exclusions are automatically added based on the roles and features you install when using Windows Defender AV on Server 2016.
+
+See the [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) topic for more information. 
+
+
 
 ## Related topics
 
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
-- [Deploy, manage updates, and report on Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
\ No newline at end of file
+- [Configure exclusions in Windows Defender AV on Windows Server](configure-server-exclusions-windows-defender-antivirus.md) 
+
+

From cd75d1db4720d9acd33ba1b6de4bb380d5c9459d Mon Sep 17 00:00:00 2001
From: Greg Lindsay <Greg.Lindsay@microsoft.com>
Date: Thu, 6 Jul 2017 18:24:18 +0000
Subject: [PATCH 42/49] Merged PR 2077: fixed casing

fixed casing
---
 windows/deployment/TOC.md                               | 2 +-
 windows/deployment/index.md                             | 4 ++--
 windows/deployment/windows-10-enterprise-e3-overview.md | 4 ++--
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/windows/deployment/TOC.md b/windows/deployment/TOC.md
index b6cd2db81d..26766b5852 100644
--- a/windows/deployment/TOC.md
+++ b/windows/deployment/TOC.md
@@ -2,7 +2,7 @@
 
 ## [What's new in Windows 10 deployment](deploy-whats-new.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
-## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
+## [Windows 10 Enterprise E3 in CSP overview](windows-10-enterprise-e3-overview.md)
 ## [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md)
 
 ## [Deploy Windows 10](deploy.md)
diff --git a/windows/deployment/index.md b/windows/deployment/index.md
index cfd9442f73..1705124e4a 100644
--- a/windows/deployment/index.md
+++ b/windows/deployment/index.md
@@ -9,7 +9,7 @@ localizationpriority: high
 author: greg-lindsay
 ---
 
-# Deploy and Update Windows 10
+# Deploy and update Windows 10
 
 Learn about deployment in Windows 10 for IT professionals. This includes deploying the operating system, upgrading to it from previous versions and updating Windows 10. The following sections and topics are available.
 
@@ -17,7 +17,7 @@ Learn about deployment in Windows 10 for IT professionals. This includes deploy
 |------|------------|
 |[What's new in Windows 10 deployment](deploy-whats-new.md) |See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. |
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
-|[Windows 10 Enterprise E3 in CSP Overview](deploy-whats-new.md) |Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. |
+|[Windows 10 Enterprise E3 in CSP overview](deploy-whats-new.md) |Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. |
 |[Resolve Windows 10 upgrade errors](windows-10-enterprise-e3-overview.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. |
 
 
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index c3861f8fe5..5e807ab7d6 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -1,5 +1,5 @@
 ---
-title: Windows 10 Enterprise E3 in CSP Overview
+title: Windows 10 Enterprise E3 in CSP overview
 description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
@@ -10,7 +10,7 @@ ms.pagetype: mdt
 author: greg-lindsay
 ---
 
-# Windows 10 Enterprise E3 in CSP Overview
+# Windows 10 Enterprise E3 in CSP overview
 
 Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
 

From 8c0299f8903de2a7f3f6c0a0cc71a75c9e968117 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Thu, 6 Jul 2017 13:05:58 -0700
Subject: [PATCH 43/49] updates from review

---
 store-for-business/add-profile-to-devices.md | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index 1fb8b493b6..a9b7f02935 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -55,7 +55,7 @@ Columns in the device information file need to use this naming and be in this or
 - Column 2: Windows Product ID 
 - Column 3: Hardware Hash
 
-When you add devices, you need to add them to an *AutoPilot deployment group*. AutoPilot deployment groups allow you to apply an AutoPilot deployment profile to multiple devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group. 
+When you add devices, you need to add them to an *AutoPilot deployment group*. Use these groups to apply AutoPilot deployment profiles to a group of devices. The first time you add devices to a group, you'll need to create an AutoPilot deployment group. 
 
 > [!NOTE]
 > You can only add devices to a group when you add devices to **Microsoft Store for Business and Education**. If you decide to reorganize devices into different groups, you'll need to delete them from **Devices** in **Microsoft Store**, and add them again. 
@@ -107,13 +107,17 @@ After you've applied an AutoPilot deployment profile to a device, if you decide
 > The new profile will only be applied if the device has not been started, and gone through the out-of-box experience. Settings from a different profile can't be applied when another profile has been applied. Windows would need to be reinstalled on the device for the second profile to be applied to the device. 
 
 ## AutoPilot device information file error messages
-Here's more info on some of the errors you might see while working with AutoPilot deployment profiles in **Microsoft Store for Business and Education**. 
+Here's info on some of the errors you might see while working with AutoPilot deployment profiles in **Microsoft Store for Business and Education**. 
 
 | Message Id | Message explanation | 
 | ---------- | ------------------- |
 | wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
 | wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003    | Looks like you need more than one csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
+| wadp003    | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
 | wadp004    | Try that again. Something happened on our end. Waiting a bit might help. |
-| wadp005    | Check with your device provider for your csv file. One of the devices on your list has been claimed by another organization. |
-| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
\ No newline at end of file
+| wadp005    | Check your .csv file with your device provider. One of the devices on your list has been claimed by another organization. |
+| wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
+| wadp007    | Check the info for this device in your .csv file. The device is already registered in your organization. |
+| wadp008    | The device does not meet AutoPilot Deployment requirements. |
+| wadp009    | Check with your device provider for an update .csv file. The current file doesn’t work |
+| wadp010    | Try that again. Something happened on our end. Waiting a bit might help. |

From 99d93d53e7832c46e78b4a4f26f97b7fca54fdff Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Thu, 6 Jul 2017 21:05:37 +0000
Subject: [PATCH 44/49] Merged PR 2080: Merge maricia-july6 to master

---
 .../client-management/mdm/bitlocker-csp.md    | 28 +++---
 ...ew-in-windows-mdm-enrollment-management.md | 90 ++++++++++++++++++-
 2 files changed, 102 insertions(+), 16 deletions(-)

diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 24db3c3c45..1c96dd8f84 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/05/2017
+ms.date: 07/06/2017
 ---
 
 # BitLocker CSP
@@ -106,12 +106,11 @@ The following diagram shows the BitLocker configuration service provider in tree
 <p style="margin-left: 20px">EncryptionMethodWithXtsRdvDropDown_Name = Select the encryption method for removable data drives.</p>
 
 <p style="margin-left: 20px"> The possible values for 'xx' are:</p>
-<ul>
-<li>3 = AES-CBC 128</li>
-<li>4 = AES-CBC 256</li>
-<li>6 = XTS-AES 128</li>
-<li>7 = XTS-AES 256</li>
-</ul>
+
+- 3 = AES-CBC 128
+- 4 = AES-CBC 256
+- 6 = XTS-AES 128
+- 7 = XTS-AES 256
 
 > [!Note]  
 > When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.  
@@ -251,14 +250,13 @@ The following diagram shows the BitLocker configuration service provider in tree
 <enabled/><data id="PrebootRecoveryInfoDropDown_Name" value="xx"/><data id="RecoveryMessage_Input" value="yy"/><data id="RecoveryUrl_Input" value="zz"/>
 ```
 <p style="margin-left: 20px">The possible values for 'xx' are:</p>
-<ul>
-<li>0 = Empty</li>
-<li>1 = Use default recovery message and URL.</li>
-<li>2 = Custom recovery message is set.</li>
-<li>3 = Custom recovery URL is set.</li>
-<li>'yy' = string of max length 900.</li>
-<li>'zz' = string of max length 500.</li>
-</ul>
+
+-  0 = Empty
+-  1 = Use default recovery message and URL.
+-  2 = Custom recovery message is set.
+-  3 = Custom recovery URL is set.
+-  'yy' = string of max length 900.
+-  'zz' = string of max length 500.
 
 > [!Note]  
 > When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 6ae7b4c759..8db538cc05 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/28/2017
+ms.date: 07/06/2017
 ---
 
 # What's new in MDM enrollment and management
@@ -27,6 +27,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 -   [What's new in Windows 10, version 1511](#whatsnew)
 -   [What's new in Windows 10, version 1607](#whatsnew1607)
 -   [What's new in Windows 10, version 1703](#whatsnew10)
+-   [What's new in Windows 10, version 1709](#whatsnew1709)
 -   [Breaking changes and known issues](#breaking-changes-and-known-issues)
     -   [Get command inside an atomic command is not supported](#getcommand)
     -   [Notification channel URI not preserved during upgrade from Windows 8.1 to Windows 10](#notification)
@@ -913,6 +914,67 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 </tbody>
 </table> 
 
+## <a href="" id="whatsnew1709"></a>What's new in Windows 10, version 1709
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>Item</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="even">
+<td style="vertical-align:top">[Firewall CSP](firewall-csp.md)</td>
+<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[CM_ProxyEntries CSP](cm-proxyentries-csp.md) and [CMPolicy CSP](cmpolicy-csp.md)</td>
+<td style="vertical-align:top">In Windows 10, version 1709, support for desktop SKUs were added to these CSPs. The table of SKU information in the [Configuration service provider reference](configuration-service-provider-reference.md) was updated.</td>
+</tr>
+<tr class="odd">
+<td style="vertical-align:top">[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)</td>
+<td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
+</tr>
+<tr class="even">
+<td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
+<td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> 
+<ul>
+<li>CredentialProviders/EnableWindowsAutoPilotResetCredentials</li>
+<li>DeviceGuard/EnableVirtualizationBasedSecurity</li>
+<li>DeviceGuard/RequirePlatformSecurityFeatures</li>
+<li>DeviceGuard/LsaCfgFlags</li>
+<li>Power/DisplayOffTimeoutOnBattery</li>
+<li>Power/DisplayOffTimeoutPluggedIn</li>
+<li>Power/HibernateTimeoutOnBattery</li>
+<li>Power/HibernateTimeoutPluggedIn</li>
+<li>Power/StandbyTimeoutOnBattery</li>
+<li>Power/StandbyTimeoutPluggedIn</li>
+<li>Defender/AttackSurfaceReductionOnlyExclusions</li>
+<li>Defender/AttackSurfaceReductionRules</li>
+<li>Defender/CloudBlockLevel </li>
+<li>Defender/CloudExtendedTimeout</li>
+<li>Defender/EnableGuardMyFolders</li>
+<li>Defender/EnableNetworkProtection</li>
+<li>Defender/GuardedFoldersAllowedApplications</li>
+<li>Defender/GuardedFoldersList</li>
+<li>Update/ScheduledInstallEveryWeek</li>
+<li>Update/ScheduledInstallFirstWeek</li>
+<li>Update/ScheduledInstallFourthWeek</li>
+<li>Update/ScheduledInstallSecondWeek</li>
+<li>Update/ScheduledInstallThirdWeek</li>
+</ul>
+</td></tr>
+</tbody>
+</table>
 
 ## Breaking changes and known issues
 
@@ -1179,6 +1241,32 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 
 ## Change history in MDM documentation
 
+### July 2017
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th>New or updated topic</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
+<td style="vertical-align:top">Added the following statements:.
+<ul>
+<li>When you enable EncryptionMethodByDriveType, you must specify values for all three drives (operating system, fixed data, and removable data), otherwise it will fail (500 return status). For example, if you only set the encrytion method for the OS and removable drives, you will get a 500 return status.</li>
+<li>When you enable SystemDrivesRecoveryMessage, you must specify values for all three settings (pre-boot recovery screen, recovery message, and recovery URL), otherwise it will fail (500 return status). For example, if you only specify values for message and URL, you will get a 500 return status.</li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+
 ### June 2017
 
 <table>

From 0d92b33795f765cbbd7a4466de4350595b9c1d49 Mon Sep 17 00:00:00 2001
From: Trudy Hakala <Trudy.Hakala@microsoft.com>
Date: Thu, 6 Jul 2017 14:21:10 -0700
Subject: [PATCH 45/49] fixing link

---
 store-for-business/add-profile-to-devices.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/store-for-business/add-profile-to-devices.md b/store-for-business/add-profile-to-devices.md
index a9b7f02935..2cf678c39f 100644
--- a/store-for-business/add-profile-to-devices.md
+++ b/store-for-business/add-profile-to-devices.md
@@ -17,7 +17,7 @@ localizationpriority: high
 
 -   Windows 10
 
-Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://review.docs.microsoft.com/en-us/windows/deployment/windows-10-auto-pilot?branch=dh-autopilot11975619).
+Windows AutoPilot Deployment Program simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows AutoPilot](https://docs.microsoft.com/windows/deployment/windows-10-auto-pilot).
 
 ## What is Windows AutoPilot Deployment Program?
 In Microsoft Store for Business, you can manage devices for your organization and apply an *AutoPilot deployment profile* to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows based on the AutoPilot deployment profile you applied to the device. 

From 8d3fc92f48cafc0acaffa64d8c8b17e1e9a33ce4 Mon Sep 17 00:00:00 2001
From: Dani Halfin <daniha@microsoft.com>
Date: Thu, 6 Jul 2017 22:01:18 +0000
Subject: [PATCH 46/49] Merged PR 2085: added MSFB links and new PowerShell
 script

added MSFB links and new PowerShell script
---
 windows/deployment/windows-10-auto-pilot.md | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/windows/deployment/windows-10-auto-pilot.md b/windows/deployment/windows-10-auto-pilot.md
index 7413ecc71c..e61588a105 100644
--- a/windows/deployment/windows-10-auto-pilot.md
+++ b/windows/deployment/windows-10-auto-pilot.md
@@ -68,14 +68,10 @@ MDM enrollment ensures policies are applied, apps are installed and setting are
 
 In order to register devices, you will need to acquire their hardware ID and register it. We are actively working with various hardware vendors to enable them to provide the required information to you, or upload it on your behalf. 
 
-If you would like to capture that information by yourself, the following PowerShell script will generate a text file with the device's hardware ID.
+If you would like to capture that information by yourself, the following [PowerShell script](https://www.powershellgallery.com/packages/Get-WindowsAutoPilotInfo) will generate a csv file with the devices' hardware ID.
 
-```PowerShell
-$wmi = Get-WMIObject -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'"
-$wmi.DeviceHardwareData | Out-File "$($env:COMPUTERNAME).txt"
-```
 >[!NOTE]
->This PowerShell script requires elevated permissions. The output format might not fit the upload method. Check out the Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot) for additional guidance.
+>This PowerShell script requires elevated permissions.
 
 By uploading this information to the Microsoft Store for Business or Partner Center admin portal, you'll be able to assign devices to your organization.
 Additional options and customization is available through these portals to pre-configure the devices.
@@ -88,7 +84,7 @@ Options available for Windows 10, Version 1703:
 
 We are working to add additional options to further personalize and streamline the setup experience in future releases.
 
-To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for Microsoft Store for Business or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
+To see additional details on how to customize the OOBE experience and how to follow this process, see guidance for [Microsoft Store for Business](/store-for-business/add-profile-to-devices.md) or [Partner Center](https://msdn.microsoft.com/partner-center/autopilot).
 
 ### IT-Driven
 

From efec00a62eab5a5fc927037fa78983a1769ab248 Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 7 Jul 2017 07:08:44 -0700
Subject: [PATCH 47/49] change deferral recommendations

---
 .../surface-hub/manage-windows-updates-for-surface-hub.md   | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index 102a9c8006..c8ae01ad93 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -70,9 +70,9 @@ This table gives examples of deployment rings.
 
 | Deployment ring | Ring size | Servicing branch | Deferral for feature updates | Deferral for quality updates (security fixes, drivers, and other updates) | Validation step |
 | --------- | --------- | --------- | --------- | --------- | --------- |
-| Evaluation (e.g. non-critical or test devices) | Small | Current Branch (CB) | None. Devices receive feature updates immediately after CB is released. | None. Devices receive quality updates immediately after CB is released. | Manually test and evaluate new functionality. Pause updates if there are issues. |
-| Pilot (e.g. devices used by select teams) | Medium | Current Branch for Business (CBB) | None. Devices receive feature updates immediately once CBB is released. | None. Devices receive quality updates immediately after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
-| Broad deployment (e.g. most of the devices in your organization) | Large | Current Branch for Business (CBB) |  60 days after CBB is released. | 14 days after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
+| Preview (e.g. non-critical or test devices) | Small | Current Branch (CB) | None. Devices receive feature updates immediately after CB is released. | None. Devices receive quality updates immediately after CB is released. | Manually test and evaluate new functionality. Pause updates if there are issues. |
+| Release (e.g. devices used by select teams) | Medium | Current Branch for Business (CBB) | None. Devices receive feature updates immediately once CBB is released. | None. Devices receive quality updates immediately after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
+| Broad deployment (e.g. most of the devices in your organization) | Large | Current Branch for Business (CBB) |  120 days after CBB is released. | 7-14 days after CBB is released. | Monitor device usage and user feedback. Pause updates if there are issues. |
 | Mission critical (e.g. devices in executive boardrooms) | Small | Current Branch for Business (CBB) |  180 days after CBB is released (maximum deferral for feature updates). | 30 days after CBB is released (maximum deferral for quality updates). | Monitor device usage and user feedback. |
 
 

From 2139769f50c374179cafc8224292c69647414bff Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Fri, 7 Jul 2017 07:10:20 -0700
Subject: [PATCH 48/49] change history

---
 devices/surface-hub/change-history-surface-hub.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/devices/surface-hub/change-history-surface-hub.md b/devices/surface-hub/change-history-surface-hub.md
index f15a7db11b..f5c9a18f1a 100644
--- a/devices/surface-hub/change-history-surface-hub.md
+++ b/devices/surface-hub/change-history-surface-hub.md
@@ -16,6 +16,12 @@ localizationpriority: medium
 
 This topic lists new and updated topics in the [Surface Hub Admin Guide]( surface-hub-administrators-guide.md).
 
+## July 2017
+
+| New or changed topic | Description |
+| --- | --- |
+| [Windows updates](manage-windows-updates-for-surface-hub.md) | Changed deferral recommendations for Windows Updates |
+
 ## June 2017
 
 | New or changed topic | Description |

From bfdf3ee5cdd0d958dae70f66ddfd7f6992f62b93 Mon Sep 17 00:00:00 2001
From: Maricia Alforque <maricia@microsoft.com>
Date: Fri, 7 Jul 2017 17:37:23 +0000
Subject: [PATCH 49/49] Merged PR 2097: Merge maricia-11972860 to master

---
 .../mdm/images/provisioning-csp-vpnv2-rs1.png | Bin 85113 -> 108781 bytes
 ...ew-in-windows-mdm-enrollment-management.md |  10 ++-
 windows/client-management/mdm/vpnv2-csp.md    |  38 ++++++++--
 .../client-management/mdm/vpnv2-ddf-file.md   |  67 +++++++++++++-----
 .../windowsadvancedthreatprotection-csp.md    |   3 +
 .../windowsadvancedthreatprotection-ddf.md    |   3 +
 6 files changed, 99 insertions(+), 22 deletions(-)

diff --git a/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png b/windows/client-management/mdm/images/provisioning-csp-vpnv2-rs1.png
index 6bf38313ac554ff14e13f26697164c0274cbd5ca..a5b77e0b42163045ac456722a89a5e732b5adead 100644
GIT binary patch
literal 108781
zcmc$`cT|(x*EJd}a1;?0X`+A?73tEON>dR~5fBhi5QsoPY9KTf=~WSs8U^W1AcPL0
z(rctAkcjkNLg)#1C+Ioncfb4o@qX<x#u-P*^X$6zT64|0b^`BesxciraS#H5Fx|ST
zd>;bYD+hrbO8jdN_=|MH3oh_KI>-BJHz0ZKC#S$K`z)_(T!%mk!Wp-p><7Oecz#pg
z5dt~<jrt#5gI&f`2xKSqmh$xnuEw)uBd3#NiIZCs4uX!cEsw@UV~QN2WGw{Refvy%
zO)36GYflzt_l^kf1Tx3&eOknM<LA#Sr}mtlJr^Mrc=o~vy6wCIpM4T<bG_bNIX>|C
zWkJEm^Vk%r-nSuFWenbK$!YcEXC)!ZvwDoc&k&iMLohAR%Fez$6tt3PrN4Qb35>5y
z4MhimtU!{%FCQ3=z`&p6KNMlmWo2bS?YMz~H<l;C$C=&9Fi%g<XV0dli}{O)T~@cp
zOfw(I=p}IoB|VmrpD!|syHu*>m3qI-ex$y)H@Z>+w6<2v1<TIPj>-4<<nSc<DrF0f
z+!@0udbq4y7iZ?Fb|-wScz<PLDP^r(i}JF7Y<FiHk>%tvPQG7kFx1~4p~nb1&UuYN
zS5=XldRkJaez`7vS5N2GD|@_uU!=d=^g1~|abx4@hSP?Jy_=i9G1!<+AA>M-Vq&5-
z(n#PAlH9Z26@GHSOlMDIhug1yPk%n<_DT~2ef>A=$3WZfdXwjZh1i0-v>6EG17*Fz
z#O|dng5b&6M5M8aNsQic@JxV33e4Tz-6C(hchrts77-q`=Z;-lQ3|u>yZU_NEoEZ^
z&?#eF5Sm0H{n~KULav9A=8#iEZlo10ArGmBg@bgE4|=oQFz@QJZR2Ml-d3I7#3Drn
z1FxFTWo4K0uR<V=1xCqpT^)G|mrwp$gRjiUId4-OyB3zt+Cm_sCMnP@kEKn+$eM!c
zHZe~LFdZ>{FMq-qJ>*(@ohq)aX4@^twRMxeV`WUvYXuL+fWzUIv3nsewgbb^p`oEo
z%d*?X;kB`rYCH*v$mkdz(5jX)3T9`=-hmu3;XZ^t>1w&tpvOKM3HE;UjxwsPT}x4R
z^8@KrBIj#q#A*+hWOYQxUI-+D&jmG9?mRQv9pAgQY?St>RGa^hA;0WZ&Xd_~N>4Xz
zKFNols!ErVuM@J{3*q&@fk~@2j3Eet33<)9yNz%f=M3qe%&Iw6l9sr%mS&d|dZ=y?
z*Nf6K8ke5L6$faaFvyrBjc<g9Kj=AOIo?uupL@RJS7X0{YpASqhmtJOUrfkoXFJa0
z1_bhA@GlkIj~~Ap-GvMZb@2F)8wTb!kJx64E+t016$wl2x-69kx4SFXl%5OCc9(F{
z(|7Nh&^OBFC>YDp@1GgO%c3vfBweTPd+I6?7l$j-n<EVk4VR_CSy(<DKsBLXD-W{0
z4IY?W70p|5x{CeUAga_5i^9j)m?_@t@T-=yKu%yAKbNIew_5DaNXk==k248Xq#Ek-
zv)_%(AWgQu#m3|;5GvY?vv0ZtN(?FW#v>5S_}hw62{St8Yp0ZIERw@malvmYdiW<=
z%2yLes(kwwG<ECQa-h}=huHn6)iq(-JRe9$*(d=wx_$~;#wkt&44VSCBYj-iaKmFM
z&}>bgPy^>2lCdBte^>r|;TPg<7aM+6wV~9A73)YY_$u4YyoBcp#pT9}E+6qU9Y+k{
zWt^aTo2MQ0v@I|4RJbMKVcDbG39v_BC|66fiygya^|WdpW_k!BIUx{UhI3d6Ny&~V
zzMO@@3QbR$tB+DrYD3;WcP`^94MwQXq<1BYs`LfUc6w-uxs)Kb9+yy*a^~8MVoONt
ze7)VA2<unG?%Z)3GqrdzL@GvSb6B&f%#2%bdSEdv$}x<~t4|ODaXX9A&Gev5PqF8M
zUNqE)e+f?eOC9*7{5CI@_x505Q}E=^#V)l|=NoJLhw7E%b)*lZ2>d$a6K=H1l5p)Q
zYRX;{PkwmfoxV?nf%Jr`n2t<~>?dH&{>p}LO){(-UUHve`N$?B=og#9Gehx+a=X=v
zEUyfZiRLc5nTD2JH8YZCOpDaRCbxIq<hR_admP^n6-z3ZSH%rC`LwjO%%?LzAd@nu
zV8BSUQ;T}nW-~DI!|8t0egP-M1dnIh;}?Rb`KHcU`X60-GNH0kup$-6vPt4B6tyZr
zcz(w5+O7;g-D%(8!lW!L!&9|y9q#VtjC+=9$5kPkqCr^g&_zbcnT>zTefC_BI5Ftz
zCAZl*Sf{^Mv=0JtN(@8COWJWOZpD%0WvxP>!Buf%@Nn7s^E`=XDTo^G1W)=IpP+-w
z$+ZQa7-xJgIh5FAERr0bJS0eH;$Xb+S66MO4=Ft}?|y$`=63wK#H7dZpD<}@fsS|>
zw}J;e^O2LHIs|g9Zwi{Nn+;rQ8A-lk>0uiN)3p4s>B5fXdz+xKudA!*tw0d;%GK3y
zq>j8Q(bW(VQ^oLWA$@0;LOI>SrX9`;2~EpWp`lD`EFkbX#e|`Q8HpXp?P?NJ{1d$3
zNqv2Nd&PU8Blr|leOXH_mX3o$cL@U7_?VJ=RoiuYvZ`0o#!p%pU2{LP6nPN@kct3_
z3oZd5lq@T$;aay+)58dMp5H9q_qA_V8swJmKI4RHGfE&YO)Ame_F63lYxVa>M%Bw0
z5Hd=tpOnarFJ!fKIBn)&3Em1wNlQ(3t)Xg999bEh)}hpt-20g)IdGtPTjy2+#%|lo
z8-7eJkm%2Jf;_!rR4>m@CX}0aRp5A7p|)5}!JVt4x3Xo=uW2c~ZYQkAvrrcNBmK9E
zq>_;`j-j%-+sA%7js>>0Y5ctwV`F3AA{lb+`UTn}Hu!M4+zyB{s|$C<6C_gFWcd?y
zdk>&iB@<24hoFo}lKJI1Ra3-6JN7!3q1yw3r0vGlUPoI^pNbP&nGYQP?3SUC(J7&%
z&tPs>k9yw{dvpMy!Qbb4pK~OqwbTAWuH<<fE_|a>S}X34v)WjZAi_1jMP9*jD<bTk
zrTz4Z2A(vp3zPOPjS;x+hE4R)%H+%w3oGRZH!g}N%vdh_CE9;%%#jiD`&uE&eUbmH
zi@EJAGOBo|e~4Zd^FO$(;K3+I>D*a`=GokGu}3GfI!ubMyQVtccK+?Y^5`8Od+en5
z<(DG4!T!#i!wPzC*9NC^7gxh1Wo1ln)E?J4AS0eoayBt%X`abJS<fJ2dN5AJg%$C^
zK+z;@AWF7Z-!}`R$SH0wYv1e6j7fiz7c)2XiP1U9%@1$XYk_~=aaZ9!QLYNN>Ys+>
zFa9=kV<4U$F8+S$S71+%&RQ3UV@`?6xaQ_&obTD*lDP}%)d!L<*Uo&pD_1r%q+%p@
z|8%`XZQd+{M1NFLxufu^U3L1vqQ@&91d+!SW;fqlncJ`x;luT@puN-ZP`h?XT+z!@
zu=dF)RmN$5+4B=&Zl&evrfY7qlk%z0@Lc;LylUsLE-o(M2z~QkKv%m-iX2rrcJF}K
z%p}*x%0<R+S}aBPUKtJC>W1pQu^d~_of9inWvz&O4=vI>>xLTOpHcYnbKjX1jc~{1
z`Gy}KT2BnJN(v<*R(>?_lp;YK;AK9CeaFbtE)RD=lG@zY3e;7!JkL*x+q$fiEC%_{
z!hNkS_3M!La?M_z&Z(T!5#S6D8oK45kLpSMxb#UHCq&QnT{YfbKks_1cqzZ_?m>Oi
zaR|iwz1LB>`T1J!>T~Vz_fnK<E03`~DqgP7+E>N#I*houUYQ}tcE;<6I^nSV-P{td
zw6>E~$nv7M-w%*C59xCjvs5XZ!6qcXO`Lh5%@gO1-V`Jrs@kifY)Ixj!ISBT>yP4u
zZKA>7b4CNjd2BU&D$Yz~j;wW5b_i{Od6~R|YR6Udk3R^*9TADi{3N}7K;`WTOXgbo
z`u%)Hr$2uEi@{%8WxlaF!>G<!&M~NAbBG6Vrh`uqyRGYp?k))>N_GgZXUrrE0Pn|>
zdC$x$haXno#bwh)TSRHTbbO`rOtgn4I0GJksTg*#<DUK^pl8NMi8-xJL{5iTCh);Q
zmH1^0UyRq%YGkkE^7{iO!ObnS2S}XDYpQgRMm||A8jVhCjtr!5Ug{ze2b(<E6%rz~
zfDfbsrb|(&9fy%HqShPHDoJq0CI(wMDK`LA-8g;})(l|R;mRVyW?K8olAOo7EoC2Y
zv2JXqV9i_X7D=)j@-v3AUHOjdv$f4XEPtcAQ1sl~+^^X(zOW%nPq^i#9cW=^B%5*h
zD*%0uf<h(C9UUF5ESAAi8WKigz2fxhy{@|3BP=b|jGe)t)I*as?hWZ8yr+E?DUqba
zq^WRekJX>4E$o-5uGTIFs*Nrw*;%QbUC`S3zUkGmvLfg3w8M32pJD?*o%#Lp*hew>
zf(cTR%l#PloCWe7p>_a>lj6O?z4;G9t}#E8z`pY~slNAK+I?{d3EmB7rMr{g%F-||
zD@_`o-M(5A4ptWb;|A&yz^Z);6*A)T8`(?gxhEbwC{ULuw~6qsgMGtn5diSy-sHC8
z;$jj2Ruj!EHJ+9MgadDP+~!BCB`<gxB_wVB3RZDDKnKQk>liGrt*xy?p~hIj<N;|F
z8;hjE*q(!T*eBkcbx%^<Adgs@@JBO(?WwRIq2EzH4tbFjEr<2U!e{kN&u%+`jK)Y#
z+*r=ub@?YqNb*DEQ*P&#j4ypt#BNP5?QDHl>fKD}aO7Ld<a^Wx+{g3=@(NN=gI!3l
zl~C#C=<aT4%m>nemiqw`U30h+Jw3gcm>B-3W)Lqk-_GQ^ZHF?hkvG4YO|%=%I4Xc)
zXls=g78WKa?SQE1CJ#bm%}r@6Vn{5dPX}eR`Ac1&9;62h$pWvTz-?_PqkO6P880#b
zeT15>jj~|aZh-9Vg~u7}4QiN-&{8)13j^L+4umqE#)9?~j>1kW11HhQ_kX4lmvA($
z#4bNCPf$omkNyjbzk)7CLd07mdJEg!9E32Jl$0Ec0t1p}<AP1&Hd4bCFKV!Bv1^60
zYn@DzbA4>%P3U08ORXXgKUyECsd}2b(Bf9{T)C<c?DZJ24(w%haq;<lur!Ux04Q#7
zuyS!YVbg{3D^ra}y3mrEK~j>yL0H4V{lF2_Q>dyeDmse<V2xL6777BSyd)V9HcX$;
z7h8?=XC~zSfUVwe13RSvR^^)Q>*P5?j9m!3)^lfA#KZuGL483B1J-y{;|OeKW@aI(
z9w4L=l2HOD>fVrq`^VNTDyj@pj^8|NB%?@L$GGP%5LzF%+Yva+m#56v9Kk+~zNCJf
zTdieCD2siW2s)M5_kx?5eIu`c1j{I$now5URp^tn3pp&*I}fs;p8QAMI$3tz+nFJu
zTwL8&J-$`*$vO7iKcMw$Sroj>P-*)3MkJx8RCwV}#C9Q$w*hM|s<vEPe8*@JDlPVD
z+N?UqF8-1P>h4m>ifNwktbA4=RJ($NhEKQIR2w7J!e%c;r>{2wLvgsFhO6`4n9%Yf
zY$gr0q_7BdYsrj!%KLiBqHYi*T#H{WBnw>4wMFi53MD->GIIWd+u~#S6+M5+_Daqs
zaSv(L%YL%Z^zF);KltblUSIaAB$2Oj!s|Uan4Tl`|G>Z>cRms*Lm6I0KfL{~UKA5|
z2^t7Q!)-Jq{!)23DWF#sO4iIEu4Z_@qrBg1w#6S6v<oz|wNlz<vlewk_`0_b<ilCo
zW{U2jVr37pK6##BV2?Zm4E>td$^<UOYDH1>IllA3oVhV8WBNnkdc-ARYjtmb3e%2Y
zmAR{i_aVFRJ&*_<8LXg(RG+`M&4WCDrZ)flAn~Ixhk{%yBe}>^)1Sl$^gYZuTN`M~
z`$%m&e7SSWA7}`3bK6)Py*|U`vJg)68#n0IDKJWDtLoQX%kJxz=&8HW<5g6w7(6%p
z4bI-O-)jt5pY+ERn6<TamfV21w{!P~xXo$}2UHL{%EQ)gIL-gO{x&?m^P%EQ@3-IK
z!toEL(^e=$Z0L;u+d;=(PYV38zPVYxH3cAQxn{D4iA{Wx$7mz>jI5;Cdn$|2Y);)w
zm1K>wjTpsn)^L47Wh`9+I1hRW@+DPO0=o$uh@%SR*=9^p{wjgFM5L`_L~Vh3F6!(3
z{sh1H`}&)+LqD2mF-6Fd{z;N-S-vafWF1)J!vmPK!D`P6k7}u9e2dnp8d|s-qlT*}
z>-6Asu&50c$-wTll~HBU(QKA@p+tVIgaicfOFxA!Hl2B=Wyk*WcCdDb;mnq^*Umg~
zq>iP|;rduykh9wy@Z1!DKdc=ciM_doQ7@Oie+*yPBKflr`<|8&1Ox<f^YWItoIs$h
zF-nGY%84P2RB)+6)$h!yVVn1Vv*Wudfk77(6qJ`=_P%wHDK{r4CqKW1g#q#fau$0-
z<^*gvUKuEuBwRsq1ME$4k!6v#V-LIYu3o*%w?$6@i^aZ8KL&YGtAz4(62#gLt|tpS
zuKui0r1DQ&hllD=SE&&$RXbcOicg2s%yJO&<;7{x_EDIutZa;+i5y~8M~7QCSXiJ9
z;6>e@t#oFKl9H0Kru~q|kB`7kCkCL`gjy>_SI=fEzW+}A%CnQXLODJ}58=3~Y<P1T
zv%1vdyLVx>q|oP?BNaeIeO*4j7b46NfR1oVnFC7<U=Qk*&n<JWt@h3+Euj_`CNMj&
zj`u^TtjDs=$E}^&4}jXq&dd~?CFva&ctCYg8@QF9V8`b(mq*!ll8!@!g+YVIQ+^)}
zesO~niMpD0(%PI{C6Z86zj5p0jlz<Qy_yS_t_3cZ_Kp2lOb1iqGfV6|KE*9wl@SGj
ze6pw`zom-_1U;~}p!eU|Vh^W4XsoX04OYKzT(b)0KVGT1vG=cr<@#D*vFgTTTMsij
z3|BdOCMhf>#+DVz4FQZGn=Ejy4$2=D3|K|nbcpVS1l_<_m&Re8i(@5|7&W9&wt$bi
zwTS!7_?@Ws<-?aCkFSB1e5MkA`9Keg?h};MN7TVr&pbYrONizORrb7kz3lZ|Bm7Z9
z7xS9lG<n_57Q5hZ!jN9$LYal}Tz17WA2X-n%C8^NC8u|uuHc=v%YujRgvdc#9Lrs&
zSLblcpY}pJ`@s5mBSwOP&=1BJycKuC?Z~;ToB|=Sx|?X_@b0%uEYI5G0t9kryPiyp
zzwuVmfVz)hlZ+Q0^)u!zmi6IRqQ{R85#Pv{mW|I34itIoO{P!&I*i>ssknu0i<ca$
z+Y9-S52AZb+`~=6^fLdz_DIe4l)FELonJH#`SX7C8wD#T@@qj2-<H<H`9Fi=@E;>J
zR26-FnxL1e3QpGHygy4;U2uJH*LhyrePP(IIVaQS!f(%~PNh;ePhfhF&eh1DD8I^j
z=XsfWJ@kTQh#%w7So&KX=j-g)XOpLlY`5IIB)<w=bYssem`stBfxa4^y9fF5lNT$K
zdew;Ps=#29o<sJh#9jI8g1jz@Q-!r%L2>+7R(rxC#@T|kep@O#TV&y4eNrf+`>Ig^
zgNA6G!^;}W{Sb~L%7*EvHGah#bjL%wv_AgAFpb(}@{HB#D!WcGOmi8p#+E3hteWM)
zn_CG*J-(F9#j?zbGhu=yXPL3fi~Nd!srQA>y!*|Z^l-L?9aSCYSWxlPL)eMaCqD2V
zYN^q*n634&dH%gT_{qEl9{*`LLHs)2w?kljl444}ZisxdW^8O=@GhMT^1@3E<=pw3
zgGg0XWvQO;@g@TN8`Px@4({?Ju;mK@=)-_q1_0)JR;Z0?jlDixBM&(a(5%PO{+IzU
zpx4luoa{aYDmk3{b8^zvPGOa3jz*G~Fd%_z(mn+F@)#_g=2+cJ_^RPR?Ky58n<Dmf
zH#2bFpaJMB9v;rafP4+-sp^|%PD^zgZA>b;;GJ^jz3E=aA>L$xvn94emlKf)vtNBi
zTj>X?<g`v!EPPp~d|lD^3S)u@e-1#;f}g=sd$V!!j|Wq;fKXp5%0I<{Ln7VQi<hdt
zP2@xkB?6wJhecdp!AQYmdu5Z=D_jurIN~VG=rh3K<>d%~JZ>kIdW-6?Ek6OYyZk*a
zF0SS8bP(Y$0TO>nVxNLwH41|Bb%0DGES0(TQR8&dQP>eG4s}ySU8iE$QO^Iy1IqMN
z4WO#Ba+VU9HL&q4t;^B=3EmTJN2nIa2lTonX#7+tx~He7EV!u7VHm{fweVVi{dv2l
z+$f`KLzY`kOAnrvuY(+78{-L?G*aeL_D|N(`RdC&Q6J1lCEKc%;37kD03vMw&A@l6
z2xM)e#dMIB<H=0PEYz5AFF}3{L|m)=`?_-PO}T)KOg%=ZnSUQ-@)T%o8j}_@H@M;s
z7QADcK5d5B+#fC|xP1%c1J}ZNvAjQiCvDO}0wu&v_nP&UBK~D7ItYReL;uDW<+;+7
zYEnu5#Cq^fo<;K2>gsAiAr1)dT7X2r@f3~J7YFz7AAMih*2PyXCZ-qNcL);U4mu6O
zxY$3T0AN^h?BmcS_W5orIGg`0NuU*9P#lL36t_OB^u`eFoHJwz{di2liH)In+-d1}
z%~vJ}Vn66s7d1CKd%Q)Ps*sSb$BR`yj5m2Oq|1?4!C#wECEl7Mr;4+kNO*cUWMOAT
zMsa{1QuPw*bCVxyOQ`lNcWn;xak2FHl;x;l+2&C;kMB)qq3fRRR>28&1v+{GaYk$*
zW;ALqWRwd-Kded(**1;`W7wFrxKY18v|&6)R)W00arQiqDp>mH=9Z#8w9512r=Ywu
z-6wQTNR-Zr=K7CJPNL;o2NnbnRgSfHde{5*&ylmENEkMmj4hYXvev#EkCD&PaAs-?
zmo(T%#X$aJr_A-53zpdmH%Tn~^`S~c@bi@BGGlAo*_4;BZdyH$Ny>m~;}~!pT$2@9
zjP9hlPR!Xp*#^?8&C}Sboy98A+UrUTSrw8!m!e94>`wQ&`%Elm2G*{~Q@!0`m%6!{
zA^84o=&j4KBI#=WZ%X>Xh~Hq?s;(PdXtsDWGuMB=!kHb6@|kO@hTVead(v8(G_d=X
zgUL)^LnZW~-+=25M|!qh_Hn5%(;Tl9m<&g0UcgwaYG*Vh_s(z)Yex-XxAeM%vE7sY
zQtlCFUC!)sb$%skbRQ&-z>Yjq!PVE-KixpFGQjQ_&F>pKE?9K;o_MLcRyKxBP#B)v
z+jpulzC7G?4N6qqc^;3q<V&6diH+q%`q=N?06TvvHTEk&fyJA=!;?=BkT1UHdfI+o
z(DQ5^@>y`0g!7(Z)Z0Mgg_DwJa<KstLi<QnZ!CY*SGtT(^jPT_OF*twgCloI6$hBS
zlN<y)()Gf?Sq`DEgDuY}tU|<NdOj5^s3R~3DYznHyUnz>qG~dnD_8`>W|PLuezJQz
zJ%zH@xvD9eqKS>ArbjwSg8(+gFwr&;n01=WwVoGNd$N!H;4W#+iJGUX5=(n9h9gEB
z!G=P?Rl+qVyf-7WW5&dRd2s_%Hbq@B@hDga5?#*io9=}{5+fS7YI=V4Rs?TQ)1KJ4
zaZ#`d$C8=O3_-OifZ1U5-sa0@y`Oj`xos$F$s*On!hXj6G064S9xn9*O-<kUGUS>N
zIJo!2si=tPeYu8;xH#U=x1Uv8%`i30(H(W(16lbCG)aPLKPWLO_gGpV=%Xowhwtc(
zH>5CYL=%QjfNsywT*!F28_~iZF<mUCs8{z`T$#B|v6@uU8^?WuwGGgDPL-~v^S@>R
zB(D?(ti%n}b$}k<fv&BJvw}W8xSS}Mbf45|=(s)GwBzy9hYz2C?p^zyz^?_E+ZYAP
zV`pa_V`jj;oWb$}n3@KX@@&MUz(oF)Y`zJ9wfsg0t%1S8cj?@Kod8ayH941^$}f;c
zsdzdXfa{Y~e=L3t`0Vm9s1Gmp1TUZujMS*!nh7}U7kOu~ya8x>z%pFxqxy2gy}+zL
z%m9y{oJ$ADh)!p!r|*RTXFn;E%=8Ls{Q__nPN)9g%{E@Z_V)GhhXGFwWaK;PYVsZP
zEO|+8ZcGr~23l(`!&GtY?d`=KdC_T%EU8N%CG6RDUHJ&~%cnB(({3)v=cLx`36rXW
z)5Q^b`ytEzwDC?pLJe)VAa}*wCg2kW;FE%BhABzjq{|t7H>%DoV}W7{4iFgnsUS3<
z)6DA3Mh(1FtJtPlH$2|(81IWvqs`$OU$O=(uE5dzbMnikZ<XR3@mh)%XYyGfqx7`d
zL?CEAH3T)}=ssQ+o9-F*ybp0xqAk@YE-H+#o4SN&ZS&Yg!NsD8?rbq}u`()=!3h}!
zO9WOr0yupK(sF)15`Fn}5mgz@>}kU`-W`hGYW9^aZtiy-+FY>!ep@EA?zFYfzLYi2
zjp2~+2ZkHZyRAPNUvg^$%G~aHIRW`(7i%3AMOK+v7f*l1my>G0_i7<h7=JK}pVFyF
zxG%<nO_wge&iJjjdEIS&aR{I+lRbNQ6?dBeK;GHexzhFPw2$o_#syXvo1Eu^RcGVh
z_a~l%cJ8Lb>c-NLNeSB4^43AKA6#arUp2JvY~8nTE-y4h0AVDma9`(ia{g&w!dQsm
zLO99zV-fkY`(N;pMf!0J$pW96Q%bTuz6p=DG(TB)uwgOTd)ew~$w#IYR&no+S{+oU
z1V+oCi})k6LC9p|=0ClC2}SRCt!I^E#uMTwKkKx^4eUS9NG+W{Fy<G4J3sB>+@^j$
zQNJRG`NFpG$L|^ukJ{;tkHxCN4Vx8jk8Um=^-(ujy?4VXLo!&w^t0s1<+!3B1O-?1
z?*8;LmbK2+$j>-AxB~$|0jdCA9!j&O($b6+fn2vq69ck2&*t>K=TVK5xt%>1%!*1$
zl-H7<*?T6N-;@_}=dleP3o_*K^7-+X)Xc>n&+)I}=JdLsm8uvfa=JsOO+OmIoi!G;
z4<Cgi1X=+}+TO0!!bb;jqQ=D4*H=EYpS3e`TglDt2r;&E^jfTEP?TGK#mZ0-l854z
z3K7JJn|%)@2-?q(55S|Us&d{ieN}^>X}y(NN}3lJHmj7!sVy<KR`E|tr`%3F&`xj<
zFwo{$70Sw-t7@R%LTPs3Ewz<Ubd9XkZELCTvDWk2SY^(Y>NmepJG`RtoasuT`mf$C
zGxJBT?$$nw-<(;?e7gq`W;rPwMj5J#%@uuEANv@toNtV*6EEivx3OJa<%A=0TY+Lz
zwX(#p+)Q_^gysz-YzIr1>c8hxn+~zUEDhJpOg!pZE?2Yc6`Ub2<=@*MJlrbU*L|vr
za$gr(RqW_J3%a-%j89ofB3FE!SQs2T)z?&9_fymminP}<;3onpm_Momgsc~~G}mKe
z1A}QqwS&FKN$K^C=GODt4z_5T*$Q*sJ658=aq8-IMb3p1)w}~?#zq{4g4QazaPIjW
z_ys3)?Y)o;hx*c+Y<Q)~ZRd>*_7g)a!Y;?~>7SksO^GW;j&)H1?B7$duo!QqmT~kj
z98gsY997qz>EakcJk*|XcTJM<+G*W7|M%Gw5W7V78tP2VywJ;+aC(DIv~12qAlQ%~
z`OU6(e}p8}n?$DqWKW(A7uZ3g7oWOd_+7cKJ_5mJ>q&R^H#_LwKTlCp?=4@dz*)Qp
z)V2V!pl*Ox$zerzO@ZdM>VXO$JkcQ!C~ciXci<CKEQHv&*t_{*m70(UE?QqzKo}Tc
z98*kin*xM)j??2p9;)**wa6=_I-etu(F0WH<6H;)E2$%2Lqn??g!Ihq$RD<CJ3FB}
z$l^4ARe9p{hF<<Fgg`g{nS7?-P~I8S+pAk_kQmD!b2}9%n?Oy&$L(y`u}nv*k^2mg
zJNG)!i1r?_{3LI|&vcE_G<yU3XIqak(cojUf?Kz@c^Q1M$QptG1od^)=>nyq7V5it
zAo!fRM)jRHL!f(K9HLH@>)2T=gck&ueHg#*AmTLAT;^#J5N1UGR~~KQr7AVRQtdaI
z)u_?OLJV$?zK`)vykkrcF;bz8A}0lduCC6Tev;+18X9O)<21cQjXa|9JmCsXk8O5b
zmz1BCyON34)T}QHGD%OJs*-79Fq$7}oOCfX8_`b<Ji)}qH}c+6#QSdO4<`(axgfDr
zE0#Fd8wkbW@kxnD%ABl{uDq}jm91Mdel|O9Lb)Pz?1c^WIB^|Qm#1om7UMyR+@6g=
z)Pw@msDOwwDe-}y>av*vQ@LS4K-e1K;VE`_+0;Z;Xxzt2+>pl`0U)9-@IP$Njh9V5
z)S{x;HTC6Jbd3l9e6FzzvJj7{5eJ)CcYWiu9Bc38d;qH=4(v_~V7y(WRF`Mv`yrv;
zadw>&R==6~>6Q(kxI402j+y`a*)e{eDyM1tY-Yq`z+B7p0otZ#yv2EKb%e?tnU;OA
zv)x;$Ok3wGfUrRdDcH{{WHT=-DlxLIh2Goo6U!RDY&N1qEROS<K&9DkF@t)Dj#ePG
z@bmM7BRVO!J1kq2JiskOP)9#P63BwN`42lN*6)|_Y-$q{uEH~m4msAwr!&n@$4bk&
zJ$I8%<axTU^U&_ALe<*#ir)8QYrJ#&yaxO$C8q_aPh<n8%Z_UydV0nRZ|YNlus9qt
zm;d1M@-4^*B3SOVt<)=!+)}r#9Z!pu&Bhg`nL_<n8v{#gI~_`E5A7p}_IZ(I3l4}P
z3DHjr(?qB{NWdj+2P3rhKoV&Xs?q1ioncVuW?&z&kU5k4^VE;$u{~9eCmi)U4%LwM
zHgeFmgc&fYYd}8KJvoY4$+s->I;p`BOFW!ejcHKqa><h`pcagse9=y`q|w^t<z-Nu
z0v>krV?XQlF^~Pp{Mc2`OYLsB?#k%ipLuu=%Edhq^0aAl+kkSfw2sxEioBsG|6poK
zi_xl>m}s_t_E0n9_}%M|&)=}qB&gEzDow4Wc;}ZPG^2F5k$P=|d_#+}anF5I0;`$8
zwXtSS8M+uDPV2(U#?}^SfcYl)b8{sd<SFE%>T+Ho))$9%UmgPno>QJHlvhIPsT5ht
z4rcUz%YNV*nr6*zMP+6BUNz5wT==|6fSEWu=>v#m1(QlaA?6pYyA41sEhn&+dg*C=
zg!k*Da5bJn(PX`Gce}X_e{XVrZ?kc1LpXj5pofNFK8uNTDmfr@=!Gr7@BtE|z2GO5
zOLAPWJsQ!aZP%W?W1krJK6(r<s$J?amI5jR+(aNw%+zh5JGI<8=}c10Q#bLr)B=g1
z`763pKxn%OvS#Y%{}=xGRu=_|Qz{+^HY4|`%txiG$H&Jn|Dt<Fo6QHMA3^BddXlwM
z<-t>dK&1J}Ja-n*8h~tZ`U@lRUI}%Y2FU+=zx957#|XFbePV5HcNpW>O<VWQ(?G8W
zCx8CRVSRqm5!f}_5!@^D8k)_M%yjbw6)wFvd>T9L58Zq0_wWMHn+H^I>o<#aD^k)$
z(IBfRpl$PH1Yfw3_Ra{x+;pjP)<KpyJuo9g#))JfLO6v$akA)f0(V^Blq!l2^ZWS)
zN=w81PWAoRg{tC)ARprdUhIlFy1Bm;&JHx4CED41c?EK_gGEhIXJ_R0*liq<Pc>I`
z5_2HAE$eDBQvmJ!UGrZQgOR>PN$`SP<rQ>y^dpwom5u@(_SI?Jve2;r3EmTbwzntz
zC~UljTj0<PPMPZn4G~hONbeXR@rjll{h#^m7C-g@-Mdbu=2WU2y!7HKEf{tJqMGXk
z-S2sTT<rdJssp{||9|11pIBkra~SS#1a1|;1AwqI8G%aP<@{?s{pU>)rhq<sVA&GP
z@Ci^uyN2+;W0g27sn(!dp`9IH{N}WKix+n?Qzp&reNdv`xQ$yhoooLUQS5Nd52`f1
zJFp|kZ3fc3|F(NJgRA&+rwlTrg54W>X;EcaHLF~J>owt-z#(_$*}&7-2wJMTS7tOY
z1(~&DUnN@L1a&D(bR*4@CbU8f%p-^e`KTyH)yOGcYKUmQ(>wDvQo#`v9<3eh@U&q*
z^v@~TnW*vlMOomF+Q1vS=SVdYyQ}1<{jo+{AP^q2LX3F~5L8VZx`J!zDF{cAh24R^
z-XdRPgM6AunXb>rR=1{&_Z0P+Y?hema*ldTd#AP4JhpfwZG8kraZeGgw{QaoZg&-U
zCpO1;&Xj6c_!&rHw;63#qtM)3|N3y;Bz!t*voLmtnb8R~w<!jb2VnI6t_e|*-*)HD
z$=XK?#?NphlklvmRPSrI|2T}%M?$KGEBy=Zegy8hn7^0EA<r&3cRmIV3{RW3;EiQo
zff9+(Wkbafab>R0{IqlBkmrr(J{9uMTVc?d-2dt~O%+^CqB{|AQ?W_!#ZpTGB|Zhy
zj3}YPb8B^rH~}at@JShC(Z8J^C~gR$J_RZQ#Atm&cspnVg1nHUS;&9$fiojeLzM}b
zjZI@06J*j8(5mSvb3nw=%Qw2zcKmkO(ys$)U1ItQa|$>Bcd~n?snzWqkQdwl#sG>2
zkQrc@prV1iJjbH|3b3iiLNp10#T8J00yMsSPZwuuVF(B0n$~GR&K!pUY8lTTO2zR}
zNAIjsfgN-8R^+c)X}rY#7sk|P&tL_Os$JJ-ulF4M0}&<ly(~RFjf~Ij^2vafYSCji
zmM3ciPD-wo%1POdAOP9KM&r1)*2cK_+Cv}aei^l-mijGiOM6uV+84w!z?D&H-}H1U
zRYm2S$AQ}H?LaE5v;albU<H8^mzr7!ln?YVKuj293}*Ih10}FnV)FZ>PhRMu{nk`e
z2g1Py*XVO<{piQmItj=mCykJnAbL$v>y82=23~IhMGdQ3!XzZYWt^*ONOYf{1T`O}
zm6cb7xFEa)Ktlmv0%YGuZeN3Zt~5-iyDVpfLUHB}$6y_agYe;R(r#m*>IEnUzzqRq
zLq?jE#>$|t`3>qQ_@YTR-S>$ZI8{}iebo-NWi5jaee%l6hLfcTBtE70AQ9s}|CL%0
z|KrYeKqb%!OB!mdYTKCj7K4=aY6YG0b!)ZbQj8;f@rB*@&iAl#!tfFwGY-zx%H2(Y
zc1_&n<YJybIE3q=GA5}G_Y|mAIAA=bnCRy15<(k*eq)nf%lT%U?B7~XI9foB5qVS4
zBBJ`-bv7>JXI%`1UU`Cipw#xk<t9r|k^<)ZS4oMW=aPB6b}4FoGgk4TdBhk8dGrwn
z(eQF2l<0W3-t+M{sCG*Dn2pezm`JEQka&Jv)x$z)+^;RF=?0gst}dw2EBM9Ra)1=M
zu?pSP!@e32z*b^p``jCEq2%pntC!tCs)X1}<M^itIfjBxOADa}<fo%=9LrkN&sX7b
zt@!#7^xYs|P_vg{k<!*uT`mu|G?pQ)0|ej1&j4wZ1a_1Q)dqlx;<|D=n^}~r0$CYs
z*q*#2k=k>IvibG%{N;sL2|HfU2ouecruz2Pc7$i=<5avtfQ09sS|f*BLZ%%??@Jif
zz<5W^cVz%zd(Pw%FX6UU?S=)U8`9esTsH9mnu5sR6^uFu?&PWZ7B^eF)za>!TnCKW
z=E9jfHESTB(!D4w9ShX5dlWXnz3!U2wyvHY;Sz;wDEb>UB@uJ1OH4fFmI;AW0cdhl
z9{Wy_@F?j@4e@)yRu1%Wxm11#8M<2m^ye%A>AktWUKLy-0dTl%w3p=OvQpbsrwzpT
z(LemH5@y`Mz~G7oyN(E`65biX_&<<e8QdPR_FiA`Pb$`3{a)!hjiDC4<jIN1Dgyrn
zbGrq`;0N`YgrdqGh&;F)1t`xfZiKaJx<yYUak5dx+Ec3)6hxJR8#CkMX_bdSNgO!*
zPmjQ=W`3}nWbsV^;i2#l<k~pZz5TaH*8e%~_FDArt)HC5zADHHs4xR0?uRZ6y0};;
zSJ!g9IraY3BRA7Z*H=vz-9@=cj=x#hWd!7!AQdVa?gdFO;4#3phxoW8kGa+kB+%%o
z{t(a*e;C`l`2pZ=P=pv2s`g&<Po`e3S-r8rY-x<3=5c4=&#F<0-S@Hl4oytd@-<q!
z0cb!afU7MXVG7XHy<J0Yo8RGS78lm_B_YzZbdu>4H<frDTVtfwr(CALz)aonprQ#-
z$vD=thgv8?rLTe8+@)i}4XCcMJ3GbrtXnaJmxs2*FP;9-pjrFUqB!I7LGIey{B8nB
zuE71g1+tq14ep+}DTxIn5qXVS#h>jm+^YC7n|}_|u@F4C5OQ~D({to(54em{Y3rFq
zy-)<oVVbPzA<{JFg6R{-?<)klJfm)=EtllJ1*>LEWn=*uy18~CzEh!%D&!pmH0|Nm
zryDC&J-`9d3EN#RAoz{chXN~u)m=~GLnquQg4?v^T(uS%_&)!sDa^(j1O(I6<+A^L
zg@lbVsU|D&AC?gZBP)LMWGz&^#9>7|D+4Y}DlYhmjmkUYobOoMO2E(Xk%><WMKAKr
z__v1CO`i2b_ZdwtTrLe_!(MRRa)v#%5%FztZTlbjzrD67GEdFUO=rV+qK~A)`tTd}
z9I469o0G1YqgN1$2gmp6N9bRUdbLMP$Uf6S)C+NC<)WEb6`pV>AHK%stvpk39kri*
zHN-P+%U&_#XRE9<*lH<RMFHf#zi034+~wvaSk`erp4eG)vgp?bC6@A6<|c<2t2Q{i
zn7hk0$4y=`%6|_L&Q!7s`H3S3OshH<{4|<i<W63@#Fwu}-_R4Rs^;PV7^O0xuawH4
zX3QYoa~}EnYYwD(1Hakjfo(sDQ@5^*`7W!6>OUZfUobo|HfnTCte#MY@j&P;N2sc;
z@FeT9`H_RI>i5??Mj{kdQwJ*MegYDirzV%_niq|&lZcLvrj|PCo^-PKs`n|U_dwKL
zsJfB5s`P#lc0={yapKzGWWZaWU1s&b`>1ELVwF6^6&d*&k1c-yKHlgZ{!K;~z8SLX
z6&HLzg_#=Rds98hT8+9Oof?_JR&K*qrti9f-&TiS-y<QFd}6{_Xe8m0;Z^Uv_WtyH
z?(<W=t6fc?9O0?Cxys*sddnT4gj1a<&nJbCa0#+FUN&BL?Pj+0Ok1`!Ug=Y8tNgy0
zHb9wPxLHN7_D<5UO;V>V@%7rX1bjq$1@94ADNtoo@lX&H5;V5ZLxyOIeyqNM!AZ9T
zbDB&IL=DR5wE4eiQko``*${@OUd2P+%h!A|J_|0C0LT$Rqxqs!<GnYC4@FW;wrkIE
zkft;GZW;?vD_^O!^+WTiBC`p~A^=Lcj~<sR*lAG4yE@j@QXmdA>8CKgd=8YZf$ZN}
zWiJrt^Xoua!$k0<?J7~oO_~7ZTnDOg)hE&^&&SVueb24<Eee@ZMKdl)BPX?+ndn{D
z#jnAB;r0m7HnOSV1Xy9e5^)sMuv(3HL?t?j_d1HUUT0ex%kNC<{ABm|jY4P2!TrA=
zGoavsGGgYo9k~rYQd0`WI=5pZV`9MbYmb-^s8kr;<$3=9;6Bwwu+cFwLy7{vNuNPs
z;NLXTxoBM!%+{8zS$m$x-f~&7flu{8NmDQbjrXF`j2tjfic2kATlt;=nD`f0XsiHW
zXsLM~ui0;s7F~NXndvu;C6Wvi24sLJ%`gC~%hh@s`(l?uI>xmE<=^#hx8WxSd$xc$
z!AV2y=XxhFY2UJ`rDDblfQR8_*=>1K7VF1uO$=tj1p~7DH!Dd#2^%@9V`K#KIxFH>
zx%&{Pb$<GaniWJm<Wa+Q-l+35>#jMSVwRUikjT}kXZvc-=GoU-X>g?iu2Ww>6za?<
zW0<wH`a!nCuuMX<`>}b+KLeiq`Jjiq{mh#(+{3uDSnmxA3Ea&dJ?^^17AEjaO2<sq
zp$=~jvw%%0f6OZAyjL0cDAwoq1m{cc=tB&ag2jTpoQoBi$usa=sY&dl!NHz~&QJ17
z@EI40@}2z^PAFge<6`aBvg49@l94I<Sjr0jEX3eKOd$l7Y(n7f(W@DRpCj87;!s}q
z+a85f@rz==%EmCQM7JkLIg$7)<dnH003}W(pFK~&-o%bw)mF<x^@Mua4AH;guekcp
z$7D{JMNrfFLd5hQG5qCRPQ&^k9d_6-kow;@X5qw1qW|n&L3IdvxGo^s0Wa))=FY3u
zXQH0C#)`>`=@gC7E?8kfQI%lb<4_x(GEs(qZ5>h%`+mspzu5BsNlO6+dvNR$xNWP|
zx)gX67}qfxM_PbN*2vV&&f43_4|oUuf7>bKh173r{NE=T{C^4&1+=<Heaf|Ch+3)_
zbAZT%?;4*0rk*EcA$OR$e(!Iyjy6SsV%S+(C-yFu6d*4Cp}+t0So}BENQ_!gnVyy=
zDq&0LvHaI2NMgoGx?DZt3ip|~OW`)T;3!>0y_80nNe_AqnAG4>902J0+hSN@#sW+N
z58gT%mOW3`<%q7U-w?lQk_}*pOi53)hQejFe>EM08CQ+6r^_k3he1n-KFtkD=oBwY
z`j^#sg-bZ6i0Zl!ngN}C$<DS}rLeOiyWQ)l|K@W1&Naspj9&NXz54ics}O4k%I%$B
zkKq59%PhMk+fWB`b)sf_)yI3iZ^x?cx`ml)y!K;TR%vI}%bz-B-*1LK*qJt1za3wr
z<oQkCj{9q%bfSrI#6bAl193u>(jksr?=$Sx@^1eJR!>%#!_k(Ut2@~DlB=@u?Wt05
zkqg+t#0PzsNihuxJV|2AmMZbYYbDbsPL^=}p6H-mEcNJV5x7ZwqS)5TuCvs8QQu>o
z?`hNzeDsdlxaf%^Jn<QEG5g2w(TieD1?}rp;=2rq!Q;#&u_=VLkO1`0(0i8uY8l8r
z63;Pgl!3xdWi`XkRmLMWAA~A5-2ZBbUAs6EdM|eUKN}Uoc1w|uS87a=l?@)Cr0qid
zyl%8>h<N79$vKhlXez}d)V%aI6=|5O2W(6|jr<5CX`n;|m@xEDY2-)*2aN;%<6Bix
zOymDNdKBgZYLfm~f->&$;s4?_V7si%+L!mgPkKMXau&RDe%IZA!rA+|x;hLW^fKC`
z^$uT~*bNEb#6lqUyTdsOgGA7%RwYwVC-RgAo57&yA)GXd_#B{kuhIXvA5CSY7GRG}
z#U4X6EIXvIlYQBZ*PHdKmr42FWE_FAnk4U@<gt9Kc)T@MtS`?fQUHSb9Tp6zxs9~G
z+=AC-(G4Vfc$LYsUv}YH%Gw`YMjMZ^!nRiDwCU1CHR}c?Yc@1WM!Su`C8|R47p|b9
zY)j`M+Y8+zVA(WO4NtOK**0Z5(H<rxWR(-h^KeE+#=@fzkZ%uru|@;?18b@okI`KK
zqY$cG{7POU?1b8RjAWaTvx3S@D9bUGF$dSd?ANkC16_$1gwp%r5?w%OdvjKeLRr|M
z%$V$yTS@8IS%nTV9J&l@$H<qjFka&iK-VUOsm4Eh@}xGmgb(TQ*6ABBh@OM_UxDSm
z0)e*a3ii?EKEPg;Saxvh)6;`M`g=%wkHHjcsD$cJnQlSv&SP8cd=q`jbyv?|VpBm>
zK;nd(Xqdzp7%*7H5_38Z5M6%H`;acGN7tL%z$7-aCt6n`K2V~{zyHcvtcx1z$rrHm
z^LkG}&=a|aae?Wl_WT&+tKEd_>Ew|;^2pGcsy~sD_7F8PQY4pMEEX1o!jOq*-Eqso
z(I0kxCp^=1v;2y5o6W^M_1kMiE%WTVaz(Xqa;x*pZ;gxGW(D}CLgt8Aw_UUSy&7Kf
z8@@ZCm5Eb<(250tDE;z+mD>w0QrH`IPH}MGqB}MDR@DPmgIri214Uw<O=R|ej78)o
z*#3wgDr413Sw5||vcc67o%DvX<nb%LYVrDJwN<O!4l@7IAN>_<0@AEYuhFThtOo>8
zfSd89@#0*t!kwRa9={LK^O}P#dpd(&21}Hb<n4dfvv}K3xJ{Ky4{Le^#_{~0MKwlA
zmsr=DUc`P?d}9&j_29F<2Wm+SCK4cVNb2wXrWeL0z=eH+pA18_M;_=cu4b$mr|-09
z;<bDLN3;;-&%jR<S2lbd$?P%4&z$hi_cJ|Q#maeWc5LU+78uY!dmke1!vT}gKH+z}
zA!RNS>6Ps})NPl$wwa6cI-?#3Pv~9EDc(GKJ~iBor%~GQO`Y^8P?G+!=5~l`e3m~0
zH}v6UCYiLJ?}7O0I@FK&_|Wkct)UZ^-WwqjYp<g^U#=J|_z2sr0nPDW77NzGNc{4t
z(H&*$PLbRTn%OutM!oo=mE3ai1Ce}*Vm8XJT4f@f+vhy~qVgrXD|irqNXyP-jgptz
zhbc@SV~hx!Q(7~`Gs}5D!^Y9f9CRZ|0mi490}rxKaZjMPAZs=42Q5S4`6Uy66+Ljo
zO#FI4E7`xJZvE!A(xu^)1K#Q}#ScpcsU>FroI0?hgYTB?HtmPM2MrGQ`V*M#;juGq
ziQ@e_UoIZEbYG}NkOk{TPBr)YmQN`*8V)@!vA2Zg!50?UD$T6;c-DLOT7|TA!yJ92
z@Udk#7`oyHRFJ^I{c|8WbD&*Me)_+<cR*M8z1vZE%n--)VatNryhHU?<QI>F-_M20
zR_;~F!BiG6RfNhaIdTbXicCj4(sfidC<fvC`=7mAq>#=k`4?$sBmX{ZfJaLdXqQ{Y
z?oZ<zho@UG@L?0~{^clEJI(4SGM^XVDGk5cA65Hs4jz8i!d+$l-cEx$R~e^QK*{kM
z+~R6&a<M|??3^aqgzVkzS$Nzgxdi_GQ%v!WpZ^S~pruw_0D%$Il57OWwC_xv>Ed^s
z=@oEW62(+Ovs?BIoz#4?F8OHO&mOKn<H_V=F04Dlu+Q+jO@67Y!ZRDA8r3D2BQ>~E
zF%<JD<7jfC#~06xa<OekXF76ehGjjr#`#3AsmU(t2iXT*sIvfe_Ts(m`@%Pr^0l`G
zM&=#ZrXy1^d3);1CPQBdoYDMo)?I8q&xB?6L#^#d``!Gt5>W{UX<3git|kw5pz-#9
zA@Ra1H;>9N)Jdb=q(<7yQ`Tq|Pt@R3h{=T(#n&Ev?c>;T55E7>YTnPo{w3A5d2;nl
zuS){t)Q9K$Y&hZI`h^_>6MRNNv#9;99p7}^C6CXGZ<nO%q~5YsYcIi1xl4I6VEn4p
zP}Dk<fyr@2<!g3#+j?u7R8h6R|HzB&?B`P?>nier@-7})?aEUn6&y97kO;>CgVlt8
zNoCjp9#BP{=E^Fl-t5Wul7)fV28Ug87$jUrVU2!45<L$KA%}qIMMd{u4%c^GEv+&p
zf+?A4FHMC60oBiD*R4?Z3=sF=>t1wL4!aE$-uU|kb$)8mOVC)Xwk5$5VT$K(eUPmK
z_7c<}Hf%)h?Io~5eTWSV(=HPfqrG~I6`0oI;hGmmdI>cexgf)%m71`^fC3X)N1RVT
z6S?EI)V~#VTgABY&JkGKEfMT?4I3-osP$;8;%U~ciBBtL&(N>`<CF!UtNDggceFA(
zr*)-rP6P)QO*SM01oE%As%&_9mjC|sZmF1}*GTE<c{}pTC-?9*Ve*miBEgfYZ?-V}
zJW^ANqRDxChKG8Df-NK*+t2?hfd1p-XfP)F@Q{R;*hWnH4d;=3=aR$b;r7Um#?(%)
z1cnO6c7$X4s=}fA`KuEF%yLKGec0;ke1i%Q3x4PeV*BqfcAbWlE{WW(uX)xNI(-3-
zIe77Wa_Otk**3Dd=Zl|Vn^kc+?j)tqv(xURw?){&K(ffJ3&$+jkKdl35{yQg(4wra
zXzvl&v!$5}jVIGzT+y6Yb_qA0icmc$Q7E|<L!x^nduDCAXx_QK?cwTtn0)kS9{=8d
zPWU(IR_)+;qCwmH9%LV^>+xGv9AAU(+rA{{c6CSOL#|O+0J{5T4(I9f)(N=NOvKxS
zOdeL7<6QUa3*Py;hYkkXJK%?UrExs3NEgom!MN1K*PITjqL~6S-(YZ_iBHH=iT7@|
z6A&uygK<8(at?d{Q&9beh)7MS)3UPjyHj^h8}o5;O~q68hS*y1VOz=X`A*1KZe1TY
zi#YywWUxg6#ng2wSO^!(tWYC<@4dYuD=tA$#n8|!(J_AF8j8d*bXE6+G}H0t3&Dpn
zu63){vt1V#XN3)W@>53I9L0Dz+^(GOb_68BpXEb_dCz;FwX<BMP=57~qKZWal+|z*
z*>J1)2D}41zgRK0wPGGNaWHnP`V)(c>e6IIW!s><>jG*Thfk?A(`R0h5GEuz!!yF?
z2gi_FBhcVM!@;sxt_6fb)9)OAcPZ)yC#>Cf#zy$Uyf#}WNiO4Mk$MFA7-Q5%&#~{Z
z+BY;g2As#n-WcRdpyxyXI!j(P?=+;iGNaa>MMV>=HU)*cZ(znN<)=?c+S-XsjN6UN
zf5$30VbBWy#tf2Am&IV4$NGK*-ImF>OI~idm{cn4u&TW#X1V<3xnhq=Pw<u8=g<?(
z;X{U97z^(ZE9Rqh1Jl2;IxSEQMYJg@KgV616p#&Exq1|4<s>Kll6BwR3e1IxoRS0W
ziY|5nD)C4k(b~O{|A9f6^p)ec&?DkKlE%-@SN^aFF}~z}^Afg_=p-3DWT=jb{+cRo
zy_?GHo<!S850tdt=Y)3{4Kw53<xSOGJ<g|W;r6&HlrB3=^_Ux%tYMt{Uz%xU&}>E9
zZv2S^L-KX9{3js)Qj>|@h%fo+B&<FD1%5KlUUySJg}=c)vRi=LGNDk!w6PLSnker`
zke}>d<~FVDd8l`<o#Rq3=oG#Y)9`DR&DnNds&9J5$U$LOQKCfO`uCPi`W;URZF>A4
zL*~UItO0N>=?9pXujR{6ps><{uhU*kuVJJH%BaF+E~aLCOtN~3NyjD&_f$YQ;*WD0
z0`}PpBwTR!AK-4#K)S&k0N$H~9Wp`a%9Tb>>ZQ+rH)o0h7eW)H9mkvakb^~*;aRAB
z&pGSqdPbqjYuR)c{$2v0;D`sN09H-&JeES<TARbI&DnWxWgm71(ExOnXH;<kNB7s?
zjr#<li|S(4j4QsZeBYk$wi%&*56?VFZ0%TFb0M`0lMRsMY_!>B;lkxt`$2afBp!k<
zF=K#01E{=1r!(MJ*%h`Yw~>OPRifZ4*Oq^&Y>WwcPZ=v}hn<v8-n?U;Fv#%1nHt;w
zS1)7z-2(VlA^;I|J{+J{&)x!8Oo0;xh4r8=30&k%btrf!2(Hx&x8?!u+~{(Y1zyN=
zb%O-H5ohDho)<4cDFRSzB<=85+KwOA;`RWyw0OYf3+gSbJ4C8#;tg)6mMwqh(-X3@
zvum+rg&Y#5DccoJ8^6GnHF>WU;~80zZzvgX6{H+oR9=YP1FA%K?=)3<KN*iI;L#@_
zI4>+^Y$C7J6oCs>$fpqM-UHEj?#Ed0ajwWsYRzQX)Y|${Nr(^dKsV20tJh7Jz;(Tc
z1Y6DvQPd*bv4OAc?O`5hI_f1|UTiozH#avkwu#DQd*+)T>i~r)ni?ABHiOmH!j`|Q
z=~xa!=)wIrj2FriL2iDzMDB&_dsk8x(}f?EXkdY4L#1XiY(1faETE`_DR*G*-rSv{
zEgqgs7wNt@#2&8J&KqOxKuY?YHgqa$C*}kALN%bU`vgLLpo-YrV!re{kGe0j@<quQ
zofA-w=X~Q9h;}#~iDJ@NA1n+*TO`H)F4$L?0QdI5uE11(Ul}5idlEJm8W0+jvIuy+
zbiq+p7D^r3;>X9tXD&OJv7+8yKgj(v$*`Db<CDL?Vx}?u6yy-NIFsB4t#BibgQeFe
zn6w41d!0mVb(GPY)i}xk+Ndpt<XuIgSoG?YH~Mce^sJrOIv}r$77?`e)hbS8vG&j{
zygnK@1$$}^HM2`~yAV}Sh`7*mdu=$dqwUdI2H3C6PX3W3+$NN9?ylkl{&3$xqO)3f
z!tbxF(~^a7oCA1)3kJ&MwIp^t)|a*YDQ%k+E6sIWjjXM42A3w2>zYi}FNv4&d&XgK
zcgy$>^n<p~?fegq4!Kw>A<k^~FG{rU4VC{sR~E~{=y}(o`r%f%Y{6m_x)a>AJ*xFa
zwk^r<n`I6quapJ4a{6izIs@5X6vizL?pl^y)sE;e_%npLRsu8lO1J!RWlzQ4TOYe>
zDZ>JGp3jxEpv<dEuL7G>?xs8pXL8Bzn+XX}XE5u~NO*th{PbznfyUKP%{xMyb!J1X
z#N)mTKUh3%hXW5ZFPhFCxVm}dgi3r71CikUdLi^wGSinY;2zK5V);s4OjFwP|A)Hw
z4y5{j|Hd`Fn<_=9G^vD;Jx;?Yg^J8jwsgqOt|VEhWF8}AuW;=34vEZTJ2<j88HeoO
z^*V=mf4`smGw<K`zVAQJalGd9c|EV^bv=guM1sr1;e|N<{T-f5@%o9^uiAV*7G@d2
zey;4a8_#SQuIu)|Wt@#+S8+V0K(|P-fJU3k;MXc(;#DiQ7ir2IH^#=`1dXLXis)*R
z1$NZmuisEgO*XKFLfC>+@(TiFSC$l$j0?hf6;6i=*Atx!lqOlwCJGTl1yqM~`kAC}
zp&D~*Y21_Te8bSQy0^x5(rC(j1mJ==N)n}jn|;-v<+T7PR^|{3ii_7_vhjqYb#<c@
z*$}aSVU>8)e(rsjJlH5!)a(?d(4Uw-9Ir|o*{Uyq4`d~#F<MHE1Y`I)bQQh?J94BO
z3E%^4To+j_`7=tY6`$Om>NIA4D~`2#Zg5oCga8mwz;pK0!CV7OJ5C3C4$#mxV?83s
zS>_j#=M%?0m-1TlH!mbI%@@%frJVfvz4>a50O4AIC(jOg2dRo+j1UL=CT*>}WV<O`
zq|R(qw7pbY)>mQ8$<8?AV~6ZbPRcyU(3@fmE3q9`GNNlcWAg{2ut}9S^RHc>D7I6R
zCit2<Qu1!EuEh~g&q>1BXU_pgj%7qkcDtc>*Hx`@<^eRc7DVp4ko0@zO!qAN9V$8<
zOx-WOZ08@Mv*ltYJTSR1DdXkf20=3hud&=^0y~?-{5#wCoBq5E1ESWIN88RW@9A<I
zFiDg<Ea{lO2w6-A%Q{^Pv9}Nt$)k918xqKK;+T}YJYhkUu$s^W02SiLzwEB-L7*^>
z<IA7;go*u_@=2F%6kCvx$BVxY%LM?N+<FTEObl(W*|x=@(NH^wr~PFa%MHraX4Xg>
z6L?sFU<UZDrG-V$)DDX6u*1Q*=$V3wBs(a-Sl1LUauWlEj0ZH8#O0y&39zVM>OUxe
z2!33Eb`{Xj-?Iv6m?d>cp-2Fl9LSO+?+H|~9!jLX-v9-7ia8R%k%(~3$j#J$@2Bjk
zdMfJb>Z+=FR#TCShnUUYTL(9!R)&;qt|4t~64XG7MN_kT(%VzA&IzP8$ZTjO2i~B;
z;^=-Q;nsPoS{d5<DVe-Y1BXZ#nq*2+BLzJurt&CtfXl4%%$OGLROebR-^){-|Fwna
zT57O`!iq#EAOhYC)<@uS6g*wH5qHARuoAd4tih;nX8^iD0^|_^e-gW!seD`r!NM~D
z!w`s>c1epo?c2%7wgj~yq<CpHwn*1NDbI1y$`6(wQ^P)YYmXj)HUz@L^g7)-1{Ct{
z&jBeUS^0Tcb+m#+o;VPUR~c`4>tulQp*CEkh@Ifg?{65~>SB6oCExa%8W%+=HL~A~
z^EJd)=Bir*fmi;d85+=wBr=+{DUbvRJlA%43#KVwbh{SHO6{?VcZjS?(3}D#oSR(R
zke06uvT00E0~V)4K!VUi;uT&AN~MR*%5=xLVqejE+^)NG50*Xeub&V`npB{QM8DZY
zJya|as!tmUreS?fTqRA}4ge(3KI<x0>vatVTANOUl3N**1v6`~%KQ|_{fI0Gr2(%0
z84yhYBa(M8d=y?JK$tQQQPRo$qya2Oa~SO{=o8+%KHufjb|&qhwP)@8iPWEAD~jAE
zy%(_0^TYbac}UoX`L^s!YYQHrpR&jUknIA&BE)B=-(jVa67_V7R{n?<zw{v|`^!=<
z%B0v_&Y${JKR@sc3WAF{746wZ7y&BY#4vuArBTNWQ4hP4U=`oKRpKoW%S-_0^rZDF
z%@4&D2g~ItqpPD0RYF20HLi}kC7S$<=OkGJ-u0|dDD6XA=gn@>HM~AYP4J{syb?EO
z9BC*=yQ?8P&cHfE{G52ON(S^!K<Wt=M4FUmpcD1Wkyb_+nkE+E>``=Q4(3YGEq~#(
zBeH1ZO|Wmj>f7SJlu3Qbe|BG5<i!znIj%&)wgq?LjKs<*<^l)fD|Tlo-m)X3yYbG=
zn>Py_X02HEreL1z7<|B)Xfo&fJw8sIF#n|4-$Q$wkFjq~T&I)k)aBVOe}YW0h-P(y
z!BlyM!&4&u5P<cL^OD|uILv-#$!>UDyyDV>=O;Vf>}E@_vdmH_xH^38VgDgNQ<d??
zf}2J(hJxnDEpIY6(ReVv=bELnG;GI^W%|~SRR{SF+j7I54Clbp^pi<X>3kdOw<;7~
z9rlQx<ekcqG@_eGH6#?EE_TRqTOJ_j_GFnG0J2fW*!mHocLtq6D3?HYAG?NWd|uWH
z=z_evlL4D92a|?Q6yPC0RLPi6XfUJ>4-`B!4=#U9Vd9Ep)|{X7^Ou2~1Ij)s02q2$
zKOClZlt^C|w~d0IMEGp^HC5RQ*9;`%WY_0|W6>HmIZt{(QmS-#E5#h?C;o^wkBm<T
zf?0|;e2~oz2&I+0TE8KED<_KMzQ_|}y$Lab%d{5+oldo93nKihLg1MZ4sCnufV>%>
zJW#QSHN%__vV)_8s!lMbUnY0)$M`PP(Iuy}d}eXs{vm&b>H_OSJw#B&L269thAntJ
zs8PgBf9wd#3KP*q7+6u!{r82ZCh5uC=GQ#fp_-AD`M^6X-r5wGnPKq|Wl$D_){GBw
zReKUn0uAdXasjX8k%kVr{S${UvPjL?(0fR42hvj5f<Tjkg3RpEI|O?SC0MTD@UB4V
zA_E3C9#)bA_FS=xR_CT)z<vPUwHA3B6AQiFLzhE^w3n_}GG&<BYKWR+a-ULgk`P{c
z_W=C_9GLMM)mt*|LqJ3w08%~F$Ks$X0<FjafCK&~pC%d6MQ&+=+@?E=%v(PRBhUg+
zQy6M=E)h-!LTybz`!R1X=pYy(;g$y*%NtgC_5`yx;L5*jKk7#lR_T5n^0q|sgB!}y
z^FrhoN&*tyO*KxPA769>2-h=J@)K@w!=-}`4*mVdrirdC<AHlCn;uPRFR2^l75JNb
zvrTp`Um@m|*kASZMt|S7^1M?P-CrD5eg5nE*@uvpsSM^XEz<>R^SSR*jOIly4C88f
z5vSj%h>=s_ALoNwwZ=wkp69k23f+))Vq_qcSba=(&J^Y~)d;0}q!(K2Qtm3sP{WGU
z<nm-`o-s{ZVCfXHt`0jgSVOMKc);CXf^hBXsJ1XqbAnn@5!;X)@i3BaUTxan5bgXj
z@n;0*U;lrmHGEV8L-5XTI|FK?xdxh{Tg1k*%JjI74cvON_Z&1T&2}N{edxWs!)R-d
z*2`#djF-f+PFWJROw~JfC0z$nLHG1&_5>wp&$a_xYad$gUbPrTZFhh;?^}nY{J1%u
zyVQ~_x(Y6c6jxu!EmH27Wym}%2z_qkUXWo+6o>xl{_js!dp*2FXH+Z2FgAN`9aE!I
zIg8zoKJaKcz)zUhN<(e)_pOvtPz?E~LVkbW9k3ih&{O_T2i0GPCKPC|T1iGw)KSCO
z21&ncQg5;b8TLwQYVt>)sU?%4IlIZ@#9IUC_!gu*;vY|{|9GyRPtXIo_qm_pyAWz*
zQUwT)ZJ2!I{^`8{M7$lE4#YZkg<p;nmwAy0%AgEa`Wxk7`rt7NUN4C&1rdVOUS50I
z|L&(2354<?T^U&Tq@72<8uU$ot{9q43^kUC&;HDd)ya@JbF}}%)oMpBm~}HgM*-5c
z_U^K&(c(M!W8?tK%`@;PWD7c?7M%DOWqoI%JbO8Vd;<+cn6OH!4<B8ua`A}HonlXi
zfJY`w=y@}slWtv5o9`;O&{<CPo`^}6rxTSH4F@*9qZ_(!;nlKO63CCE^W#^B6J~i+
z6Klmp+ECH?P0ca`$thA<KTsEKV@CrOr<Jlag-=-Ht~ZA|xu!<Xe6%=h*XJ?I2&M3~
z;kwjS5w@W3^<8K>sUxlHqkX)%aS3TkQ<0|hYX%l%O0yVG7qt^je6v{WT0I!f1^?76
zYUQK4G_x<GUq|}F^cAc9kw!V1Bb9Wj9`;^?-vktvuj(dR9w=^MTku?sl!Z$r=XPDD
z-YabvDx#Y|JI{;|&~@$27VB1q(@;xA3@c@>j`PV3VxF|<l6#3Y^FLk%*Bl#h-m2N>
zHv9IrjS_5ehqYzvV}>|p+KOGA5>Lh6q2iz&_Uv*Fm}~y&kNMV)UU|1+>K?O?WG#I&
z6D~C_sXq4p1`V2!7FY8;Y!?1miOP(L&pDd8*z;=mUIq!3@FfW-WUdXFxq0V5kl?_+
zAvkD~f`hnk{#DQS#+C-b=wB6;c4O%)rRxzgb{H2)>)2P5+|>~`{wUw0{$=g=mU~@#
zrtIl+%+xvXpekDKeb%)p{KhRmWT3M=nALwu=0l?RaN@7OoW31ME~f|^;zzyv0<x0~
z_0aRWJ=Ih^l2t}Mb>KD=Uo`zf=GcHUX1JYeHsr`~t@2-QqeX(DuD;pG`ju(w==xQ<
z>XrBVq2BgGxoDb<ZG+Y9{u}8_Q%N5Wpf7ijz!I>Ek|1=eE6?Bigv?<){=ByvDC_}n
zN^4@ew)XvBW^p74+9icqBH&FH%H!9_Q4&CY6l;sq|G@Ikf^eImTv-TGuyrg*ZI1oe
zDos?`n*>Lc_GSt>YWH@~#cFA~9BDQQQP7byit}If1Qmiw6l><bKb!6U^EAMk7eN?W
zKI%L8YB*j05o~w}(j?CE;D+$fic9A^s2mUALB~A-h}l3w_UERoJj=(d`g275h9C0c
zm<$@lU%7MVc;;9594A`audgaYQF>fEACEU9p&}`af82&%NuKSgQB<~5|6|Qj3Gwmb
z*5-oEQRzwU-tCrhEceo$`@2~8kNM=F<fY3*7%j`+0G?xQUTo;S%vH<3$>-Jfz9PX4
zddr(l?b#~POgqAV?7ZJ&&drX=<-O5vJo97JK`*rHkT=5%HRr)^^I!^KY*E{$*<dy<
zz_@<Ym1;(mB?=9E%Qv>wu8viei8z|YxEDV*`w@;G(d86Ks0d3jl@zW~ou=x1!}zG=
zT7X@Ayo*qX^y-y$+IIs0YX@ai{;!U`w!iY4P*ytA)`C;v-66}KynV|P2?Y?>OzVnU
z!wK`pLF7o<WWHkLyzX>S<z`dfT>!K?s<!Ne{o$%y=V{KgY%8!KI1&d@qI&z#eUfor
zVQiRfv)Qt=YAF%M#eIwh(#3OTPc}Sgj9#7F6{K4ttz5}2|03vR%8l{Ru~7x?{hbke
zRaGy@IbOs5Y<{32n{;YJj53nIOe}|6dQ=Aa>DBSRaL!~nypSAFrl0h{CZjB@u)G}|
zT^nHYxPDG+V}@af<rszeyY^oG-6iht{U2yPf&4<u{UczuVy(gC7Uk>X)AM!9+Y{uJ
zms}UJJCvu1Y<c)MOqDGZBcy%Izm%T;dzr*N$PiLfO($v>$+H?HH2-I3wKYGUEH}_7
z85y%4Vq;Zspop6VP9+Qm$UKM18PDx@ZCRuJk}J<ra{$Ua+1SSM5-6Ds9gR~s`5w|T
zC(@24Hc?f-E>ttUz9v^y!CI<lJ03_@KTJ0#o3=+*ry|ooLHe9rSQeCPf2SHWXlWCx
zgj0JI5>)CwV*@<WndXx`T9$;S0GYbB#+$R_uZ}wpxjl5dHs;U{B4j_>@3!j_Y=V{}
zF7V>pZkj<6JyTDX_q?X|Z2K+Cg;L>;w50nNEzVN$$|!nRzN*?Gn(M)krMs{--cI0~
zIj`YRXVnZrr_bI37@%uc(xztv9BZHvrE^V%BpeZt{rvrb?+!}Wd@vRPQJLKS!}dwC
zL&cT!H(2sSUSn=!2U|^isTIHIgbFiYtlX-ezfg6OtP<2!N=iMKdF!xERpXB0(bO#G
z4C8lDtXq3R{oh131dCVU)Tc8kBD=%wrFvuvvfQ#CyYmV!eH${~S;2^Uf3?-m<FIj3
zs-h~FO3fc>*$+%&af0$A{3_13sne=;7{>x1-gaeOok*);q{xY3$g~fthR!;^t^T}`
zaVTMtDUy&TrH2HYM$FSm0$$d@%*l^GVpqw9i^9^GBam3Yo~#g;dJ}uY+5cXT`ZQ;v
zJzaNTEJ0)@aP(TVOSA4SswRWLJr$*`cIy%2Ze9dwhs+<NRS;EK`Qah4<EP5=zJTm<
z>E)N<l{=0)a5(9iT4w6y+YK6N62njg?bK$|#3Z(rEth6mYKz)&j5m9(g+aS=?b(cp
zV;IB<+MoQmrFV!O@=GPK98$Fre-6#>s;~lo`|D38F7W9+%}b50zWpY`bC~h$*{Dp@
zH;HU%)u0+gALw8})kNKDh1(FGe8X9fsFl!9ZT2guWt>$@t6hou@aSq;?R{(+eM`a}
zozAWGty_)W4{`1qZ7b&+K60{}KQeo0rlr29UBZg`s42&WV`YRVP)2<<P@enC&RPE3
zQjFkAz<tjR`Io4QTX;v>r4?cQzkK^|ruF1VmUaIs6@a)w(4cf5c^3#2cZ!d6|NBb~
z|EpLw@<>~|*Io1B!z=Qeu9HI~Y{L*??n_)O4h;wLet=T$WY?&Uq2XBT8^CTds2fK!
zJTk5h7M2lc`y`8IrlQzK0(~RfH(;@vraUDq?bez^u^+Pm|B_O-rfestZTIvg-W)Lw
zuawG8vM0vH_LG~q2-bACVf*=CJscEAkUe)V;7gehd?{L7WlL<WTy@^h!d>U_Gb1hG
z^i{0<vng#cvQbbndAxJ?X{5_+0$@;T1PodwrgHk8$(VLl!5pSw4&RhN1AwA??ac)a
z4#|oiSf4#7AwS*#@?$dqg1wBfO2EdH4iX?XYkDpb)mMn>OAYEv?Hx<)!$}3pj4Kn2
zCcL0r3mCcb<O>v12r@OB0nOC#D7INH!;ToIp0~2RFh?0X0P>R?E_=>}CnPolLBgsp
z;G3!f`A@|?vxllpraE%!t5jqJN19;M`I-411aBHZh~j1`M}5wa>wX;AhvN!5B90ke
zUKm#xWZHEZ1({wO`?nN|OQDwGqy0^fxSHfL5|(qv5=-y2@^&anJ-&rChs`};vDVIz
zB;Kl0ep8^yjK4Bh#nPz$(@}Ju@LENJ^mM27uuBgN>paeb#!Tm{y77?grq04~o9{Dy
zk_#rPs@Quv2*TuEL^KaUXh!}igX-Jm#20%s8YPbLYOEYxjq$5bUOdt$y4qh?JSoo5
zK$qZ`nE&K4y!(;G!^V+CrAdLAdUe!e7o!4m#q1O^Tf@Rw4H@j302gbmJ)m{6$@xv3
zo2>l<w*Pk2V8(^E74hJ%#iW9irceCY&lmG?bf?kvwpgce6HJ*ch8s}nd+JMhj2jMT
ziD2(~;1hBVC$GF&ovWSp`~W@Pkq5$)>L1@{(B{1xzSsVmr$13A2|LKp$>rOA01frA
z4g_^Tdbn4JKBUTD?<dYh|Mcwq9d~04Ruv>$74VBL%?=W);p|Dl5x}&*B)IY9WYiDH
zn<nYgCHL~k^5I`}WcIZUYb*U?Gm`ScMOHCS(q@SzHAT@AQUygZP!$9L)77Cg0HBfb
zbHY^&k%l2z34J{Q`SIF4K`V`)gxWedyPEpb_o2;=n&vTI<1MpU6&VA0aFP4a8;035
z!8<+B1Ls!tly-A>W4Q)G*g--q`P#OIB~;>!b?!$`sjwR6<unsl*MIVzKG!p_IoUDx
z__GM@Y6v6`Ok_@6!$yqsYyp797G~`e@n2NmDYuK*%%O^q8tU4ABfBr<aIT1l(Plz;
zk-5PP<z}g+M(ZSiq%x;`vihcvu2zm?yu&aZI-<$Xe1TKI!wd>IW4@Y76akk>fHKxQ
zgFpY=vgc;Rm2cPpK3r>tpS-ncDlYI>j7s+idj_sAIQ4*lkJ_-^k-pJm2se>5amd$~
zc3Ht=X!{%rM{jm3&ZTZ>23Oe7cfl^sP^yq{qkp&Mi7Prs%LPU)L|n%Z^b6_To`8KI
zfxsqH{h>zC$G6oECwRgc=v9A~ZC`m+Q=SO$x+o%gzm>uh3DZ_ecWYxA(WJM|qW9cH
zJxyEfo-L^BI;EE6G_{%*wGRpA5v6QJ`<9FPHEd5Whkp2p+q_)DW{_-{#k^Yk0SISI
zsX8|6TzAKGccIIntfB-e)UmEH&L)hY!RNSV@0cM!aU{-{cI`O!<DbCNZqM~Hb$S!U
zo#kswuC==AT}$j?!<!xY<^ACFi+j6tREpcRDPLt5DLwwo;+U+AI^KLz$EJJl_~rcu
zmyFPhfDx@}6L+(B&+fhdr|I~FXBaP!1^p@8KbC&f>`&kt-m|vOlzQiiVPtnaG(4r4
zr@>azekhr}|IPLs&cks_W5$4IEfpSGd8&Gfw}@)Or^}LoAfkwEboR|_k6DRZ@ywR-
zc_B4D^XAuB%3j>h*Lmb(9@N3J-lyut8T^MZS@Gn(4})CNnop4nk|*(RSx5`QlopfP
z)6Q-DkB$gR9z;>Q*VGIjbSTfv33Qs*(#OU<GiI|6f8h4oYr2%+o-^FERZ#CUAaU!5
zmlE7P?pN()yhxyJK;d<c6h`sx7UtY1u;(j(u2pe!ct0(9Ar@sYIa99JTHvtau=vfP
z^m%ymmmhz`e#z>M&UtarM&XHbkxIt{g=5`Xg({-K5l?0f(%o~Iuz4AduX4;8qm*=`
zGpNlg4~i&0EqfZMapcC!afQV^3C24~XYe&pTZK{vyvi}glOK7bb%x(*ox=Y(Md}>@
zA@{^{8T<K!;2Tic7a{c?-m-`?%#*~-kVb=v6FGRT9)uhmkP<JDLO`P?7&L0Otrt}P
z){5-QOg`Rfq+H){{oOAbqXG*AZm;xjdvCJ*>vH>88w&knr@e4M7SE!@zC!B(+E{Z?
z)!2B5#;CjQJS$0JPL{N$Tc?t)e_a+kx1<;VGD6>euiTJ!dE9t9xI%p%n|)|+T!}{4
zh52MhptG*V+U3_I6lu&HLVmDuZ0z^aWI@(X^Wg=p*Xcr^ldf;O(|y0{fPG(dP64sb
zYfP9>G<{8|D*MS{u`!7x+aI4+N?&L1d}*mra3P?jg5US`x4i%-UR}WEnen-Q&VOms
zp>I#WiS?Jb#WOk{8gv40awWr~<JNL-%<cAH2JH#gS~T1GxlGPs8T-GCy+|dr#pF>r
zCJR>bcWt5CdS*c6lG$n2u8NcLdq@lwQc^O{jvrev*N&9OSn+0NP+!BEmp;oAe)PfJ
zp)Qf3L24}Q&}~Uk<82Hrn1%9riZ4frHrz_HL(cRP^|M1~bknk^7c`qkFFO7X>@R^?
z*8jpk7o9yn^}w-GbDWLce>@^Thd%d9cFN)wgOE@g1>F~R^R1%Ct|tXrDTH{Y5(<`e
z4cmguPT@@olQ73k12?DeWl^^XTSr`@Ki6DJXj5;b{A28OTU>Q^6F;wJOOD`-VxfK8
zgWmza6PhbaMm^{%hdGZtrc{nCH#>YD@67ue)4^l@s3Jk&RDwwEIP0M&GlH>SL>M~a
zn8z*~29{|OuW99F93D9_d;&jtRipBcb4uN9d-eSk=B1aSAA~o*<$M!ysm-8A+TCkv
zEWN5_d0)K59*`eeeI-@4*hw(KnJn<l;942AWK=ZZWB}ijiANQ0So=3))Go1qowIE4
z=@a2-^t;pWi?E&2BnfLZOzh46c+e&N`W9NWG>#9&)R*y2Iym}G%9iuR!>2V*+0{8b
z!%2;bVzL;gM6dNfMwQy`e$DfXv`A>3l`-<P4p;f^&Mz!|wLt<CZw7!Z_iYQ0pBjxk
zf1U2L=K+>qN;BeJ-Q`WQ`K8ZxiUR$AznrWrj)suYg(3*?PCbA3?e0}!%C)!kHZ)fp
zW3{Owq!a)_QQr1)(;}zFJ%sn+8dI*g^X!Ix3i)PVO&&&fGIDc8KEzsWYvcoU=`U2#
zUytf#=yBN>vvzM>yS2{x;v!4RVt%OJ%<vxylj@iI>~Ev+xjNbgdhETK?<gM~M4Q``
znyv2SNNFqG5R_yRHl{^T=TtFT?KzQV>Oc8~)ZXw>e3}6Qx`fm^O(Xg2hP)QGE&wqN
z(UWyacUW0AvY)~LcC@L%!`u5%)|LU;)dX2U2ZVL?^>5gHmCykKHZKoP&$iMtVF?+L
zZnzmF;nuARykj@R>oCRZKvZxbHaRRcA?Isr3vAm1#uns9rVl`tf}frDNhP3POF7ky
zhg++)c)-tA+DFD$XD4`QWkc(T{YG$f>iNnFpBh2K_Utq4YR)mo1<i-*y<|k@EFESo
zJARe$%0=5Pw06jc0^{nLmj`KwV0M;Nke%<T71dt^02d;IjUX{q5k)=3!t0<;)$+pR
z9xL=Sp*waKeHC;Ky0K+){xPBp2>GrO?%im)&#3-;le&W)Y^iv*ZHFE(z=OcA=|X|}
zudl5#%A3BJA$|F3fSdRxO;%F1ho;=Rv#sx&|0LYBf?-HZ>!T&W$~N$vroRpQDiCgw
zOO~p<B?8v5fQd=0j*D`z9-I`j3VJ4ep2qF`S9l#sF&AV5uP@BN?xh1j5<kV6YhZT-
z3g6JiI#*2-%x4kez3Y~AA92=xVo+BBurdNAOHo@u!Q5vP7E!Y2#f!}M92j@)vjxUK
zxIKY5CWQ%dat^%Q&gkQx4}`LSD1MHtEV!C@Dn8boP6V9~?>ugjI?*+I1<;@YQOT2E
z^>RQ97vLlHk}qj=$D0Ef6g!m|=u$G=LnhwEw&;e6>8?yP^!5hvT9?;c1Nc{{ljN^c
z_}=)tjBM$fE>l601D(NIvk64ARph!**;F*iSyzIcXFqx-FB#|aYqyF=x|}2~up^&q
zx~0Df1RF`R`T%zYl|V2z_;84F^p*-vhv{8f^AihUJzc<X-VnyG>D8{vC}rX-5UhS+
zVZ>L&ijq%HcSurOFJGRH#Z!*R;5*hDRJHBA6^m?Q#GphO{n8Tyj$D=QPQvq(Q>FI@
z+j*#trWO6bt1anEATmqywI4G=(h6;hpW}l7k0cwwR=Or}#EXaealU}|*DHduO)|0e
za+xm)1A*-2c^1>f>iWCx`2rNBw*6lFl~HfwjD(}~N;*O5=1I3cvkX&C#@p0k?z*s`
zDQXxX^U25vrpqJrElzcouPn+-04tu@tq{N+y896mJ`8_-jL2?a<;+!mdd#AIZ_uvC
z)*M|}M0crG0n}71oyMimfK@=CTL2wRsd=?(1#)lu=q=Tl`UcOj)8Wa=t~_a+wnP>)
zqs8x;tutkO-GS&hT%<UvxW!TKL61@z7YPAc)EZ8@B0vwb64h(v70!3g8=ovwzcnSP
zqI%4qrQ7h^=*2r&tMKx><6QFuo;Bdl-%{M4sP~q11Pv>xw1a5<rCTbW`)l@k=%2#p
z?%U0H)(N~p+`PZ{Po`|5n1qx8#^RbIl-=8>Ljom<j6ovHt*>{9`$H*dDBa6?%<rf?
ztxVtdn(fkj^i-DFl^s#JOZ3#}FFNy`Ukr&2X+PMkKH7b>=m+s0Q&ZUu>iwXJDQ7i_
zU|U@N?0K}@-|Fe`3x{C15L56gpj7jH)nM5hkr4yCwMW)>d((0skafapJ$QO$7%TFB
zesf3x$XS{DAx}hry*C1;#b%fmMA8-nrhf}#>tgxDt?!7^nM@#q(qE<Xp%sM4o`Q7$
z-Nl88TY`x8C)lnn+s(boy$X^@P{9B_wEH0MujnVT0IJX-0`>(B`)=_dhYJzR8V7YA
zXjmiDw~&Iu8pLgJStJ8PP>%-b9cW7f41K!o2+C%%V6m^u%g8&Pn8z7mGEwMkN>cR!
z;}%B%UIMSy2+BBVltBe4@xg(N$MQ~==ZOc~0aOMugA|waW9Be<K)DITLBW>qxGA!U
z_{Vzp|DF`n1{wY17zD+b#0N@TARf*Ybc`sJBg5w)%6M6Z1eV(la{mDTZvu9202|m)
zQMr#QOabgO80nu)uZoX=EHg<3U+oY@DToLn!cL|*3#dcY&cz^V(aGVnB#DBAI|zoT
z-r!3|6XjbK(j9_EQ$osgOHPCrVmq_*50KPXa|6T^_%n8jQCN}Hm*5S_B_9=>bp|&F
zwE31gBIxeEHQe%+)L(484EV+DYymZ)E6KeUAbSlSdXqr(1d{;>!H6|#ovhX3iFA`r
z>4eBgXy<Drdmy@V5JO{CLP~a%&@l$uIpGNOYGV8VMGr~A7?IEid$2dTvnls>@E?w|
zFLV?50dSn<yilA}Ur&&Gt8U3Pq~cHGT;YrrNN(X3x$A*Sw&=?k->o_~jp*Hx#b+8X
zXXD`6iGWX~_aFLFlLpG!$vcZU+&nB9TC_^8K~rIy@9_JehmU8JqJjvkLdF2dC&N?`
zMW->DR3*E&U8nOSwbSHS^bb8siQb`#y=nF;+4;K9GpVZI`o*hi>03Znxwf`;yu*&*
z>S!ijaOZHYL=3e=0^G5@Qg?y&p!}O0Fau}~Q@JV-s}+&RV!*LT^C>^2m(Z);kwQ=~
zFR^{?kh8p-SW?otxR_EcWcE6m>dKg;C8F-0qy}aMM@SO$!14Pb-s*s|y$4dsCAuO{
zC+frHk9^`iZ}@`o=le{6=kptAZJAX|dKv$7CwuH|Q&UM=%pIe#;7XCHZw{}`1#Mp$
zmRM2lWQ%IiH9T^1`Py{{@P!+PnFGqmtI9un?%%J+`83*&r!^(;T}PYAZA1Nt=y<*R
z(G3sj<R94|vXT#}b&9o%XNQD!gn#&R^4mGq@e|gLH4CAkT)W3>KsLXENYLU~JfXP5
zZ$?OP{>R87*7g7e=}8&Nlx`lfUGb1vPU1}hrwY*S`%+;46Sa4#-qjIX@|uBLz~!n!
zsM$p)*@_On`!+azZKojKJE(A-M#bogtCZ&FD|d@by~kMfeK}Fc_`(jak0{G1AX{oy
z2GCfV>up70yN)N^F|HdpFQ@7%roKCsmiU!5=r+#j;3H0>T<7MDBHhE7`;Gn#&VQgp
zL!ykYuo11`DT3w3<#k1+5`dxuB0cR8<vFR$kZJSyCkF<*-W{&ZqRy?>b5f|Vch6ua
zqGPgedzJY)H)bqtj_WYxV{s(*!C_x7?GxZk3bs$aJ9mG>5s}zD7=MUT-@|_DPC<2a
zD$}BTj9|8ZF7L_8I3@X~PBfKEnL$17wD-it<}?c?9tFO#dQ}o8SRy%9QRMuyIyC#@
zCy^sLw6Z~DPi{cjeQYJ&I2Qm7qhxHqfz`tsbM5l{8t#w(O{UC0%Y3-8EQU8hbf8NS
zMW@5McjPx{axV!q=|d>E2;PO`O5Sgmo{md@H|I7me(UVOyYsj+=`1%vr~y#Vh#%6U
zZJ@>m_+SvPkJ+f})C{V3=N*CLfklv$LSQQ?%SAoZ@UCeG2`qaYp8^(!!Zx9c&Rp!m
z$mHC6YbIQ68&SEU;!s9<de5QF&xDWyQF>x?OH0=BTw2Uv890Lrsjqx8d;2fQ*vt06
zVYC_dn@>s;SqTqD69Y-=PWK;dc}t4%KGZ;djmy)SUexu>wYajR;A2CH%Gv%A^mh@Z
zcEL+I@g#YBI*OW2q{31$0+9UQBw7Er^=Eb?or;CNN{qK;FHA-Ruf<~uGH($P5k#W7
z6&-~c<ll$}JXooKSr9mVYGgfG95DcRKMJfafIYz3Qo-J_+zAoLKJ1cOz_|;otlw{L
z{&*94cY9pS+3<<B)>bLD^I$I30dn?z<LV2HREy<P=icB$&0l9)fm!>h@x1%sv%7~i
zY0s)e_km$iED!=#1|3@<QPpZF`m>7Av{JUjsGnVDn-PQXsl0kEL9ek_Z1Y=IWNWjN
z4OA`27CYcuK)d`)M*h<7N!#(7mB~LDU&Y_l9<5@0l|S2fZ1}PV;^9j`gdSJ1WhavB
z!x1JI2s)O2-^Rooo{boA!Mg(3`?|*cn&aXBJsS9*!Ju}7{FVmRyP7rx_9_jOb0Gi>
zTPTVCZHqOhELC8tESs_93=T-TeWQi%U~>sG*^Dgl&%ujV^H<CTk`THIHyg>wUyElC
zE&Xzswt4ytZ^56_)~Hgm>TO2BJjg%)?D^8$Yi9p;|79-nOBP1WWG&2jeYdsju>lcz
zyPmu|mUo&Ep(=;grx|kU3R5%;Z4F!i=W~d-`)*arKC^=zIyzsUbe7l^<WH}{J1|rA
zn5mUtjU6Cw{|}|`uU`O<DVEBE$57TuhbZTQvk5y1C-(R%wF^dZSQ0CKs-V`i!az@E
zReluY{e|b7Qk76|A{{HNoaH(Ox<m8<2J~b6<SNqmG-%bZva>S=3+aJ0qV7|UF4`gM
z{e5cEb-rDJ8B&!7`rroOL1OexiCMM$Rts}Q<Sn`H1>1tatNh97zD#YM1hc3ws(BnR
zymPVGv+NAdfai`(bhw-kYu<gL1C@iVdN$zk4pu+*scdUvI)maE$>(69N$c>{uzebh
zJu18~<iVg`x@-G!C}u*nvKX>vu;-qFkt+O4#e!19-eH~@%(P2yZd(Oo6@wHEqLnYC
zWFJKq%STv1h?U%FiWU+E3h|JT<>BE0b<4dV9Be;lxg$>)980QzzY-Oq`p%b<EEx*(
z_$>Yda5N1<RD;gT<a106A6r;LFL6R5Hwy-&areQ^7p$AV@7nSa*=&&~{(Th{74R<b
z%i&YGI-|4GH_28sag!C<b|bzH*EkG2vc%w!jpF#Ah>!pT;LGR92icGIK){nE4h1l~
z4ZzpqEg7n<A*up`anIz)5A+nC9>UuvvOv#aTqDQ>9f!Rd@|0eugRBun3<>@QS_#}B
z7ep4{{|BeKke~<J(H1fHKcIHFwz0_gf@caiW!A2_h8VyPRMgZ&z!d_qjt=$%b?4<8
zky^6#2kBaoW)E2w9F!N}a*;;&suVtm-oX{G>zjlA0$lXE*gpBX(`h0}+jkWf8=x7H
z_2S9Dlt&>5bGK`alF*wZcaPWp02J!A6$2h+0)WQIO7-MxP+58zhPM5r9M_JMrBeZ!
zb;aM0DOkutN*D$B)YzzKl5V;0@~Gdv?ZN`$*wLdZQ$|#k!%zu*rbqq<IT^6?vYk~I
zu~?b){%$*-AS{1mx@#*gl06lmZFxCQZ4M%W`I#M5TATE?;ToF}S^a96^9uN26vrd)
zE1uH((DD)cS4{w}X~Z&vsOm5O^!ZN7|8fKFA^LTwZ}O_maYp3@*Wr>^uK;<o>GK?6
zm5WW`P7m!cdRxLsVCR4G*&;}PvIIJLSRlGqWQ|Ai$Uu|_R~6wwNdv|qB6UT^@sfw)
ze|f!#2kf&0*4MMJ$;l_!kG)-WbAcDXF1r6eJcj?ybO9}oU#;Q7uL^`+0ltm|B^Z(L
zB@`CHR<RB7onh9=eR|bAJ@@Hl`VF)3A3TMBd5~{sCt<C|>W6gDTBU@PkiR_jJ(J!b
zA_xfW69&D{eoN$&-*CM57N81jd?UM9>5bll%W&XVAbF9^AWz+E_t{f8j-`2(M>$ix
z@eL<Ch**=yd(7&1r<L$j`R8@|56B9`rs!w8!(8)Hhr;=(yo?zT@$QeYv8ks@%bD@;
zlsi*D{e3Q_z$3p0@WXo+iG3P`)tj4L0H+C1>!M$X&YoCo?jM@dH-&+ZG5%7KY0`Kc
zzc?$d?Or(v0uZaWcZ&$ro#*y*&VLws`G?ZH;aS;?v5QFf_S>`ohG@$G#z8n%VW?bZ
z8Firsmp)vLCAMw2V^)TxDHhZ;O5$Qujso6dsVV%C^&sQh1M8!nl>sOeIL(4_I(r+e
z`hPjLUfe?OQ2;`KjVVb=Mulho4BjlP%xLK%px;;NDx}K@$&jD~WxL<;%4ZK0ssC~`
zL~G&i{veYSdM|`ZeE6$h$-k-ghER_FbqzV#T0_cve%>t?OMxd#kV4Q$P|;Gf;0)uJ
z?_bt6_$ci>`^9H7s|z~|9+rt}Z{``qOa;S#F&zQ$?ArYiqBLnS;$bp`cr5lWe@dT6
zeEpP;q{#360T5wV@`T*;6gwyqXVvY5H^ik|K1LspeWSPKE~$=k{qeJKv>xFPZf*ek
z?6PTR5XI1g$I5<kGXLCzM^y*t4d%lQ0CRJMY4jGXC6U+aNROW9Y_)AsKBp;)F})*2
zK(X#_WylmXPHZmQzB~g6#}-AItRJJN(+`>g5^?R{PSvd>idfBf*n;5=SpcQ_V3lGA
zaY_(alW}qG69Knq{TMC!dU?6<xqe<|rWs8Pzl<AyDq2A+aqX%|7(fSnU|vDNuc|B&
zxAdCtki~X9)WM3$2bt<u7H~%KnmQ;aBBVv+E;Bp0A%k>Um>FQ9zUiC)D<x>|$CQfK
z*V*{-dH&$rMoQE@zJ`M1XesU;pgDTqIkkhQ5(vY;pWZY|^d|$0kcqGCV|%YO<A}<`
zdHK4Cu;$t$d=M^`7)I9~nOdRb?#k1DS7`y)_!Hfd3;mx@B%ayZ<{#piV^fUI+sk_U
zeXIDgGC0$3Uq6hVw|H{UVPO$U1Z%&00HA%nf9uu%ogo9Y{+QYxWDjP?l@wy{ueYU^
zL~pu|3{%+1KGnCkun!oFQc_j*ragSwhCFJZ%T4j@Usp{0e}4{*Rjr!6a54jU=Nvf$
z<~fdwY>n=d0pSh8M-}*f3ptByrVzt4i33S_YkOm8_DTG+P2?=}F-17KBa}qaInvfz
z0nR!2)jxa=muio8_m+qaoxL^tCSlI#6V0np?mqjWjChrT))G;Mi@^3nQsbk6v9U72
zcBev+I#kdcZbD||8-pon*VFOKlv9Ucu=TxEHsPc-i$?i;wrgvx+IaoLshmpO`q&ko
zo#`LzmpMPx{%%|e`6p@Sxo!pJ_JvQqS2H_b>=}W7Gl4X3Ws7O$IFHQg?UE&d3+-&C
zy<H*@q4KH<hjf$aymP}j_V!GX9s>K&GuFDVc^>>Arvwb8A^KBMTW}@bJQR1<a)3}h
z)5c#aLlOxdyBpdKGqroFvD|IwVwYZx4Z}PA3ARjfZjd*%cKXaEUG2{yeyo+m9Q3XA
z$NNl_!3z=K`PXCN|ML@Ket!P^d^w20<YrUgNyJ{#g#FF7=~!di{JHVZZEZrUY!xG5
zt1L@KoLpabPT~DBq1SzIEtC6aKQa8N$FRDta1z(&gios;!&=q6WBC^@(x`qh#@(Y;
zh3T*z{)>n~gHvAPc40&odTrG>h9;chWlmQfOP_bM2(3HD7&Bu6cAjgYc0ZahPo6T5
z8!JW*paI}kvp$%K%A^fOhwX*k5{XnN&sldfg|UvEeT4b0sHBdX8Y7mp%GhGX#$=NM
z*@v$Q4tw0RtGXv(WHXiMXUanR!b8?ob$t<Wl)XnROEv280#IcJ7fN7xQ1jH<+@h8N
z4cxr0-gjdsVrXpg>eLLW2Dwv`=PviB=W*&7i8ExGANuq@i_-FH)aXlvA}`}Nz1#fN
z*gYF4-_PD7N*8|ZJIcW)uZO8$U4S6DT2&mD>kD;QN+f!qCPYOs`F>jWRVI@>xZhpq
zBP{Beyr^I_sy3ELHX3$$lRj_v>KmW`?TT&AiMzO4N|vuT%w@WX_e6lJ67n<)m+XN}
z$6`G=ipva4X|f5Y{x%-<L#pUD*2(Lp%mPkltJ2RCq9M0#Vg2{(yb4I8)~zr#Z5*jh
zs$5@e6j7oWyQMO^D5J$=oU=anuyp<VY&bo_64=T$MD7|)OV<tpGHPwrRdeOx)y}<M
z`$g-MXI6fqS0E)19XeU!UCxV_DdP>ALFq?M&S+_bNwxnm-iWD@pck%uscO1mtPJa!
zCUTWskKy~;Eq&I&ov2oK*e2SYbt@fK1skJpc909-MxRRcNTfJt?2sv^u>yXCs)H}O
z4*f+{t!JA-p>A`@`bg;I!Ed(;)Zik7aci)ZZyeDke2u*VIh`r%Neo9At1mV2m|oxd
zwTNRmjQ_b$WIf`cR-rmxGJ*Cl3nw@b-0kSb$sp1r+qTz0ih`s@Bw+c!o<)lOJEFyk
zP)!1NBZtL5mNXE{Cshid`oZ#nXzWi=b}twqjM>#JaD%RXB}rGGBx8YW=>FL-@b`W>
zY={MM@3Hzv%W||c$_!?}d~r<8mW_jOz;N2H&HnR-C*HWEr@}yILi<f3Hb{m}RTJtH
z-{(1i8Xnhc7>Bw&!}u7p{(5}E^$fD3@%~$J>Eksuwh27yd&kf^7B1<xM4EX3lDnFO
zUHFEiwv`TC$rmrMwA<IN5E~aT{<K9W84VJrsSajoJL<U+2rZGE@{LW^xi)zdGt?_z
zN`ez6-qAA#nR-{X5^`Dk+P*tI(Cpr70pRPkVXrP@-)X;$MFB#JcBNB&C64G(Fi~Hi
zdH7NI>o((4C9DT_(9fR8ey)Y7(In0{)4K^u>TzjO?U{KT>}P58<hU>gV>}_sfv)=L
z2h$7erPJ2kbZ^N)LVhLrWx77#1(3Dv<pL|P;N=&AjjOH-I53f)SKjNHCQ&%KMX_<q
z#bmk(D1{yPmKWSJ@}=Me^~&4ka6U{!h+?>~^P4axv*WrNC`C>8&%3_fe=-0)A2hv)
zW|{rd)hs`=gA?*!F+;*JbGCy{?4ooo;ooAsZZkkt<(-7fbvEHq2^B6z(17DQRk1tm
zm*-cz*Qq7(+3g!1t^}&CPs`ctmH(+w7xvFDaWw55N8j*tJ949jbP}=Kw(007g?pYk
zoaaTeAuqllfuq@Zv|m}yj)$8XZP@s9n8?$3;>Fj@aM9DgTzh7Y972~EH;6iXhE!pO
zy|q{rlf9piz?;l?^J3-8AddBABg-}YXT<TStGPENb>5EBpi}&XY9x;^zn`|YdeC#H
zD@;nNEqGKfPVn{!Wn5Fa2#e+}d#|sem>k9yHBaN3XiqWJMMXM+BE&CXb+p9i;7YIp
z(#dn^M-h*{uMakH(C1V19Uggg(|kkDk*<arm^BsLa7CgF)T@D*w8#BBpFmh9R45|9
zlFN<@j4t4yWSIbvyXA>cPKX_!7+{Y5+S{;gEqa_22d6SXl0h#83Y`C$`|#gv<!m@A
z7~*zUD-s!(-4DGbYgr({%i&`F$}7}is?{wCgqSrEj1H0r#&wd60$iPk3(&t-=gB|+
zDcRn2tyH5OzUn-LICF4cTz?HdcBEhu52<5<k;8~yU1!6^?(F^O`630~UMc7oq+PM!
z@G?EarC6)jc^)SjieXkdJw4@2+tBNy$BqG=?JQ>wwMh_-yN20TN7TFd)5q}DhSLFg
z)4VrNU$60fGEmb7JSr(_C5#Ohc(nq-e{2hkr%q0{d;>i-R-g79==YD6aOlR#R;!HL
zyPF%(i>oXd5(DN^1Sl;d95z>NWqwR(oz5ENS-*k;zSIFy44M0ra^+{zO2d4KI_eIt
z&+JtbTehaV7Dtm{Q$^bwoPn0+)N_;8W^rFBzH}{yjF*e?E;;4+3ViLaCs!#=BJDkh
zoq`R$b{F0;`kG!a0(!^K`ax>140*>b+;)aiz+^+-*^>h8@1O^c1TF;y%v6WHCC5W-
z%edIk5!_s@=p#RyU13tFi*lOg#@+5#ZOu8kUdByv$<>nRA8ho84z+2olm>`AoHg-n
ze-Sz%l6br9YslverCp$Sy}JI+szgFjs`P7XxG_#AX;wVSr9=43S7sEx@Szrvifh0)
zq+F10g>87C>M6s3M-aC?e~W=TRY%r&9g#!(85L}?{zv;VlnwgR%Qvj(0{BIm9b@m=
zCIm~`Frai^bd72PQ_>uYTw&L2Us4R?($Akfgn$}nBl`<|qd&UwXYeDOH!Tbij@jxS
z&Bsm8bfIYB#)WR?j6j1sCDuVqp_#_V^u$!6AGhHajM*dyM?K<X&s$#IbI{yZjZw=h
zxJF4##!kq}AfBqDK;ZC{@mC2<HX7ye=s=JP?Ag|qPIG3w*#WClPMun=f}u1VjW(<r
zBVXopgFE$hah4wLKOsGK{cX%S@NN|+h;`g!L_Z4TdG8T4+90Va_eFB)?L0TJGB)Gg
zOV|0#uJD90|7jkBv9{cxO8`$@TV_VWJ#J{f*lo_-W*W2l9>H1$s{P@bs>!JgY#tkv
z9BYd(!gi^R5$f;kbzcAFZ)8CbJB;qU&KntbxI^XNoBi*TlPUAZJnccsjWvnwcd6?C
zcZ-D$1q0yf0p!S;QPnRfL}y<Azvfk~eSLj$`jd!#XTE=vOu>D`_2k@Y!n3Xi!b{cz
z`9vbs!ZR!>UN6M_E1zhDdkce<K}T#*+A(Jy3XyA@P*7MSsgebtV287;nsxZ78q#E$
zv37tMWo1*l;g^TeP(B;$0%PK-9h|w%7Yhr+d4km+H><U~raunBmTVZjV%RiAxw1&7
zYXisbHl%@OCy#n!PE$~#gbI_4G6GRv-L{#AkFIUYZGX-sq(;mxj?eB{xYqQ3mg%E9
z>e>{y_wD%tg0({`m=@<qwP{v*FF!w-Q6FAi*-}z)qWgZE3Gn?{UzT5(XERR+T}&Ha
zhxZ)c8e;krEJOUWxmiW@tvx2({j1+w753#xg<ybszP5oQTbZww-nb5Il6T<S)Tvr$
zlKsVCza|&2$l~GJO`Rg58E%iMt>e{<K1hgmi5?Lfd+&u~1~Vh8*H)Z+#!`4v(=WYY
z5O~W)G_bI#U37avkQh2r-s&=OAqL0HWR$R-^3i--?&=+nSxSM~gYlEt*uNGIWn`Ry
zCCjes9-mBorPnDZS};8EW}w*0==BA=vR}@{$G+y3cesrCWoH_f2+5DAhEl(7=3K-%
zIb2S#ms<3qIhK@h^$e{;Awh>V5VJnz6#KyhH|tO8{AXI9T#iKvnF)x}Di-Rw3Ar8;
zugdJ#8Er$1k<2z*cX<vQj>J!tm#I-Ne2Ph)i63|M<k79Ra8I`|v|b+pDZiZmkY>Bi
z_-jumdQj@@v)cUHKAC|N)>ox8g^H2uny{H_s`s>i`jo*)s)(7D?`=j48&1bpX}BL+
zkZXZW4D00jJ?m9Z)4hvQqL|i`1nWEx^VbhJ`p$-?7)uxp-v3Z5$eSn~)3$^AcD-t-
zsRh$mI9H@da4vVUOn~X_@yk_SHGKGbv?hvxwKZISpDm&)zYe^SrK%D;u6uIxSth&|
zm(|CHGw)@Wx14%&0H44+FW0`bU~}7TKHZ@v6Y*q{s+WjDy?hX1e|;(76&(BhSV<L1
z9eo5HI_kK@Yhy@|UcYykC%0&sOK)2i3O6mTN7Mc2CEmtEf;pW5>qTAYKr%8<?iuh|
zPdeT8G`rRp`M>vRwc1YBAo-hB5m^W&3OIE@{`LGHO11t$r4>LVvJqu~OwyXyQ9~`6
z0RCY^C3f8rtrEOIWw4v{$wBX*-^hw%BluQZ!QTlRwl_ke;9b@$ozN#k%BmPZE131+
z^})@%s$#+J$>=sp9Ghl+Uw7fh69QyoEh;)2(q1bUo&sqQFF~8Bw5KJ`gjL#n^zzQJ
zRAIo;+-i5ONm~zD<*L{;1=e#kGEWt*O{L*&`7?P<?(z$O1kI|yPnIXolwDEb=VZ?7
z(O|91vbZ-qgVM-o?3$SkKf_CQ48QN}i*Ew6JnreGsXK*>GtrMn;&GOAj7Hr$9xaNa
zvO!uE&eW#X2nAy`ZT0)Bgi`pplu`!~6L>p~Z>gvE9W|rQ_8Tt-h~~IHwB|w2<dV_D
zE{Fi(^gCWHBF+PSa&H3DSp3kjF2*Ls7#Wq2&ml_ITc$=Im@-?3@$R+bo8JKxmbgDu
z*2@gZEB&4!IU%T+3QLK6UAt~0oxr}^JG$O5GKSKdmK3x_<bWo=m`L$%Zd0zMKO3vg
zo0(-D#b=@B&l3Fyq}!eMWf}h};$Yv37nHMX2)Qh~x-gJSu^MAjY2zOE?Yjn|)>V@x
zO4?BQ#EeGXWu1~t`cEpSGdVv<Vfk~=wh^qCK%hM@*?r|illl%sIlaUqys|<{xWosM
zJ0L%y8uP*B;X5wwyTcRmjfO1G)ZN9lH03QCGis;#21j={8Xd9!X!W7_R664NMy}sA
znfEcC<m1=Yd7I&%=Rt=qNpxrJhHCa+RPoX7eT|n)<wLszSe8s{7!K=>d1iUle6J~~
zGR)(vllf?_(0=T|hI4~ttgPH}+R2Qvz#S3Z1^E}_lUS|Fy6#8U4TpD~6TqLg&J7n;
z<%z=#q;fK9v;p?SGP?Ri*FN00G+qnT5r^u=2yWiN#pImNWxt16c4Cm;@YqXs*%slZ
zFZzRaw`{tfI9llZjz@{Zqk3G4J}rBil9Q9zc>=RNTzEcyBX#7m6D`A86L_grj@W_3
zQYv@g{KmiehI_dD4ppJUuhW-*Z+!m#C$Pbgtow@ic^m1ZJk3^4`2M@cC)C{BtSIL2
z&X?vg2_(7a-!v0{0YbKa(~kT)3mzCb+=8gei$v4GZmOPC@HGYY7kDhk$(@Hb&>ZAZ
zbR_|IV@`*hp?HQEK|mw(dGZqCyoj`FDQfm21uabhXi8FGK}+;F-VYJop%^8BWFqTe
zh+Y;%(nr=ytBF#}pnm^HRsK#Ih~m#I;K@2tuVzXdcM|IEZ`s2xV54{>rLp`3XrdGj
zTlzEYjrCNt<U`JYFpo4ohoPGSADzRGusZh{qzx%kOC-Y*Kv4{M_}A$*ml)A*r!?XF
zLc)VQ>k)kE6RwSa2N&FXRz+CO^dG!6pw|Z3PySOTOAksaW9sktP~{kUw%og;#deti
zPn5+NFU_0?)pN6ZEWLKAhS;M4s)nZamVMuEGOJ_rRr(*9N#7VA@Mq5%4!ZvSm<e^I
zCr^}XpuFiZ72n$e!MT1@h735Ju@<Y>_jHUYiN`c%z%IwwvvPd((G>!LrmtYhuw>pa
zC~k-PmZ_56?A%{+JhDA<Kg)(sm8wr4kTmKBFDT2gmvT=IE_mG3q%x*VYaDhi1?Q$@
z=D-f{nEVK>^x~CymUfj!?bNMPIa~@ejKX?$8C4CU5|~5631XN6yU)fzkh8pfREvAc
z<fDVw=dsu3o|O}8SCMy}X%~8+Aw=I`Qc~q9S9hf(^H&;26G<Z2MBUflLK2VOZH?t;
zJ+tzM-0ba2_jFaT=q^Y&*2_vSfwS3*ra6+=c_q);Pg7f?UUN!tbub(Tn<1BO&nAKQ
zB31Nuf&)==Db#A#S84yOfI6@Fw%J#8H4abPjoLg!qUm{QmfjIVPnC%9M6HgQ*I!)H
zX_yyh&elOycXgn-(S@<XnnAkdtvDJkQI$u(N0`Up^zYyO!vP75nFOS?Qh7OVa7ugb
z!X^qVn5Dpcpa8{D(sZYwup;&8DJXjAkW$MginqE*ul>I}6+Bz<%qwt949}&ubzn2)
z_q}gYcE<NYVy0u7Ns+Q$qhw<b%0F;yN3mD1zNOAyzl&ys!-3&dTlv~A-3TZyZvP_r
zlO=QX_@?ceH}Upf+6=oczIn!aO4+#e6hDuEh|lbb)zI9%2HEOF>qj^5rNzxO&ZgSO
zrN&w0-B1}_Qccr#XF^6k4+TX4$z+d$LXQ)flUpc0mXY>t6wi<!e0NR%`c-Vsm+AQ@
z>bh?|QClfKTZl4<D&ZOpGt`f?W?MCF+1(Abo4IqFDB?->v>f-4i7ZBX7_vlow722r
zuVDWdUq@6%Cihm|Dpyh(#xfaNGNlW$uwX`~f?B6eRed*KJ5riNYw6<!izw>K!VxB2
zM}bJJULBFz&RmQ$x<ao`J!l0Qe-wHUQ^NM+(uD*xXue6%(&Nw(qOGO3IP2whB&^(I
zp+T2{Nd?(Mpwcxx#q?pG>{aX_dolDkrTuX}C>VX0K(-q<qPJ^oN7*;GJ1GN#id+dl
zM10~sc?>)~Flfo<CVaeaQTjLKd7g)v$^7rE8iU7J8$KPA9TWV%tpbnp$+m0cZe=K+
z<(b6<Hea6A$o!Jc`2hmfNqD5x=p1P_nn1L($b4B`!4pD)jsKXZL{Z}ojgz-14Y=yg
zFtLBSQ^6*{t%W(c5X*7&RC~Ckuc|fw<BRjVl4aQg5?Q%C^^-DYCk+{cFU|GxdF!wb
z<%MOsH-2N#vOi$}JAMjR2%opG-kd8FzEMGz!)i>|Pu^qD5o!-F{CZ*N#o*X(VVv%3
zv6%+1>;6xZ2z%qcF`x;oMVbP`Qw7)_Zf2CUlx>8n8%}hG9{MAD<_{yf1LW8D(7HSe
zo&M%rx3tQWq_f$mPs68O`TdVe9%%PEiXLuP@MOkMQem3UsA)zT*fnx^H8d3YrW5o`
z_YR0-=<O=Mq*`1^d<d`TEHt(+;+S@A`|vA6B0^}oyI%6TnT!QC!BSngjKVcBHlrxO
zSm0b>z1~g1$W)P)n<@%eF?Hq7BBRn6?s>nMs49@cB;94eA+*c=KMZqw&1Fuqcilag
zk`(Y@_Tug7Ly5hgIj>N)FbsEB$e5uA1tV?Q^!Iw3?y<JB?HSX%xx~aACKZCCMf>OZ
z!RC|VAau?zvEtunnBEc+(>$*w)tNSC7hcdEQ^MxGSfuRLrWnFvUS6*$o&Zu)o=fTh
zYIKbJbm)oD7fDUag^s7WzwKCl6HASr=j&4v)>qeDULEjvY_J^HkRgSfU?2Kc0}^lc
zBY~hq4q1}^^{+o1Lc6)S4du}dSd56?w3noyFaU5Pd`m&`ap!7;@gj9!DJY~?L(rww
z5LBb}@B9Fc4PKCw>{6R=ECOQ?na6kJv1zTNwBOPV2}Ft_zVK|RwF~)I?=dFTF5lF~
zzF4U&-e`4X9LMuyKn!RT9d^JDa>bUv)%WzsVc0$PJBGw42ly+r^CSyrrFi0aIKARa
z-nFDlX86lvzdTqA6%4}o5(!$fL^QpMwCG(_xKxONmDwj}?=4_|NP6mzf9loEVqfsN
z9rJSulS=aJzR__&#jpJ|X0ZBR<r06pZ6`Cv<Xcrt;xE3wIz=vP4-uX3Qrvm|b8qXn
zYCqwXuKr<XB1wLkFJ01AnQ3=brC($87+HvzGHm~qZ1{Ol#n71Qt0jJfnBd}M#a(OB
z$>Wk^Hu1*TJO<Y~fWH|m=BegIgP!n-{6m{PY8xdIyT}tm{`+DS`WsB#NYB0D0}3sL
zi92b!XHptHE7BbW)h620#+p;cDwHVQcU`bbk`Dgvnf}!A*9_rLNPbBHH!>rzRcF`_
zB8;`g3W{&MaS!8BMI5uYP9a879=i=wc9dK7=FqvI+ZI2!bvD?&J^Lg6y==E_&EVYA
zO9^{jcqp0y4gqm0<@TQx%hD<etY3LE4&Z2JT1wq_uzO2QoqAYyBU$X*;8?1^{Je11
zz*JpvRw0h17f@Ifj{y=}T;h@bVIF6tC6aUNmE2pYsqBX7uvl!bi~reAaGW+Vw{TXz
zH~BF>K1z2^ZI}3*!`ggv@*RZ7J+O#2f5!P(JKXGG-u1rJibs*r+bi*GPGCjqq)Y$E
z%cJNkno7=`Zk@&FbRMzOFZ_X=@iB77yt>8^7sDw2Vcy!`<K&(|nYwZ7$KO*<zPGsG
zbjCX*9YX?fm`4m$QAp1m^3K@5@%32_yhScCHEI@Bc(H12M$2PWvrKw>DmY#Z2Aihp
z_O7pm+bJkwNuX>BivMiJ!Kp|`xC8kAP5Pj2)g$qH!A<}C`N`ACgo(1I!zKQW9Lryx
zQYfNe#f#T7$Y^DMgKp0q-t@{?=Mkb(P9!bukwZwz18^V6v}0kDK?<C&dH(j->BOql
zmDoS9v3Rtq*h06r1ok4Nf8u$J^{7ZUV)uMwmN0JhI$iDeGpkhUm;#3=*c_9Wd`xP7
z{|US`lmW<ROYgA`(#R0h86l)JR(pyXoJMA+K#)_56t4S0`Al>CQS_jMv|35&Ewdxs
zwYGht^XK?SGDif@uD(2&Vo@^=_n!o}5x;m^tfaym>$%~U{xR-T*|BC3#s=>k5xumF
z_z{hpkM%iOmi{o#7;G=vYan%@A}*Py&eQS#WA8n~n(DT8;n={2C@6?Xu>eXh5;~|L
zC>?3iK?H&jdWQglihzL9I~bHAO?nN8NN<J`Iw&1N6+$m(Ccsn9IeYJO&h@<SkMH{a
zX-L+ZYpyxkJ;t~Pq8h%^c%Sd&-_4_GzxCu`X+sDZd_E<rwDcP*wxSZuxy@iNTo-?A
z(lq6%A%zLTS<5b`$()`~t%-|B70+9MxQ`vm{dDGX!cN-Havq*FQeuypaxFe*5Y<e_
zJ+ttvS^K)euO;cPA$5)d7gkThiwYQM=-4rF0PjLy9K09V{D%8SsuzXe8m8kV9hlRB
z<RWG9LU5&ofaXZ75_Mb9ONJCEXtX7K`3=<UlSSHh%lHPODmh*=#5+Z6nQ1nLk1H2~
zJ#JjnO>lU|Q}toOKD{BZiJZqe72w@pJ^&j)E!bzL^6JKeOPyg+66zXQBbl;KUY~jT
zWzy54df1D8lm`B+MQY2Az?K3JMfY_8G}-bGiTQsvQkUUELz}%FTXY7OK@}H4#%_U<
z?(lH=)~kk*^8$NS0voqAvR}P=#etZXaU8I&8+05-c<3)rv<z<ztvSs0SWo@<0EQd)
zo`bvwrJ}&#96@jj38gd3IZs5HsN~~$+f<J@cI!B%#g{F&3U!V8(7M!r9~c|^IC~7T
zKT4AGDg_0FO7mQAUfuTr)Y_2Qd~;fzR*{9OLIarO18N|FOo*EU#I7!oMyt@g1kk{#
zR;L9kKjIS+VN*Evm7WlVnqLhG31RM=FPV%lTc~jDFNEh(K=8yj^nG8Bw6wMk*>~$~
z4^ex*Ac%fX<b36xyE~fX>)rid%YxpJdj#X(6G_C_cTU)?j)s)(-K(2z%4wKV#2)Y7
z=@+2d4b;6ulanQ4S}$6rs?fqI<589*KGQ>*bhru=j{0DVcoVo32D5qTQli3mJWH`Y
zI;9EXa&XxzWN>C0TK66;=J-GjvyqRMm9=1wZGQm8cZKfgpH2Y*P}>&i5p5Uvx_wX3
zi#~8Lj2`sQ%*>Fzn*dFozm?l>2D|~&Y(G<vd9*tV8fW_EVdgp*(%GJrW}CGLx~9ak
zG+(<n5!+NUdtL8@A}H7a%BIY2y1k#gj<mwn&mcDHdBIr9$4AlU;euzq%-_(SM41n)
z&E^fl-*2jHOIY^TWw>xrBGv2JO}nn6$%Uapk$cn`CowPEUQ4ags)<o$E&O814N54d
zz_R$tf4bR5;SYtz)?^taN*=}-3H^?ZR|5=YqoSjO6M`8{@8(B^`qD~TU-<4PY%p`f
z&nF{g7Pnd@?Bl25OlD3upV6H{p-?XF#Ed;ZW00?0+-KX9!IIw{!}RUdVr<_Fp9R+^
z0R>Sm=9WJ%=*GV1Pr!^SdAfra*4+P@_2S)pE<n)#sYCU=s#n-adA1(-dt4~><r!an
zwCyeb0?mc<mhW>=I0+|YD6eKQbnA<TI?OWZ(?SyM3BJW<9<;_vE#@B2O@$AR^0DX=
z?nHS|eBrDW_Ub4|l$pILRJq4+GfL9RrAD{eg?ao*6?we4Mn;#?+Hvke^)V`(m_c`a
z^%(oF$EyY*{dNAWn`1Uk{J6?Zk51d%i<ZbD(r1nlwx<`UUbui4IRRItI1Q{<#<jk7
zJKh%-fr*?*;@2nxjB@Mdn@L3qvx1>(L)Q&mYp$+)7TB*{VGzE%YLJ)pL&V-jBhc}u
zL0-BG_lB!I7fP?sQPNuem$q--$xc8W$!VFMs|Z2YJ|h7m6$8i^8jrKwSrKID<Hn}x
ze-P4e1N+>K<nt?fSW^G)YKu#$tDGC84P00;JE$-h%I$Sb)EvS7*`uIE@PUM7WDiex
z@mU6b6r#2{@7NA-N+XL@HEwyr%vy!Tx=Td59n>)V5?XwGmycTW9uGRI<M@s{!7t(D
zORR{`X${Jdf$KQtR{~js+{SWGw-zBo)zLe5CQsuWkm*suOfu{mTemS$62F}p1YI_%
zaGFSxg6jt_@&||yf3@eBOmAetU1H8`Wn~or4p=f1(utXo(fRPOvuKR}=HB(AMBdM#
z!6dvuD-+)TkMFR&Zw#>FFoe)3iA%h_gqCo@3OO2c21$Y{UYteTq<#)uZo)Gp{sPq4
zoA%i(SCDcb1xPS{gm(f1gYw{$BcIldV|Gp@yV=aB4aUe!q>X*ZpfNIP{D7P;J&Rge
z;;XJ%y!dN#)mk7Bq0Bj%Hm^($M**dO7POX)nC&^qqcTMc_C~#y$FfLi5gTuJ)N~d;
zzVe@sr;qf)oJv5rxjfL6V^TrRu*>Nw24#vfIH+KQDx<7ZtuPni=w6)el67u;qp*GV
zBeVEg$$p+T;iS?`3H5B<u%u&moq+<J+$pGcvyGXrd@ZY4{1P2rJZ_AMc@TGxv2zwa
zB3>foa*m<Ho~i;Sqm{6uvYO^wsGABan~Znu++#x*!u!XjAd0}F_*R}7zc;IJVlpnO
z#AH=oYN4Y*LAqEXEQwAcfw?h~*>7I`({QnLzKUJ*ig;8Se_y+TTt4nTFXoyk?Fr74
zU>(ba%x6xVZP$~qT2Rusp}-(`TU2E&FkbwGvUUEaglHHROkU7e1ZtA7xtCM-#(Y{6
zGcuI4bfdLOFY<*TQojd2M=cA%2S>FfZ31?S9d^*+JF0dG`9lZJ4_IU4{UdU3p<7AS
zi+Qb9UL(GIZ^+qFkrFF6sp~`4ICHtT6sLDC(iluTBZ|xi(TocA|I3YGn)zHUR7m*Z
zi9LChHL;Tgx>aJ7Ml`M4JSvZVd9-8PTPwU)JZw&1mj1iQSE)bEe~=S~;734DacvFn
z<kR-2%bb%=d~x{bAZ!Aj!<&cj>Ai;8jP*z9L-{at@1W}){ga0ey)WgPvfmzt51c&x
zAS@}qVxjlgM3faDO6C?r$m5_Sbx}9^zK#kn_J(SP<8|Sa11;Z-Ob{1szrH&Zh<(k5
zi?N8l^%RNBF{_`yin6yjrV$m&FaIS^<0Ph^*gnW0=iKBMg?RoD3Q;QI3v{BB&%S;=
z6pe!m#Hos+#m#i?h6QTOo=Xiq>Bnco7Zi>=HNsRH^t{Opx+L+#c-0uwoyd1~&{6NV
z%(2%%I1Gl=j6Ogv!TZm}yRD4#oE-(?=W#oY;^Mm-Cy||=e$n;MZ|1!(bI#9DI4}0z
zrSoBJUKOt<mZvRjOpKCq9nhKNBH^Z{)8D7_&UT0_=tYJAOF;Fz@(q2C@vG2`Q?yJ@
zAyQ&#Yx|4wmx|GiDVCUw=BYTom*#m5SZ5H(e$}V?4LkFAqQZx+P*9plL36+<hH3Vu
z*^M2}zIz-Gr7i_Ru}?mH=S`vGHsa9lIk3wgf(jFjV;fIhxn&%WeSR&^@D}`rnSXJF
zi(lbbP8e)YB0=MEn-SgXr`3xDkK0_fnhp+mO_&y9U<l}X@$&2itFD#EKXUmZJ_dgs
z;0rs(d5hqJPzO9OutZ?B9EY4I2eirev~Chc%)Nn{AMfbs;3!}Gre3+J+Vy;G*rU>A
zyM|J)-WKu$1U=v?zie?cUE)6HM3$R*hBq-qD#$_WI-0cs+aQ;6!@58~*4uj$LPP-G
z46G1KHI&S)p$jKy-4^eGRkJ73nh%w4yrR@qY-_|oI3o!=jPEUn)3=1NsE?&QL#f2V
z2TQxy^IR8DYk@-Z>+KO0A8A=8(!7aDKTDLk;6Be1LBs*=6maf3U6<1r-d6Azh8e`(
z-X*PVYiWsMRhEsClb3I_g>cS-tCJ<kp+qbRkb$x=aBXi8cI$s1i2SSgq||uJZPGzX
z&edGl$T|{0_xM=u4GAsWfcXJW4$3Sh-q_9VnsB{rI<|Kn-LHiRe==~VaG*p)?79NU
zAuMw*zt{QVodLml`+#OU!83U=UUkeRF1IQ%64%d@`vYH?o`9Ul(@yg?CEdV8Z(Cc$
z;J81x&*t&_SM!3u@8dS}BALZsS7@@M!YlkK+~!S<qAIu;>0T4%Trv-_v24D2P5Z26
z%89k*Z&7sC6kXv<s?$2i<(a&dm0q*zgO!6Y`&091W&b1y9y}fcTHU0dhK*mMR>CKY
zpUfZ%I7h#cK5F?W6(ihQ(P6BoYB!WGL-Y1frJc&Yo@css0mLvHA=GfwhEIGCYonU$
z&4nHoeYZ@x^cE^Gm@8;w*K_1BfRnYv2OV2Wu;L;4Ec%aLqS(^$WXGbt$M=_DAr!JL
z-(MWUhi{-veJfX{nH2JSS>h}@T*Ii~_fE7nJ0`&N4_A(C352397b%f~kUl&n%Ce65
zk#VfOo2{)yCOSF0N*Kd3r$cn;{nPg~>(Re^q@pC5KTW*EZhQ>O-@5Z<%DdBdu5=MY
z0k0xXQo3!t%dS&>5L4n`sVv<e_xg{q`o9k0brB{i_SDt<2T=_GtsQnY?YqF396Y3b
z09fM#42UN)LE!&E;EaWZ<#!Opkw@D+YKOpC+L|#4+8OQFiARs%qjKbTn6hPCjHAfc
zKQM-W36uW|^qgeJJYiuVp3Yir6?A74qOHq;FzP7y@VwnfgW1JFuBFwv9BW5!d)eQS
z*y)=)s;u}Bo&yiqoV^2*Vopf5*0}dk@+JljA*dHT4t2+?)bAHvvb+J}_a7kCxm*it
zY6~4B68vqfxs->cMzVogrTzPSgHhAzoV+2s<`;GkZQP44G&L94d}I66wRm&_Be7kQ
zBB0+LJqwi<NftD9&G^K@TiO;u0jKI76=s-}8;%6>`vUI}!dQ%Uo5bjBhBCLHf{r)U
zynNfGQdC#aDHd0jbJ7O6Hgj$U4$+s6Q&=XkaBggvu0=OPPv2)A*Dk#ncMj`Un1N7^
zk2W>ZcAI#GI|LG~zNOc9UWKd8KS3lZOS)IKFlXv}!^p-j2G}>x>jh(VN3ZhCGU)`Y
zE+v(@puL?2U`+#js4H_hq+njm*SkPD5#%LcGY+~%-aeHUFUZ)#Ws$ueDH!P$ro>!g
z)*hsxlwYE7BE)*>a3`md*v#Xa6-Y-P&34(#@|1=L7ZrcwMFc<*X$?*F6;5D7iLRiD
zxI)p%JT)4fd<i2E0MFQ6`y`>|!e%5DBOqTqR0;;+vf1kK>Qr_>W1N?$C^3}>5)WRK
zoJrJHL*m;Cqp*_^8G$*09kelV??xjBtI-CXsM>DHd-tP!IaqJ>A=$d7l0MCw)w(eA
zTW;2n!y%kMfuj8NrZ9H8LZo)Z`rrljoJ3=AIX61G4{vcyA_g$1>(3l&0_e9mX!4;K
z^)DbKaE4uRaY|iqyiwoxf<cJc*yuL{P3$L_l0WdPe;y<QfLx`!&Mx{oy{Wae(jgEH
zjQtEM%7Zih5e*(A!y~Hz&g<-7p3ouXe0zxb|KGvY=5JtTas%_S=8kGm7&L&*(O9#!
z@z-H4g4rKRbG=ANCr?<A%(5f<k!1g>GlBsa7bM9_^u~Kw&O!(+d_pjD+SZXMTc2te
z)I$@%u}!O#%z>MlZRmDni%y7RvrVPn*fXgZ``Vwm{f47UL}|)nf+1TV1@i;Io!^N9
z3OAHgZ=zcYbpti#)!)a)Bjqq-gP&P#;w~Wq4op)dOlYq+;dHAIkF5yEnaQSzV6N!=
zC@SkS9Bp`J?Y<|=5lwCQS)I{%Hb{FsvWn!IhUpx?MPPQa2(+IDeq+@)SiJ{v*EL|s
z=2;=UCS=nlgH(&WJHZ9s8o?3M;7DI=Zkr$avb{}`um5*8k6~WcATIp&)&xT9*|@BX
z2eB7!n(rvUkq_Z)^FH_Q&P7mwb`M%^|H^Y%xq0OQ<ENY79;APo#kEc&Z+!26Qr9e~
z|GRwkRRJT#L|47ChEF?o{K^29OKWDqQ`J0I#!iw7Wx0r&nG@vUv(0XC+l%AT^w-dn
z`69ZlHiffp!q++CGb=BrGygye_w8zo_2aM1q&%AeVj_KBY;%=diHz2Fie@@jtB`r3
z*0R`>E~p_^-4Oe`Yw16_&Dmwc6s^*42VUOL3}z~*n3=kFr%E@kv}YElGt9^Pt3pKA
zBxpFnDwe0#KT6MkvcUfk10~?)n(iqrX%u_Zl|wzdQ<*H%&3Q{x;sV5v*fphoq^Jdr
z@@f#zZZfavu%J={6N571yJ7%NNpAEyaCtoa6uWo=%Z10SR5*#8u2K8d^_^370*2+0
z8wGgiSpZmyB~T6BjcUKdaNF_i0ItE1G4T9VhijX&99Yjmy;nnzX>6a>y3wZw8oGD0
zS&w!8coYOJkX*2cLt(clGPqK(OM<T3yDvv$xpbSiK~*j!^(x47dcyMfekgpB((0jd
z8C|DL@p4u1^^QT;y>C;+1^OB?W;5}7_1(ohqxm6_9i6BSP{!#8_TfJl9zD@hUo3d(
zlk4DE=_Z6&G5+<5F}p+fQkYs$cT|DKQ&b;=Xc>-Ilky#|;JbPjew$7M^D6fSYI-z8
ztu*HwpF7PFV-#)ggX^q<#y{wmjDJ<2ja#|Ovg^#LvKxf-i;b)dSvT)D>&oX!=ta<o
zSHMC>k5gl@Zygk_R`qcY(PIU9pn2JBn|&c$jFn1hdj5!UaQ;<*q)&<Gb5Xk;Xt;mj
z8T{vufxkMpIHolklFjvp!T@Ro5G-mQZPx}m=P$bEE?sj=3*Pz0d+|Fj@RKp{KxU!E
zpvx_K>LXvR2<3EVV}VPqY%1h1tB5W%YNF_{`aF4Y`AMdVLK<9UvcZDjgyT`k+LZy|
zhpXnNxs+kE%48eh`;K~Ke0=yEME~x7Tyiwbx=nbwxu^n{=?dUU8NJPRZ&J}zijq^r
z`t<u>iRP$SANg734Ol`ez=h@k3Q8m7P)`o|@o+y3F}JaK{3&L$GWRT`h0p-n^AiA=
zyW-m|$`BHQ6WjyL2809v9_QgbKmQeiDS91WL||?u2PVti9#Tvb?qe5r9lmm|163e8
zgJ{!z$G|4s))$zOiDO~Do6sntZdHX;h&bZ3zslm*5;4*~K6I<$ekq2SX#VN`Y_80e
z35TQ;OC1G_{JMroE!ug({1Lj;?lh~0iR=Va5U?*Y@3r52m!F$^U5p{1^9`&+HL3L8
zE>j%g8fJr{I=OvbpSDUd8F`M4CEu=+J!>tAZDRke3Sj^*15`A~M6jbothaxbrGQjQ
znql2|%E$NrJchYP2&*y&EyRizLIti=_wexYGT;~N3FEm<F7kHd`kPD6-#Vo(l4>aQ
zV&}Y_&t1y<eX~b&KqFg$E#ApzQ3Z3Yvl^CSRWOMM8ngKnUY_|SP;iWNc<sv-Gag*e
z(AOK~{5PycGwYHdm%w}Y3x+xV<DbGXiT(y?Kr0i;f@N>;qn>gYi-g%^{5;k6ffX~8
z>Uxx_pXK-4&4e#zV+J-6R=2mlG|Y`YFhSS|2*+;f?TF0?X!!A=`-yYQngm|0y}ir!
zcK}3JM=mku#;vzgFAOXraiMvlBLbl{nwgGoit2lGxrjye;e#m2Q>5<@0L`^ih|>-q
zrE%(+{Twg5tE(fs5V0Dk6sydyKEis`{_j}sMzIo7B1-?&YuywHEn|^OtaeQP3yNG=
z%@xTdirbV_!ATklj@iDXKLyM&mu7HiHH@UB)mNX)wg<TELXDI+QzYcBwPX<=j;9p0
zMLIhq;>Up#AS?4!n5%o1ZCR4B(Qs=P&KB-UlJpw3Y~_9Jyt??}tsnNpx0ln_eeV_z
z*`~g;=W1Ykoc%a*w2#dYbF+|?^ruKhuYzrsq9s#l^lj(dvEYJ)r*V&NCa5EmQWEgv
z1r&)1;2Hp~yvg7OmY>ws6~HvI$K|815bC3fO}>SE5y2+2ed;=oyXS)xvZrwBlypH9
z)pd9tjn`gyP!o5!5u6Xv6t9(jh?^}y2X$rInnpB{E#_Al)JOQ0<Z8{lOz9Tv*mVNL
z17IvP=-0a1POGB9B=$f~2&akj4ca((YCUEtPb9!E^R0QKKh!p&HI^$iXZj3UxvIkd
z^UQ46gm#<O2g&>}&=dH>>hQP_3HNn+haoIykh$}y6MVHR(d$G{oWxiofAX&$$*jA*
z6@AKLfo%@^oFgy0;~8j`<9B61tAQfIyVV4E8<)02M;XiHi1=buC%Ym#*kesC<0sv%
zm77)S@r%_B>YUOdlIR}WQ^b<jTrwc!mYcnE#`c#XGV?KWU%c}KRTrG06u=Z$X&|S8
zKOei+eSJAVFWwe&$I5HlkMVQ<RJay@gC4((`8#U3Z)I8{V{t&lljgue`t@d}kELy1
zH^|{(kI@coB5SF8TGv%y*w{gCfkG*Ok57tiDOWk07|*A;63>sKVbVcRArf+5<3jXY
z7=MNRRe^#mzC22_+U>3<KI={w?|L7?^_QE6P5qNsV0o6A8cC#P@zQQDKi3M%TV<83
zAAM6O4U%_PKpvccz<>SnK<f*mlA#jwxTKc)yH_FFbi}c=Yy6mA-~Z{0KOV$ngtqa`
z$u|Z;ar{$xu(hA@QS+JK2g~$h78QNZ$gIXv!<P({E5mF5hErb-g&A&&N%WsTwHuc@
z?{WS)%FBcOGuCQ?E{S_&FEJAZ1%ntFmJ+_!EFK<)eGHJ~Jy{al=9)-|PZPiQ&Vsw~
zE_I@dUNng~=nwl#_TaSzneL_s*(*%J^`D(jBx64<oH;9cc&GvK0<VOY&VbNk>(1jv
zc@m)lGt*n~BKq;C96QQhdf7K{N{a;QZY;ilwS|`YF_3nnSY3Kqi^D?^FRBg^cu$yN
z?rT_jfJIDd6tZ90x6~ICok`wnC_<TIbK5#r-z4vRMiJ=@ZS_+c`7^ESi`CYrqIJkk
z+8<}J8eQUKJrv}902Y@c&FC_P37BEbn>rpE{8)QQa()7xD|&BRVoeF&n&+a9eY>fF
zx|mT&I^s^^oN|PS`hSaSswJgbj5MD*U4LOr{`uNe*b&o@PB$EvVHyea?$>dt7bbgu
z_GOGOPB+`0aum}q238P+OMpDrx5I=g*>%WuxZ*}TzxXcYg`1d+cfq_>qsJ|Er<nkp
zFBx^sC{AXHmKR5lsd=R!)IIBds#W*v7lJ{9>fa@C&Oh;hd^`F{r=*~ByI><p>dP-7
z838NRFyizWKhTVSb?ZKP_w4+$g=1$ya1Ss^BEA(g#hri<$$Q6Ynr+jLT$1Up@4KFr
z9FJskHfQJ?u7JAMb=uzcjX(C9FdyB(n|c>Om%u3iehM{kAQON6yMJQ9P}XoZt@%=H
z7RcsmoH+C{6jc)DdU8g!hBw2X7vS@%SWG59FEI&8d{4MuHQd2r^~VQsycY!k%POIT
za^-?PfP{8Y>N>qBGlLNA!>jym1Xxox0p6QC4yJ8YZq1i16px<6d2|^T{06QMs9nnC
zg`CA#1zMsVz~}>p6*P!U-LO9X&pA}}m7;Dt4%$cf<>3?2#!4au_E<Gl%e=h2TvEtc
zPzs4`hiU2P=sW>L-L5vzpU-4Ac;g*HM9hs$$K*h{*u9^zr}>>lh!QrfU8X+x05$|}
z<@H4JuU0_aeD*JFir`S7725p$VbY^~uOE-{taud8?f{lU(d47@_RD}|ckI;>$XUQ;
zh4jPUNo4O=ulg`T<AHa`1zEPF(hVzYK-1o;l=CYH#2b`I-@*?Oh~ppJ+~^^Vv(TT3
zlUftL11+(1|G<__zV8}-lIo9IOWsQu7Mr+utmEZI>pVx0LIqT|a)by%eFP-aE%Fho
zz1ywTm3EphOk0IZCqE?Bof|H9R@UW&+#LmaiUCjgm{do)>}pPup!arf>RS!zIPWpY
z9l+5Eic)rdjRxsn9iF*)zk`6rGDWX~KCr4EZH^8e8!-PEfHiOu;9mI5`gd~I$`SBI
zNvZzrH_pP`{X>z1t6)1eijF`C869x)!6uw58nPKld|@cnKcRDjC$3eN#ofWX859r*
z2-wO33gNqXU|Ha+<4qBIh&3aob65DO(8;v<b(%?MeA{IC0@$SJKFXW(mE|*LkUVol
zG>@Y%<h>|)VZsKritpJ9OB*Hs-FSqMw_ooQi&sXkcJ2n9X&s*3T_i5st?~6H3Z#K=
z=5$83W*0ZF9Ipw_HHw8TeIR2<anz0+eCA+2D=R10pa6>OdcpCuP00-1z^vX*IeUfw
zp8ErGRn6|nkEPYKuR$mkL>b<XAyP{X2x33`ZJ`0Ea{|uap+ztlQT$?+%W-q^RClaK
z`VD<Gl=Gu1tKJpIQ6O&iZMR8wnfGp)DAxgd0U<gDR0~p$;&d@Mv|1s=as05Kq37Y7
zx|$}&L%R>}^xYk{k-3`ke%V{S(t7)%Bf!%+_Z109?LWg#CAretY$lp^nB|`^BdhFS
zTx%N{w$D?0-CtaJx%-E+wHuaBbob$(TN`8J;4qOwyc^R&EEf}>B&XJBS^3JE!j1Ea
zQPdFq?mLy?SQ!zg(Fq^`-B~&z5dawkNeBsFJerDgOs<U+?YYZC?{VTqo8%GwFJL9$
z5ZO$irW3CA%&L4Nih8lma`L%uLJvq;s5)0cAOZNYMQVIB6)kN2abqu1^#sr5J?BEb
zN?fIAIX_D_1w{WmxXd`X%xG=Ejk+Oso8j(QZT;s72|+uHv$LkoaS#ZeBMFGa#V&XV
zQ_!|prAM<bQF4~EU7L8>Fk*V!$7KA{(S70fgDHb<1$(d}P&?%ggi-!3=g!qIv&zeR
z=<hj>{Sl(?yNMv2is0b-AzPkkYDNQr&*jb8T9g50RW!vLHP{<59?P|B4!al)v0KZS
zv8pt~5K4CU)GM00WRS0kKnF7iK*cXrkBmHZg`jwNQYr)#<~Q$#6O-(5K_Qoqg59D+
z!mZ*!s&od>%kBmlQ9(Q_2ssc^fCVXn_5?53GM-$&;2-{QN(+yXAwcr%_juFq1%(gN
z>RH-K!*HBP#DXZ~4lrW(@|{&^;Ge0%1nZqNL-GaL0H88fXUaH)_5g)-%~k$QzfFtu
zg_6zI^aU~8fzoeDDutB+Qtb`W)-;RtGH(U^>D||HosPPQy{_~`-7`49db48?5<+lE
zdx;?Ij0#ts=YJZ?i*wosxUhAyd}HH-v=GSRXjLU*n7ykr`GCw`N}-N)kwRU!EYeNs
zhuk3y)pQP}g#%1oO8zRcCt5&jb+`BZs86TaO>kK50C@pV0lrX|q9x`s#}TWhAI&q<
zrIh`?Todx+EI!_y0ICmPz4sNZ9xJWid5D^0cwL8gQrg7!WOaEUFbLr_+~VugWMWJh
zSmR~7@ce3=bX=(Bl_)qC2l7D;xGuRQB)n-zEJhG|Et?8*hd^`c9C{fJNM`v5T$-l6
zU8IniJUJpc?$44tG@e*k_P~_!C&sKhtAT|WVo!L#L1amA1A|}V;%!3KiVMfn?g$nR
zXhaTP%(j$E)$SK9`;auJZu!>jx2b7m{Yl6Ppa3Oeq<qn<zoZuS2CJB2`BNQbnWss`
zGewnIRI3G8_!jy;_OTbUQ4U6Rm>Fws7HWUV6@kY0I3-_V|9twb<%B(*ltKq`4hVUF
zuLdsc$lV)2z9eGmqBhJXwv^p=M>*O=b{oa`!D=2d1N|k@a7k2NQtSG+Z(q4L7=&iR
zsQR@)b>`JIYx0TdouJrQ0Y<Uo5Jf)V&)s~*N}mQY8Ow3#2>ilkx49GE&8VFjNyEx(
z3I9^oFiNgnRuNvk4Zws&5R=FP7W`o8ZKsuO;>qaM1+|*An>v^3!l~h#=d@RHl1tJG
zvtTj;fx5%_u+dQ^NC1INj+Q~P|C3CF`_6<y9Joh@N_%BAl!vZc^?ILIyWe&59ml@*
zpd>mzwmw~_oh`~q(O~s+kQoAsf&VEE+dUk0#c?EYC`b8`*!*|@UN8r|#XA;eYs<;j
zhaBba=X+Yqq^G5+`M2N2aND~fmG)*}*Td}WYdns1ZaArM%&a~J$a~kG+<A}uSD6%J
z(H6YU%yaxMh=YS6>|keauL|apr0xqB&~y>(EkPAKJWLlNlLK4=I$0S0a&oBQ>FMdp
zOo7lDW9rejF7};f-{H{1rv@63Y}-)H5*X@hDVHJ{oAG9LE-eS!o!yiUJSsxr8SN*j
z7@LjZU4GGxD}$JPrR+B@I-Th^fKPCTXkWZ9;76ad|H4o!EO>mM23k@n`<2Usb?PKY
zv@gDzO_<paIt~iLm`nm`_%|CB&Y3$L^_recT_8-)_@H~i84gJV<@+a*c)91v(k{WP
z_cYAd`j}Z6Y30gD52h;mJ)+WWted=TevjA$u`Gos>RQuAOm?m5p-%sHf!w{Ze~7!#
z#u-^z>|oLbJ9{B<3n-jUTL=OmlrVp%qZXoVLkkHZI!aje3R53ZcUFl1%vREFHtR76
z^Zvt1#DMwk5X67?fAoCOp#GMA@7u-KHNb}itZ9Bg>%W1LB3rUEV9E>g<e5pWmD8<f
zSIReAQ)i&gFOFQ?S9}sN;I|GRajp3DgE-G;(2<wON>EAn@;5FJsz2`f686>`whUO1
zKtY!$8DX=C(GyaHg0v$H1dt8fD~J&D9FyKxnfSfH7itlO5||)`-#{w^sNthYXX0At
z^o=!j+5i}!2&UN)Y|A$EIjG@1$a%-qhBFm1#T$Xnr$2Arp9omi@(Su|%P>5kCgm@G
zsCVqMXbZB-9KKV?nh-TKFHtnySv!{#zQM1WGPJtUIya7f56i|#6k98lHR%R`nJl*m
zET7Kj;qH4@u%YekiwW74PV*cdTa&HS9=1{u;aTa6;*WXn*}P)l<L*D##Cofo|66l~
zlKV8u%X_7K3lQxRo{G~lD%bNSvSs1NmU`uG)AEE=>Q7K3Z$f;#&kJpO=~CEMl&O`E
zEXT}@^sdpXTb&sw%$F_wzyCN>jA&hK<H9!YV;%h}@5O4lDEh+3pIJ)ZQw%F<HO(L6
z0=q<LLIoCh)6g@CtrR{n#O%+QS^CTnl`UM5JV*=<f1<>}OT*RaKZvOiq1a)2xlY+h
zRvBt6=VA{}SYT~dVEta1QCK(_1NuJxa>bwX`O}q0nCYJO71eny`iTwSxfiaaGm*`G
zlNrud#s}E3|8i}558=j-pqJtBl@{*O_q_&r%|E|FjE1^_l*i$j$P{~1_zR@@|Jd=J
zd-){8e|ddaQY3sGq|*-%jh06$ECxoSYPsC}qZt%#kiqY29GpLF3`mUQXoC!FuoyOH
z`#+8_m}U){zJL|Qx3l3(;LgKo0pR}sfB65I4FN_nWtlD^R-pE5M>9u0AdT{5K6E>h
zheq{)RRzZ5B~_qOcCw4yU;bQzP9B=(TX6Bj|A`TR0%8Ye2@lR3`vF?|3C9LsS9@d%
z98-cW!Yet*3Q%0YZ95O|YQd|JKzt~<rLu%3P5|W$;h-1Pvx1;vgI>HX#Jmjr@I07-
zHB;X&_9>|HX)Ta5Y!Z;d26B3YgE;H;DZ-`BKFv?ljUsdip|EM4(<PRY#=#$w9Y7p+
zku3{ury;5SF#m`rkS=iFv%2}yLQj}q+Yz<om&VJ*&~8aug4V(I0{1vz$=ReptDrfd
zYifea3iKNFLvzSPPBQjdE$L+aq=?wEPC;>(QUQHwq^>{1KJl??M?hq0A!`~L9A?vA
zoMUIF+4kDiIY}-KDT3h^GPcm$1i8FT!kj2!*?ffK+5=qT&siZG<R&a{Bm)~!+m4h|
z$hGv^K23>JHg5Wkj&10v$tYrJtSAUC@1W52W*6S5=XI_fdmv~gOIfR@^t<=-pBrrL
zpev=Nv7E5yoV{GD_q*OC$ykX`d0ogvL`v&-+B#7TQ(vybQv4l}zFcu0zP=Iik~TF^
z%|zH?yhBzhT)Lc8=b-EMe6Q}rWDYuSco3Hlt~5UtBr!@#;r*VI`6}Gh;HL7^{1aPQ
z3-U3xfCS6afZ&_$DD5od+ZV_Th}0yp33)dL7N+vgWk0aghg+Vb9g?~Uir_#B(+h?T
zYD{VgVB!Vr%@+*6-J*h9lb&dMT@vCX&7_Zf`K=QBuAr$eiLHd2tE#tJnrH1|(iQ-d
zJ+Bee&5n|N{wHJU^L&h9vgs#El8@ETFew{aJ3Y`6<O5T@&xNFPeov7ZG@^0r8&Gf}
zzfGZ&LW@<zukqmL8*znIbSzxn)`Hmve;h@i8rdA}@->Qv2VR?jn!ke=wCN4Q8U)i-
zLW_Gk|N0?y?jOe%2ek0Bzg`Dk|Hs?F&`I>a1BW{isO^);OfmTc5qsDS4g{Z(zb@mR
z$2(hU0y4!^0;q<oYl-2D;MB$sxXfmUs1W?If6<By9O!@FtNX9M@J3Xkzrd`!Z*Fy^
zHv~9&0K;0Qi{08@Zc_&xMn(|GSw;ffRc2@EKGQP>AP3OdyE(cu?C!F6Lw0zg#5-tb
zKF&k9-9_p|?2NH9n3m-YPIBt4K8t~3v>=zj=4u=5;PMZ=hr=6qn!l@MQcSoEWa&6a
zA^KJz(omJ?r{mzDwLmS6Rb&g`zIO79(QW-|;K>9%84do&A(ufDgv2!3;lPXK>$$=&
zHncZ4+7U8fdCap495diW<D<Volw1z4L;S{$hZti1BZ%%i@8Qckso~(ML{NJdm@Yyw
zhi$|$cZdTkY{nZe{ed}LhBKc~InVE__-jgd22@SufJvPTQ(@e5IZNL+K}V7=TP8xv
zxE~XURt65zpz@gP^*&66D{dcX=?n!k);w!L04M#na5|3(59`TaSK<3yYCJL6uj$}-
zf`)OBqE@@yS~{OCD6oE{{_Vw~^O7;q-At?6C>MN4aEN8$aT>D`p|Z-^m3yi@qNR!b
z57p7KEV>D@T!Xq3z4|+;ef*`p69Le*US8QzF<RASN8*I_#iX_IFaX7YxB?Wd>7ZP2
zIA0O@t15h@IbNxLw2@1a{cm(sDqtNCA_tVR`Cg<3Q4Qq#i@EalH#PQ3<Y!v1Wu<(M
zVp>CF+CP1K2>&qlImBtR^6#z8*X^xLoMSr2OpPUqVUHhM$a-}<nXb&2!b8{8GEGt{
zMn~S@t3X%Sdbw($Z;&ZBnjCIghSeF{)%$IhW`TeGop}1ceeeo^WD5O(Ah_+CD)#;M
zuugGAysa43KJsYTyu;wxcxZfRkd*geX3L82NYK-y7zcS%1~FQl(fJ1W=h(E{yX*kD
z0kbPchWGBTh1>R<)8y?e4%luv3K%J(iydn^KMq`$c}uP^lau#}9DYw`+PyJ5>)EGF
zfxemIj@7t9z4+(WDF;ij2nL0Zi0uW$RO6$8z+BA~9~e(nr|uiEj?TPYn60##4w|CN
zWCZ)!{C@%qL1F7k<*Oeqb-v!xj2aKBrf9kO(m~y?zAMe6UUYI1DTQkWJ60`9@V6#X
zPUMSW4##rHv6!}UJ~l9}4v!UrqGdS&_vbUj+3wZT-tA1hO<tt3_QyVnrq}9N&NOO{
zx{qCXtpaK&3pC%EZ7yjdGqIhB;@(04JApo5{KQOruMsF+V%LeLLu{GI({b+l+9+ds
z*q*ewnXE-HX-eU>1_$uN@OJ}{0+`J^^Bv8!>Ryv}yq2f6F4v-3m9tV{#gWcKkO{<`
ziA#j<$(8gC?|q+FlwCjLz}-a=v)eWkAFJrh#&LQ78#YODCH#)R_<VL-O;04BTAqsc
z3B2m+YGm|4ml;CnjRG03ae%NnR&G7s+ogG&?BfgoIsoJryYG~iKZFo?%2h7FrMKFd
zEENI>f=Ls(8}xZHVrW|rz;y$~*5bOfkgq=h9)OQMH*r`Xz$jkl#aG>xV#OXpzwnX5
zp8e$BuZ*jq8%w*Em2OiTNtxBQ3EE@X{zt!hf`I6=KXep~GX}waw4f*#ujjc6TUmrH
z?J(DkCU4`-*#^*J28tgV{f|H{-v#QW3l06z>aog%YjFlf4pcqd9X^P%h#;v1;sW4`
zKs@nHQW7zM2H+q65CAw1yWY0HNxhCf0?!eeKn8iZA0h(ht0Bq|_*c)CvxqO(#^X~2
zUb>*hg#OS)BD9a!KR9r_39Je>2MZ;1>UnA(`dN7L1$xQ@&k7NJ*vVO%GLWPS*me%S
zm}8Ix$5&Gy;P<7*9X&RatJ@E|H|>qXE9!p-s&#|S*uO>H>%hV<K9a`$4EEIMa1c`d
zakCRV+#S=+`6DJxAmW4M9xRAL_9A@do@)kg>AUsjJH;N1bRVUerw1dXq@Jx6BguSd
z`07rb<25r;YdoT?FxZcd7X8a58w^e9bu1fbrQJrTEYn!nl<Ywn-Lqr8Jws?w^AXR@
z5DnkTdF3@5P)-jr#q0!sQW3qn;IT9`fj&dvS4h}#-}K4eEm(d%*mLSPOY|*IJ5mNw
zCVR0rZ=r9**@}rV_Lj|>X-tBFdAf8zSRLX@Ba%qI{rR{nDNO(qYjoS<6N=-Ttqrs%
zZ;BsEVyk#$Jjj-J4m%5~<;y5>$B9=YwJ-pv2S&F9*!d1}5T`CL!EQVD?e2b^UYHvk
zDL3GA@RQPVT9X;J@povb<eL~W^{=Id511a~?A-T~hfQVV9R;R&0k+10U7$+^v+aCO
zq$gxl&(LJHDF_)DGk~(PE0+02w7|&)gQxrnaLt>-v5%o4b}>|2mTy0!9m~n;9$i(N
zVLr*a!{3;Z*gux`Qv=mb2aiwUMI5XS*<x5NN!?Kd{Fku<EMdQ{8ozX8i}!wi@WFl_
z)JGlOY`-4=KmQD0WJ$ez@tyH}i2rZpqYzWVrIWq`MiG6m4#I7YK{`Q(8z4?#U3cgH
z%RU4*72<PM+x_&2etKj;>TjzN60n^G5T-f48KGx+psKFb!%F@ikhQ;xD41Z9=?msh
z&uv_AMBo6?L6QPn2Q9TD-&8b+Tg)m{Y{T*H2Cuyvss@zD9qcsGoj#SS=H_&Zn4Te=
zN|#|>N4<HOj|KL2Uo0aJ+Sua-kdtfsnC3AmJj_#SY<CtPykt5BFWuqpxIKC0F%s^s
zf_Q;$0lk`E&+lW+U|2oEgQY%V>K=cU2-|X%QMst)Cq!AR+st!gXS<tlIfs0st2{$B
zD#=3(J&dIfOcrhtN9e5djw?1SC&xEw%i6h3_x;SV72;feoc^cOaiR;ISH1y&?!@E*
zY3%OM5L+v?!wJK7CZ`O`5{3?@<||?RRnQF<`;913nX7D(^SljC?LiDK1LVD27w5^$
z$!Qg{?@Y>>hZM?u8S1;6{nlbZ11pymwJcp4)e=0}xc-|3go_79GIH0h*UdvZ%5u**
zW%;$vE+N2K^KtWxq<DhLR6!V0*iZFTZY2~lo}@34x^yYH<Qk=VbZ<_2I$6&6?9&2u
z8zswRj<#O<E9s?=6|S)MO*U@-PQS8${ckHTS?Q;@O*}T&DsN57_qVx=?NqDp^*L9w
zBkYpCw_JSth=MQ1>yb`cI)n4eVtc!_<7UV}>+X+rA+E^ZNVamW@Sd+5WSFaPOhwgq
zb=9grbxGomycSYsMPe;rfcjyBiLJU|5(`s_Tybq03%1t}DJPFQk4UCcQMZfz=Gey!
zwCKU}Uj72J?SCk@aw=`$JvUZ0_xMI|B{!n9iBWsBQ<YyZa+bWe@)pH>FeUtUS!B&m
zucT2XBpd%iG%_=Sqq6f4DG#dhD}2^if1EBd`ueHUwX)?JGmV_y&%6fhd%v^T@7QHG
z6u;KbAlKOV#5hnx31_TXsi>+N%!@Rs=EazNpUdg><put0K1U@!@Y&Y@LHD+tLa6|O
z=0B-Ok_KR|zi<ob7KWEy3j;uhA<<VbxE`np;AxjAuz$7yo#Pv`dCs6`!xM~rz^8Mb
z0wn4SupIyOpcJsqAWjMQyaRyxziX1^p_LD5-E~ZQVA(_QS1YZS#Q(O!xLASJm0c+)
zKt~K_@p-RFF@7d72FSa87~p`3;XiBEf1{9t099W9q)^eM)V3LhZ<9Z+_1kRn_h{}w
z;bIV-9(oK~m}p#pZ()C&@7(GYB$zJr^T3tB|3S_w7M(M`ZcL2^q@aKNqA?mHVO7K$
z39{)Zn~<3=Rz`M|aFEiXH49*$3IjbQSpLnExf;K<HR^y1u(C(eEfv#XfGXqr)8yQE
zQ@A|5jobR%f4Y^tQfPT>enG&pr{$_%en9$38JSO3Tkm@vp4c$vku6=MWg4mxjL;S6
zuqjjtnj3uxbifMKhMiX<0=@FbSqqw0h-g_$3Efz=bP&W}i6yeMd&)d_kMW**Z5l~4
za){fHlV{0#r3H%8SSxAfUy7ixouD_kXsj#QaiC{8MXsHB$W0gI{s#gx;!&{*pCl=Z
z8V!K*mLf+KnC#i2YMi`ke@kjP8M0bGn^ZIlgqjWO$L8_jn{4(?rg%;G=7ey;5swtM
zrC#K@jPHZIJQEgCyO{-@u9~~BkU>gh+a2#2zd{bT6ga+f>Ojdujq{`2{g~y}l%JD6
zVq$QQYK|_4@$mHvrlFJ9bhPprJW}AEfB8BrKkXD5^L8xP=^Gu7(3`2BzHJ9{^-qGO
zg<Huf`b?ZWl+w;77#?Ce@Y!ksn}gn8P5|})vCsHdJ0|hhpGlRVSHEG0)dy=iSIw#S
zw2&m8AQgj8yk3R_e^v#2KDgX#vivt0`R}s*Kv4i^pZ$m_J|y~6#K6ZLCJHpsfc)t<
z@9Uh&xrQZDF&Di*%{^HAK6LQDrHoepvTMB1dJjlyHz=Hfd^||-{69KM@OR0))@3|7
zgBrc-f1Y5_+lCicA#{FS?I1}s9)r7fAdCILTUd5_Ryep~0kFrjw-2yVB&@&O3<zG7
zX-yjxOm2gSgD!o%2UYkM)_<q)D#HA^eQ;~C)z0s!huzV0d2o$vDLO0A&Q)M(m)bd+
zKG$!Ui9UhiE}!JHpz!9+19$wjpFU#jtJuJ<sTN&|t&?nXckJ!}2E4j1u<++vzbx4_
z($Au#rhm#^+TDFduOs?Nq`D!E9xZWAxQ#B2a|3H$(X6`z=br~PSxg5yobY%;Y;Rc?
z2-7d}<H~oYMLv3T%UQ%TEX01wMn@T8QfW*ypL=JWw-X!hBt8}INBeSA;u>Ah(aVqV
z?Hi{w?gp21tPT!Rc6oc{?M*ct*>mcQUKelB4^D6*Vo3_O>7J_Zs8b0`J|+`)-!W2D
zzefut6_dvRI>a9mf)5`*HW1$V4V&gM-735lpCJUt;2(hVO6Ge}>L_3LX}J4M))H9L
z5Hdgr4uJxQfdEGX8(#b#Lj#wWXTTg!c-e|o3&8<86%0p116TF(jM*1acR2~IFOs6}
zBw2u6hcooRah36fZdew+qH}4Lf2cA|tz-O&R!4o%EMu^`<|hYvan2>Xn5g2DWl3z$
z3x1y5<O0h)NmynbQ4lnl^uJF!6IwkoN&^f^C-p3@qPHNBRP-Z>dn%M-5q}LqsUZ;T
zLB{gGG_wONH>gNKk$lw9(0KpX1>j>~Ja>%0p%ztbypCn%cQ7d8zz=8)C<I(gxp=Zc
z!!}!DIv^nH{|E8!ztm;K=)xoTnAaqEJfriFh-^CMAX+vW`a_XQ&7m<ed{c12Um3T#
zpVR8dJYWYRO5^d%1#?vv@90JE$1_*x;5T?06qWlqnl1b&VnmE2`tkC($qR^)5~ueg
zp<n3a1hx;FM1Wi$0{j-d>b%3!XGi{$?!?R!bW!hPvm23sY|xx8>}4-Qu^1CJsRguc
ztyVne>SJ}0&NK}wkfbDIQC8?g6x=ooRt<HzifS*_-@2ZMY{_ftlSfyNi+ph&aO3l$
zF##=DVE|is0}bL??rvU7S>N8s9&()xOW?QcDIs_C4)m7D{g~m)bn7iA|H{3ajIz-^
zK@3|fP-{rk-S^(am4X;lS%HxgvKZ-7rkU=S%g%4j(BOZEGP&|Nk3psJ9I{&~02?nj
z?%z@_%tA4T8yt>}KhOo7kAQ&{6fL@_s=l<5PE+YH^u@MrhG_7(@38u^M9h{z+z{VX
z*whPJ?9Wzq--?Dlogi0|=g0C=i)42lbk?q5k8*SHJ2N!2WH{y470KL@chb;P+2*Z{
zh`<>MVtHD}54>c8*Pdoj*^%sey*T}%&wEvB%rmIs(}-YXi}qvTUqmjW`f{PX^U>~7
zF}4L}{!p_z{S|1dQJLNY{4BZyM~7s`|D@nKyS0yE>9v_Yw<JccD}lPXnzazJGNy#a
z_{HaC-7CC(AZv>;88Xd-%1CPUMNDTnR{9-2F3`kRuE3R8j=wUnOw^L#n3?j$V7(tE
zf(#e3y}d3pr4&@#_aa`c+EFSL*Oq!_oXNV?=hdN+@^I_vTvO8~H_m#DM{im4NksSP
zpQp|nDOcy?#>te>(f~~s_~u)EeTt07y7%ViCOWvO#|Q2lSN?`GoW#==efd}g?Yo;N
zVpzC>;{5NtxJ1X}#%xPzw)NA}r4~)G6V~%H?F&apM8vAm=l5!7FjI9)<2ca$dw}5p
zmcp((4f6({!64%Q9Q_9cT!G8({i*Z+jROlj`u-(Mo9@;AM$Xk)mo0|BdJCWg&GeWl
z;Do}{i2~NP{puzn$XDRN{1<_5e*yG>$(NClAv9-qXY2i42kz+$hX`(aFCDm1c$epI
z4m?PDiyasZ0&m>^Ek<&A6>qZ#qD%!?qAGxDI6&&o-pwxn#D{{wjUT{?$l0TlgUW}}
z{gUhNc_F$SYomY@?${LlCsGhihxa0QmOuA17CMTA2|jma@os!uIDaEMsYqJj4Nrq1
z!Bg1xRFkIBP>^D<g_F#6Wy7>4RW3XM@BiL@7M~=j5Kt&Kyq~(q*>JHVAt8FpswyCT
z%KJVF)ob%iQmwGAwi-o7EmgFXTeu)<BTduSmQ3TpM%+;O(J2<z;g9k8xT%#w*=5~X
zf%0IH{xf3d=kaL4N9+r4cauQGZZ4aBJP5~DBys=KgP8dIv%xf((WfvzF|Ra6dquVF
z`W{k{ODSVbG<{j}9cOpw8#-mc4Ggi7ReU#>P@0j0V^^g-8djI82Qw`nm>!64Wc<4m
zH+A+r)b~cSjgw}W`5B~Q+@Q}XlGfkVp`^4L!+npd@NnPoN740a+67Gn>fDbaegr7A
zZrU<b$Z&%e@FkQVU<Qw!T8|p`Yd=(9AU;Tyou&&Sa`YDT&6)SXg{x6%%{+cYTjFzn
zrliQrS{~gE^XEa&JW$Bj=%#vGpmFLCb+V)6kpG~IOdcb5Lr>Eg$%b=pFGXf<!S0;`
zq={Q`P+nt4*Wod1q*?2>S|}LevoD1hItD2%>A0y`&V)^kC?xi~T>6)Hx&Bhw3#Vx`
z5>y{H-01Iq#~-aJ#$zU>W%bG-{}bKKo@T*^#Ze2v%}<CQWy!jkc=?~*VlDQc-uv5i
zLGQ@(H&4<GG}+#eA+qadB7d?+xJxh0-=-z!LVrIIqVdr8hLHMYouG`f>|GhAK`rv%
zKVU}hjeJ?weax9QoUSk9iV~2wJH0ipIa7qpKXhXYcT-2iHmWi_2HHeImb&Zy{2Yvv
z=3V7zKLK_GMgV6)hBfn15;@y8$H(t@=79ZTPf()5mG<YZ{k#8tK*H;^#9Xb-S*m;T
zuyYaM8t(Y0A43O(7|@k~(mp&9BSDJ*7v`TKJ_U-HK*NYmfPtF8QoHHk?R1eT|C*W_
zYCenlGmyllcoElgw8FQ}5Sn|!2o;732{Ccc3(i%z&b->`XqywNS%Ev0bM35-H8dD9
z?JX{)fP&}Xh~swwy`4Cz==x6`$3f6?fB}7>8fWeR)Luy`KQk*Ues6I^i##QMd#<@#
zPuQgO+lmKtXLD9;Rt&Myljfnbom38mu-e+%;(6-;{hjJp>roQ?u0|F)XxwUOY-}9!
zje0MVl4J)u1S~Ctim*Rcw&)P7+2=jkKli8<4I<VC0h3*b>Rle7Y$xP&C>j&}=IV2%
zTlU<b%tXo8mY0vEw4wIim&-%in_FAmN2!O4!F>_{`yOa1y^lG%PqJ0QdJ*(t3ObLh
z=vk!nToLToO(<En*3xBzPyy~esO6B`+Mwe?Z=RIe5gZ7lnq9#U9CoYy-I)6poy|r%
z@$c=#v3GC_i}?>ew54l9u1ri!Mwj;c-rhIe=fbCIC9J<nEN^R1u4?ydXmks2^hb3}
z8iRI(cT$&PW(wJ~3Kvap&w%W3B%h7OtqIf`hj0PU9yEqMGEhXO%@N+wuifKlzrz(;
z{MOGOw0++1*2Y-nkvvHUc+QY*o5+BTIH3)Zo&8LWY+>NuMmCxCJHb|X3VpoV>fBqt
zDQ67L-MLZV)^%H%Zr;y-vI&@icXtb>6-3AR`aKJx;^KIV2A)w(QR4fW{G09{0rm0J
zLN?ruN89)TJy;gIs6}R)-KLu$@1ULyDsLm9tx&$To`qPS4YUVu{`4l*1$p7{7c;<>
zozU3^2qZH<`Q)TyITwx53zNsEjR`bjT2>s=qQ#*K@`KGTwhh8z!l4C88L|SQB`pry
za?8c8!ez(TCZ8elqYy!gnJWHh<0a))dt=?aSo!Rn*6{)F{K7RvfWUGKe3DUX<}3s=
z3R+{pb}!7bR#N+kf_D>Jw0wOzQ*UiWZ}XvVA^%6O<A(%e>YB)z=9DPR2Qs10xVqtH
zewFLz<E%-^jNd)FwUzTMVTduSL4R%W=jL032fcc^wk=Acud(FBj|3|0W1F*cd<dj{
zfT!3*lsOJGFdHQj*s;!d5UNZp9X!?thrt~AqSQ{8yi}}&`&@G$qo|6bpAk(XIs6w%
zxs{xg>e4Y0U#!Ax@EcB74%di$4n2iP?FR3jx`iFHx6pb(L3V3urYjvVB#8~a7R9$b
zY8A6ywA%PRu0F)Py_D*nxM0|8c$%>^;MuT(AL;mN_@tumQ5o62q?VG09{HKS%$lR*
zDn*5yXFrzPKrsFm;vRUh(9xziJ+&j&4uV3LfN4&hYgB7~V`&l{-+g9=xV97rDe09h
z@--;+7lO+toVK{<^KpVf6>bxNpbGSw+|mcN-C%>`Vq!v!5<&6*OJ~Z6S5Fy(;s!da
zvkL@TK2nbU{?QPut5OvnF%izLp<_hDoRg%vuw9}4)Jrorp}p!OrG0EK@hQvc%xirZ
zKo#l>J0m|AR0!xqhBj(mbR-l`jvF0QY#tjM+gTeHd$>0}2)cr;>#B*LU29lY`CMQz
z?9o#BjrQPC{5BRx1{BsZcf_(-3@!#dN`Q?>oH@;izUAxAJ!mMYW=z-U%#5R7dIj$G
zcyA;H<-fy!vdn69`cpYfIWIYz%l4c?{1XtaMUdPzz&D;xw8R*Fa1c~3|M1v3U&m>+
zg7<2&s~MtmD;`BJqv;f1K%=3BRafy84Rg)<=~c7I0os>17e;awn?be9aGc;0j<W56
z^_MEfUM;z}%rb?9xE)1MfY0E(SVc^VSE~h&rxzEihaNB4HEWVHA+~sv!-fVd^6A}6
zF~{r7%=4qn)W{~=&8oAj-OJVR8+;?;)wc-_#A-X1dX?@iohNK-Sr4^lfemdm1LYr~
z&s<zK<6Y<9zq&I0S!s}dFQm1D%S<k|z#@TN176jR&@sdG3XN+UoIAxmsoiQsxy}qi
zwq;%RGe(i3LR;SItrB5h-Wx-Zb9zH@yQ7sl?;}p%O``>EUm~un_4noME+6kbFLK_c
zw|Jq~q^$os4s`ww6$WYGp0Z11ztd^|`~b=1WbVMZ$M@ty#;F97pjnX&cW&+BYV~Jy
zV$N(Bb+S0=NAYYFaC3ftohB5>+u-$O=r6zo5W-{}-zPx+>L_UE+Vr1vpos>Ad$ynf
zCUg$SF|Z?vtew>#Wmh=;{OQ%kPAStV2|p7t$}S?E5Kw7u4AI}RGC_$JIE~PJ1I!wV
zq)Bn#y5g&ibv~emgfFnaoa_X&q{G$EGg>+gU5^DVj=cT8kxv^G40>xg7p8I*gS)!A
zIwptqTBuW8H`Yd@M4OX15}a*EIxE?Cm2|H`F7ew<{QyUh<4nOn)Nr25ix=XUQr6I!
zc9SzwT1@WNKUXF^=BM?f^`!|##0|r(vj~$-AZvK{os#G-?{mP?_K$R>o8fJVqoc+x
zJmN13Zz}?%weiB%i-XF?_yEGcTgx%L6*C-Xk0EW8EznG9Ytb$F#*uSmN6|6g{-5FC
zET#aZ3ZKvv036Y{a+gU|6Et5fEbKfCCk}91JF@bi1wA3@OJ?MC>55An89WN7^5sVy
zYlV1Ch8dc=M(d;YvxkAkB7-PKQBOQ)Kx#Lr3Z$m0Izm?{O4(J}XB>AO$tOEYC8PbC
zEOtoLaH7{1sE8fk!Xx&(d17gnt;$<s;YN^pHOu^xs`GEsuQ^?uD)kQC09>y0+6w|I
z^`((x6lv<Wo2}=<xy;D=eTWxnF|#QG>ZwKKIxV5X8a54m3OTJegWFip=#IA3ZZh~2
zVtjh}*pIRUy3N9Zo7CvnCkds*QwI&_6$K1``^*n4ico`*=qN$WOeiu0<;I>v7vQNU
z4=NiVE>ig)t{<j<@E7`zKLT-ILbINr^(JezT^s)Vx=Z7mSyf&hWSXG3q3t5qWIDvg
zS&$gsHcJ_D^?>h1$=#tq7fM!%UFzDgyq~GQ$RTMDXdhiwB)5n23%VKi#y@{7*j2Y;
z*<U8;*l_WI4#QvjPNc=9_!fS+m!GNR3j%TSgobLP*s9$WF`hjtMU<sDDDDxjFSiBF
zF#BONs9{y3JjJmi=6fHjdBN&A>y6g-wM<ahYA_`5?8u{iD8BkxaZ(HF#w95^D<K()
zsJ}5mK8ZM+)Hym8MoRZ)^?$JU-f>NKS=%T+Dm)fMMQk)5Q4x_MNa$dps5BK65djf}
zC<H`$2~klLX*POO5Rfh{NEcC%Zs;TwrFW!5Ampq&0n~Tqn|Ef;eDgbhod1m6W#7B3
zz1G_6x-Qk&_)FurTgxN-EAN}0Zq7V_*vMW8mjG}8N(9U={(`&->A<b%zG<xp^N0-N
zL51l{)rtvMK>D_+`S2QGqsT6Kcj-~>eNnlE+gI)zH+~9Cf61?+bAcamb!e@|ukZPo
zA0OIjA;mwn%;rk&sf;3pM)ijJx}p?F!n>w@loOx3b7k8^W|tn8S{3zXn|AIp(IWw?
z6+Ds9RxcIla#3h){IKhLgOhDHZ$Uj@fZZmYV_ONv)t$BcnbMr54Lej7bgw<e8;VR8
z)NZd=3z0m&O7eco>0z!skv(49EV|6O1O{0@X}sYQ>yTl;5}d&y7wRDReWa1$=Vwp%
zp>wil?P(b~znu}7fQ?iGg{PO&PMm32<HMTk5EWkM^qKvJ+e;h4&rWr9u9tS~kQ=^|
zHosrONelofOM?(BtDwt<^xt<dIq3TatRBQuz$K}iwaRz1?emOhE<1;>+GsvQr}-Ee
zpgV$ELx-@tX?q_B4aE@Vi5A_`ASW0em^4HRw2vE1tE(7(0jeRRP6nhbdp@FN5c*`A
z*#q>3pyJb!ukKyz$pU)JD9m-t7Hv%pf}ae2>#&7EaGudX)=PzIF-U5xw5w_~{h?jC
zs@`d*{vXfZiCP-tQ(O<HU~j9g6S4~y{+4hFIFN^Uh+p@x?_DC7Kn8K85;@nltL1F_
z%?&$5<x;IbmXqzZGW~TtBh}i~(?*+OG4~ZsWVwAJpx6ajF2bYmId9-FE>gU)W8#ZS
zZ-|(yn5j2@HnQR>F#0uk7xrO7&cMrr>C2Zko;7pd)Jftv$|BepK?xtP{22p$xLEt}
zs?ZEY-Oc(0as_1TjhpR=A1xbLF=!|>U_;^t=|_k6lmbbNppM|xChFc3?*q6ng`?p*
z1bj54`IWePYbMuHBqZbrZc2X<&u&?nohYaKAD+l3Z*=A3A#Nox;c7*_@xVqA)U`fr
z{b+~|!5AgV9<Z)c^|HXFNN#xF=3n0DPAiAO1Z<|+o8Q*o1N2En#5JgbB<Eh5b^tr9
zEyPAGO<JTJizNJeQxKj@Sl%=f)f0Mh`%?v)8V*YJm+st06D7byNi|~D=!?~NC#Ke<
zy1;U>tI$s4h^MRtr|ekaLnyAfziP$$K{~xP*THJtDJy_%%<&c8<)QTgoNGWm4#P%S
z`ez|PCFWzJE7lI8Xz((S?xG!lFid*Wzl(0GrT>FBky$Z-?#E=3M)PprVb8AkQOUGJ
zFs^Y1O83ScjqF!!y4G$45ljY8_4?rKVi6KSPt{e`f?MsjE5A8gr6Au(Sv{_i%)*T;
zD>y3kY2{l0YY$;@C!xVTd_<bkTTs)EGv=uf&kUV^M2V>%Tr9!m?3HKQ3EV-nVajCH
zId)!=U^~`1opiFci&)Gtl}#<rshtSN3d%F@gwCg3CcYIeV<SXA!OYKk&f!JbZS^Is
zgUs2X<beK|&G7er!gL8h^asAz_Bd6Ubs-MgCN9am^z?o5yLN&m%g-yb2)4j*Zx^Hf
z*3NW7)&w={Y(>g)Zz!#=zc4rV;TwG{KIY<JO~P3Ri%=ECy4@|S5)Yg&F;>z6offvT
z<!dHt24i}Kum|M1cRDXOlLeXq*fa>m2~zoni{nt95n~0x>W^74&MMV_@w%R$HQaJt
z1sgBCZ)v_+aKZA0dQm_H0|ioroztvxyRmL_W}2yNtr+z3czY}7?xhzXrWjr@J;ocp
zXg!)fXKrzqfS|!LTBj@o16fq3uIM>mX)tKA6T8yfe0!!#zeyh3U$g(`Or-A?D~5){
z4ErN8l)Zn{%MH8T<y4T(yud-c@Mu^#>2~WhY`;Q_uR{!i6reWjr=>}okRp}^S(uY<
z<18k}`q>5-11TQn-}~@s{Aw0yuNON$YD#Mq%q*^*yH~U{|7mZ{mPwgs(Y4j1qZ)9z
zcNWJu*~bfF*%!oW-qqjtQJZ>@+42|_fqDGPO83p0edI&6tuCGmMLA6}y}Bvhbl;rx
zgD~BauQ_b1`_pNlS;4Zyf`TLVMv)4^i&{s?x__Pv*I~a@(7wIJDGe$E7B{SCzc!sO
zitS!cby;}2=cj=>WChcK=S4|m=D_RlZ^_%Naa(sMrdz})h6kFzzcx?yAQ#jY%Rdo5
z`pb|V3YD5@W29uD4j3Wnp?<5h@d<<ug>En=p03sEheBElHM0O}zTgXS1Ke24_t+N*
z5$P|NQQ<OR=6IxQXYq!5nf-;Vy!>r)WR^x3?`oj)r5m?JNP#vD4BQ&5Yo<;IixQ;8
z(~k6(wuea`DWbMBLynhbnROo@e&r}`(H0_MNoGp^iea~dKt<HyS`S1m<D&Nrk1sWB
z$FsGQ4;?eZAdm_cSGV|p<1uutjy4F#b|>~jY|(4sxd~1OXpeMqKm5u^5R1PJsjgw8
znD7MwT$J^f-a(<T`9l5}$cq4JR~-;Rbn`Nte6-Zq=)D{Ik^x76U7YI$k6e9iv3H2f
z>`3hEaFgl&Q<Uye4e7y0cj`>z42Ty8E1bAt!0xzW-Y?r7u@XQ=_@V9=;5v<_cxL8n
z!%N4{Y9`0#W;Zb`o0zXA^0?mT<Y!L3uJNfGHv$_x(%Q$U$z23DL&YUO)J=|uD4g)~
z7T{rGTk=ZT$)4z<cR(hj+`QOYFmI=wJWf5#POCY7UHurfk$>c$c}Bt{I_FOJnIA%D
z7?L_;j6run=;zyj#V@DT#k`$w;zfn<^jmXa$j)DyZVRBdb!-ZpOi=eQlt5AfJ}4cA
zIDnR7VJM4$!&w-YUi!yb*$A(G(q_!gO|bpUMXGJT3u!6Ub~kj<Z6qS&#-uW6`Jm(P
z2oB{CB^RU9&R0)Zg_5i=CQ%k`SF&4m9NTmx(f{KOQB}WtaHx$4t<_S4@O1=&t<Bh2
z(v&GjgaCjr-4NajD4kjR%27dgU^C{zM&P+d+(CKb^;K`V2!2w#2*!I8uvg?n^_nw9
z$Fv$vVgpIMkpedDGx><6Oz%8Oz#A_aF4|4{+c4DmV(QF5zx;?))}`BcPI6yKPIRTl
z_&0ChjQ`#$qN!b@FO|D*NHru7Gqgv=jGIIAV|nX=jS|SQ=7IUg_>85!oZjjPv=bz+
zdP<UKohgcTl^?uj)OFtnj6I8D)o&<?%+9O0#(^Q*24PFoF|3EB2IuUpmn|8skMj-^
z1s4XHd&8Q^#-!Ii`BYME53j>*lS;yN+{;}R#E44bk)3&7nl}|lP>7C1J4+q1psqWR
zAn@}bvOK?byLVa`T6bx$ULGHn&_4j$z8J`cF(rqhOeZZtAK<HxYbPtlls-{chBlUU
z&BX<W8#`5Z5&W9uW`n~l(-ViBYWHdX(6aBXc!Ej`Z2q9S)1>BB;ciL*T6cNXFU<oZ
zG8|w0I$*ToVqp%%H&PBh%uo+V=6vSg$FF!21C#xi8SrmRNnfs?B50rZ=J@)5E=HYx
z0^?DjMyCaW^d$$bF3rU`3F?_UAy0(t$D1*IqA=~BEIB;PSfzBsOUu@Pz8wF(_5FW%
zSz1k`7tU#$4hY^ILAob`8GF$Y5mD=%4i%9v-Du>4h$k+8$MQJ-NBS3k9Fe}T^)Bd7
z;PCv5_{->!-Vvsk^XmQ9;g))h$I_>kx@39$kP-fU02`ow{C|v~tc76fi1l^IbcdxL
z2s}e>j_R#6k|j6ao=0Qn?M-g92YdKWmVuszRiwbw9v$t7P39K|cpfPuwQ9du8bxq0
zx`hxVk{oFhcCtuYJvh7z$U;=5FKF+tjdAi4BHnLWPa1^Hzf_JB<GxU1^0FpX$ySx4
z-40V@n|j`YF9s^9e*Hv`h~b<Zp&;&pj)|!qtzyg^gM$7^@hY`D5=?R$fn}F;p^zDs
z_m<@v&iiKQ5i74<F$<1)&x=`p`(!&nnPaxKke`f~>vZ~{(r(BU`a#~gS7MBk7MA>G
z>^FN?GMc_$N&G36bog@Zd?+5>uoZJWMUh?Cj+jvTH%}(`1&sW$q45$aSl8g(q5dal
zB<si^j^<*QUg`^aTJ*`ZVk%!bePr3MCTWvQ$Wh?d6qHS#FIA6vMe5M2&@^>NS=p)C
z8Z?XN?IZZz*{`6RyyP>`Ee<m~oY_D6-HQK5X4n6^dh==`hs%8VX^Mplb)E|^C)cj5
zPT0&=@4o-vT7&=ef(ILdfB*g<!Y*n(^tbi}G*1ydqJ@2;p0aVIpF8lsuz~&)T^|>?
zylPweYI~vl&tU@eTX;6mbX%5J=lbQX)i11Z&>jD>-y~h&@ZlDaq%v?Gdw6(tHxfKA
z8EbwCDI%=UktAN?`RH&$F$Sge=;yAV_zmWpMtg);yYb1WU+njKb(i$vE4g+3SAz1t
z`LzVAd^d?@zX9<a@Tws~69{$eOF*d6KOS~AKv%_3=fCl43{&5KlgS!%r5<r4F6^^-
zVCfPgV3zu>y5m~f#UQLZem%n6h8%&uKKbbSuD8IUv$V@amMmVNd{J|rEVy71h^$<0
zeVN{bT^(bsH-j5KZ`a;UxQI>1!ii)P9)oN$D~`!%Pa+9ewq7{?D6m+-4ICds=ow+7
zkDTd$&8?BXcBTyu^i&h}5#vs#yhae}v~FDe7&0D8<ioQ+jt-zA664VG9UejlQ3x=d
z)}X5lTQG&6uwW^9pNLZIlQ_-3%5hPZTTx|N+i1N2r%s>U5R^Ktr#HUx+KFi}Q20~2
zB0n~o`;no^Wq~GDD(BjW#J8oTrNGpyOfk@51ka1^((F9OE<g-ui)o>~7jM>l2edZE
z4Q7tPZbf&}7&imIhnhRV*!&%+allC-!nR9)*PaNk(xCGZ!*KZ3!$=w$N=W#F4Co-*
zU<ltu^roIDBeFkMa13kZ$~^V^je7}rlWHzsQ>dBk5pP2Hr)Z|;0|VqV5_AmGF(kZN
zH}NEk?5Ez>XxOrr{(7E(AO2RVY#>)8T$R8_Ow!NGh7)Wc=$l|~pJmKKQZV2aZ_MV`
zP70C0`a#9v(A-RS%%?#(sxY7oXkSPIuD*vXCkX(^g95m#M(443ct8%21Qs%Jx1<=A
z>@aZtOJj*MiUD=tf*Blh2hz^bVrhFPU6dHo7ylj-8b0OsC-j-5x4ySDT8Fhn(kIcY
z85n`s5U}P5x)unEfaed`-#E?l#DH9<_EDf&zs2mBre?S^c?@BJ*$GfbIC|IGfm9R$
z`Bbt7t;`=`r$VsM*f8!~vX?>Lkvl;D^3a3(&M1IVx6w}e^+Ixl<>rV!`tuujc>*r?
z?C6vSGPEv;-^Rxo7#Jb5cTO=q)WL!r-sac<ls#<@*G9G5!gl8@Sm0jnSjQj?{rnj0
ztE)$vP<~21A0yy20r+~cwU`2gW56$?0HsTFz2U>ynQ$5%mc|gJjL<pS@*CG5q6OEL
z5=o&-Gtof=A--zt*k_z#fQU|-qU6o~EdwBSp})mq6D9P;pZnFDWX&nt`oaLxG&gS?
zYR3#n=FOu45;v)l!+>pePPYj_2mwLs2EeI+IUX;?8dz<8{V8SM7)mIoH02`%hI35=
z=tY-036jLRA-RQ`j*f_2Glsjya0muR_P)NpK(`noanSBLmX0>eZuFPe>D4QGi`M1h
zw7kfusgh3V`p_dfs#XsCTIeN_I>3G3i%bSSs}Z2MAs@JSMQfTOKv{L8EGFc8zOgd4
zVx;<*XjMEyBiQq<)JLv+&z)O&ISJ1?o0zNx+nO^Ykp7PL)_}u$+A}{YkZ5^JT-tmQ
zHLLe7D^s^ONy?T@rxm#Ev(vX5i}(Aw8whz!ixpn?4Y4sg+?gBwV<>z5rsuW~t3pvT
zcL{4B@J~H@w+kfTgJNU(=GH-l2|^(n0Z?gqoJ|>@>mA-Nuh1QrQ+FTaA!aXf9ZUCW
zRqfC06RBozy|aNgOZ%E@3tA=mO-r%I4jSGPp}{nC99*s%z|GrcP#>alY=%-AOfs}J
z?1;|b4z$%oR;r(rb$9ib@)>bJ4>Y}5SOaSZG24g?^I-u2FOB@3Psg)fY|)r@G)Rvs
zKKtH+H6oFyYdS5HHENp33MFp{78{iRYN<C`8$JOARdc`VR$iX4n%$@5QLndaX{81Z
zt;-bRAy(`f1{uE~c1+>gH=$9_9RSi}5HkN8)8G;<;N)?4cwv=e?XBZU{Uiv%3ULN%
zBk9fJq#<Kqnn*ogb<O0OOL}a{@l3@W-5qDio*MahNUQw>J14S)KTWc@e=TkI!RG7i
z7?&Rd;@;sM7Jo5(_yD`Y8BbKyKrm*Iy|>`icT@{w@M>iPV1Ij(dzFshha4N2J}z08
z_f)E}bKB(TixRi$>Jk_G#iF$FTdNot>13IFP|x9HIxquW_oZ}g^t40I43*N=Y=j_z
z&M#f%n9c`_AD9U!kst^S9E8Pl_3S(`)uC^i7_P$B3gidDsi~=VoU^BZR8Kx-hF@J4
zECY}uI=`Q4P{z%k)n{k;a11ObAfY>frBAbjSL?_ExiUQe2YDvEjr!$7C2p>=&o2}N
z(R-?WW^nVLQxbu8>u7V31R#(Q9?|{4BMM+PU@R5YI&uZ-l>qbzum<LaA$iC1fQe?8
z9ZaxTR1KGHHqYF#V}}I-8wX^DFzhqf$N0kE4*wX)|0RT`E*x?GQG*zy-{2UvChA<j
z;x%UELwx^dnfPx|X&R_{1#kLqLs?C$mPr9O{Q}_op-h_XJAtHN11~nFv1!;naww~C
zxpf_nbpq^UN+C$*-b;{LDV~M;PWHflYcL0EeJ)I@nrX=B&P|FEWt5ZbV9%o0V;X&d
zV-;i2lebG8ZG5>KBMF6YJL&lClr1CaQBkV58_&q0yvz$?y+}p^6P9u6vZ2RqB{L3u
z^l~EVB?9i4*q=+-Zt*I4UoJylAXYZkz#?>|nvSc8DvdF0f581b?zD3iy8GN&d&>ub
z*hqF8$K-E&WJkleG48`oUU*N^qt@PAUsh_4AGzZ#7RlIp42}Oq*A{hTcU>Rjll7%u
zVc)#{_3PMt7s}V4d#mG=XgITgPRksHvS`jkMw>9T1hc<IPcJn3<2nHVjkY#ho5(8j
zRAXz=x(>dm><IfO{I>*hv{^9&DQ)5sHX%N6uv-WS7+NuBpfskv6?;zhpv1gSm{~_j
z<k*AE$`;)lgg08+?^D{e!!DPPNWIxQe4{m+e;eleCGKw^j>1SsyT5HZ-yRa<Hfcw+
zCM$5V&Zu?x*Cc>a@E*7AJ-pjH4CH|7s}Pgb7paPswfy0`1#|KEfJu(+&0pGnTRC`l
zsEA(pzBBfvj$#MC)I_Q+9y%G}*O2P;6;mou*`=tP>!0Ay{ITG&;Q_f5)_Zw}2A~3I
z8M8@78{PT|;rs`nJ(eW_>i->l4R(stf-(dP9&isynFgRJN5?%NWCGn~zNn|hH*cQ)
zZT&DXB+v<tU}XRAvKb%-nTp=>)EY#!e#1SEu@sBO76E!=sk|BZS$<owfHS1a<^A&=
z@jpt<6RQ!>MouKi){MxBCH$QH%$|5*)BB*h7M5sQmK8Tfcqq{bdOb698-}R6rdB4q
za!~~4`hh@&L%y(76+QAilj5J}ym=7+{3cE1$N#g-KCST_U^_z}q#co=wbJ`PUgF~H
zzg!T_Crdn&b!ZnG<_2e6CLbjy#e2E_73FgPnBiWF)!w-nM96&H5i>M@fowS&+dclN
z;?B&YfWqPZI=foC&l{=lXi<C-1MZK3M0r+RI!|!Cm-k`iTFO4tE@DSS4R`S6>M}tc
zgAA!VP6;<`PrEc7$_cI<64NtLZCAW#YvBCs=Np&s9nKX0UM@;&S{3{B?gL}<`c>Dv
zREUCndRqk<o43`w_dh@AY8@G%*;g4cZy2cEEt%^6S2Mq5dRHj^$N8z|?umvZ1IO~m
zsCnyKTXo$Y*>LmjNK2BR?`TA5xWG0&IK7^B3>4jytc>f<HB2^a*n+VgdGO-POM4Yj
z$N3);)15<ksYzvaT?z5bTz1O3#&75H2kfzpo)!4Ww0-%4PDdulX+kb}OG8Cl?#v4%
zk%juxOb$^0+;CyeJGU6UVOnnx+@<G}-aYf1fyVFZD_Sjxa_8dS`xkaLOrG897*!QI
zv~b?2SA8#5#wp6cck~Oyzi%@;IGx~3z9~Wsp;x$#1PhgsI@D4YtDG-SHnwsXMzC=o
zu*^QQH&;0-)3fMclZ4FG8O?K{`#OsGd?(|BzQ~R52J)#IuEDsWWGTyTN6@P`+r=g9
zV5rBWn&kqkoO$V)glJ{ulh!1@xF_!}-@i@p+WPW=`V)Jj)6BJ(Zf(tCRgLi4+HX{^
zdMoyg{)L8TjXN>Xe?*?#fB*1syt;nYu0a57>I@z(9aZWmS1tJExef&U_XB+b{GMff
zZ<HVcT_N$v@BwMc>0r`rSD+PK;ocAfP+Z<7?UdM+sqoJ)rhjBrU{TjGE^FK@@sB{|
z%zw|S6w4buJdCL3EztY>6S|Yz)8zakoG{mtp#_58FmQ`#a$d64oX(zrXQrbW=tVM1
z;0-3iKcYtY6&gnI!4FS_k|w~xI#3BadX;Lqj^xhTictWfFAW2Pcv5?$5Y%Sk)ZoSq
zp_*9`@nrVKqKMD^wa*xRZue^$O_ZFcfv>kF6$0(uGQtLv{!mO<gyc<*J+^-mNYr|V
z9pZfO&v|ZE5^NE8sJ`a-)Gt_VD8{PHQ8Jb~f8v7ni3SI!uzMbO`#UULX2Nm#ANq`S
z>xCYHr?=D-Z^eku9qNJ}k1_yfZ&UbR*>?RE-sFJkG~?7Ne!Dl<{bw&~Uc);7_!j$3
zB!Pvs*88bttWHe%<2Q9)m7kRjqAzn}{1*4~a)Bt|1NJ^?@4^VPtJwG#jhcNTsrlDe
zUbBqlDBz-8nA~pOc-JN5{5rC%oB+|9`_!TSeNW2wv^0LYm(a+cc&t>yqT@=HSQDu_
z{i8tblf=P4b^L=Q%<5Ddyp2UgbsCMO_!h(7?i2~`$JFF^*&9$QRj+tveYx#AJDyO>
zmg`v|6iCNP(}3ECju7(~%dLDCM|38_5|s)fnJj)(Vf_=%JdR9^cY)PxRDupppCGdG
zDvGRkUAIXt-a|l6vGL26RKa@Lgj<|Cs`~n6d<iXthjmjKOde2${o`eZSAM`qkf->c
z@q(6@OdFhcH5-V~$Jy}tiS1A8l6{mrEkEu}@_Wx<y}zsNrV5GBcEB068+(vHK=s+a
z8D=GJnWkd(r&rG--C5;V7_dRTAh*sGJQ7PAow*wpo1FtEc-)J&XL$}Se++^WW5-mn
z7X;pJ&rsHVx{V-cS<*M99#UF3g__pvSN`(8?qyNgn=ASa8EhW-+cTeL;s*B&KkO5&
zyzl>vvL8hJ=)i8}M1rwAYKnE+-7~97*V=s?-k_v=TTt?$+)J#iZFk?v{Sj{l{|tm4
zPmtyF_jkbL)jywlX$2M9i9&^~d)}YQxTm8zDI!wvb8z2^6ZdUWz0`+(`p2ImcLJvz
zv!DDma!58$LAN6SOqDb~!n9A$e)Hb%ezD45vg;(=uXnB26cXwrK2g$rr*q9K=lJGZ
zgdk|;)Gw{HA>c>W)fAptmAP^EQMCfC*6aP;Iy8yOB}~$5!uEE?!S#^`)QW`avvRY4
zg35O9#OQ>liroovjwKVjEbt9dD{G1H1#RSZYsHcNN3Q<=r%fEH;H#XZl_#Xf#tSHj
zZsAWmJCHXA6j)RModFLNrW05GD+U%dwJGmE34wi$XgEwSJWfl60;OeskJljN#S?m)
z+_s+&$>-=-BYL{eqoqGC=z!mb2BttL8QS>-;+)fNL1$h7j}76Pkfv>ApUV1V!`i0t
zPt#Yi{grjtV^qE~1$Xs-4y@ZAqV;2%{HQ_g%PXQ}l&+Imi=Kg_s15g5+>;uiSN<!F
zU}0U31DJR<>b79WVHb;geSniMG3GLBru3Z>etQlVzigQ!X&iDFdDJ3jn6=%U`j5nH
z7#S|rB>34zWr<UtGYxegMmUP^)^nh+Di-NB+z+4*6*wV*GQ`r^yc9vF6%fZv0j)k>
z`W{4cH-)}LtC05Vh#vpzp$9qk{R`EkK*iJIR_h_gDiRtxG4D#W3H{s(%7~ny2OW-?
zcv)@kZC+g3stp~%c34xWdX#d1`PnK9fTAGs?M;2nCHiyjfPkAz;33`*vUKSeI43$S
zD=ABJnvAIWj@DOoy3_O1tg&7L%@xun4MAPUTTJFxc8~^cF(8pS6ZGH(8|K!e{&DrF
zdJPBgL3sU-c95&Cd0!nNDH??hdkdSYjqe#rqrgEeeRml2k%D?T$H(>&mHM$c7_4M>
zEB|inu7{BV6!QqVs~tjypL!96YN&ie$T^9NFSvV@Ue@m=1K^%;Ynz@h-#NDFv#Bok
zy^2=b%KNfoAcZxUIPYL8?{PY1_U`nh%(1#P;l)Z0y&MV}9rx!EE(2N^+rT{qeC%~=
zbXc9u-|~(;-{T39a3hvg!8hrxy;13IO^Bb{(aOCSFGf57j=ZqvJeR~v8*KcpJ~w!!
z7fv`5I>pBXQ{gCNN{^>cfyFC6x)MDD+cD|@0-&bZk$?YJbajZ#(J3+zm_uMideJ$G
zli**WjUXG{xN!q2>Lz;BR^l2)hGQ=f#QA>=V+OP)z@BN@UlZkF#SKg`#git{)nR6t
zBq0BzA;nhFg}Ki}4%3rDz^_N13YN!0R!ttLE~Diq5Qa`mv%!%fAvOGgs$B8JY@HQ7
z3R>#4vo;YFW#-)T44QKXS3zc~^j>9Luspfw(Ku*LFs`R%nSqO)Q*wG5NkzwS1?=tx
z<$(}6yE_Pp{XT{dcadzG4<6(T^2Da*L2{-`VYTMG%)~s^WqjyJHYBt+z*EeTBE*Tl
zu_8!)2fo;#da|e2NM45eUB@8<xI*s&jiERZ8b|?##L%->E09df$lIGp3M8C6rBO@j
zZ<#tFrv_>}lI~|40y;n%;pL??d_(h5d~TJ@dMEz8Y{wu7?d(fF`A$j_>AAn4=ZzZ~
zzS=|P+nsQ+AA=VTK7c2gj$a14r4;lAJB~n1at!G*Ys2TpU6@;1y73?VmW529mK4h8
znuBIRE=L-BwqeZ;(YVXJ+0FQAv@Ug@&oarK({45lXh2kzT_tm4gmM=tFm8yX!&1sQ
zelqQx*m+a~CGPs*nwg}oPL;HKc}jRsTLR0_gC{H`EQf5VmEy8;jbmq*a(F3EU+WDo
zr~RcR{U$=#u$GyO2KUnr-3$zsG+|`AlIy3rx%PaDhC0Vf3B%?!I-RyY`ny`mWqq%^
zB9hV-jMs|)=x~iEaJ#x0_Ht>`1=6-Ezr#bVUKUfGk7%_%8Ik#kHCoE!c2H*`yz%FI
zs0;OcyqnI1yub6YEj6bkETQR)pweq&3fsL;?QCaRTTX4*KIMI9bwyHoQuXOX_Io3Y
zSp+}q^daM0PYOI>OrdOOc0RL*daL9iO?7qAc;*q+s(Mw-#xoo-nRP}vPWL-fvJc4<
zJMbPn)sm-#4`hXOKG1Ybj|$HN>U^34(7|R<2;Rhj{mcjX<Y#JymH3B!MW6QAMdbGn
ztLs`DsPVoU;y1l+<b>SWABtb!3o|)TO75>EhRv5lAX@N9*Fw_rY{$MdzW2=y>l*h(
zsM($0OB6X@dRP!4WDoS6O%!no;VkNZg0h;vUH+*VDiP*~qL4(Y6M1O4yI(sevcAw5
znGdREy5SY9cKofP>11ohw+RKxpn2LwuE5HV0<Ern>_+Om4<!%s$o7sLtmT9>wQc61
z#7AgNpIYeV1)#`X08U*%W+AD4xAA4Mq{&sa>4+2)H-<CcVIq3zbmOcXrM*$s_9adr
z|NDf;7`NX0+1E=1vuE8wk;H5?hi$Qu7;t~$Q(H2J?Bb@(W`?VGp-{1mX@`k{vn$K#
zV2So-N_S>VagsrSpb#5PH0SMC5P-r_8mM=k+>5mXy(!TPX8zP+pYgqru7={6TUdL`
zX`qdjx1VBHmlDpX05T0}#|7aTNLFu#Dwvk~cx|8Xp!5CFPYiEUZ9f_;j>s?6S3L^x
zbrm@jgqte<@~lA`Xsk*`Q&u4?oL_klwQ3zv<qQr83X*DZG<6=&SQVt*F8c!zUb1s#
zM?ea~BsHqw`=KEDxyepnUp9v$Al>sAeUcfBU&_(5>dxu2893+Bc_;bj-G#p%!gV3j
zUn^ZUgKDJ1$nXkkm-isb4+vFf7tntoN;!9-3YJDf|I`Oa27y^{^*E4$BT27ga!ay0
zUzF*L^{eJ!&p;Rle?El&2(d>l%l=N!PQZhhgjbf+Ie+dt?*|Nrh0BtebxScJ&9;Yu
z*w?~KhGP(VebF{gkG1Ptp$pncBP&DRyc|*@??Otx5swOK;xhFTG-`!Q2%6z1_p4Ha
zDTqlU`!+N<suFaY(}Z*Q>~n9LIb3t<&@sl)(<bm_{7Ya80a_5f!9bfO*8{qvMydT~
zj;uV8m)AC>IvYFYu(rBrvS-5KR;N~|BXYI}^qUcRms!6T%MNpmY&E~heM^|mCxEoP
zpVe4%_OIBWJy{>0gLwQSNw#hJ9EQg2eM+Hi{1T_Cb68rj(4(~WnM7bF`X1`>?$}Tz
zpYJjd+qf7%;U@bvvi8uSLzz+crLQ}l)7Bmr;#YWWJe=XyI<=dBI}=D8ARG3c_D{-G
zT}2=&A8sGAZhOb%0@>kpY%))M4i~Mv7N3*d!G3d$Gb3Zj{30W%DOCLJ@>k!N#`K=a
zs-2!;Qm0miQNQOJvMerVhA;S=CCvE7G^9Hnb=SDewB#G?;V!6ckR?xFn#|nXVRmNW
ze2`dweFio^O;|o<Gc}b+wDm7l%{#snN+X@_4Kjv&+-DiT?;orW*i-&ia6)_6R^JBF
z$oKYp!Y`VwTtPV;@o!+R8O3p}4Azll!c`cBWlD&Dc`_ghA?DLV+n)CPWUJf*|4FCB
z_-7{bzq2CFc;bNu`~~jj)>A?AT@fqu`&#<n5Z4{*TLRhtk2$=OVfhEWLY7}XTRthX
z)P)vzA^nQS=G3|y15s7l@q4tL{b|kG?FJVhC}@4<lz`S9bZ`X*@P{C(-eKMh8e8<`
zw0b+{T&Smy;I=+|l9S%&2!WO(U&<ED`8Q+6tg-7VIhO`T{4L>P!sRoE!@6EWG9@(d
z;)2=0%R9EfiV4_^yUs;hG1I+ntfWL=%M%#~?#Db27j{$r)5qABFwAE5G#9hIrOji8
zIc!Qvci_T)+Y~Ncb|%wF&4$K7iv~}x`Xlv<#?F$v{I!<|*N(}tVW^8cMloD@?*_ZB
z70xw}#^7cL45TfZ_Nzx+zVEVr;^1QzY1e(nC&@|Z4VfuVN-i5oDRmssIU$AZTCIb%
zH4T2L8DE+mm!ualahZSW#^45T5fzK8I1V#z1r2hsyO1(&wWwe<-^V-4i&hPny#R(Y
zIbn$mZ@>Cijzh;Q6vm#tO}QFD(#uwX3~g*q(`#dkXuB(<3;U}CeOQ@%l)|H=Su3HZ
zV%d2MIOdgJIUSqQnpyjDd2$QQ+D~3t=CB>56oiNmZ7s=Wf1|rEU$ib9y<yW}L9Jha
zm|}2Fit6NkyY_X1au&qmMRb~#rccI=z~u$YNVf1fbA9p%F?&9G{;Y`U6Vyz;_EBS@
zn7qk1p_xvdUEb3=BGs1`=?VE``LAa^{yeVUylb0zkGYX@u+2f!@*&t(U*rU&sDD=#
z()N`|2Dt^syn8m?geIob394os94Jpw3bS?CfYb><WFdS$tL7NRiT5L(jIaeB*l^(4
zMFQD<nA~<g;BcXrRGyqb7#!zB@XDwVF=<Js3l2H$7);4X!5+gh^TnK!PtHl1yA#19
zo!OvTqu6O{h{#pYA9;{C5ZZ+~l-YYIL=5ZQZysXyHHaS6BFkLX+bX;o^S-P&ub?k9
z$qRUwz%!!#K_gsFRn=QAmJ)6<p*~X#Gr#Z{H1VI>8h$RTWKh<!sL(tX1T>gsKQ|~k
zS=Zm$)czei@b`Acs>(25#4uz_%sl%?hT$ip<-ct7xCyA+%hX%VUCZlR%^Ri1yToFd
zF;xcHSepahl1>u9IBDmaePH3h8iUKu55FUMgyHj}%k!s4nKWGW$<|3t|K9#gzU`Rr
z-aKi;HrBdA+Bx3+a%PIWhY<1+WD7E=jRcC^3)<FciT+Z2@mHUh?1BSZ<I7`dd8&#6
z_1LB->RKRvgrwV!<rgcHzVtLGSf>f-@J{!-8oPG!x)u5n1j+X(1ViVhk<LEglX-%g
zdL`SiTkk8o@=Tj!_H$2xoQ7UZNbb9rVpZC47OVq`Hb-p=$s5*fLbpp)WXIiEo;`tR
zl8mEaW9jGn6R@%2EJn9OD&ornfvx)#H}Ag~+UHA16w0}Letq%bfio)CFWz1)B=<h(
zoyBwMppx^V2OP5<`ERJqoJq~JZe%jh9(^=?xpVGJ(NrN*KA%Zu!Ri~!-a+u9wa(8y
z*F&{sui-=MnJ0lXkAH6bL(dpt?F%8o>Snq3&$b^P;Oy?v<WS`ce{os-k5J~8_)20;
zp4(MNd9$*h^yH(LZt6KSG}n`pJounIn6@8|{$1u=5p|2$5_c&=hM~;`m-Nq=9m-)=
zPp_sD4+cntU4Nn+oFf--g5WppOO6nrNS|Hl@l~^-sI<2{(ZGxQbjKT|y6t(bH$6rU
z>CEj#;(%<Gg8}P-R%iDUMcwy#oVQBR9_m39&V$Q?+x|fzI17ma`syBURbV=^m-w+H
z6}{H$@|A$_OOKrnN+jsYIM$pwrN*H#9fVeyAFA@bZV~vNF+)xwf9753hCzKE{`xH;
z$w!AoL$k)Udh8GyFZ#aY%8J<vdCoo3s{ZLE#=IReBEb)JvzZ8X??RN;S)Eln#GCP;
zCIYlGM{J|^Cx6O}%9FF`9NC~!pf$r^Z_uO4FBOfo`|VQ?D6?y#fk8(tUD0DXYXgo5
z^I%g!?+!TndWB3^SR`+NK8NhTF9ON082>|$@)xu5_Xu@Yj{~6a?=W@#U-L8?d(k-#
z6Fpnw?2zI*@70KQz+LAH%1GH6pm?gQsvvL(fxtm(Y6LPds`aAHL1z(dO6_)sDT;RT
z{ah}FucyG}N(L$3D_25fY$xmO3>N$EQKvzZ0HM`IMCxeDlr*KfzmnH8AWS-4@dt?)
zK`}jCIt#=Ukd%bxR#mEU-ui)zv&nyQ2mgU&F~4XlrpJn)Lxb$0sHgQbQ*_(8<S%ux
zk=E>Y8IfKFEnR3PXp{i)U<XZ2mtcysbas4hV7dA$kPtsjo<uv1Qbci7GOIejaOJM4
zfwzsPfd2*!)lx{104#@;&{)fut+x=;@6bTMwC99nB}h|724-Y8fHd`rl1Ks$$!#LX
zP$T59=xlVYvi|4=Ma{C~4U$N-R-&O+x_ldWZb<o3sAFTl>t3*-qN2&!m}^drnz51i
zOp&)0=s~%0DaZJit}n%uFOMc9Bp_vMAU%o1Hl&V@4#*fuTE1J{#jW=>3-2~Ppq-v*
zbw=`(&IHKw?%2M)%XjtNY{dR;jT{Dt6mlI{-c1d%JZYF05(L+)&-tR|<;7;c-)Gkj
zy*)W?T>fmAPBRxf%gh-wj@IIGV*dP>n==&&CbixLey&{x=hrQ>tb^tVB8u3xA!2v|
zkihu^`1=!GRaWxEd7QN6yS5{FTV)zDTehzA-Hvgr5jkaBrvW-D3WG(J)?0{!ns}BS
zojfED_sG~O(Zo+|MCoalr`HFf49*uifJ_aPJC(AmVyFXh<MH2pBg=PH&#ILwBh3Ag
zTy<w#q`-}Gg+JnU1wQ-S=3^$1t!!2D<l~U*zG}8B&$G6+?`K1}@FGD#O>SbW&(6+3
zi)DRPp;2#`<PSaQ1@UZ~F44l<3G;@KNOkDqS|8inw!T<WktcGPmkAXP+CDCSGQ2W}
z`JwUI?+HGpY&I0{BOf?F*QBY=kzg8eYaMU?>kDVnquSVYwIL@B=*K<@ue{pnp9(L_
zeGmA|n?PF&FBRppiJ188eBxG=k2kw`Vn;i<>=0L8n|I7@pe~h5#WK@6CCxT{tu|U&
zmwfzwWrFL2;5otAZ@J_V5TZ8lqsw8gnuD1GlpduG1SFF;S$Mf5F3=uiNz_sUE^fG^
z*4~gRb>Mw@RCrB}(-Yo<0+Oe0hupql{MUZ(p(}>gvZ*y>vrJi(^p;1LeVE*flAvH3
z(i$4+-amv&R--{@`-}FqbUqNqorQdcr2B`Xm^#xp`g{(R46jxpTQ4013o;&%x403r
zHK2#4clrAj(F=ney~&)rY)*hc^;>P_JSC{dL%6Dr<%9nQL^eZ6^=a*TRo0#;acU#v
zLb`4KxLZs!EDFI9*~1w;k)NsO|IloB+jt^x@3tkI$)*@Qp6n6MEo(c=txpZpWLdHY
z-!wsD6mcEnJW$<0YcpyfAzvTlJk{!tlbfys73y8@=N8+jg9Z5u!QA=e#wzl?oj>i9
zqd?b%Rd;)kh{9JXI3+vV5r~Iiv_WIQ>|2jXLHNaX?kQa8)aoMxPD%L_1M@=3YZ#8Q
z!4d$fRpxXEqU&d9HQ@|ecWGWDP@6GKLhT_0lW_da(6^eF5CEA-hObPt&=V9Q8D6o_
zHU<!fTy=~anWu;@<m$V?egxTuWqC}*Hw3Ce2J+uN80G*7hzhN`*`>Uu=>z>)+81ds
z@;EU`D0D88u)03*1HoA`t!;X{azSE30>{m~G~@)TvjR+rfZ+I?G)ii@iL~?wq?GAx
zrzJohE`Jn~0=avF=KjjllORy=NN;UJ00e(DM#M%DL^Q#DxT=g1w!ee)?`0>WNpkI3
zvhp1UY59bb{x=*@e3#fL<m0`su@_vNjezZdT@$)!kjovF`2vad9(LOb5&UwuMlkOL
zG$4eg&}$8{g_cSeZVCWBYh(PK%UrE;D(RoW$zN(P$}zqF>k;va2$rKZG7tG98FvTv
zLv3*62FDvtW-@Z#i^6pSq8aDKLefNr1EzOd$sQn1dSzdY3fXTobGx{5|5{Qt=qOsz
zGEbEjCzXQ*xpKVf);Mf4x5)6n8LP0h)N;u6fe&y!*r@grRReVt4+ihIZ5-?@e;0lx
z>!aJx4|eMBGZ~nl(3Tc_YjN(`-1m4~lZX_>z;2Nn=$VIKY~(Rf`!R1a{V3SHc&&KT
zWJFud+>nTjw;-?8X3pz{&sYh54)BIa%MMM2aGPvy$IIFs9DzQ{_ZVsUvf%c#&hWTV
z4bX~Hrj|JrC1G<3(MsZH7cAdY?Md6IarRUg+T#{qQWA*p${K%1TZO@1xO8jyoc(0)
zXhpn**0aF5t^w0g4$HR0U|}iG4vj<gpTvu|MtYPiGz4L_4})S!ph<71@i+*c#Gunb
zjA<taViBj{=<Nt_co>^oEBZ!T9TI!J@2<6^&R=X^^2GZkq4r0%V2*o5an`OY^8~`H
zP>FN79xi9{k7k9#RA)w3DJYzN_d$tmJ!+hgKrq~v=yRVBonVi>q8<jJDO=`M5n|mN
zuG(y2YzT<5vI70`C&OVO%(WaB)t?VwhD=@J&yimW$o`qBO7pLvAc?->Xjvc-4F?~s
z2kahasMG@O*ftO+IS#Xmei?|v>gwrX!B2n<>WHUkjIlZ*e&llYt`{&#LjdV=LlMe<
zfguO^_kU^i1CJr<Yj;hQ3SH5_OpCrq`1y$!FJ3%wSsB#d%7m*txhXpq3+<Qe2RIIp
z`9&nYg{z=UAH?haUOxb+7|Dk%t=*-J*tX>r`n!cNg}OXD<I7cL(Q4m4%xHCYb{8*7
zDzGp0u*Ge<Mp2BFlglR^c@a{>AS5xL4>|=TaMcXvXw-GS#D*%c3qPd~f%p$X&vXfr
zIeph+ekGmly*l>6?9eZNZz7=N<JLpMNi$cUt#rI^y7^9I;@52j>R={-qzy3>>_5=#
z1a6Vbt&tbwP<JktC5m8k%JVyKB);4yBKv0a-r7NuQKzwrbg)Qfsf0@5V0vSK>5nVN
z2DaP>SL!i7d_VE-ZhE(jMn#6lj%x5t_*1QWgm5$5kVqL&I&r4=)K0<go!2)8mYp8C
z(V--zn!FJu{Fz6&R@aSb-ORYz3yD|QRjC#hjs4R1^K^)cQp#U7n!9-i)rP^e6wuAf
zDEFpH()SCu^C=|iP_Ci2xM5k}-Xq~M17FwG?AvwH{aFkgI4N@<TI?c_cM{5?Juxk-
z<4~#DasGo9^7nPZ9iHihI}OOy>Pjj1be?+!cyHRbPx>fN8O1(*Z`^{et*==pe{`d{
zTGS(zLUfw?7SHB{#=)WPKOGymFjbCrX=RXxS{hc+cMp^b^wE7I?G{n?EG8saLu74a
z;{095hC88I%4gH2(N^BD`fTXCQ~Oy3-5>8+g^ZPhM*_a_h00Bj6f&-j5O6r=<d~;U
z-SRv*O8<?s&2-jvp*;P?ky}4n;l9Ns({)=x_p9Jo<(ump*Lq}Y)vdwV)tuR-BUHk-
z6*I17zgMhvzUPWb!<LUVA|+#2?(QD+NcG|1JdR1=Cgo@WZ^zGh<+bZ2#C8Agmi+Hi
z9S#$ITR0KS^zSv$Aw(ZOd^r8y(YSs{p|0$vh<r)v@(TJF_U?bvDKNlA3<E6#9I65t
zi!ZMJPc}sTv0i)u0UZ57_sYTLi1WsSZGeb`SC<t|U-RTrO6Fod1wQGq8(oMbyA_Cv
z$=Nt}6#2CEhA*xG9blS49*97QL}p`STOS#aL8{FHl$A8gWdP`av-{!Blb9)VW#Kk*
zn#|6CUApB-L?X8T1qfmyN4FtvS8oN54lRxg72~X(9mf&+i1n-bgy>e|!WIno;&)2x
zX#SfMg-Db(2VvL|n}LI^jCJ?vRudvML|rnZsk`fs+NbAQZ6QdjK7DU#)_~WE2l&OC
zDb!3;kW9fWHPbG$+LFWWe(y~650$(wm3*yPwsxH@`8zxVJTB?Aw5=JH;Ze!7Gxh3K
z=cy{<lL>l<l5q0NkWOz9zpPoFqUf#m?EafAX6KIzod3A`c<S7~b6b_}-`MQd((~u4
zBd4Z?89GGbQ{zO^;>R10neb*4+BFtVoY2-bxnL*yNBdhwcg^Z5+<1yZ5yKmBh(sa;
z4nwGjEtmqJS55pH<F`utr;?4;$CK|dxNpJSg?-RtC&q5HO;&ndMQDo~Zd1!8=XWWF
zm37~fu(nOP!gD6v&epBD7>4J2hzz?3+qWMf%FS0M<0hw9C9}BUtkba$lgApTIb}2o
zrkO;0V=73Dd)7rTKiz^c+!BdN5}O}lZ~sBQI%~2qQms-bhS#D!AJZnu;0hy!wC!4Y
zWk|RqIYa(O$JN;wNn)79T+~cpEHTx7yzU;qaU_}8hI`pFWtH5LZBw3W#lQ%j=ye6%
zCYGuetz?atfq{WzWmoqV&j;f9)8=gT%sw|7NIP3~7FMoSEDpR_&Lt5i&oEOK=vrQ0
z-ovu$ZXvk0@DWPsQ{!Xk6d%ny8u@WTSvum%ASSj4<Ry`2JIfGvVq(1G-o^@k98N%Y
zcAi`Q3w)3=Me#vGQ`w&Qf|}@=UG?0iokDwm=}75;@P*qE0`tL4is{35!*6zmFEG^5
z-w7RO+a#Z4iZPIJFe=NgL5<^_UgECoI7R=WOOS}QB`2qhyF_F5Ju)y_YX-~%NOLSB
zF)`GSv!R<Y3m@&T>Vlt(j2SzoY}6uyH%5Qzgkem@7iChKg|ktTSYCd<d7A)3?9x?S
zn6i>^7yE^la_JdI(p&FC_&}A>#KgqFnRUlbD6sG0A%0}sf+_2$F^P$8pRF34&o#e_
zzoB)Eii-&gHC59z`(O)p3_1+;3atqlk6yt_4*B_UobyDx6LaCd-~#*M_C^2F0(-k@
z?TK*bikOHGC@A?sZg`I_2M&UU43FA0P2}O9>)id-<-{*f_{&Q#7A*GFupB7p#c+?$
z^-JTD^?%qIt5;U2VHc{oZKXITTo{^w^@`R!PE1xtMh3)`fYkeZZbCcR<&A#0UDDwI
z5>LlOwY;{F1T~3CSmrV6m{R(~D0e&|YOxDw2`PLcnX9g<(El5H5pr9A6GX20FaAi0
zz+f<y3vPU#_oJfryA;TE&^rfO@%ahfHU~S9hZ}cElon05vL*Y2v(!_$`Wk(i!6k~G
z_)Zf8m+|`KBRof-3-=H=0}|!SW4v&LfG3*0`Y+;UIII5mew(#K4F9O~Vq(9wT_bFK
zba(u(4>Qw>NPL`VX3q6vWY|WXQ!nYxu=@*x>6E&Q2Pj+EffvV`J~of>@6J8Ouhwok
ztGO!Exzl~T=YX;8Kw)v6p_QoOiT;L!O~=y>d6!q*LuOoh|H#~U-@T+^T|hUa_zhrM
z(CiVvzWJ~ZzSK0cj{A*^@qlY^Nt@)5?{QCpe{)iWBYSyil3t*XTBr(I+c<5|%CVyN
zbu0HfDa9yx$qd`CK4p!ijgv_=v7dKnRQ0fwHjc`%I;pg75w{vAEVWp(UC15J5Fs!m
z&oOr?Pwt#?J1&QuXylY9(PtMDeq!Q)M_9zY)B|azrMEK12ZEfUD$g9`Jl(_7IPlm(
zJ}@*VA~7d@JULXvioY^HYwm>))Qv{0d>o}+e%@q?yf8PWQOEt-r6-VeLW2`Kqno_Q
zqR%lYeGhGQ=#1B<*o2TEqj)}mU*5m}PW=bD{T{nV_qpAXm<_z#aImaEH;S;nHF0<9
z1|t`@1(I~d-i6;Zt%?+|_908P`J#FgCL>W#s-@z~q2i_(aJ=*hVAdB|IU05g|5bKi
zum{cmBHrGtn&8K#>+pgfvr}Vbydb!-+ERXoTThW}eDU&U+t!l@d{Nw(k?A{dHt3Ho
zpH7cVoPMk;F$YKEe?jDp7$C5=e<}oXg^G0hzDu=v;#U@ZE3#5qm+OA_dHs9+fl>+O
zki-soBovlw$QiZJbX58&_LEw;bKS24Yo-u^dG}(!f4$Obm8kDfia?<6Jz#(yqr|2)
zUIzv%u)hNmN@UH`W;pvyXJe?o*{xrDg@;%S0$D$M>3{nTJKJbg$OXO+o}W~!)wf_C
zd(bwIov@4X6B`;EFRZ!x0BH3dL)|9qDfItl@B}e&`e#Gs#h&&5?H`vC(1X@eiKaV*
z^d+l3KV88VWZ?0}Z8Ccx>q~DITw$6?0zu{K{P`a7z-IxXq6Oa?efC0e$I=C$PU$k;
z&1*o}ExOg}7MVGM+45(1<HsQX_)GWyi@%G7kUhG)*wrfu*77P`btoLV|6B)N6TbK&
zadEB|nQs`57r#ycPxJ)JyL2<=F_h8Jds``8Qaq96G)v2+3UfKj@$%0vVm4hl!u=*L
zxpLD8Z=&WS4<_$Vzuw@dOzO(e9bh>xFFI9N$z$Tu;am9B2N#90ExRScdA(db>|j}i
zS>t{a@?ny`Ozy$lg%lp3h(uZ!NOn1$zIHRlkXoW4cOE>4IRpLdY1-=F+0#$9Pv4l4
zEbB1Pm%2_YZ>-EL%O}4p+Tx=0OVV&~5xDk0Kaew!(#k5o*w-xXlDPQilxTHG0M#Qr
zzY|)bF;kuHyQ3n3-{c;eU!GmeXc#s0>oVFc-7U1YOU?KZAeg(?qNry`kAcCcZ+Tm~
zITTPJ8z(+cZrp8f_$%SSqAKaj?|%=$ji032tZ{O3iBel2Mcz{C7kaw&XNUR~A5_w%
z%!WH<bNh@y0P=Ht@Zw~}=uz##T1+m_b-!YDD8xqh7*O8f!CQE|G$?+>Rlq4F<MxY@
zKl&I?fI60yDO0nDs00UME6Y&D70nLB-oLyJ*wXT(tu96}h;9{?mA09m#!U3AIzsnJ
zc!<w+KKH$9TDhE=Ve9gix9S+g$utXqVmJkP0opWSWLUR+C&QjqOLLr^VILfCfCCBG
zoV#n5dywHNP<_zs;s5{8f4NWBMGTL$=0F6uBRND{)XL=+qpN=b5uASt1Wbd2gFT@P
z??8JIaiN%xBFA67m(xs4aC7Y%xX~O77tPArWJ=+SWEZbplU>Qv8(!e1$ywUbCNbOP
z=C6Ynl*`Y62mUn}op-AgNn|paiQ7P0j8Y7KYti7k17ptfvyBFF6sme<XbyHB@8HC+
zkG>n4Z6-AITlZY9m6w@o)Rz?|Ng$C%j7eK|RxY}2AH&V1D259IjZE7S^Zo<s!NhQ<
zL3oJc)J!Jh?1TqH(26^(-EKkY4W|bBZ>V_cIe<5)49T_X^>)boC04=$cZ@~ejHu8y
zCG4j57W;RvjmNt9s7dESMsxEmMru5NiL9=rcXN9#)_<Z7T{scMS92&hm?_suTvQ`u
zq2}`UIzsoM#+Do<Tdhm+xhM<vyFibL^d9(i;L94QhW;S$Ddl+I;TE+1eK)(tOYzTy
zLT%X=fwbmWCU(t7rlSK6EmN5|#K^;5V9|zRIKA{8J2A+xJS@e`-b95e7;wpc&B&Ws
zr|A0xzqnmn)Qm8Ve0~ttAD6{^%AK~1Ai4<76VBrd_ZlcS(>BiY>b~AsTu~A|w^lTR
z+ELmZS?*ZgQK~t;=|EyxagD*zmTn<)lr49XF(te8e6>)tI-K#rPWj;*y|c?B)$-&9
zJmh+R2=#<Xr8IiD-t(CdHEFw!(K^}yK25V&+EAL7xNk1MVU^m<nP40LwD&}p8y7A3
zCJ6eU^a`dE#&c>a$I^r{NtTP#>+b5)Kg{X-u;LW?Q&5S)>BTYh9^yhys;ODbt)z;q
zbKPxbPw;0C52Tn@=)7A@C<}J)iF#2DCj>0RfArJu&as&{sQ0j%To}zQH`WcHE|8<-
z9mFWf+Y{Y|MWuYoH2$i*66m!JQ)O`WV6pTyqja75>$MAGBd>a5Mi*dK;LH~{GwhV1
zS(ws_3N^}SQ)+{U>zdB}+G0~XiWqI91maWfbcZFUW2%27yDUY0Dm_Fm{&uH9jXa4{
zN9Hp4<Fl=W`-7`AeAsF?V=`_;N6&=c%rR6BmV3gAso$Gn;_KKJENMqw#7<PLT7FqN
zX&5~H>5e`1*Y|6=e7m&&S&km=mClUituXB8)lMELF`Ymimbw%){xCRMvS0NIMiR!?
zvR2Y#KGT(%p<;~1V#y0m8U=ofCB%TrN`e8UF)Av!2ebMq(BZ(^d#Sbl?VcZ7@9l~^
zcOj8@nGNqy&9Dz($Y4qLQwEiV)Udr%Sp9>-MWPnDPLp<+#kPY_chm0tBo$hfV`YNx
zPJSlR!7*3QB1ahtuhd<;=Pz1^^|xkO_2y-zRp*Z}C+`fvgjjG>$zxVRxP|^lJ!*eE
z-A;Q5#*(^7$!Zuv+J%|@d{MP=p+uZYX>P9dPzevrWIA?-X8-YonwrYkiC%sAnX;KS
za_#V}-uM=%DDS6E7I0JiGA;M@kV*;`Tg40JA~RWXMXlm&hC5nw>?(8qxGGJX3?zM1
zQ&T`WWZQO@4L$4++%g#&u6GXSa-dz(!rbR+bH9f+ut^0Qv}akB<nCg?Lr(b%@NJ%?
zl)^=I;d`yv8Su27lAR2_^B59A*A@ON|J=e)G;hzB6_tKofVGjS3=8kKmRgAl-CRD=
z!p4Q6a*celnDM@zx=Hq5!$vok&6rNeaMRtDfB%=~g>=sRtg&xBt1LS0H!b@puelXS
z|L0$w?3gr778I(&84^O3e!S`~S(Z2O_V4rU25v8AaA7S{a9NZOzFwbSq$&GP6@#-^
z7WxSEM(KV8Gi4U1uX`5f;xb!R6TgE*sgMtupW0xNKjK^XPK^x{qotj7u0C)7HjGXR
z8^!KhaRkECXIsP!C0cZklASy@EARYvap6;t1t)3nbKzMpn<%x$`f)Gb1gD(LqsqYs
z_RVWiSWThxvezH4M6q9ej^x!u^A;R3#(DQ+)+y`en}{`sL1;ybwNaBs&ba7A4n3n0
zrbuIzQEg%wkO1b>3^{a%?zdi2u8(H0OLQf8NS(Csf}MOMnh-4%oE2_nYe8V)lNSz^
zN>Hg<WM|aLyueaAy7%Y(Mr;_>|G;SdqcMjGL&~(Mu28SOs!;K_vkApuM03agD|7po
zl?2lqJcvq*j8CTmLbIG^k{l-P?p*5Cl!(Mub8bj8(VPi)NimAsfZ2)zc~buIFA>YX
z_RGzoqsyNi+5V(WeonkS#Fd<<VO}VDH44ri=&QXSJ&%Mq(ga2`(9%N;gew}33h0R>
z82(@m$P)@$m>q7n|0tBz9NUprM*w&n-BUg(zc~IWhB^{8LtU8V9q>6TKT+X6*Q-DO
zP@9qGNLzI}o7%-moeO3S#S1A4>{n@dHaC}rQu(TQdHIwcd5(GRJc*r)>-28sy!J?p
zI~u`^27IJQ1T*D5Y;@Jmvk%Fdb-k+C+Y`#XxB=h7Q>uH2siqblyc&}1?x<IY!L6H7
ziC`v~$1JMqPJh4Ij8S0!O7rvC-3m7?di?pw!u+LWbV0tu9@6&@z60Dg?0L&>JZhsW
z0ayWq_HN@eHqfdy*kS0Oc^MzPC=I0JS7{cuNO))KFG(oW#?=v+^p&tdc;l}@Ly_>W
zAp>*K-CqKRzqwH>ol=`4KR*)OeqHHWRmB33I6_rCL<Pbd!7^g|%N~O57UemT7{5b0
z)O%&#tYW~^vSBEO4|rNuhLNGkmUbTl1BpJz8LpCO?#pThGa#gcSefB227JuaPXycf
z>ER0-!yH2^`Mt-iAQ?WvCM*Th5!Hv*)zw9gGK35Yj=YeZ8~I#n<sWd|$1!wb$CbSC
zfhq0L`wsHLj9l1B0(O2HDi{Jt9}a@=-Fz$()1O&B8d_jI+tpn_F5w?Is7gMUoa;!b
z&w16hVIt}3Mh+=!G!Q@y6!f5kCy}?kLf&SomoxSvQ;0hDdeHWyFiB)U@9gO3hvkj$
zyHIj|{{Az=q?s=~K5)oeWcG&}q$s{X26tw(Jv{sNoV0w-ExXle!xMG<+U>!nWBfcN
zWgy`MZar`|Dq6846t#Oi=#H{~5~W|`Al@*97w3#2e`K5D3bfl`^sOz=$wz*1Hqu9~
zOe4!M0Q&2&V>+~G%&J6)^!mfb`nPt<dCEPlADblZbbWy*$Hc@`Vy*(s&s{iYK%4-7
zP5&W<oiTyomzo2lhcO(*&})i|YEO@(zk3IoODyu#g$ejz&?Y#xU7RSWhs9B!g)K((
z6+VP?<mbbO9cR3I%tVOZ8U9bSUp-Rp|7?_ZR%3CNIP{snN46-yLBz<M;Ut`AU*8fr
zyhxcJRj+Qg{3`5WW&SqyuI{Z$fALHisWq8tR1_PAtavai!|~g|@!qzP*a(5LS{Z5V
zy@F@L_%Ph!oH94|CC+unNjRm0M<FK1A?Jqw@!`InOE*VHiEUKR^XdKNW})szdL*ZS
zgBlYBl!fte5$YY%tQ34Ybktn@x}97|kAm=vGkLH;_AjO2{Eu~KQ3FX;pZXV07FE?e
zskNQg4IPSJ&r>heoRMvo8R3+=;heEi^U-Og!SjAoS=Ui>d#ea(0vRk8QmfLaEjOux
zLgzhrpAYwBYUiJ@oS2Nm5_RG;2E(F*+)RivIIE%YdG4xUyG=$n@7%dl9VTnd?uNK_
zsp$D{KGgX~aU^m`!9p|BI7|A&B;oEX&7+Uh{qAUR?r(nN?hqRA|Md3d@ldbr|4y58
zPDv$H!bzt^LXxo*DqCesGDt%areR2SV@Zq3TG@?V4Q7V1jFDw%Ll`tM!^~JtWZ$yP
zIQHK?5uNAtd!Fz2_s8$~%iuGg&wbyY>%Ol0e!t(>b&smtTfn=V#=OoRKZzR3h-*5O
z6zLK%#)&Mt``4z#GAtAqATjGvRJlmabNvJ)g8hG~=_@c?LZr2J$IQ^1j0xAtcV-i2
zHSW345Jdx!ZCs|O$bah9%xHPa^MK{R-AKBY63!W`Q)1qu_91(3u@_b~Ng&U3Dts)|
z<b0sOopG!|D(7ijZ2=*)3L`juN*i5?QF(<ieGTGg2`FMoM$Jr4A-~VudUdhIsh*T9
z*}248Mntme;iav}K*;3yG2`rFyCG?2fowu9QTYgFoM!rt;;70*q&!hz1Qr-G?-I@X
z<HM#jhx!Oh6Lr1A3mymIV3>gH>El($Z09cl0zLLjAz@*wxM$1HA(hJ5!MekRRR((%
z9oj?mz`>rd_SZU1m$J$kW?_xLZF+&5f7+H&JR^*pe5K%=j4EPN7moBLy>C11(*1A<
z;<~X75ZqiF01L6mexJW%-KV59pdJH%epc*otkdQV&czkL+~^PeF*&8-(N*RyQA08&
z=Q~<Ur#GcbTYwUTZ<>gYUex<YR2j?6oZ5QrT#RUo#euSVzXU{q@iEh3q$MhoT?HEJ
zxxKB;>oBnXTJEd_Lb&Ea*JW13f?5{(j9+m6$*K_2arlTt?fawr`xM3mF=u!?Ha8r=
z*VSIawT;EZ`?)z3H)`Va$Zvjon4UBIG-_|Z^p)IlpUdh=3GiW`1Vnplvzk-K!WZ3E
z+UY9iKOWfw>#}c5lvBJ%T$!tCOSitD1dIYEvbIO{onS6_3HL7$U)bZ0{H6YUbU#}x
z+q16R{_IU}Z||A0j)jf>Z9?3E5#f3#bw$@N{8lfPw%=~b5Wx*+yz$Rys2qxsV3sC-
zB!&5SwxC{iN=_yJ5+iTlIKn8bY3JD`!Q?S-ha39`3|m>Miws+%W&WH}RLzlI)U>EL
zKc4cZM+4m;b^fU%tK0{}F5`?hlx=qNo*T?eL5(T9ZoI&q)>I(q``Q|!?tOab@k_mz
z%F`iI;(n9y-YNG~Knq!*F#o#^;;9EEff4gbFr%8BWEPuCViuf7PiAYAg$XHSybrTn
z<7^?YOC2%q5AEMMP{zG<{n^Dz--*sy-R0h}dh(**6}!tBmH}*;teNha;-#u`#d}|=
zI^wE#zdkAXWt$k+MGGVAm`vtEW@U165^BnE_|a2c?o<ZzNi=6RQrv2>N28S%KpuUs
zK172ON_={0!-USwY|A*$%>!>ICnvd;QVAE&o&*Cb0w+cT84a-CuH`#R?|L0F6ar>q
zmL8fewzAX~GAxnogsHMO`L<j)9wJ)-cjDOy)(r)xsE|@iavPKoF-Iuj3k`$ficm97
zt{eB9_#O%YK~~KGKFu&u>82CU1I<-%?Y$B@Iobd3FOM7eZU7z33V*i8wajC*)TJi~
z^bY9CRsc7fvG~w`{tj|y!F4AU?**=Kh@cg|=Y!Y5y2|rn>&Tuzo^Sn^^dFzO)bv=p
z`R1WGbqQ`o^;LM#T8p(fKVxraf20X!y~nvxKc&)rIA-?2$*3ogRb22ml<2OKRM;%s
za%Edj!}DT`QO@OnB?IDtRRl3Z068TfCE}V%4x>Q({(4vafKLIq`X$%{a4--MU2%JQ
zD2&vMD-{$HS{zkv_$ytXP);j6mYJeeP%{*K*Zvi`t4qFmzk}?nx*}ijg_TamoMdj7
zaimCRIa#Q-xtop-Y&~zXr3xIK99{g$!boVM8s>T;qq(HD_>VdeGFJ(D7;$jx8LS|L
zYMGsm43U5G=F)ED#?qixfL#Mk377BH6+(hIaz>|4w!p<0U;1kl?DaAAqb>9OD4E9i
zFb=OTr?FSzC1$bAG&fsgzO$6ASop;E63tBu%`B03xyE)XSw3vqsQ#kS{*`JPUDg?*
zR_0r-F<h0Sk)>MCOFy#{wcdkc%t`FW3J-rw9W%Fj@oTQk1Ik7=tnaQ7iQJ|yoJJ<w
zEq7yR+H`$;g(AN(qH7RmBg*Qf*OfG5tOtossmu0#oq&nFZC1jmX-$+u>StoBPZRx`
zUt0JdE;9T8G8=ykZ!lzv0rxk4{O*cF#X{)}9LH!L-$fIcZRj*5Inklv3eepU*={i@
z!^9E2^O;c*#Ta&5!o=@IPPU8Rx?hpTq(yKOSILA$bfY(2_2(WOX1ZD4YPG}eL})}<
zoB-UL=~&t`pRpXrat%jkA}vMlhAsI#$#rMOkY##<)|yRROwS>mfuK~61K_5$nzS3)
zfwO&nHMg+Al)2AP+ftbor>el-Ozo3kuHwvjyQ$DAeVC5+QhpM9)XF}PoLPaRgjCB=
zSskBhkF>~*)p3-SaM`1-(q)ka@_<|Of9|O0@Z7rilVq=r^os}!0|O%C$U(w&c2;Sz
z$|%NI!PCT{R557^ubK$bF@C)K9Z1-L^ds|cPAwaxxIajyJy1E0cV0Hn7$}>5zY+E#
zI>!7@i_EsRHo3;S&b=}HHjry6qaKH^K_{kPUx+^Er(@AmdkT-QJZg|}T?dIbxTrsx
zoiIvIOX6~F=D?)@&h5(e+cwqfMxafUd$9hdb|NXMD}t==1e1vT05Ep0g9X%J{rDo3
ztk$J+l3<zc-$$@oo*q2dS~uRj%@}N%fKHEl^NN5WMb3<A&{M#qtoDf;+`pVwq-~`&
zU7vOAWn00HR~pK5cf;HZ^w<yQNau(OU+kH2=T`K7E3|;!rxju4cb}ub+_Th6*mTEV
z<QD<3pIe=QkWOmM;+7*)Emz<4R_;`&b6YgPHt47Dizlx)T1f|;E74z!)D}yZ1{D=o
z4KmDyI9nOgAvz!XDYlYNb(uWU>uffzw_l1=9H3CP{oMQ)TNJy(uH*fp##erEu2)+f
zgTJ*|`J5LpSmUjRtJix!o0jX@^h(=`nZU9f%<9NjV`|K2V0;cf{QOCyc|Z3iplqL?
zKCXNh22*~x|6yzqx-)J5@t1bEt6c!j_=9<KLg)Koez{$1UCx^bBfY7~K!-yL4LJ;3
z!TbKiK|RV$t(_|sgX!CG5S($cI=mu1aEFRrq-c1d;<Xg_m|^=WsG7%=DHET+{pb6+
zghN~h>wiDkab?cVLm$_c+jH@EJOXbB%i;B*#^iMA5~KNxYg9g5SdkBN-$Atsb9%rI
zt5$&Dkh^gFvrJ~to6lBPL$03wYLs=@0xF!w$dspEi`Mw$@6~)j8yx8N<F#<8)!Wwn
z<bN_SAhSXAEo>Et-BXQDNht$F&x#oVw-0!O&!0a_T-H$_|Es(IB_m`lKs<rm`>%bL
z&;}>tKq`s9-r)*s)DLMqU3;{(mPqA^<lFoFZ=P9wFCd`VXUb;10zEtET+D6e3dvQy
z&1Y?-{?pKC{$uW4)@ChysH<+j?cDRN@%#P>p(0STP_}2?cYxJ`ph9HBJ8O~=ula;~
z^RxhxG1q&p-u(9X%uML18m8`prlL~QySG5nAP`(~=l8}CQkAlz>{XBBMSZ;DNZP=s
zi=PxTO~oDYV$+c7M2u-c`_19zW!;u~00#W9x68!A@m`C{*9r(K<aNE*V#Nzk_Y^Sc
zt3h2vk2n~jp-(gMMVs2v<CS7y+MjI#-o*je1gqkG)XSDGvbXPcL)CVa;Eo_Xhb>Rs
znO-QpmcM)nbzU^R{B}64XYUX@CxaWUm^u_sDQBiJ>W@P5(n3<CRT552Ol=mkc{C|R
zu)Xz&v;NwQUR-2!*>&AJND&t;b*k9D6c;Oq9I_~5AOmncCg;6lJG*@6n@GZ<7;$S-
zzv|7$A<3oiDUW*B5AAqWx#0o6ruvf4eTixQc;)LeX`|AZ$CL8UBeF6F&sM=Y`mKti
zDvEucBCPm8J2p>1;Yt?k5B`gyKR@rFKJ{1@slvoNTu`|lj2?r{b?Za_TmsdwX7%Uu
zX|J`?G5*DOgMW8aDitH&U!J<<K~z4ClZ<HdgWHF=VmT7}gj+p<EvJ$K8frbsnlv;0
z{a)wF1rgiR*54LuZX%0p$j?aIs%`bW;0P;c>5i%vx)`$q6mybbG-~N)i-Of>Q9m9t
zaTc+mpWs<&*ctE?VaW$5Be-#o_<4}yu<E9_2p~JU>T!}|ca7hayxjeSR9bJqXKTz7
zXmm2qh_di`{n;+8GdU@A&iWpe{_PS(?1DajKS6OQ(o={KpwQBa4klR#Yh)3guFd&W
zxO}T4-nn08Ljk&~*gI)M?~J>jbMyxN=x3@g5AQ6EykKZ*=r-DSE4ac_fQk`k2_k1D
zs?M>0iz_Q_`o!o?#Cm?1Gre2%<t)NSX}SAr5-+`S-_Y=<`(tT2l2*WTb8!c-JQ4xr
zQ)~C>`i(c$$ZT75Pu^g@e?YG5uX<j{)%#@_MrV?yPvWl6#)TF_A+uMKo<ftY8gyE%
zVjs(Jj6{+Uk}1z&@*R&oNJ^PQP$NhY;nrv%rBR{Z3N`7y6I)BiqZAT^DK(a998jL=
z*~&T(@)5o@0=<FK2nqtMhL8UgB{^Cm@-l0F{6sn+N!ONtp>Ufms%tX|cnD+peyh0G
zA5L^GEVOUt3VpePI-ppI>h0~-N^N8^6K0KnUg`p^@4@xO@qgF%iBwkquK%|JbcJ}&
zGox0^hT10tS?%FpH7W^h7GrQLLNaKg?;}h4M{oYuK5h?)8b7<n(I-EErFKf9rC(mY
z&nMO%Am02DWp+_Xl{9azfHie8y`TDg`o_(C2Nc2e&H<DJOe)U4^mFI9Q*01?cq=t%
zbt@94M?{v|NJKQ^vH22O=&p+)t|B73Qj?MHhM-O=J@)xiQnA>);&NYpF@?|cuiR_s
z4t4Su_4oP`KeVJuu%wpOTeu>S{!`S48^tC<nY<{k0!@qSpbmtJ@%^-u-{9!wB~!(G
zJ&?goBlrh&wto)padfgp7B*$^&s|>1FA#uqCvN$^naVQ?CzW5Fre%*{P3*hlTun*&
zp&~^VT=yu+a=qB$APvtUh-J|y=tQV-r1XGYBv~U~EwEXhe<nGWnYAx>xYj46HBs-I
zSy6vXL;eEoBgc6sk|mBjCMt$HZgwm%oZ;BrGG19r{9MKgi>Wefjd3KWg^?B#1^dl>
z945|;5aw4X!4Y12CuWz`e7w5vU}^Co`armxcUtD_mr?yse%qaN&cw?^>lMj<zW<!D
z+tZ4?t1)4nm9M*d@$sUqXFlYdn#TmZ?mnQOY1)33pUSwJs69~xN>q0D!a8eDiQ@*_
z%gfq@k8pM%RjDQ!rEeDqmZ>%nv=X|bGT8#j$RT(j8P?+;lr;i>J2`IFd3$E+I5>5J
zy8>BS8gU*SCoBS|zV8;%yvjJVF?>k=?c_$avWHkI%-Zi>mbk<D21XaG*(a*?B29n!
zLDl2|zRXztiEl%vrd=sQZprxN>n+`L7|)YoHHb6CxzUTNHruK6t)g4ZAyHO)<~+u5
zUCaKS7A>779aPqmAkK19fGR@K7{XR*8gks1?k!X@f*f^Sob&JAG5532CqK5oMHo*G
zVe8dtNRCmD^)@Px+qI4YRm^uS?3{RnkfMn0A#qtIR-vOxK*yql%q)>&LPl_*vyZC5
zVbvYI<9l77ki@=98vC19YY9p9g_o<<dBIETJDp^O%&^wI7fAsVH^^j?7nXPT<ARvW
zRx$j?AiOb16%8N<(s9X9!f@y|R(^V6MQEUzK9H(ZlIVISr^aN{%Ak4NAhO+F<+OL3
zB%qqFAudy6#w#y(0Ds%jbV!@%@~WX=k&3~k;x|d{EWeh=N*|O_KhYw}Xn1o)$f3~x
zY?03UCAw%;Ac6$1qW9UN8$WgG-~vMDj+Nbu?J^eA8h4atzEOSXpXaJMP9d#`iQ2Y@
zk{nTtQ&{H$ztRk8U2(tBy71_ce65Co9-*0`q#W08*m||=`4$mWXri`DvtL1@t7OgT
z_&ytjBy>sr+`TrGsP%U0;ksjQqZRMBN^u%6We9rR*ssTJ^C7Vvk+<8d<Yuy#1z|Q7
zZsJ$k5tj6h%F;okr?YT<_VVy@_B<sAAxsXyl$4cgY>IeoyD|{kU~^~^71^(q8eCvj
zTl1%`KGBwc;>A&`Lf_Z!(sfZ`jILan{yR?2>|IC(j22k>yTUN(?xOF`nOi=7l8LrC
zS}l!p!$Z^Epk;%I4ITT<Z$?>t9T7#3O_E|a=$hjj=6<1x@y$!kzH>H5c{&>fZ%&8>
zZ)y3{7_zX_BBGby#Isc0)RY>5L)q>g-_aTGrC1D7wYYn!3!1D{?bzU%FBul<df-5{
zP5x0wZ4aBJr4>u|ChL3JDwakbB3`Xh5hfcK=`>svq9EuU9TwQl8|ooRX`Pm1wxdz?
zLcWx_>sOcIX!j>CI;q~bs+9Q-oi6wLP@Ulnj+y4lZ(PDjrG~Jlq`x(Yk7nOK%f=p<
zKi2HNIeQ{^C|oaJHSg+MmA#%3%)(QX?xQia#Y*$STQ|ivh-Z4+XU)i$Ce*6Nq3V4S
ztwn3^jGNZch9k0ycOl>W1*CO0`;nzh!2!t)j0?mn5EoBBLXdI}gM{qq`yfR3OCj|V
z4lwiNDFMqk3qx>@%D`r>693<CH2?iR0G(bTC%eI&PN!2+UZiQR?cjH2@a-|u6j>LP
z{oBv1!?u;~sq?K{9Zfj(yrnVq0Y&F>=lZE5Ib*Wt?y#r$v3%fg#1&}k4<<y?niyRv
zT?fnk@+-&rIbtE~%3Quin<F69Hh$NjJt2)+ztdfAk|gHx?Il$2>&7qTYy4Q;Zy6bZ
zPZ2Jd7)8PwPu5Y4JOkMC&b>3c`J4GAZ?W1>U|~AWz9Tu4&lTKFTw;eSkkbVg9x@6M
zqHAin8}^`pImA{zIyN)0RI<1ab(&$*VOnsv*8B+Sj{iZHlk5=TW`0a_!9g{SnaTZG
zjiiIO73`sfx8W=6BS2b;iXlB}qpaq@N$HZ6gPWtS7+<FuERFRd{q7BgkC`Al$#ZG+
zoow<Pl*F+75U~C8P14>U1JE`|h0^q+mCb+gE@;mNr=rW*?8|1>c9F|-_%C-Dl_6@&
z6i+J-d$@S^<ZoMc(EzJcV9r3NYGGwn>Cw}(HI^V3su-JF(KYBs5sykE_GIKdQIL8`
zi5YRwIYF3CnlqvqgdMOI)%`8^TG<o#yHy>X%JYVAQ7xZVJSbTFw0QQqHoF><??&G&
z_a3Dj^1r!2GS-S*j5A|st9TEo)bStHp<bjL%+*i+0##%SAUP_Wrz-s;>L2|nmscV+
z$iQecu)3@Z+M?6x1VW;rVpy!U`9_n;dBjHSmEy=E9TR=9crGJdQR`GwoDVFjxssSH
zVzA;ko<RNqKK%O?9LP#M*94|Az-);}uz(c=%9N)4JRn~S$ee(hT3lW|zd+8D$$I_h
zX_0}~oLb!=jaLN6OAb?|T+l=#@bX6bhK6Wb;0m^yhm0US*eb#=Bt#C|D3&B^p_HXY
z3$vbn&ntrLy94VlsiaX^rp)<{(a$@OVFiXdvtGL&fLvA}>2drsUD~6~gi4>P1N@kJ
zHm^*Pkg+CM;mqm9Kvk@X?y3suIXl-ELbgPc=AJsA;)DxBryo#G>9EdQbQHBD5J(`Q
z`L?*@PNdvU<f<;yObn^++mG={n~Rr9$thpLh4ju0cGe(5%8wN|T=N0jP)hZP9mM2O
z8!P9965aBcCp|;RXsgFzgMQYO0!|Fep+Gs^dI3AKorjFE^+`+tk1=U_u|*AY?99YS
z=g7j;rFyIQ?){YaG;McKJZb(cM`-+Lkv)riUXC`*h==b)z5xZO){vsvrR=V@F01AU
zVWfenAk2C+(vW1IUv+E`?9aZ^sN68$>@&uR%%j57rgY)Rx&*2Y6=$OB-R$+Q!G6He
zl)v_xzH^I}SyfCIZiX0P>Dxg}6?I)Qb~t0P9EESKtHAZyj<~F?GC7l|N)tj;aX1AR
zo0T#<+^X(3_pxYl-fi5bNQ){n3!^`F@elZ0@Rg55*`TAWX>*a0G+MtTwel|KsQUcE
z`)Kf7a?(v@hKjU%tZQ;riAm;5^zqZIV~q*hTfVg*8tKcQnte*js}@yJ>-!77<|d*7
z<XM-v%3(-w#1!Qgf6H4VkfjiQK%w_O%+{Fw%$<g{d*t|z3iS+PcVx8Ia$J0JRTQVP
zhVD2KO&)(d(v>-!jZ|Znmkk+OuA_TljzncY<IwHf2{4EVvTCWZwq+E9nRqDDl;>Y&
zu9F$(PH_J;5+#IXqY1!3+#Asm5N8+QzE|a(&%ptaR4H+?y}nlVW2Lg*gIX4?8q?ZI
ze$dnbUzhN#LdkjDwxT2LUO{6X?x`bRXaY^!k*W?3hJKf-^oNh#XbvoR>_&#W+vBXn
z`_IxcreXAG-5G^J@3rxU?4m+<KY$%E$A1;ciTfx6HDMLf&Qqbqcm3g>A!0L6<~sWX
z#yTrYr9xi%QVxu`7wFhBZjn#UcGI+ErI^8wqZ}X=@W8?%gWAC}4m*nqmze(d$?Nze
zNtG#K0Cj|#{4GeE8c@kzraWf=_+k~Fcg)m6yQh70ew|!n@pup<Agt~+NRjC|vjVmH
zVU{l!YCgv;ts|tTrI>Lyfy(}W-WUQOSr)LoL>U?RTA~Yxiju)8O_3F4Ghi?zSI7@M
zfq?!8t|Xx?aw2_=>Hrex|JrBJs2l>p%5VAoicc2?x(J}&`By9sP%r=Dtk0}=3e^5f
zsz{9itW9`%2XM<j$futm<$vAs{rd%iChI%s#R0(77|iUrGsG!dtTSE-+EJCY2F~uG
z_Gy_xZ<u&pq=NnZdE_f{W&0O1RBeOWI)<WY;TIz)DijVu8DiG=lG;RfdvlK>%5}%B
zfY+x$JWEUKMctk4yNTDZ<!*}V`B(gd5msT%ES$RmL1+d$IuyvLDn~r$N`O}1d@q&r
z-qQ&yj7=$-WYkT_#{yvd;3);F9WAb+^;D$7>=Kkk(-*U_O|-3o?muclF9C^IElzzq
z<}E}O+1hq1wiZA18yoom?l4)bz8to==)O%S95U012+75rWY!Je?B&JKB&r%c?lNYA
zz`<%`(n>08NJCz1*ZgQDYH-n6G~QI!NPVi65HJ_J>_uCGsva{IK&twm!Fo<fU9#do
z$ZTI9GxcU@imfV0bsXu@ospH;c7plP(B?5HlD%sB+C*=2jPo_*?ofzpe#0248eZ=d
z!`~8O7EwT_coe3GrQFv234tZyKjU2piN8@XM+|X@;LB6#4UTeUB|7<I*Hp7KK2>~%
zb}GDxWwfkKIgsAg?V>Iw%2;m_74kuYc<B7vQcsh$gP$7n>ss*o59rH(GANLTH$O9O
z*wm<>Tm}%AM6_A}s3kSUYkPD()PYhDW1Zx(-&^DYG`VN4ui^$;p^zJzYgYj!&W<0!
z@&EVd)s@xU(qmy6E1NyeGL{wo+$4*CX*I|r>c{ja`}7`r?={7Y*98=)Ro$UA^6ClI
z!(;CLwcwlO%99>Ix(MDbAU*#d#&Pq{ys6&!n$ev|&pBF{t9F`hIdq_PpLpZ$pZ=q7
z+WO9ViM<5P{GHH@<A*@`uc15|x)Xmdismfc4H+x{rcu2fXtjw9YK&)F`{0O!AkyQR
zdzk-?JG_V28JnHRB5I%SKztWYwp`G{4QK9cDnHZ-#5bH5os|m|H-GC_W@)8=WGX_3
zm11XFU_<!~_8I%6oj=b|jHNhROMR+&s$M<8F}f>L2R;I?zm@|(Jb%ezrm6Th^@*6+
zm_?)8P)7yc-*qf#2!>8E=l(%Z&~g>~2CDT*3FD}e&LZ2knvyI#)8|tYS>buF=;b9+
zmBqoNNo%v&!0gWM>yKR#dio^~b|C2zFo$q1bh*O+j?hN~Ok^9WQ<YP>iAWEBAOG3e
zr+{=CGTJ+T2`z6x%$BS_?x5iJs=@H6pIj(>7-(fy9L%eHW3Kd6orxbUWfe5Zbck*d
zL6R2*{?t(V(L7z7(Da<p%n@re+3+Z{K)MkK5BZ4(f3Rx8ApRI>K!>kD^tv{Wb<h<&
zF#!;44K}|VS2{ifXeR2&;MW@^e(cok=f*Etc#mJOv@>3No2RrDnL%Fd5jr{^KRiRs
z7AoZ40p_j)KdcNS5B;+3r+ND798pex{SKfw%9_Ik->p8ihDL)dqd3gk^xp^M+=c!9
zcK1|(lI_vY;fC+*o*y&vmtPOAJ{H0Q^b9Mzz%74-{@`PH9{!lEBKLsmVWr<2cWD3c
zDLfz-aYa7xpKogZ0ghUJ?>&Xy9cU!~wX(nuwR&HmNCSEdutzb;sXmdRAgg!%+V$(F
z0>Y_}el%fE5Pa)eBZCfbvmaNU7<QAJ^|;z5n?2l3<*M4jV~%2occdh7ASWBS`-jzj
zK?WFILuY_gZH6T7Ad7T7^U?k$wFFnJ{QB~l>xKX~tkjUxM4#cNHLf}=J|9p?!Ntjj
zePhWT>a3eHyC9QfO;$)GXR2x16z@b%{^Rc1l>qHeva$#v;WwZ`xtz$y>n$gpGi;(_
zhOu)WnjHuA_BWrSFYblg5R)u(gs3$|=?!FTO%wnZR!7C02n(1TSOB7Kzs4@I`yxxd
zqR;R2t%vaX^VsrTeHgQ37YwbS>1+tUNrx)Cbr$BMFz)(Uf_an#3SX@bPyyY!V!9%b
zEg#@EP+I)xH*Jd;Ta#BbO*Fd}Gqo2kgy@Zu%bankKW_1|_vL{eJ}$8EUFzZT3i(Ok
z2}IO#42BMY;5hgRHG_uIywcj1ZEM#|$Ri&lW8n2N(I(=aP!V)`!{R`pGBcQ}-j3lY
zhTKZY{fuO<_XmJ9nGhx-q`{Hk(J1>O{&O7`w`9*8s?oGG@z>|I{pm%DOyA0Xg~;Ax
za*fgT+Z{+u>zleVw`aZNUcdI+7&Ycdr3yk#w@9|tR<P}x`KS{AT9bAnHO_cA%Wd5M
zlOY6oJt1lS+zf62g#Yxkf0)hx#?pX@jJ*71VcUrW<|t{_HB@HBxPX0c%sco$%@whL
zg$Zz)GPRv&3s;Q^672H`zP(c1LJM0??D@WD=GmlYV4ybn@gVpM(6RvVmS@ult9blV
zn#THHPL+V_6Q&iDASX%?NK}FRhO5j?;EH2`+!tJTVda~r7-W<ujt2BZ=fJuVU=ykI
zrvgVfV;v5w3MUZHMj!AujJs^o=39QLRs2}o-^<5`3EBr%$XvDP|8;IYH!8uTH-L-2
zmthcjzXO?!ni<Qs?#X0414W2{=o?JaGfk>9?ahYjNGG0)-w_os)D5J(ygYDh1-Lq%
zb#~YHMuI^vR0aKwjEwBt@(dJd`si_)*swZ%6O>=)P29LiWwrH8PqiWAR>Gf;h@$eG
zq;nRSM^odw>_1rMIzAzN29*t#zeXA+h<q>8z^aBz)urw~t>6}joJ0jYgu5DKx2Z!P
zjX1kwt8&-}BfyEc!X-C>WR?`=FuTc8W?aw=(SSPb*t!E*GB`M>isF2Gdz1vu^ZiIt
zX5z=k%q^pGo~bc~`mbJm-5+VH#UC+x+pPdkoI#`K?rhAC8G}3cJ{Q4MI=FLok~2;d
z?iswVunaUC580QlZ*FPH6@-B@juhk{fY5oyXGn~fHlaIu%mFQ9noU(8ILRf3ePj>P
zPWNvusFdR(>`wTAsOp&1r~db&2bfWyHHpfu)j&-L?16Dv3%&UEx;r8FS+{)AkcGd8
zWTRt~$e{?*$o+V+exDca_%U8AHDXBm?;){HzaaPicE6--CF@a1n#|`sd(t&hzC3kT
zdV|k%2Way=TKbEro-^K3&JRofeJ+rbLAml4&T2722sxXjWgcL1Mp>Q%pAM{QHtRD+
zYcr+@mX0&Z0W);A`m9R;)vhYCq_s}TA#uFd=}=sfySQ0bNs?di11O(Sz;1cEH(j)N
zKA#U~n|T%bsQD(W>6ORxph!<re*<&zLqmh(q;SdYB77K@h)`1XM8Sx&RyddN^pqPV
z_gzoU89@_iVpSth>COc=pE$V)lKsiPEqVGNc5*JxhtKfgQ)Yn-kSrZIQITQaEQn;p
zd^1!N>`Lo!{zkuopdkEz%l0ck^TkISc6bj-hO_*F*!?5X4=w4Jp84YaN`(d|zG~P;
zMp%01(()4Km`@@0_+}P@Xu?3Kdd?&^>>a8?g_AJCHSN3Y5;MZA-#-J8RPuh1&#bN&
zFb0FL-jyqPFD}p3@~DY5R6Mfp>dSF{@6$BN3h<|4Yv6@q(fXu_!a_xu%MI1`-|>#R
z-a!ieBU%;}QEKo-ARpCAFzA#@KFj!;(K@J?=wzlpnhG6IX+kKvwn8%+e7xLuk4s*4
zt^u=6rPdM4dr6)|^%(e+1^}{nkvAj>=DnBQOIi=dP=(_RlZvRW7a_avRK6{nkE2a%
z;}-DQ%Gc#+Fm_E22j7_Ir0Yi<l(KxQK>HdpK*65&9>2J`4%42#ow{&kK(Njg?px=l
zjV>!dHClv`f-;-mhuRZWrzrBfMS?&M^q+$4l!b5OG-H1ok4q9|`(GLVQRZcgPn}Qg
z6Y(WQ6g#Rh5;!oQM<aIbhuJj>^TMZJ58gmd+}D%EIR!gl<w8y+mHS7{{-IzY4bJ|?
zD5vzrrpqxCn+u_hBt<PW+YMp)3+hp+j)G_vOM067szXUN;sJ?<T5?xGnVIYyP4p7v
zdMJCey&YG<I~*cKQ|r}=#n(;(?jg1%!la8dYPgu_RZuZw-__BehQR*%ZM;Av{qNGg
z*B$mpQ(PfcQ#mLZ{g6|M<+qC*LzbA*XhgucmXlcnc)iWdk)~HUXNOZc^(IMXBrRFn
zlzaZ+y{xObeMz?#jiz6R@OGKstUksB+WlhSdB3~xEkOXw`Ll=tw~0FtKk<|Vh-U6A
zRdRXPz9k5-l7DIu<qoRY>_TE`9-~YJRaK<Z#`hpU?u7(1ZfBCHI1<QdQ413_;73_O
zfi>h8E(E;t&m>W#qEovU@EEfPAlrZ<<U%mqM%&E;K?JbqIFRcC(J9xhqwn1Wpyfrd
z{dm$C9!dg|+s9%)110^*#)Ed?e!zvlxI*O=AGwBQ?Xe^FefnCJv>Ul~>(+={ASt5Z
z@QndbyX;EJ(wrjq|GWEv^7TYOxDJRQ^M{Wd0qRvvP;;Ay=ODo3d3g2!K@ktnn_mI5
z&cmY(sB0dc6B|I~E1r8h0ZhTe6AEAn9-bSUzJEo-*`{ZicWX{Y`)Kv7BlrT(MJ)r(
J-19f?{~xu<<i7v_

literal 85113
zcma&OcT|&0*9VHnqo|0e2&gF7Q8Az(y;&#<0wPjFkse9_=_L?7iik830RbUL5ReiO
z2|>D2rN+=nD2Cp9NgyG2o}lmdz2Ca)uKNdJP39>xd-m+|+rLT3eJwT4eaH8)v9WR9
zy`%hqjcunq8{7VCd;S977~Il{0RMKlKTx~HmfLz_5;Xp{yQz7TjV(WtgKn`4wD-E+
zF>+^PJ5UY%?WlM8WX-nY-hsQyHy`?tW*DX(CU#GMF~+`#7LUBq5Gl5P-05u#8$07j
zbo?%Rk3cy&rs>+AF&sB{yUO~g;v1>4PIY#~@x!M$Zyr1B`7)_SQZnkWoPN$5^$4pY
zLcAeXGapAT?kNhmVwJl1MsK`#wRk<(H0@2+xz76eqU72iX<4T5v<Kr#go5>4xmRp#
zD`j$Jf3vZraI&!xce9-$$>x`o_=V4o_U~s)K{Ax##>Rfb*!GMuTRYnfJ6qfI<>HXZ
zXLVi?@o(sk?UbU0*3!yKx6xPYQfx2rKN=ewhlVWgJb#VY6vFsW7m|Yy^fL;_=lTj<
z;_`Ke`9)Eu>AZnHBU{zFl?QeN*aprmjW&JAD(~L$=xFL}T{!=TPOXthCC?eP(}zAj
zaEUnhGxEe%{mwkam?n(0_tweD-E6myAT7LLSDp!A;(s~>T(2l$iYq1goRZp{3R-U+
ztOy`)3b5^#AvyP#@Yp(5%@`Z*j=32iySP@<#FST%Tm8<?F|fgQ^&OG7>vo2g09S!T
zTgG6000F($+koEePt3SiyyM%yDrCVpMU;&#eQR7P!)LcGYQBj17OlX?Tgu>M`}Rbc
zOyd|okbIPbU1e|54*o&Kg<9@{yszK**;WE@L8Aq(t>2^7D)U@+Q!f^|J}nBW{ipJ8
zwuxbc+-7S$CJe3CyPqDCHry_1vK6UBvtoNv5r$vq6H#=hXC&C(86#g<7VR(dZ6Dmp
zwqk?}@{PN?nPU55%Kb>Xc9QF=DceK_f<s)yVxTrdhm#D1tdLjvxDE3++lm@4D4NUG
zEYZy~l5&FbG1~RZ=gNI-6VDK(9`+V9G4+ybf}1F3>^uJc<j*}X#-|o8;g>sm{)s-E
zz7$PK6{TCS-OyHpzq94QJU){9uJQx3EmGu2H?QjPN@p((p;Ua~MCfRK)R_MlU1DsY
z#H(Ya*Tu|VI!DekYkDm6J;p5`i&P3PE|3h5@|$Z7JP_c_yDfAUHK9WNEQUVH_OqS1
zHYYehqiOJmCr1@qTA(bu@yhU-;uKt#lFMr8>QL_ogrko{O0GH*Mk3UX-nxQUFKV6_
z2`KkR6}vHcMNPeRr6qcK6&Ytx4)K+oY!gHTN2sNRy;CX%bx`wot*syaI_V98hbt*J
zSHtUbQjWpd1Obit@ueOFJ(+kNe))#?6_UE$xtYCudTT{H*c6T<Ep(iQG3=FcdgrE<
z;T^X#Rm%JG&sQ2>jv32d8s(`rZn0J{Xg6!_bMhEAQOqhYtce}Yjt*L+J;Zt9gE`KI
zpXZxvKl*R@p{|>_!b(E#Ftz!4gCsPtM45Q<!rfGz>2nv-j8))us0W#_to2CGd&Svr
z+D$nLF@29vNL;UN(<NQsJ2|wWb!`PtOWm~5)}<m6sk)IMFi4o{&U}+S>NNeAvnWaO
z3qe!W@H~2+5xOPM_V0Mg?8fS}T1KRY+s^?0qU%=>>EgLwHw^2D_D1oC6MJ9f*-Q32
z`KDtnj$QX;Qq$Ws(h5&HI&x(fb*zg!6t)Gl5qXtvemE+Z4)dzINuM-UA*-$x*A{v$
z=V@*(vpq=;#b3pK$<#ea;)?5$eT4KC@oKad(>z}E{^W_ml}mXtlF1?QeNNE`4ZYS2
zso2qMonEZ~cCl0}et8sQ6D^MHe~G^eHgaB04wYlalYv*@afdG$$SOUmq^O^mtS+;R
zgbA9*_`2%dHoGn-^RL+5SZTY0-p35MTzl6{=gStcR#?Y;`*o6KUQeqkIa&>U|6<v^
z=-+I97fDsm)!*scFXNsWJDj^v^yR{<tmyzF#>2^vHADkg3T(63A*8?raiun=MKT0W
zEkWAEiUckME>S=C=y*@hS%f;`Yr!~e6H4AT*hbnrdSl>`z(@r+ICq)vVOzP6gTY|4
z7?h<IvCBhJxKK9U*vm=&mZSI5Kl!V#vc^?H$Fl_3yAIxqPek$}7Xw<u(+NVKV3WMM
z<Nmp&!JKxjUGve8AHRO#ZY(G5j|&fQwrXx}hJ+yS3a=3-!dMzrlPx~g8yhi;%DvfN
z-4dP|ZxHa22YPc-<-%O5XrN<ioZWPl9oI^qJLi;uv)fl=U{>^TN%0u}kp-m#X6{E%
zM)0{4Ow0W`1^2S8sN;f$TdH-&kJsJ_cl~H3JwV+47CBaMFzocv$jEuvk$qct*#5Ok
zK}vcLE@L_`zCi4Jk{p4L&RFI;L4Tuq?ZI&Tu+rv2H5Vg_?M9w5ncpQTkh&lcZuzl}
zl4)*U>{h$|$nxd6c{DKIT1@`Indo#cFQ-*A&kDu>s$YG0VkK(2J8$#sjwfazc-OuM
z(terM%x`umYu&N&Gfwow2$(2iu**yWb;dzX@bYKP20e0k$GAzF;?n7SW<KHlCsRQY
zMuKSAc_r?Y#hr&yw(@K%a9kndntrKqp!0)vg8AiD<#xgcQX?XJPH*Y#N6GbgEjTxF
zwHs?}nu(23<dayWWaVqChnry<8FJKSVL_{1YypRn7JIK;dG5LB{{Fb|Y4==5ekIe(
z0<xy2Z)cq37Q3-4DJtz&lME99{_x7OSyZdNRLU%wy~1b76F9^2Bgk4U(N4Tv%<*F}
zukVCYGm7gkyc*Io2>&pWZpoF?_bxxPxm+DtIcYo1e+ezEHyhn;mGsa&=}H(OBL(KJ
zn>L9<(R3CE9D1sQqUz|J-ggEJNog<kO#9&&^t7n;fyxO;sf9_hvV5msy;Htwqjw7_
zBbGm8M2M={XIpM-nW!#*wNEk5<qPzphgOiyP;I2~z)Qmh&5F@7lZTVy<Ui-pu^s(i
z);}*r*R2<9cy6eLnq`0D=-xZpn$lvlhwW!5(QB4e2;6oO=AX}jxHN-x2X@ce^d!sm
zOqZ<3MxQ6s#nw;b8Po*ZCPt><ioXAysjWrLv^aG~`*#6!le#E0QE7VfSfTOcfk{Lt
z=HG*utgs~4gXj`XW%xTU&gi_~Hfe2^+)m5PQ}7;7Kai%)cQ<>K*b^U_S@kLHZgrH|
z*<Q6siNS|sW}T97Gj|i0vzjTeLjJ@^{7N{dlKpS<!KwSk^qoCNd#=S&Cx)GE#RRv@
zZZL3}U2Sf*F^Y=SQbxF)2)HtHxDXc=k6&%&`qZa%?Q}QlEL^_5>vM2EAJ&5zv~e;)
z6}~3x#+L%SSNfvC04=~0!EjypusHXu*^9H1+_BQ+#|(`?T*)gnTwxHHp&9Z-d+dN#
zwVB>wI~krEEs|~LNJBy?`nHopLMP5e+J`2UlBAEtld8iw`fX0;8o<T-qva2N4keD2
z>99>qA~*ukb2E|V^s(J3*xFGcW7D6W-b*EUnVogbXUi@1I#y<gmTT6A)sG)>D#R5l
zwWPo*QWE$zG0zW?t4C<bA&4eYb&YmH*=LhF9=+qO_Oq5anO!^B{1l)-Mj{47pV}fg
z%`G`8i21qaZP;*CXZ(CYNLdXAUhE|Dd-3u--DBwKnkb<wh>K@pX`-ckDp6s-#)!p-
zKEd5=D}FeYjHp(v{&l*YzqDT%_V|bH+l8CiY)=$l;w@Jbkh7w1jz7Cru~@~ol;QS)
z#L#2AfmVj!|GF};Wq|p4ty;Y5{DxL@#g{K%hP3};+qgvfr-(pM+G;bC5Z`~cIjiI<
zuuzV;T_6rwqExRV5}pbYPB14oITZN?*fu0d`UVEedE*u9Wb_+}o$~d(UEc?3&$M&?
zdJ-6cx16+Y8!Y#oYDgXImfGoi0&d8|SueUF4uYac{Fi0E)|2wr#!ziHk5dY=s^Zxr
ztad(m`U?LmQbVvpOnmFxchQEV?_UMrhE%WIi){NJ;dnGK7tu=|TMHd|)w{|)v@sD2
zm-K{|>Z^G?Od~njc1w~Pb4`lhppkye5pG3^50!PdgXa!l{uWd;==htTZNCaG26%uV
z?NZr=DP1LLHy7z-)5EJv<0s@dhKj0$UL_|amIpFQyye;U8-SMy#hO*1XftG&)@H5X
z=!3V9^)cz=$`2yLTvsT%^?}#pm5!&Y5X^nL?Y`~&wx9|(k=}dl?f2$}zI(4DkBfvI
z<OKG4HgECU7IPI%r>_bM`hJ{WlW+EW(JkNnspakSR4zU~K9_;AN!S6l6d3&7(^CDz
zDIb2iROHXkiqdDW!|r?=&V=e5JD--8PdlC<`1f%MlpIZ&onc3>fkY)m6Ssryr6jOr
ztdCP9Wq!6N2yW!|$98uL=YMto&o#fh|MLh|&;N8kL1e>?jEdbx)h!Sxt3mQ<QUt;D
z=o`#>Tbf39u4!q&CLW4<yP@clGBPa=7J*Bfv9Y*Vep^hShgrEr5L!}FT>9~vURH^s
zMFI2FPU{1%rviw#lARUhG8bDbB^A~ht)K{7Vbkl_P9-Sb=Mo%n_t>~|r>L`256#2&
zlbxs!RJBPwxDsga$L50(ubtcTlD_&brz`D;Hs@xw|GXk|D%xT|rDFf=S0;^+^e#Z9
zXvd9tRq`m4+D={J$g175oYS76Whk`kiCGvPUgWIVq7^t>EO$QiP+cW`ZNL?ksKmuK
zQH+rD-b%t~$)C~>BS|ZYKOU~*M4x8+d7H?qSuiTZK6W2Z3>qRW_1qZ_=QtZ9`l?Xp
zDCTAV2SbzhgZ<Rk`c{@s`S?Q5`92q+^Y5H?LZMMwS{fr-d%u?Ji2LGk;cyTdKNi7g
z<wwzO%_eugYYKNhMXIvRUKj0zm(h0rl08M)K<1Wmuql8%=+^mr+53N9(Rqsq34A4%
z`@o>#h(>K+57mwF6xo8a(H!G!-qWpj0254!1a9U$Nh`Tk$#p^F*+c$Jo;Dw?!Z3W4
zt#6!}TX;Y6N$Tu>2La6uCSPT{Z=6&Ugz0zb-<h_Fjk26nCZD`Oo>HsqJaZ*~q(n~f
zG@sH}?An!Q*Q&-%f(SyZYJY*GaauJe`%Qsm1NWgX5s$LhjNHbq;J+&$>Z+7`)b0fG
zOg|CQZWmvi+nbyAH^p%Va^uhIob!$tP9+y|c2yt(DyG=NT>aFg@BWTDk^(kc1Wy!u
z|IEFvAJ4_%m>Ob~FPVZB>&3rIkk59ys$N1BL!iPvztz>Oe0S{5rESL`O>v@vKC78e
z9V6QQ8FTB(=_w)VCp$TQT`|6HU-TM&PZWQ^Ha{q`{#~nf@d)rV_i;hYtHHu<oCD)E
zaU#{RidO%YBeKmTq&x|T-6CFA^u`iSgX!7zLl?}ekK|MyWSjVa;1H=mQw-_@Ckhh7
zNHLz;Bj!d%MvHuZv6b^6ExsVf3NxR|1$Xp}P-z-x=eH;)Ay4E^<bAHqj<&HyE%4qA
z508L?&#CaT)LyoK)ly;9;kIB9*Y^QS9n^G{kK8=1o1LA#CCT=$cPi{_AY-GWq2c?+
z#RsYV?J5`_8b-UN<uXV(o*_7(gjeyF;=SUaW%g?HkIv?AkuGHmL9PeM9Wx^!HQtN{
zCN%_4dJF$LRNXw|@u|o)s`K=*!GOT2O8Kp^f;_sHPv8hQZJ5@bKIqT1eCdhiV*80E
z^5zve-X4Y%DmQ~L<*TGpjq2sIrMc{E`|sd5W7xS&_Y=L=o+<fX0`S2F5*wRxB4X$E
z$3Y}m>l?Tb$?cErZX$?1|8z5sAi><?M9oEx?3*v!+|+e1Pz^n#$dD|%FBnMuKv3Dm
zM#KjYy_UyX#FyQHad>Kg@k62Jxgz_RKR=X)^A3ZsfK#+XydEtnu{_n#PFuK}IgkQO
z9sVlGd9Z@9Mx!;*iE0O!!^r`qVVYs=2LkOaH+}&db3iv{;1gsMyBG)#4SykRZOEHZ
zI%(9n!2!8|shY;dSL>G{1L!GEs>1zj&dj{3@v*2x0`iesWnTA+b^t>Nmr9-Wc1hkC
zaADrH_w+_>e&Yjvt}3O#`wHvU?`awwR(bOH>X2vxmM7HWO6z=XzqFXSAzXlea@=`y
zvS#OaYvu4s4#*@Y?OVRlUZA_K!0grZzWY``ZQycv6}9Gqq?nk&mDbVW9ehYTj}Kq*
zSKC?(>UCWRH9bQYyi+%avp1E*V=x|<4nks`?id;x0)D6CZd^@!*4z8V#Fl#noq~Ev
zkH`uY?{o4m5GuaDfB#y;8ChRH%<a!~T{LwuX5Dz_tEAJ{HbZuuH}|qNcj-pk{2W<<
zFWX_7g8jQPy8Mtjs{jg-au*xdWR3P@e1mrI`LY8k=c4piAMJB|+hmnG8q;okOOMMW
zRMo~!#Ls884k1@q+p==mZYFv4LiUI;3ZG{&mbdhJG04Frb`ALvFWzZXzM(kd$oR-F
zKuIapzq8{YvYH>M)@pK~zpLS$|NK-<NA}5<bG7Z4H%bmG#2CLi8KqxxemMCUJ1%DV
z)0)c0R(^5$#9CX8S-^`t`SsYqx}~j$`1`Ge#wK;fu*XMC3xxWqd*aBe*Y*N*$^vIM
zWAYN88^&CsCNdXh20bRPJoocgS&e>|ppNxSuM#f)YSfr+sC53>rI;5ncA3tV6@?SA
z&7S0%r`{oAj?;Igu2r%B6U61VTCwW}jx*_M{o1I|VBoJ`wO2>G8mMa=<CU~&-SwGG
zZBrSJ50v`_=^4k*9T!=|8edM!%I&$%shgcrh}F}+iIo0{t-a}kRG7T*C&Sw0Wh2&I
z2-=CQqUf8-ahxVvH-tKWOo8b?Y?#TeH7Uq)+?q*CYg;saFVSI0zgSXp)8`mrU{v>h
zq?TYY@R;lTY$@R_iSaF-u2J|4LOxvwBs9$Aqyi7ZCGcWZj@O6p7dKDmrnP-`6T4~S
zm??5a^2Ba~Qp-ET1>UQcE)@Alldb23NcI~zVpM@kCGFYSb+3hMyN}sK`x3*cM3?-A
z;tN8UI>If47h~W>!{?gb-67n!rhVi3iY^ca3PX3Roi))pZ(>j@$H_)iRm(Li->{r3
zK3N)OH2l8rTew{WbEcY0X+>)%ctK`FULLtO<I)N(BNQ)SF)4#me@6&|UcF1oxzESO
zwyZ#7#(Bf|^iIVVuZ5Z(!MJ+`V7pDcImmljbZx(f5|T+BC87hz>1E!0VAjrl<6M<!
zN=+W#w*vX3zCDjlZKltc<*^+^dJI-sQbyye<vda3Z(%HZ=v*&2;NLB`4~ScTZ}$_<
z@$=6KjdV)Xrrg&+GH--`a(O{Cp`TQ;2w+PTNVs2U=QLJIo@{McHT&xZE`PKtBe4?X
z!PTDL01dtMZMB2Sl=t1JWDJFyk+b9JE6p=2@iZCCwS7+zR`q}7X1rAzujpQDR8atC
zFzSAUWZq6-cR(0+igXaU{qY2G8$@ZWFzk0M_J6ul2`RH<Es1d=rm|>CKQNPZYhmqn
zT0HxLK<ofwAQv|_U{~R4)UWID(Z#^znOD$%03>1h!)<SVvUr96gfIv*`;}-l9*XOA
z@QmA1{@FXhAmA@zVqyRaz-|^W1$K9l-JpmSdwq5A`g7;Nb*_1zBGyG!g^t}I_+J9C
z_TKb?V@hcI5n%L6KzO$<4-H)<*Ss>&W30&Be@-i@!*STZl98cnXY0w&>da0N(h?}0
zrx7lH95|sQz#NOG4f>M7gI_3+s;<pb_FP7GG!27jJ<p_gD2eM7>F5BW)Ngevw0OMa
z#4%c*aXw`7zN>mgit?p~f2;$M)tG{uU+!xC57cQ|2YK=1;^OR1b9vfEn71Mjxlbxm
zIK5Yu@0B~p2eMnLDap7=eySD$cfm-BUr6VA5v@{2+o8-~eH2MqSaZGmId6`6PiooH
z(&<`b;YG)>CGtTe`P%UmB>S3-iMXiAbWft-4cxUbBCoA;6<u?EGrdE&P&7+dH)t^=
zs<`o%9o5f(f3R`?zpjKTAH|Orqpcxw_ujhXg->;TafuYI>KfbCP9}umYocT0o(Xe&
zEiR^3Ij^_PLP$81gp*Qwf=Feu!u2`Vkya7;fEfeRaD30-@Q%BMe+iH4<UE~<>KKB9
zd~v{VQBHZ#7=)1vGx0@2vC>vXu>)JO#8{sc*n4{pKI`~+9wgWeieZq2TMLbbf0i`P
z%U8dgW}uOJHEXM&wg^g#PaYS`H&RqB%CO45{#`OEpRsC7vQ+t6t5G5@-l_t&%!&n0
z!DqrUco;p09;fUS_3%Yr-$W6RA$ZOfTpHiKR2|ZcYARMz#sDLF1iX-Qir7W-s!FS@
z+V!o(fQPd<+9Wgwo!$G^u*+dsH5F#`s5D_9xiBZ5p_?O!Ty#vje!{jp?U3R@uQBV^
zKf(>*y|v|IAWDcWX;wo9;hO4kHfr#mr_Jv21uiaLy%7geu*d%)dP}+C?Gpu03+57r
zS|C-aLvU2>4WZy_6yRPr3mu-vWV9zFDUfF1{7Lp2d4#UHu93Bl^Qfl$o^zyEA?~-h
z)7~kBcaIjRt!pdh<8ULahqNI|sarwjCpRfw=2JPfHslg7m7<j^rk-PYy|V!;*YqjI
ze!8><kP`SVLwb9ilrlZts)b}^)VdhpYI)B)V!LM66kp*%R^U2Emm8pgRiK2ka#R8N
zYm#ilF6-ig+F8c6s!Mx7USeo!y4uQq5V_wIx61{CLDSR9{WmV#ys&;AL^QCibLsm^
zL4wI0L`J#V4uLX)=o>#|1ndZusYGw@xXz?XR}s{a$(`(#A7lMSr176GJ4A5az?~+E
zJ&$~?<SWYrwigPSrwLj;S&Qog`m6$Bpf^K~33dt{#G;f9UrO`N`urV`5fC=WGgH`H
zOB63CUMRjBO-r@dz(&?RHQ-{#)eq9^^6WMpi>lwXs)<q?y6px)WcYP1e_aOJ+{kY&
ziBfs1G2H{E`$SudlF{qNmDloiLu0=^0y5A8qOH$@Mf@%StzxC0z`B7D@&7bf3FUSV
zGy`DzKm$aHzZ=j9l~l-Bc#$G~p;~G{79h2fOw!7JxG3tJqfcSAqktK0VZ$G@ll2Va
zy_n%Z+dyZBu};Y6P^$d}WIfiU%&1jR2#6Jc63GRJ;BNV{CCVySWza(Df-}1^KM3?}
zE}HnwD{sYsa542cY4K1X2gUnP;Msu%Xr>|f5!*qT0%oTWlz;w{sisObeLi@HTJA&G
ze(&W0MJ48PoT|qIu84YbQZ^Z~$lS=N&%60-Jw|j05ewvet$koJ<j-nwX`RQHmF)FA
z$n`%=@}=WkypyieBi=t?b>CMb|3-6?9O6JKX`F9yB{KZ_fD8sM%v&dfcePU;;|S?D
zJUZDbDUN<0l3yE6mu7AZF<cm1oGyWo)PRP9=vN_$u=?#fd2VrZXox=7(xL6m@rBnx
z=OMO0gMYxb<feNnzs#l6aY~@vH^tzBMs`(|+?j1)-mK7V?ifVoiJ11b7P?jvvKw+7
zZEbJXm7s+MhLdlwbRl|?UC#I}fKAOmdEI@NwD0ucmec1AWD@%aoUorgn8YRBxAX7I
zZqs{HOZ76oB=nm_R5h2sQqZ`3BAS^qiwfwy{x}$+ip7s^TrnO}>=iX84+pCOgVPUE
z4@jb2c0?~i`}kUt@sz9l<CPY*186JVTK&79++MydJ%=j)YNDCewq!X?PQ>!)4_&Cp
zIy!e>Glg0Z2hUo&0?Z>OUvV`iFjkpQ)w?OMZllYx0FlP;xSl5(Qit!IQE@~+=hE0C
z=r+olIebvs*P@ud;bDUsH6S=!UMf)3I5Lf`anhY}ZgJK=LFGvd)L;}mkjbZEd#bCI
zn$CC3td0C-bLH0q!W&tR)5V!Sk2<9cLkkvahi*CNgYqPPH_2&T@@iGENf4LN>K3G7
zSPaUAUXD3oK7mS~CGrvEsa4GKe1t}F?Xl@MpKQOx@&VyZJ^GUFeJAPmaTUW$F+gg`
zJ43^%Z{c(!OS}E&(tD4$9{n_rUOi2T?L#0Rz$7mj4%#}bOZxEM@<pxxG|<AxjJ9kq
zB@`&AnbW)KQn9=z(ke0uPi?&J7LXHdOop#KoH@`C+-=uHDpe?Mp%$F0zBXW(39G5l
zJJ99&&}8!IC}$n~YG;B`X;IW7hy#-YHZ@(0S&Bs*ZHnV6+vrHQBQ+Wrg$j1-%_jFa
zJSrf=-v_;J%%Q?K2?NqGF<;AjM}M{v+T>3R2iMzN;pFSKoc`?2QQUFMHAkYr3>O~u
zCmu}S1tfz!8Z;dkl#NC%$Rg8v3mYF;DL6N_YYlTuT2&<gnOu2Zx05tg)PV_j9C%Iw
z8{_Fe^{B9BAmVztn~UWTtRkppE3VsYI5cZgrglR~jqi(h9^>&DG|I-NHjx)t8~kY=
ztvmZO&U?`sakD0-csT>_Ci(Yh@nG6I)phD3ORMKV?YZ9W0)FN!XNg+~sU`>RaKPo`
z=<H7Ms`-ob^fJ>OU_bLa*bT}oM=#E=G<-A&ICkC0w#8ZS`Jq5LiuXu3w0rq$y9cFd
z3l#sg{rc1U>-HFINUy3YqSSM|FF|inwmbJ+Y{I9aWn$|DxuLyXQAhwXhEr80T87U!
zFoMi*zKVZiy-?2wZ$akerHmvb^&hUQQ=OpJewweUJ{p2=81LlP<^9L!GMJOe0nAK6
zZ^g1PN(@&XnhJY97$kKLdR0!eGn7(;;7&YX!md(=XF#5U-h4a`nM>c|-OyN{iK5aS
ze3qXxS0At<(iGr9o<gB0)Cp2|FyY^gm%xXy8qkxs8#{?CGY=ZjwZ9wq+!BBWQlI|>
zA*y&mySNjXy`VzTeWN+Ewzf7VhG*U#x*d2Nkn<<Ux13DgSpA*LSFZIX`LE52;q9O#
zx)KDe+9x-OA@oI%_!l|%FFCWb29So$&3%zs2>1Y=P$5fOPEkOH9toVYk|}=A0hZqg
zEe4R>ilb0fM}qNG(qbnABlCv59=txVn!NoCy|JEK`TYQ;g-rFhdB7LfNd*`G?SWm(
zd6i%_Jxap^FcLtR%dOBYR-aO5pK<XfC()&l9m7HwN6ZQRfM$>=2xcCBIvoFV2T0ok
ze8+Ao7U^Hfg@x_ETNGZt)B|$=0XihG{r0#Z4%G8@mCb9G|A|Yh4<RiWvN@Li%g=z6
zuYCj{%B&RHb!1>G^c}G27rUW&cYLY(%N<#X<t*VMXkoxrlI~*NkwW1S&3ug<sfD8I
zXRn)pI=Z#Ul|<FEsPgP^m(>=ZYwLZ$jF&TS0^OP5w<<vIcS(kDn*J_|&x};YRvsf@
zJ)S*(FCNi|)qg~sEj$(Kms{aO8iEIiuR(Fqh;b=2?v==3b5tIEYqGJ2v7)p(PC}H|
z@s4|EScx1bmKm>NU=^KG!vM_<y7hgNC5wv3v<>D~cWO|6FITX8I`+D@{=G0j7&!e>
zQXI*WM4qC2I`%`+l<>y}F-Jog<PxkNw*xGjDq*^^Ky5iZj`j)r`T+GBvQ=OgBzd3J
zeos=>Xzy{+Pw?>1OCH7r1!{=_O`ar3A5+Iy7lqE?6tg{c4laf4f!s8aYxhKf8oMM3
zwRREGVr4V*@JMy={2^qy4CJ`E+u8F>OUJ_Zfp^w@hMSru1<uw$!NF^kz(aI6pBCN0
zf;id>?Ye)hZES2dIzpblbK!q~Xsjn<WbKk9q$PLuEF&$FRzSwGx!8V(-GxrAb<r9X
zVtVv;dO#vS)f6LaP{rd7@^asmT9=@vd-7n<2E@ssnazU(jBJ<ne&=9!pK6Y+1&RVC
znyc!3FQ^^mWPgE{_`58WOl?(_QmP&aX^-1&v~**VInX8qL4{tsO@%}bQ7VL9Vf4;-
zLxX&@0EOz*VcE^^nDQf#1fC*xLL2fR@^=Fo@pc2qdAq^NG`AZ!SkmA9-wot20PiJl
z3pNn?010JN5QzHOhfw^&_gTQ{=>bF@BA=Dz#-j<Rc{KDY<;2r0t8fE%jI{xGf*4Pk
zACmq{$=hIz(A&u+Q2+pQPX$*)cfdu%AdtN3C1NLd`1TFpUSO5Lz1xGV=0S2>h1L!k
zU*9*pynUP352nu?7bSAKa$ZSr3LCxHGTu5HuvPms6yHDGRG6nWmg2$9(zDOpTXX1g
z)2+>^MryDf)ArvKSc0u^n6@EHtDYsT&F<u@66}r=kE`BiFLc)1i!we;*iX6#&uZHq
z`OJ}eT)h4E;JW7PaVqusu-5sAq^MIQNbEOot1G>!#l#6mB9I;UYk>x>%zuisAIt|@
z1a5$RLVbUP1F%p{mT`TG5QjuS+`V!S#~7>06O{ERBJvIQG>3vOfuJqI@Su!dsklzc
zEH+9Nt(%n6!sg`oFwX+HT=jrNbP!AtQh!Kn+y7bC{Lhyxv;4aOjfizQOX{q~w^(I3
z^<1{&N(jG{v(GZ?v0+57(Z(2V@o2C;!Yhup)80En3kMikNPByGP$q*c^M>VfXO3m$
z0Q0|B_V;YS>_S+(;~)|ez-cftTj)Y)v6*VDAapyBg~kv4DM$lT=*V%__P0PoBw3Q%
zk%G-8@-oEncVxxPFEYfhWPq4gb?h=nCS|%grmOE0OS;dn%c}w7)q>sVL9}8ATxd9v
zkhD2gptk9s4#R{>7#*<=T`tYG(JxlGT&#|Xan4gLGxlN0mmB$6V(yrn0Z<JTeRkMx
z&UdXf&`bauM9NhF`WACP)cJi=_Z+uou?jP1@Pn5>9mBeBX9;Y5jwyO2(o5RSjxQNS
zn+#M+$4Xl8CdxP-LQd-5xANv@sld<Z-J{CS-J)x6!;T>f_u^OXC2}8v*5C#XIoz8{
z3=iSvAjzixQ3mpWMxb)W*%}v70uJlHhQK7<xcqwu1SqymCudrbOfr6N8m_Pxq2B+I
zAFbhIOm^U(=Km2o1ieGT-;g2&x({`8oh%_wgg$l}Q(+1D`_&TP<*{k^yrhIgi49Bo
zT=O*KV=Gjkb%XR9K=~|~9z22N-dQQzcF+InhV&cihK&I(Qg@H4u(0sJ0AyUcV#!4=
zq9P*6itY}!wqt-90x<^h;h?qva!i0OP8MVX2qpy^18Owd1T6(X_Zw7LiGd1yWTiR(
ztpcd-y65Z97Rv4Vax!!&?DW0QNde={paQUu`0sl^i|5YC&6OTBrL7T8R<68i=|AgD
zgSd5<0U}3o_m0r6{QTK)AsHmvfR_l2<`zKqh2QwOqCA;)RSz<6_d#RFQUM>3ptY4K
zKLxygW-lwtABVDhDblTd_mbXwoPbA0{-4BN$pp2&7*a0RdFJeLP@!eMB=CwZ?a?BU
z;T<l$3Kb?M@S~H9Ds7o%fC@&eJE%qm<z5B>?JSgv?a~HXcG819ajTS4NJKcIo8Yol
zo`zMc%l|>8#2$eZT<++Z%)qI0k+J};M*3>hgBrD>gw*sO&?Bymlh1a#6CtemL{DGK
zJvE<ye5n&Q;-2PGJ6}A<E0zLVEF(&0M;f=b*tqzztG+wP*`6{$2e`ymC?3QDGp=+3
zV;<!{=mLs@>P@Mgr!=k@sp{xu<~Adm-g9X<o!(N$roc$SRa9lsR$R~_MZ;zYsv)9@
zT``NJ#Q2k-a9?L_SXQTQWu4pRj#PuoR#x#|W;)5V^D5{}eU&Bd2EbM-AUuA@$ek!I
z;2;PH&W6Y1+iDE4X(imq+QN~GO0G$x#5VVsIrES*0l*n5#K-sAy95IGn5hCECj(G>
zgE)D%{Hr{P5s%jwI%92Tgj+;#C>%yYNqlr(qWw+~T-o4)B2Of>j#o*11L^zoHV*^(
zJN#6C+j@u^+@Eg=Aw|mS?fyKPbd2KWM@jKx2>}>c%Sl}|LB+BRwG^ymag0g&Jqg{}
zwLV0LUgzFok{@ENH+8j4!;~o1S1Ev8)KznA4?G4RcuL{E1GMq>NhH9jLGhR3p5lix
z<lhB`;g6f8S|<`)|3qKQ+t-2m7C?M@zH=3b8AqB6Fvh)G3I4y)&sQ;o0>8UOtG}oX
zRPWYiW~;vdw7V`>eMeeUz);`Pw5FmCwN3?$QMCyb?sfdE-osV0_S8E|uCYVjTmdTL
zvooF^XxYVY4+EDNL7@Y)(DsXknHUVM#Os1OF+{>ep<D*TF%{BZ#tlRRmV43j^+{Z3
zP3ELgOAu|Ouf($neiC|b*CE^f*x1;80Ta}|poJl*q93$%L@~We?gZ4m+njo@b74r{
z=SS5U=q<qcKwodeHUF#8qQT-90OJo80)ZU?WP@!_@Vf!Iq=2K41ovRt{b)<0f5GP)
zV}vQ42l9%&rJ>#wY`?xgKmrKOV-bXV_wEVG11d(qM#Bn2;(#_owv0rP;L1b!FgjTt
zEd`s|+1UxK%CQm(fDkGH)I8T))YP+e2*QPef2UGX@~kJrC;&$XD?<Gq<!_@K8MaWm
zr}B`l^ESj&a({O;Ep86I<^CWuLzNm{_6Ds}1cj#;NN0d?6Ec%a@A300T&ZcW0tsId
zE7AU}1`;_MC@kI;Se@BZnY19c)Cy($$WN&-6Z<poi!O%A9zE+`J7f~*h#93BU;v24
z1@<}+4F3S4sZx>wa=xpNPD_BQpfK;WmBmLnGC)=A>0J<~_Nrq3Xy`}EgHr=^Xo#F3
zlMq)GT2|Z4sS|6uB%{h_`GHqO@A2b6?_lku9$VCiyJKzNL>F@gl#op-1N%1xA?pX!
z9pqmb5sXifDOh`%^K}3d@<~hEDlR5^oJD$Bj}MQFhL^2Z5JaHZ5qS}e+*iq@-ZSxy
zaI+6AGCY<~q$!5GMaKsFNY&kHwK)6Jt152|Zrj35gUw5_$vJLT<?kP`$JcJfGr~eP
z)l3b^4+D5%k1-od(@Q<nTYTw@q+<|`8{~2WOlTgf;ZnT0apsuTdgkWf0DU75U52fX
z*VD~hAxwREly)lHPXA7t-_zQRueW4sBLp<$FMAc$+_WXmj$$RybsbjIM14$8C{ny4
zX^E?_)9&=!KlbrAn)7wB(uEm^_Rog*uXW}N;azMBCan!E7q1oXPDl{SZuxe;TiEJQ
zEI@7)g^K3HUx@PZxrK5TIOa?IoT%&RF#d8@g{4|fK?{?y<kez5opa~M+77eN*N0~1
z*Iiz}cS0f71ZJv%b<t1AQ*7y4I_Ai=S87bvG1?)2Z{>z$>TJzrWNGWI&+^-lUa7}q
zo2Yr9b*YGLSDEMG^KZY}p#q(+2d)^l8>>s2Bb%_v`EQ<4d`jDPHpv~#YwnSZCg0T(
zbe{DA2?St;=1RdJ?XA9u`ZT&2AA$q}@4r`gPF+O0E<zym&8K(oB%8|MO&b0B+@EX3
zyR`3Lbou<&k)wE~w$E@j#@ofe_0}E`vi|~woHBcs>OBw_awjijriORdz7+J0ok~{E
zj&Y78<mw5&k>2~SY}SrA<BG5}vrxO7EBHD-z4qmQ8X77aRaFl=R=`n@`zL!dfs6OA
z{|jsm$&VtY#z*}}uVGX>htJX@s$3e$JdoN^crLgAGCJu+gQQjaS-Mx%{EzD_u~v(m
z=v`}UrW&lHRRvam?Wv4gAn&a_>+%pXC>OUTmmWyBG8_s0m)`g}JRkf4DnVOcS3VT6
zfSQL8WnOd4-0#<~xQ~El1#RG{pX~$hA-#%n1yq6UdX{?0tWR#x@6BIy9ul8*DT?Oy
zBM9(qtE>8khy6F5<=qzYOVRP0TOS11hg<&x3h#1Jfkt9D2ta30$TXg~T`9c=g5~GT
zSztT!e0@gC8IUovT9}n9JOTkL<wqcs2x2BE(gS6^?FRIa?FNXHemAyFA=Ci5*Z<hX
zRK8T?<Hz|on1+Bqvc*CjCQ@KWZipy#Mq*@@-Vc9U%>N03Z|Ld!t#C;{1P57(*jW!?
zWx<PYL&+BuSwjiO_Nzch4%x03P{IMd=p{ZpVw?OwQM8>Hyu>?889hc?DF2S#mEnL7
zHF4{)^9LLM5Ek@w5Gf~rp^i6oiUh)%_f4UINXB~PbOVAvUi2-Ws-t<0W$sZ}A}`1A
za)VgYR@V;`s$B&g3*rV^s}4u5-keGQEnf+|d~Cg{ao<JO&>r0mL^*u`xB`j}6&N<r
z%sd5dB)}ss*1pNtv;TVEDu2Xb129@2tY1;F_>^B$P$T@AqRM*pZvNGR2CfnwBy*O}
z4v@hwJEpGIftpy7j?SXQ&-B4pDX{!+30nDW5BrooiW&=MLebfae{Q}0sVS8>V}R5V
ztGFI7`vA5@NFQtjp@73?n%vv*k)iBQEzU<+3wVlT+#HT<xCbA*yPwnhN0|;Qcl!?b
zdvzh0LY}rBKO38>94~_Hpu<c2$Tg%Uubuw}^*_=HX)2K5)wBPOJ7Td~+tP;^`dI|7
z48wQyrlxJy6Aokhm6m@G3Q8TJMP;SFkW#T$5}09D>iGY@k||hWVr-Lk(2=VfmM5eY
zFR-Kv)xse6y%Gru!t-e8i7&2g7h9BBl~~AELz@JI_uC5byTQ^LRu8}qwj2LZ=9iKa
zZa4sTZDI#29|MN`L>$C-`~7qgQWblhcFR3Qj|pdxskW;LE<aslDX9JbC@2IFZRa9T
zLbyF2D0hV>3UWSH>iS0p;Or59Do1Uh<<X$Uy}!GV9RAtQrV@_AbCg`ysct}9KaM5|
zYfHuD^;Zm}vL=!U9@Xh!Z(Z>@-nnVK>s2ukzvO703o-6Y%k2^)53>Xe^cH_GFYRKM
zCHEtw8hNSb$BXfiE0K@|tMgJJYe$H_XZ#{0g@MyjTKCFH{zTr2i(%tU8u1NjgvKFT
zn>SbTON>ccHqVGF@Y$z}Ew+SDdICIfc~gz%hBS-;OF?eJe`|IlwXu?EDyj_6{MM-V
zFe_X6^m+ZOsX-m28DqC}EdKjMXxnUvNSLLFfOY)rSK%&H%kL+AFG+s4ajMLB&Ud2^
zl+L`wD%^i@F$XgO*Fg~v>GJ;N{cPL|&$g9DTl>q-DS9})h(~ad>spa92a+|EEry?)
zr%f5l=dtAb%#(BC8nSc^_X_VbP^-msI*yEy*3itVl``Da_p8dof9E9#vsC8>4lC8(
zwW9odW4A`RMA2(UH&qART>K#<ZG_=J)3@u-rk_PPKGutvL1YhBO1krEmYqM~oZW4>
zs<Y_$&&p8ejcu(;!Pck3JbCSAUgB~P!mzLl5wC?a3}+6O)X<G)-nXwze$xCi*M<KN
zV+Eii2oD2F3k)2z9U%3Av~$7|*I(l4ctJ_wTENeV&}%XQD}ZnM+cKKsAO^`-RpwWS
zouCAnJy5Uu54sJR<NsLVZLQqa$p3Z4AF~|(-4np>G@5T7M1lZFZ}M8GIelnYkV!qM
zhoO%MF-xoo$qIv4d^aXDB4g;IqUc38Xvjn<BCjI%WHVhZk1-cU6g`WYG2E;ioSd9=
zO9`0w9~4$2k1H{0Zgq@KbB5lhlKVcCY0<#NPzqcv;)G1V22M!?ny242lD@vaS&|~H
zFk=90bo$Vb%v&FR)=E7v)Zo0!H#U9?7qHQe*{Tsz)DbC`n=cdhFhl3y1S+N@<mP0{
zh%TO^TMDbyXCQ}x!f9$%>IVuRFINg&sG9B%$J?G??{g;v@pRsI5!~#lztuMDk&fFR
z1B=AF4>CJ;OSb#WBeF3YTg74Hy*;r-;w1Gvzo`&)fA}?J%0-sBN(FpGkq)?_Qh%>)
z>2z*vTALM7zr??c*w`6gk%lWD2*WQO7$lxi;1_?$@^;7MP9QB7J%mzWSqZNX#4zoG
zQ;_0vrrHT@m5QCNO&6l=rc<$ptuuwxXWfOA{`s@`{AGyjTH_MZl&~il&pQ9|nPs@9
z{<^W#<<z&0at{(i8xO=$l^@b}EHWb5wNXj9Nn0r@_xWd+WiIJ&-gVIKoC&_80+;0t
zp6HQfS)H_c=un%;5$kwFlLP)?NR0uHZg82zroQEAF?>F6qQh}yVY7XSx*__;YNlo4
z9`i1Nx6)r>{srJLWXSEGZ}g~{rB%}JeM-E>8s6x2eU6Y*)`if%IyO~uw{~6*PiX$*
zSvB$@<ha?_5*kTkb~&wmTp7-#0=M*o@fhbndO5CA;9_&aPJhELRI@O_9`0RnNikJ#
zAaEEKE{^1<g&1oFbP94;T-N;6DVMkQ%kzx}FqO*uI|YyiaTOK);>eR~a3ls}TGC-u
zgsirv+*g647De-4cUz9;_7;iZ^)~8cL!Tr@;HSJTgY;=)wAZVt*j@p=NnVa~Zimxo
zv`m}!m)3oGqdF{stadFS958Zy?8GiTPNVyYeUnx9;L&?i=TzXn)xrD+Y~<d{OS?GQ
zk{rk!p{bqCngRxKD3dPXVdcNU{i$$Zv3@BjZFMPVWBeC>)@s#N2NNn$mR=mGv!jlV
zwK06jFlK@47ejfPo70P&G7+PFNrsEcgINREvY;t-#}&_2oz8J}g{zK_@nzp9dNl^K
zX0@jgO?}1%0ilDw{ftA%M0>p9rJ7r*VnMO*ZZvM_7lb<EdLF6~^%Kb&uxkTRNyacq
zvJ)3~aK6Mx1N&#*wOuNyx5;1D3XKBO(6|@3Cmu}7eBCPq^wwj_JW|9X4d=yNYNn3N
z=$~lU7f$^2T;1YrZnlF!5V<<3I}(qeeHnmrF2g60>FU{C4uy;c69LWZHg#PI>^8Q`
zddyzR^^t?BaN7f&)gLPQdapj~Sb=ArZ=*ickJj`&jBIe{uq?W6LU&3+IOYfE>)zl`
zxJ0vVK-X%YL{fLW84PnNnQVs^G-r6lznc)aFn*vuao$`eS+2Mi1Sm(k)3SwED;gT}
zByCCRWP9ncoTYEpN)oM8HnI9**R8l*N(%9*FoyUGnDvniz#clUg@p`8&t<avJ$P~W
zRC$b6N)gFafMHa3*e-*p-#ZRa7bLS3pe`emxP10klDk!KE3!Y;il9MMA3=`V)N|xN
zBTLG(#|C^diA#YMLy(K4&>1K~xCu^#GJfXve7DAeQ!r@LWMjvdc*Dbb^Cl&BD2~-6
zdr{JHjFh7zYz@13w=_^J^S5(HHq?4*NL}ES$`1Wl7}Q!<pf)^MzLxrlpbmeDkxh^#
zp4QO`ao3PKf(#!ou|>ih2Onsp9J7n`8vncPWC&gxHN;(C;^5~;!U%xPwOfuCS@&<?
znJP8KrKrleEN%2gJD{zsb_atYLU4P3m}FDxwujjE9NQTD|MnaZG(CN`MUm_geOT~H
z0_x2Rt~aj+Nz`5w@9WHu!hbF$c3FIu2)u}hwtI=5vuh`?A=fe&AQuoY(uIY$)1uYP
z0{SOH7uDxRhK5oQ{EuQ59H<vJW(euporclUj;qCM+gAgmp?gA*OkX?t1EE2<)0uj~
zF*Be3bRxKEFhtwoeAmfni?_u|6LqBrx&?aOriA;AG)uCRN<Do?^`RimukBGQ?tB(j
zQX%G3V$VlCnF7n+Xo(LzO=&e=mTDO>8X|ZiZ*Oc?UYq!Ur@_W+{0o7m9&rs&V*#NP
zev3yqUb!G`Y_O5(^uD6;V(vy#LTg}*9Vx-OcZ105UpKW}bO;%%ssdc=LF7&y<Z5$+
z?C_Vja`FAqW}|&C5TT6HjoH;$HCXs7F!xiW-KiwY)14kC^KH!Zgv#-fq&9c|PM19Q
zGgY#VpP>n#B5mBj(T|<H5G$?oZ&E6wU`RADqei96vcKal?)-)@K9#ecP<T-RlJn6!
z6w(=OCB{n9`DZk4$@h<bepXIU@QjuAyuPWG?|&}upHgSs`Jw=|splbbVj`4Snu*Hx
z%=YI1M>?MDKbJU2AInf;OhyLGSP3#F)PPGRFo*amzxu6a@j(d`H}V@k0fSM}|KdGA
z@YC*eQ`MB+9o$vT<p%9Qv3prT{E;VQ+$dGM@_3-pf7WYsOc>1B=WdHOU5biCeJp#j
zwit;nLp24g_w&sioICNCR?1Vr=wzL|rR?0Njgj#L5%E>hv2oF|QXCEkXf#{}c|m(P
zqU{P19PYNGz7iVm0c#bD04HJAKs6Xt!~rZLuUN5O8eFji2<)7xNsAMqgQWlPGOO9)
zwB^4KBAxVb{a+tjf#U=D1_GM^%!UB1tCCUzie+|U=oR{|?!5q#ce;sVOfIzvix00W
zF=bjTJZ$8BS2isgVa@#;a)4Li0V9bp>oI`z7ziNmk1vR|i+Q30%u*?B8mn6f3NQe%
z)ADXd&#T3zR3^QZ=8MjPHofO*Qk5^7a?#C~h`m;F-$eKYIK{HypbXA8D@&WSnF~W<
z{z(-wsB{8E&aZsyQ+VG*EK@4*cZi;J70SuJ+LWt#CRolop)H*r2fJgje4lHN#*5|v
zNXf(H8HK5Fa7$_TmN5iKOkX4!YZs)cr@d8&o1O!?s*m!TI&RdR{00wOLzbpulMF7r
zzc+Q}6f`=dBB{#rzB`Q@)~bY{&p-Ci7^<9*EBd?mDz9aVWN+7PB7Qbc+Z(+Go?BJG
z{C&`pix*f)yym_*X*8&i*KPT~H{23#`To&BOKt2`Z82)4vXkuSt<lnEqgb}~k?3tj
zzAKM+!}Q?v>zvvzc;~E|%{t^;g>;VeBo(ZEyqe6FXFW?v94Ml~VuX;xX^2&lq$=F<
z8PU<K|CgJybMc~D>ru+(7D~GW{rg`j;TDnjfQ(p4sbtjZP_(F0`S-hT-ON53w5XRq
zaQ??_UrnXRppt}!!Q6{5p;u~ftk45-RLJH>jkMlaa&LYO7Y`w>V=Zyk5Tp-Daft30
zYuHiY*#0;pxt~*N2p*)7+DxH%JE&{2h_FhAfU-J61eA1_O6lSTgoa?5UT86iFFyKu
zZ@s_Gs7{K`gGj84WQjuKOWVnVWH)}f*oZf6Z+mKTd3D}xeHbEk4QSx(25rr77jE`a
zhpgvrWD9;6y$8nyQE7rmRrpuLa&yCb=rtDUNO0UcHJUHb6)|`rPE9TnAF{OZ2#H1N
z67`ersmtrE#gakhySE_!Sl-D<yr)?{ScMJcU&gAfk|zg!C>-Fp3FEhbG?mI$R~5Tt
z4t=Ob2(PNmIwxZ6v$gOrk@~m=v7)k&c)Y29f<QZdmWbaH#w!qc(GRm_v<w(vGXP~z
zA>8^Q=%Pe=6Gy+;^0g*1&Y?2AZSMn8M|vvOD<?n|S6kHA8X-|$R%@GrEssO!61x^&
z*_>GDwq!3kgzWr=9DhCpQKo1d^Bd1tyrktS3WaiN(MvQpam&RWnU?eJa*S83TB`IX
z7_Ma;)MlniEa-p#69y|PwrW_uCJsoUN+gnB2nkJ0D7Rd-X%8z<6Zd{pju5`kx>r-H
zKaDR!myj$|B}6tW^=c8k0_~zi@5#2R9^pvZr}I|RFA5HVAK@^4i3jK!p-hrzs~`&&
z20Kpq+TgnKu~HvOR%999sGpsA^z(2*`8>nmv}M^=-QEA}+JBVF*5?2L-q7M`|4E8#
z!=$cIRYn?37n%-Mj>uaU5E#hJ*2Ym!JgDyZxhIacr<S+%{+c(yDJN`kyMi?4%fYEi
zKuq|jdcqnygoH_=7r9zUx;uf|5iA7%3(%xo$~-ry%{2hfJlFhoWwM4m$lOFTK%HGx
z9?7(v;EL$u*OGgeoV4-l*)DW4bYB?WxWu%?<5Kh6=8+7*X^0vwph(a*+TF#S@?2Xg
zA?#l32xrE*O)_Ns)NreX1%h;$vJ2oS<3!q@G6S&EAQgl}0BR1~jsGbx{D0IMwwX-a
zNK;P$4gwr}p*JUBV=*Tni~dirfnwR#z&K=6Lhzn$v!G}KYHtwp2s#rAovbN<DDnKN
zv|X%%L$wP9%zt2Z`-c7Vq9*%`7y56T69Eya%7p@i0)7^xi~<=nZlq_C%U~e*<rHud
zHq&@2b8&<?&zx(~r4$V#p~^ubBJ_Pcvp=%F62P3U^d^^i&i=9AJ;Ga*a&JuFX#LVB
zJ2mR;^T8-@MMzgb;RzIK6B@PGntOM%iV77{!}j%SFuE7`$q>1;Bansr5P=`W$ZZbu
z`P*7}fYXMCM==Or3_$+;Fj2HB<9tIwj<ZSgw{b0inbR^$jtvjyn%~QQ(r+1}T}pl=
z@<zB~TF3n+QUr8fkE)U*vWP*3pHy`8paYB)#dG-L?*ZhtLxIq-v~4t>(+Xz_PJseK
zjKAI9FOydc)_N2wPUPV_l%%8*oUNa2b}{nNOCf1#=jYMT@&Q;%q{5pbG|V-J`V_+_
z6<1%!m-YQfddscTD$(#5mvHMGo%91@8e0WxJsV%_hYk?KjFAPaM!1@QFYCzQI*2j`
zespGin^g&pMkHqt01(?j0d+L^S$4smNlT3r|LX5ecXQKAxy<{3vNrQ1)b@wN;42q=
znUk@fj}tG}!>Ufq(J4`L9XT#i#IJY(Fqk0ORXh%yRHfNKjHi*ONeY7Ek^wwh$09$H
zc37_>LY?yjT%n>taT1_=!m+$|l+fCsKFjJEV<%4BWX0?+!1mO>@Q3Y5cbj@9l&(0j
z8ISMr{kK7)apb8DKp*R7^Tl@`Zg=9e+uxCxv+>$h!x<-;$(vZ7?NTsV0Z1p%IFLov
z^|<pI7rkB^RX?>kRwPs{0w|i_)J@M=`#O14-1mFryL5%5RVSG^M~(;wOz(AY0@<&f
z1;>Ypm{*{Fb!PZkq{FgOEa^`Qtgm)*NjDjaYl@o3Mg(UE3KusT$;f>`5gz2iY7V^7
zI4K`j>;f29(3@wAhP&;B*Y95nQFRbEYY26mX{}HwM8&`N2^E}+eTiM7u`jB0t{g`&
zF!7uCXI6k`y|BnLfP=OKXQpcs!?iE~Gv7O0EySu4O3pwr#)$dk2QHPXUljdUV&WGe
z;z=oMs2y7i1Et!POIFB^f?;p~TnSBiFLfExbmh>G5T|+R6MOx7;HGw^e|wA~wA)k9
zy^lKB_$yA0X><<M`9a|nFubg(vp%8F16BLw#>XMv6(|mLv_(WNz~8-7^jS+1ABcs<
z7exU?1;DC`B;0!*I`@L0Sps6lRnxh?<(VY&z$rAq_e&MH^1OUns)Ys3m<#Z)Ub6|?
zbV}S|t%v&sV-G4$x{X;orw`I6eoa#pxVMVHVeRdDWEr;#wC}AJf(Q>e=i?VD&A<sG
z2;~GPmw;gZ|1l^5Z-<qJfa3XYpcc#u{}^mFTJN!qA8l_Quu22e6r_#KsPYyS;<Q)%
z{)vxm2n^y}{TJ-dV&-h4T-&%S#8deLuHltP5Dll6`Xk)gw|z#yTm<kJaRpX@KEqv<
zvwjgm{s2*wADMsna@qq6REj|gOd#rar2)Pa3rtATTyk4Pcu-lkCjL*&AfI2Tj(0j5
znP!x~(m2VYxJPak`T5T}XBw3>2X`l5-*9%43#r$iizajmyzA@K^19-mw+$awJ36gJ
zQWTbdeF*(PmOVyj7TH?(HKVY()$XMXKOfLG{Vr{_(QW8$_Qfqv+7@`8TeOY5jy%ah
zCMJQR(U-CEt%o-OS)6oIgMJ^dGqCUUw-No7c(uAg(Mn{An3obmn|vIZZ<K4@+*yI>
zxwUb6^$;O-<Q_S<xxPz^zh5B8v;h2YMJ%}|zee7YcDf%N0b_xY*UH3^N;2;U)8p~R
zT^<5RV!CBUy0Zu=%iStOsByq8kr*p$A&KW=A&cRZjzOU_9!HUB@>%`JWpQL@1HP8@
z#kL*hVwv6&vIo+NpX(r0ImyebbP&ssRL{_}*9D*rDRbvBBJZG^oLpDeF10_P>Us*y
zahJGaY1abQD^4v{<})e&!*Ve=7E_XQOzG(<t0v@}A$^7jlX?2^H*mVY+y1|RQ{Zv9
zS**a*fThM-*FU)Xe`*g_2UCy^woA~dv4CsIiW~1(xx5wNfq8m@nl0LUy96-$|FHJn
zaZROL+weK#9G$U_g)T5QP#~Zppwt<qC{h&ZK~PW#C7|@qI2NRjA}AnaBmx2ghJ+w}
zMg*lBYDg#pNN-X?3GG{ZCpgYI^FGh>KHock48Lu5_TIVoeXq6dwXW-0)jXd|04OwQ
zy|A$U_b>nW#lhbd80ZgiMSw<<V+Sj&=W7uk7nhjyL=`t%@#Lv$;p^8!D=?_E$`2Y$
z5EuhgFoF~cI3^<6jXk`l7zMf_oBRLr=c35M^~!^X2p%mo_<z*QFTRLCZ9(OV(N3yZ
z><q!S`Wb2!89MRT*c{;Ghyf#GeaKKd1&UfZ>R9Fd`NtWa<LzB`J2{mbYGiVjYmH~!
z(X4zMn|+fG(U1*9Ry=51RRWZkeGTj1`AU9R4yExD*Rr}Si?9x{(lb4I;t{1nOub%G
z%+g1<yiH<WdC|f(U74wuqDXgyp}e*#K>besNy%VVz6__t^EI(xN7*Mbd0shS;`cLr
zN&?-dJ_Wn1uxHhjmlP7>O(oLweTB&sOEbM+TwkI)ikOrAVm02$-jtS5@ffX;rAH$C
z%+q8{KG`NjG(+%eoz*Wd1b2UnjbA)J=0kbl`!tIjfM)wEzxTejyfV#9mF%0WoESdL
zuqInnJ;@B9y}CPlX5>JUOcli9aj=J=#_QJcO50$aZQkvgx!)grt?tvIv^t6N6xKVj
zdF9pOQM?sr?R-;RLsUCedIPxPUdIQziV7!9vzz*9^+XKAu(IljP#ATj!>BhTH^0M{
zlG3m%qTi%)i$T~MQ(<Z()tJeL4)s<&3adKg8(~fC5i18T=CTgfBNtDij?vv~5}w#Q
z28|pm&9734a&ape4?~Lu>R8Z#@u`Yxyn1zN1C8NAbT^NY&l|>N3Nr{h@l(h+j9T0{
z=(dyE!#*%B(!?pHeTVN1qZ&Vs&Px1VV9mIwhL{qco@8~3F#0_sqb71{!?G;3V<0j`
zIwj%cH!@4_3x;}z?>l*RIgYO1m1&z?hjV<+r*i2Xr9cm@zJeKM{f2w(8oXZnq9zFy
z^@-N514_3Iuh#+p-F|09;}YWI{D(etYFdS-Mg3XsL(&RyWH(UeiwG1z(CX`T<1eB6
zNEH~SBII1S-snFL{>C-khDaa0v;{Hfj=sp}%Z@|(OLlP>uzc_!Rl`J}qfW2i^8b-P
z@)iHnA30wFs9Z}#Z9fN#0YEq{=9{y*J)8S>3w73mS9yK1tZ0@6SeCk20(b4V>QRiG
z%|wLSKb>HT8R&C8A=8Ocv017%?rvT^jyH=kAyAX+pIw?P$YVLInm%r*NqKNDukFU#
z8}HKMWOGvsJzHza)U--lkkj?YjY|j6rT2Z!?n|O~=4(IaxV^S7_mq;F5El8^HA>9p
zm+ltk1#uEr4GFhuo|<IZUh;Tw!q};0JgSy2L&IqM?+(ElQCaw-zGv+ZjH`HR4K8vF
zd%(cb?#aj9@|OjI6g>4O)v+rte`bGey8I3G?fpgxOT*!(61op{-xBuoIFN!VOLXJ)
z=XqAF%#QBcVyCv?CT=rPlDR30FhuI7RpK&ry{;$bT~LfTVSFW>e5poAC)fnPKTDO^
zI%m_?E{d-1jp;a{*SmL`t7Dfd4aKkPCR|U%$A6Pktzy$aU;Xo}4Se`2&`8>ePoczP
z4>v0`-uTJ9_1nz?Jv>RiH}~b628C`@_Drj{;o;gr;lkI>z0EaZpe<)aX6Tc~ujv%a
zSrjWs7FQ?e8k+k>)iJpD-@t>IYcxFi_aZRZd2Xfe-yIfhBUTW9Nj92;W}TX)z2k-q
z{CH%mH9GI|6v4Az?|6N)oI^->7WNl<3Y43<u^1=F`j3OZ3%{rb8UJ2ZM+@JB)0co#
z4e(j0zz=NbLy-UcjX0$TYNfDcB+6(Gt)l?|e!;oXdeDVzW6=jde<!e5vvDBK0PqUQ
zqv+eYhhyd<@QRlJm?vS8_zXNzI+j;co)1s62}1;B=+zsMlDMi#nfi0?IOd5ePQ?nw
zoo_R8KVP%aT!xYHyUFIaS)){(8sDIoiPw>f$sD)DR%U2d8Q~MP%Q5mDjky#?1XZ4$
zQ*KYiBvo<Y^S9qoD%#Evt6trGFum5A_HHCI<s!kTP0{g^SwBuvpO(`0Lju6alaD6J
z<k-ee5(@e+`%M?nH%ji%$NXVD|BA9fpyqWPR&VkL--{=GyQUMFzTU&DEk%d;9&4c1
za6^Ac`i^Rsg!*^gYKxWKYBTvlL)2@(s=GO{u*vZuS*Li(*4a<xVkp|e2l=9?jZ^r3
zmzXUw4+6}*&Y!p*a4F<rSlu4unsilNx;x>L(g&x6ah2lR=Ty=0(<CfTk?uNcVEL^U
z=gXKwv@5J{Uxn0Sk4FV&>OZXDRoU(MD`?a7${LY^-wGac<jHe?#c<un;}dh-@tafw
zIb%ZRu&RP|vn`(78T@WX8fQ?pQW8r(YF*zY`Sy~Bea>+xo~P3b;v7SwPqc+m!w=PL
z)4-;b_Zk@{%xY(MiRm4PnCNyV$VO(@&<8e(B$X&ip>_mZOE}dvHC%pgHE&tU;{Geg
z8QRa9>Tr@SH}*aD&~qfaeV@@}t2=*c^wIt5L>p$uhjQ6iGtQtP(0Jnn1ML)p>7VUF
zHWUj+&RVTKp{ii`e%SqvlA;%II6%@P`v;GnylIQ6XmRWQW+wtUQ!?Jl;yp(G6g@i&
z$NXc83k;`Gd-Ubb>g|kiId^$nDp2D3F;DjCal`6XyC~}YB*wILdEB$A13e>Q&-<IU
zTMI=AtF<lMem+-l&O^?LoE7{|U%2xRIbCjWivOS$Wch>xX@~8-BqLY<M-Jy?AH&!F
zpxXN%|GFhX<IT@o5?BfmP%O3xlz9FVFd=@MI>w1Wj%s3Gy?$-_YtWtgIgXp*C;r8W
z{jWURgjPZnNw7JJ<U3I?sLG~At$I{FE?e$*iQOytZJB$JI<i)0FHtl^`PF2XZu40x
zu&u}Z7C+uoJ*xWFte{aOV3y`ei4l^1+ac`LF-3|Bkn#^0O!T_PESoQxyjzs08o&_c
zL!2zAi$*u)#B|@%oQ(Q_7Ye1eN?W}C?leZ{{aqZBY^VRtYox}tZ=ia{ZNAgX>TJo4
zV0aFh)n3lXR7PrGM;8l9{O0dzK$Sj-WfH_f3KGiu(t42S5{#!T1g3&@4GoXQKUQy>
zN6H$t<#&IYd3+x>kH9klc$7hET3WfX#UlOnQ6avE^@M|9U4g9vDpr}_0;S@0{wr_x
zFx1jUS~6FU?u4s;hu4(R#Oj{x9p@`sxT~gv*r|<&8J49~ptfB;?Cz2PRc-TdYMdaH
zqPxcGJN-Rryo*qF;eZ18U*ML2*;5753)w3##+UNDP4OLO>+mvWVPAX7`HR^a{qEEK
z!XZ$w<HXlAYS#jLIL6hmrSwHzV2jX1KSSBVwUg|+wh%EqTzC&B`BW;q_>=45iW`Ga
zP1fxiY@Z&_yI620nkh?Auvy|<Wdy<A><|yNzR7#{VwP*X2G%C{5U&E!<xmkuk`do2
z&TfT5ydY%C=HAX|R+yc-BE9}qFo_6|Y&nB+afvqPI&$Upi@4sJmvOXM^WdzGG&4Ed
zuB6u_#oy<g=H@tSv6<C3jXUvUOu)~Bdg{!3wv5ItskFm*W3*5YLxy1pvc(D(ULT;v
zO1)YLb(o%;)xl<R<HMmroL|AzaZwgeqp4F$)UL2nqq1J};i4%U#zQ_E<`0y+D^<n6
zVCTl`r1$KHY$x*4Zu8*d`1%fGp2RM_lrQrb*9tk)ZGApEB%`L(e?k-PUz3+tBv+u~
z@ohKT8E|??=Hd5$)KOUU`z&kg{jb``vmv_W#F$EZ@T8DJ^Gvy-%jomMY-L7XK9PMD
zQ7M3ck%J)IN~0dw-tF;D*h{!;D8JBkEs1><nIZ^i$5Zi=`Mv5`psG&>Ic!L<FZQCe
z=m)G>RL(d#)iC$sQ}|R_7AeBnLp7dzxL=_j6`m-}yq-R5N{N{eaiO?+q`Dlz=hzXm
ziW|HrFB&R$@gQenv9#EPxNS$S%vR9nr_a%-5B{;a^TJ|~=V69Cxrvo@WM%ZywtS~t
zFX|zN#E-GQ+0D*g)0dF-c18&Qdt;-)tyLhjOEBa=I91$p$dqXc7+LCeaSE$-kuzgB
zlG4KsBqq<|_e&I+_mVI4Z+bhgW~nsg(U_Xh`G@|am+2qFO~=L4Ra%7W#A^*`u@e=g
z%EfvxAoNAt?H|LbrXvTn50+*;QT&+Ip1*6$15!jD-LMIld0nsR&>QxK41FG^`a<s9
zuWx_Hw<q97#kKba#lC!_-^o+i^R_AP)VbJ~x%W~!N}oD#$U@0@$AqkX6zjb2T*7R-
zt54RyoNWLAiU^+NcOua#v;h~B-|c-~k&&wa=mu<^-<PNmmfv~qi(=rZj||sNP!Uv#
zQ|4@hhw(oYgz+ttZ#QR6U!UGLs)Z%1I2D+hby}piSBtwnCtOS9>9VFxA4b<r7G|67
zg@kql^HDBeB#iIhChC0h(fEz&KZ>*B>@)E)Qjx~83O*K>r*G;OLf!(g5wlK|PSR!6
zdIIdJ{Q|k-_&#32m?M<8UmLXM$6vM}R-`J1QW+hV4gph<W6chvc3ZzEC&RP$m1qkU
zOH!o;g&DDVIT(iIN|W4Pjkei#qzn!5-Clf&Y*TF98J5Ef887+T@8wpE9YRj1#<X0!
zl&FrK?)aIG*=C}O6=#@_T^-x=;hwFws@b#^@G~ZH$CqMBQk}B`oGX<J0e$stIuBeG
z2{bijLSrqL20w7t#X3Tkv-jc;$6+ljX4@|W9Q3z%iAGa4L&<fUDwlrq=EM_0>dcR`
zj{RQ0(w4r&+par2G@Amq0nQ(6^0I6RkMhoiM5Sx1o-4Q8_0|Qy{5)7GKFAqCG$HIi
z5a~Kf7gV#(sFHoFrjao$uFV=8EDA&RXn+Mx&hj#Pli71ym#j8?!pKIq_hn1kbEE>l
z^&Djdu(?^LLXtAd%tiTzk{fxiJ)ePk1~WGJqGt0oj9jdm<;;ymrKxjSZwqaXhab<s
zv|2pRIDpj)NKwi>=auJ{FP+nYTq`*%h?pg4YNb}v7~u?~+1o&0R1Kr<1JM*iEZ$e*
zq5|n$rmJm5uDIiA$=LHD<8LGNBp+Ki5iz+KBdZj<;?eBcefVuEu_QYVf`Hb_|HIwr
zir%Wn`7;6<2{`6c)2f5<7`Zj$RlB}fBh8yFlg;jPnaWMn`VO-hT$qXtYms?h9xdr>
zzN@rV+d3J?p(s~*+j>q}ZC}owPtH1V)!0lPFe7YXV@q$JVFP~*tKX6Juhz`-R{D6^
zsZK}noJwOG$@wb(<e|!F8Lg#gi~NXgAG=0)4d!_*vf`uRH3k#cJoSBJ+<-zhH#w5u
zh84*>fiUdce<!}<EqwCTS`J~tpAr-4B58NYIz-l79@Ao4Fk)@bYUNAX_Rq(b7qeW*
zEHA9e#Z&bXQ4t~r1)Vwxpn8p!dLEyBfLfb5^1Q886YJ}o!yfn0Q#ZBShF~{-#XQbg
zn+)<}-L@*DHZSThZORreBjC*}lDkuk7(J=ZLM_6%z@2RoE#<h<$*XUeWbY>_f7wJv
z1JYCu8kZDxq;4kvpro~Ar`KLF@#yt?^Op&VAyoCC3QtPULIH1zIHUOM`|_T~GQv%~
z1huet7ALg7jq&+__1#InS(P{Jm7w|n=Hs{#mhFH8Xwq0Z`E5F}-7B>7fDccH2N6>+
zu4Evt)A8WuxB0b$66S&&+Y1RyA3^&XS)OD{s7OpnUG1cNz<zilPDC<F2x%Y76~+*=
z%&%mfIqLJ1IawU`8P>tCx#Z2?KWJjhed1$m0TjJZ^{mCEB|nbU$$p5dY$t}u?gNip
z&I{8Y$!uTwK!nMT#9A<cVLycWD*@E^ApaB&YC2G=(+`}E29yXz?J(j5)e~rLG*19!
z9xa+%YzSH<0_>x!#BW6ofpvCzMPzx+4CvBqw^~wGz$%?`{rDb%ZltyXVkqj4(Z$_P
zh<j1ETo$;peAmlPZ@^X?pb>&t6|otunw+^|*|aykG(i0O$}?=I7Z2o=I?q;kAM$ct
zBI130*)%QDZ2@y35VGa0j^wDW4C@E`<lP{yHATSh@o0(=QqZfb6G>E^20#Z=Rv1Sp
zNCQ()9P}BXM}fXRUzbu@VIkwTOWB86Tg|2Sv87=HP^=JEnk$(Mkf}{sVOg!Q-l@)!
zKJ{o`H5jk4T6H!3Rt4aoYi`Ib@aHHz(k1i2nt;-zv7VADLTA@6UTy%*(%G8aBe%2m
z+C3{TU95ANXeW!$w!c$bo%&$c6I9;T6MOVA@5Bu*(uJzbs4sQ1g&Oc3<L`7zWDz|>
zs2$!N)}QpD{&@1@_j_;5)jhmX_?y+^M`{Aad+n}P$ofmxX5LlZA~49afmXR)oe4!2
zf-*bcLG$fCU}*>x*7*xDzkhCu%X6jN^;I(Nz5Y*{<_@%jg0i=@4#JDt#HUy0nXC}y
z0`*&xF3odkZX75iOG#^Ek!e*!rx$m>-qN>QU~SC3X3K$qPCWE;_@iUds~92CfhB(|
zjR`NAHnlrPf<^#)O{+-C@{OySz)R>0h+VL=U#iQ@jQ48U*(p2qOSU=_kp<hGMK-yt
zCbRFcLOX2v`Fn9ni|pF`9sZ;Q^7Vw#Cnyb~Zq-hR7Q5=)gk#Q%IG<n?s+Qz)%9IEP
zu@bf)uP=;1u31{<rn4fW_uM14ot=K69F5xPm<s~5GoYhZ!c`J8$+kG9%o@!CIn{z!
z)p0u<6Z42oy^iTI1(dh!fj4JI2vv2JB3-%Vxu-D&;mp^+vpX#NobA-Hy*|YB-x-BB
zoTd9h3U4T$UI^dJB|tI}^!Lft!BsC2)lYADwXnzXKAd{&vP-4Tj<KtS=R9dTl@Up;
zR1%lxugPt8&f&wSZ<waqregNC%16)t_yd&P{}cif#^-4}=KVp}qg>Cs*cb9m#G$qm
zj7A|T-B-HTCOvE7s6(qz@yTaDYWY<4e4Qo=CHR8!2TDbsW=U3fM~d#Fw!K32NAcne
z193@8EfFAy0gaCKE(!pbtt$9<=zO6dzDJ@+mTZgEuz=u~=pyd#PzU54stiN>f#H&!
zf*nI%6d%`ii>XejXz+`mwzF_sMD1gO(2d-^<BVj<(E+#1%f++^b*#OE!x>s@mJMSB
z>%6Z2RV6<1W&woyx_##7*Lj?OK+PWE4&$*R5shio@RJ1Q6-tH4K82feIM;J0`o?IC
zs!h7dS@avRjy?wvCg%<vwTo#7YD4bDT|{5>FPhl49QIYGif{OS*#7v(IaHd<h4QbS
zhgm&uvfjLSto6<4FKwu(7nIhA+;-YpeJd{RK<wJPHqG=4;Qb1z)oFla!d&C5i#v8l
z<c+sIpzYH0Xs3%Gl5-7P29VaZ)s!2TzfEjb>J#tlKE=`u^zdlm&^<?-yNU&}zm^A)
z<J1mMe`WWf31X8LtkKH7C@JGQs3-3OKHi>kpe&U$EM5ec3avq{eRZicn0>PWkqkk^
zbf6fRUeFHG0UTvNrsC;idp6&_!IOVs2e2k}6G5M=#KsPhiarTaUm&k~^`zX}1P-&)
zg3Ih2N`Cwm^2ET{L@e_<aN_g9MkJZc{R9j$_kbe-0|&@Buz-%+kWg6ZIW=sF9D``w
zYmd=Z5G4hcWL#X_r>Y4=WMEtXp?d<6s(e&5a7)(+=Ts+1<CTIG8_=+UtT=S*wiN?u
z8?$oYvsM?7HC?<BZ={ZWGcq!gt}tDuI9CpW^J%VJ#jcyvvy>wWoKr5JjCWw??S_0I
z7Q<q^WHwjzMS38qH(iRx8$pXzRtK1biwA*#Te-#RiK@r`+S|T^C<<bXHV4altv`Rh
znwTWqlfOGqt7{Q?$ZZ~!yOO$hW_bOM8BZ7FSsx3Bk`WlLE8(?#t-x`jUd!j8$>#I@
zy+_)>FiZ`gbWm>~RbELJ*WaVtqCZWz_#029c)Wtykx2<+haD+69Bs2gJ-7r$En(7B
z{D71t!9Sof0R<(1#0&_*HP>ch+bk0ZO`(F43XG40EQN&jYouVP*=Fmv;hlFR*jhQ{
z7b$`>L)5}iA|xW{6%4Psc8Y+%Ou_r=NwydWoy$~@&Qc1_Pgikb@4*&)DjcmMsvX|b
z#eq}cp$iXqN6~;OEY`q@cKT{S#BuGXH)^1TiqCkixjZYSwx2Y0*Y#Tfg!uhop~`Cb
zxa%70hkW|7aqGqFQ^C!p&K>0=<-12S`hyS7DNpS&Q+pGu&IC*lXh<lOtf5#xGHyvN
zXmRNSUN|yGZDt@pX{pOt<gu~ZZ<)IkNcLHcm>8u;WmwEJ)^?oZNgWKku(-dLSnaUm
zTtH$+xof2n;e~2qY}X9^(uuX5g=%k%X2JFPa#X_<cyqEISrW+oCh6r<F>9<h#!0JY
zYQIUE-`9~6);wZNcpTb&ipR1lNE5$@b!krUI$P?FfxVGv<13MPdilqVHvfFgn4t^e
zrnSx<`V~#nMs&+``P=mPK5-qru{SP2R;mzRWA@F(U59L+J+%8tY@!3?sT|DZPU*{z
z^5=O+$f*H7#Jn)}scYDz&&m-4aguYt**8~}{k@|y^N_+kLYFL@t$8fkUP%7VyzaEz
zb5rOGz$Ub$G>)CFei|5-lbs4cwxkiq()S78p&qHbij?2bf_wPY*EP6|EzR<8<{gVu
zPv4TpLl!TOcNPy^Hd`n(@TjXl{ocYG-{IQYYwO!!qfeXFqCcDhEx=5Z94<QKxvgy)
zBDRFhQx?pU)ijItz=SuBnXl}jnIFvqY)fgPtN0;3;kv>hXWt$<4|j8q9YT@8VV(Tl
zGaoNC&s_xtu98(|3!<wO2c-M7x4wTNfs#aEK$~lg`}TBRh+LOV$VOLA&QTv(6(vNs
zY5alWIbi{6%cf9P1yH6ts!ZU&60XA5<F!70=!`Vx9dBqNE;-|n9<+Ui!>iUrKx`4#
zJ&k@cPZx|%-f(F6z-N#XVJE&ezGL!~Jpz7`x9*&quI*VOtUX1@^MQOl9bM2^$=3}<
zhr9uq3OmaLb_+>#u702M8Nctah+>w;Yq2mcL-d=$Ll*vPZ)%+;0Lz8g+l7f|Id^tk
zI8ODw(^kL*jP>OI@s%j@lSrjdB-^76s%t!|)45TVwBe3bV$Qv_@tn@>Ic^AMtT<m3
zv6ov*0s8qSL3}yqF-XXANufwc%RNBS7o3B2_R*J#&c77sW~~tV)2JYG2(T<&UC7n%
zQ$6qcdIMiRxWSze@8e<3{*{DB`mrGP_Ec6_SQrA;8sVJkq~OxERdiHj<gZ-$DS#sr
z6z7N?W0??bdFLadRQni>D1LZGCIGbMu3h2}TAN&Bxrh>utR;Fn-r07qj#{t*L|^Lx
zr0fSkH?ZDwNeDjW48=%FinlV&>YHcZw>i+}2tjj26Pj51AKek1<Y%3T#J1l^?Mr7)
z)UWa8N2jajW&vzRYyou+XtXs85M>`Gs*5#7<JH@l7@v6JU26@>QeO&&un;Y_jC@w&
z5BK%CbM8a>^0oJlE`i7_00Bf4b`&*#y&9p!gVfObU)-^%A77W`;@Lc@<}<r#h5r~J
z0SfMZz!%VZ?o(mrbO5rI14TFk5shMYPsWuMzGF~}yqG->0Gay!;Oh@&VR}Hw&w(Bw
z%*$wntDDm%r>|cty<o|o6>w4T8B(V_;C8kBgkaC;WxRi;3n*$53jG&zIkdEZKB#~c
zdi1|46IGc(xP4{)=be7W#Jgtln7aF6-X|wz$|O-2jJv}>9s9PYFN<@lAt5zY>W2!+
z(!l=iwQRLE%~3h($ucEjH`@JymW(y0sjN}~q?ZCT8uD2~29TyuSfH$!Fj~~WkEx61
z*=^(FbnTmDJZSoyKfg|z13IyPzyLJ8p_`01e!xOj@>-nS%ct^-aB~PnK#*#J1HS-w
zA}U?FwD7hout*s@a)ZLyJp8?A6R&EnwW3=8nX}v)*cMrZtE;JH(haTNKX!hh$+~h3
z5o@y>7%W~~KNFS?3${oC_a)=<UOQpCt!Q-`=x&pL4!7mVcRz#B(lpXV4rD*a6Hy4r
z1ug8S)i)Io@)%NB16;>#4bhYmDnSM)>p#Yn?2?q(EBh9eU#v<{cjpLWfm2Q8PRwGr
zz|}uONTo$i%zs3^k`NrA@8Q(vG2_ruWI(T!4SnMFig}-C(u+W(f!`x-b9zq7XC`yk
z&$C_9#a^l)KzeNzw{U0r-Me`~ru>^tMt6-9>IY9l80cAt6-Jgbjar(Z-~!!23O)oU
zDY6H4SbDF_E{h@|m{!<5W4C`@My9Gd^MW^!rarL|_NnD&jzQoQ>W~NwJq7m1>wl38
zf36>b>IQlv_=~POAdR4ZIXEmBI}6Z8iQY_*H2PIvN?O_%ReM6^AV4-cB)xlqe<@HP
zx=E{CJl_`;m_k2;UKC@nc?D|av49Jxv4Ua)lq$KmhH@sFR70~}>l97Iq#=pHWc+z8
zP{FGO&ItF3NADv10W3ckD}xApp%*}6Np9KzqB-Ub4dz?Zh2pe4+@8uoZn+B|yliDN
zSRG`Q7$vhd-Hc$su4o`qQjE3(ZWjwVdQ(U`Ee{u#+78PtRtuR|z*(=G#$`g1CZ3yD
z2m$#y^qEo0F}1*kk=#cI&7ODlXE`|t_<^lWc2NVG#2oIub-7|@XDB{L)-}A~R`8>d
z0t%uC!cqD{`Kg=&;TNNXZBS>vZFT{Ck|T;>;z&B70;?k<4!2fs4mYMC`U%`YhcY!s
zd2t;;hlJMLK}P%xLS;h!BFN|UzsPJvlylKp`MI#oB~3@5Rj%n{#wa0*s(N2ulz(zV
zALktapYBT?w_ni<!>faQ4Dyoy{29orT2IY{aHZUkYz^mS!$(5*(ZaQbq&%qn?L@}~
z**yGJ+6%6XylL+28Fip&tc7D9f`Fm++SZzMu8Ow9f}&fBoB}dV$PdEWHP8#DyG;iB
zvc)aS?7D+S`r@em(yiAn{sJ;=*|BE*b1yzh1Q-{Vus=EUpchA~7Szfzk;@AWQC{MV
z(&>*?tC3XS7vl`sV^q^`^M)!5{Kr*kkFc{1Y+;A|cWX!BKFIK>*dL9w&(wWVVOtM)
z2=<<4dgtc}ith>ere7>9*!(!dVYkyTLW$$#jMbU)Nh*S!Pfn74g)J(#45~}PPaaZB
zZra(K|JaVvs^Uj!(EA=utRXuN*5cV5ztl*3x5Up&;}-44)b>Az?Mp>37+uanL)HmL
zSC8}l(RB#v+wr%x*UtVEX!q`_2(J+_Bu7D#eNK)Ys(?Y~4r(+0hguYfsrj40Wc*vv
zrrFlX?vru~j$0dF-|V|r23ltK<u^(o{x#KB3{kH;cC>Gp7{#;sUqJ_ucemAio%|0U
z{Du6_8SnqVec*%NL0<by6$%-a8A&nY8P$>k4p$^JgS)<{mWYs!y5C)6?9*<{`lx5U
z8=%9+ODc+Ma<EbQ<huSg6_B4yH#SqNi%6Zk&~?_nGTSwnu>x5p5`Msqr9l@<;fhhL
z;FhYU&Z9V*zPkCGV#OKlZdko^>x@j0(UN#&POnJo?xh(=6lfR5OcI_{IxbqEg_CWJ
z>D!Mt_s{DG+sw-}6ubA*uV`R<E1_*qR{29&yjfIeYO8~+8?CcitA=B%pudC4u{{1R
zWxvXLM7L2K=o<i678auP(_V~+Mo1<Ig;Uwe9p+ZL1)OjAzP~`Y|KX$4?dp8(3S-CI
z?Y0bqP5CTcU~Z!C92@oW7qLQ2b#9{?8S>>utv(c1%jX(@>wyD-uDHqy4`O&G#<6}-
zUI3A@O310=3>6BQ<T{Lh7h+hiY5W~{g^P!<_=1Pe|AfoKU)4mW5tM<q01f|U#P6<4
zbNJ8m;x9;OXbXeh8_;RUPvIVL%o%d<cLK8?`f*zbUhV^99UzWq^NZ%fK}qh#4Jn|K
zsKe2su(^V0QAk45L(aoc)=@d|0mSrN3;#L&y#7-W+l~$@^Sg+@s8br_iPrc%mExa`
zA#3hV>wEvJyE~~G9*59y<p+wKBN1)fB=dP*swHFmFY-4;VZ>T>yrN{<cn#c$!`NP?
zeX(8n_-LmYm~|-8ZcH8*e<zc;E<G`!6gwJ*lN9bYu1|f@b=+67FDb&KWh`l!dESG*
zYRh@{Yd#1zb1993%?#eX(;=qym0o<qA))NRVE4;%MT6>3@*PiJ$zG}Byy^F|A7_Jm
z>d1Cue~L<UvsuGI-g7SOk!nHgclco@2WID9egOzpF*Ms$?qI}fVHXeQFZ^x?Af#<p
z`Nehv$M6`1b>Rs7QHFz^_#@5YMzLz~IM}$>y|!DPV@+_-E~q3ZYE2QZ&v~~T6cj3h
ziP|!F4;-KN=X>Co2%8&36mdvyLNZ3TkU#}mp{+z9XCJ#j;{|cj8Nu5XqEL|pZv6jJ
z<>AYHmisAAqq@4ISD-^&ugll)<Pp$o4tivOav`FDxzQHboB0<GF9;!djQ@dB%T_N+
z1e)485yy>1Jg%;1iXh*~=?*s3=-ifX2J{*XH-7Wji*GrSZ{UP~%@h<L-&Le?j7o3l
zTrb0@@ZtUDB5HZU+!nJnu>_e4uHj>*67fL4#7`Yli1+bRd6+xdp-GYRi@iaB#uV{t
z*z*w!;g>xr*PUexZ%T`*c=(2R?q^BmxyZHW`)3CZN>^l~k4S{xvVbiv=SvK?v*in#
z>Yat;bGk`}kD=oJEDH=w#BrmEXW;@lwZLxAGZl&%l_0K}OGQyT;#_YT{VY`o(#Jy~
z5~CS3&4(4O{P#nao}faiHs7fnUkzMbX#)Mgw296)xG=G3gBi<|T@DA#da;hK`%in+
z)FmBq{8mnh5gJE!k5h`iU%<YkaL2q~b(laoF{AJxTp4wil|Kk3tk~q+GD?H~_y~Os
z3O3MUOG~OY+t^a%L~eiytoT_<ZnX84ETnzgb(rdv)lUB1h2Dak+AcAFw&@sNDBeC(
zMwj~3o(T^!ex@nWo(I3pthMVnj`CpQv!)V$;tAED`fZeaSc82^r2Tn!gW+4ier&R{
z2bO<gt?JHa!}TXZsGl_Es=f{(obYp>{Hy`Q{AA>inX)V4XYFgcV{>m)+A<{X%@k0H
z_(Z#N7QD}?mhB%QHC=2HooFxL6uUZQqc5oDM=^~m9#i5%mzlg;%%f2Tq!j7F2LXDw
zM^Sr$#LAJHSf@hi&Kn#r1W}r=&9$ss+*yFe4eJYw6RiBXus8;8BM^U~AtPCK>l5H)
zeKw$fZ=L@%$bVt7{GD~?peG}qh07CEM#x&o5+UyRlBse_01%T%Gg{Oxue+ZO|7X1C
zXMzHC4!XTu%`$x%0qItiMoHMR(<32;TKK9iY2_-{qGv@!0`&LDnj5f<M=yzGknTR%
z)|s^jD>Ol^6lbi88goaG`aOdooq>;}sw`=u%wH2C9vf)N4aArLzXUWUR;M;XjD3XN
zJu;qGR3Tn|TvVuxG^ZXn@3a%&J}=Xmb~Gt!prO^^fU3>om2&w`CS6}}X;{pl!C=Wa
zI-q87#4B?AC(eQ*gx9SeEA|mlc0cA0TD5WQ6{2fmK@FvA%{|k&<cQ<0X?u_L?@#|)
zcX8jv4Mr2u-cG|q6kEC0F|%D>Vfbeiv3*Ld6Vo{RhMJqLFF#8B$h$P0ES~W)Q&Z?1
zFSf7Y;p?b4)P=HJ*W5mqAb!DSzG<!bchVxM>Y2O4qXCjwqhw6T(a?ctZS0GH2YIjK
zyw5h-olCrbq0>AQllJ%mnTVMQuG?OuUfV(_+}A8IZ@(CdpZMbxXGr3xW18o5)l*sp
z&U-Yna5et1Vw;`<gJOL7RTk)q=wN3EDe{L3XiY~rfw0Q+wt5l#ahGPzTOL3UE}7ve
z<i(Rj<w=J-Ds`|Wzx8t0*|yK?Y}{d#z8oGc$-GZ>ZG9W1d|pLkg;1B2(w?4(p+4oo
zR}ojqL3DLW47FR4@rJKmeD{eJv$-+mSvofkViwY3pKjJp8WY%(%Sy(a5{}V+$~bOa
z8JEC1Qx|U)MQo21lHT$#FgaDtY0NbL&4RykNgQ=n!`DVXo<)9(pc(I;=Z5ihLmzE;
z3?9$CS55ofgIoGe#zSj9`OA-;Pks*9OOEBXxp8NnF6B%3KH}H^^l!-K2Z@QG4<_i1
z*Okea{{&>o(9ePN7xb7v_jiB!$1e{4jzGf+@hdNAVnLIdteWZeK?;-ZgG4eLCAn#^
zN!ZWxKbcxs=sNxE57e)H23fDK!v9p`I{GV39^JaP|8@o`bvU~dyLX|!`q);QJg13W
zJCwKHWL~cvSEp#G1=2G|Oc5`J{M;*`f4S_2D9Mc*Qd$C+fe0fqu?~r5vT<R)hYj11
z-Xs>Ku>5wPFXUP?Dv`$9V&p+PYI&Z-9K9JGFzEdcjRpgD;hculK=lr2tSnw5wS+z3
z)<amF&WBAuW}aI7JyxWjK<bH&rM13pcXhuP@L~d}>@Nw2Ry(Ql9GDJGtI~Gu%g|eC
z)9R-WtCx^Q3aQCi%>pf+A&O$LQd7+HZnhy+WbfIxrIDTD5((Fwj3zEgKQnJVv1B~r
zJY15ob}~fV!G9zbRC5W3W(FnrOs^lHMX(-AGf35q4l5yyE(LUwXa;=_(`xiPi{fzS
zb2Kzh?dm@-l)kguTm?lO@;ls5xHpJrXN}aK&_zY-a+3v%B$m|gq)NVOAxIV!Gu?wT
zy_mn1awa-k+s9}2%Xm@M?L>Z6Kh2ibI`&&`bMBQhl$81pI?~3e##=MjoY+~lILTD1
zRmqt?MO$_(J<2McC#-CbfSSn+$o$$f>FbxpFgzEYApM;V#qN;>jgSUZ{Ej@s|8PFN
ztI^%(#L}R-IHU18wIE=9Gd34#4;20750nK9!;vRc^^Qj(PeQ5Tiv^6$_70vIbpPHA
z`U%EEzZjKx(QZUsY>bfUL%Exikk~+?eZGoEj&y?ZT-j7dC4GFVZ?rGXM+|Jye!-OB
zN3Ln5KRprB-OFwr!$ttJ?hHBJYpO|hw5Djd>XkdWa-bwPFq>BvKWuV5@N_wQ$<}8N
z8fw})mA|kXioI;A$F=uBh<&c`S9giI{n=d#QP<&MoUrpxcZ4Oc6K^Vi`+|5wLDq3V
zUtKq%p1slD0=lDjb7D|vzlC~U?pFHqmio(o{Njwi%k?{*qjY{5*WTtu8Q&Z>+}2ty
z8}9!_XnLRO!AaFQ&tf@o0b7y*t%V#btntvNa-u{`61bqVkY#0raTNw5aoErPb@w&*
zXV>q@b@*_XIDV3Q)^~W)D*ehuybnb~Wlx49A_yYgok^o&WY*Jhc|%bzVl%>i%3}+}
zN#45?%AtlrCg?I|-O0Y3zz(bC$ygsV38-AW7I!^Jatwb}*=p4oFP@<6;`1X_xjILu
z93$jUtEQRxRrKZ<_y_lO<NdlhHoRn@YIsL^0+K~S#ICO?`!6h$I!L^d0WGJp3=|Bp
z2R-v${hO^1Z@xc$CfPH+Lwt%pG-v8_?Vw&Ix!F98YEwneP(D~Hiz$sM#Lf)rDqrlo
zl+Q|T5&KuBntj1<5<(#*+A+eJQdzBp7vtQ?Jo_ukFbz`NTNLCokh1$-{N781_}ozO
z)AqRz$q?ijUCHZzKU;WhCip}^EQ5hlxhL40dKH-C`MZ=}P3S*X{vm5Bc0k5_PQt;}
zCx3Xm$t3mG`n8j$r-$?-t&lzsN&+sWLDyXeVqTsjHh!(|`jtKAly*N2b<DE@@l_So
z&7oIW1l_V20epJ{HbFH!%O=&uo}Db`T;M^uUQfY0afeAo0MEQJhieV}n5{Ct$CS^O
zkt^Ex;lyQvy`!hdnQ7G)ta&MpC2k&+nk90Tbey@sH5d1!7`rrLPUbp*;+yjW=+=>*
zc2?wd?39#%cp!8NzC^xMF|gaDB9+!Uo8~Cs*@BHP#f9J`OTNh>V*G^(Da^6;3rRB`
zUOHJ7twR3l1!x2f{$g<10J~aq(vLDN6~{+I(9TpVs~;c|+aBOJmsN>#oNlVnZ;(=Z
zJ{21)WA0>>@6H}k1QTHN$6K@SM<){cFCu>Lo;V|1crR<~_}Cj)u3NEnx=E?99c$bs
z&h_X&rz>a<d`02z%0j3=?p;5VlaKh*FUo~c)8ne3OD}$Ftv7qf20bt0$1p^rgK$a-
z;l%Pkzd6p3`+pZnzdA(o?5m7$+#367_}b@`N)Z4lbOL>$ym#!VjVpU7<^1F2_1!Qv
zH`f(99yOF+23rL+3EuT|+&b6$KLe8WU$}urm9s$`%kD?_pEgH{c+k=`mTIkpzF`wF
z@4!pz-ZM13!YYvn*LMOOHoG`wiBAYRF>?BM+!hI?nkVXnV?00Lx4B(T)WEWCrM$E#
zV}d}6<<snShcQ5FHOq4+c|S}LjFaRYoMujqafY0IjL|!KuYg96VBM)6)b7^KK5Co~
zp(%vJe%GbEVpHc0!k%G>7`L2VJI*x}R?JDTjmHM@oiBAK_EH5rbE~47uFZ26e!v)1
z)!rlwf+7Sb!3JLbMmHTzbQI<)o7WNF?zb8Kp6vSbHE4x+!U%ZdH>0JV9S)G#l1n4M
zn~0uj#>`2`G8(-iJ(U<e=C&GM_hmMv1>G4_5)XXZID(&>NC~}w`W0GEpjjx@IigIc
zD6MbzPHWjSB*F7~UijmT<D$EE<SleQgx)k{6Ej*Y-P>C1<+0t^y|HaK20upaCVZpg
za@0RFiwvkn#5I&mEH_4=XscuMT`jlY>AM#zo5vr@sN0Iyr{o=Lisc9L$ZTShnrokq
zY2S=(CoJQXhSQhlaoqjztD%W@V$6FwtdFsT33cq84tD%v`kcdDafFwi>d{pxT>@9Y
z))->`>U8goMw79n`pS%4@$7gl?1JLxi<|+wn^dw1Cd&T2#U^Q$9gi1_w|P0wKjB1d
z8?g|BpP962x)MUk=u8rd7>MoN^dj%1-w8jel!r%mr9FAf*^!<pW*1dC@l>_^*K-6p
zRTp+WM*p6!Rfboz_%B>{i`^0N@kC3ut=2P-ASax#Y`|c+hY|49VXJui$0%y^-46ik
zmv=uFd5^mb=Fi2Awp#a!B~d^V(4m-&u2<+r^I5?FHn)H7cE7{FBH?QK)7}IPK*DHK
zWE3ZA+6Xcy`7)Oa4X?aHxPg8`NSuI{&d|{MKN?&7+sBAWp=|^}9n^<GTbIB*lPYPF
zy>JE+?6ca?G+aJ7>i*oRcFn#gadA_@fHy=MgRl8?0e0!?a|kMs@5AO99uwW1Bl#=H
z=p#8!$gUzs+Z;gY3WVEnqAJ6YW3SL}P_u;4<`T!`bIsFAHVR%ojK6yI;L;IDbr%X-
z(q!e86FKMoGlJ^j=5Pj5AcF`e_O-=&F5g#-!CP7RI1JHph`KByl*q?T@>BOS0A?h)
zCH3yqqWK1-rX8-Y9&H!nqWgTeMBeW=Y;dnXMqE9hYivU%P=?R!0y9oRVwqz@Nb`q0
zQui$F7~XBs^q`UNi>J6eTxP!cFlpPjJQbJZ1~RPPC1Xnar$ZfbYvWbyS^K6|!!)qu
zccGBrt^7%g+3u{tG)a0oRu)I~_C91RM3m3Ccll71!`e%+<_U-#DN_b#A*?RBApkUW
zaotW4mFLq9z7)C6s|a_K|K~VreST9;4KaPF-IUTYVO8dah0yoh=xEZg!0-3$(0-&e
zc|%(3fDU%rnN(425Q=H8Nza6Qy!d`dM8Ug2<nX6G6syH=8H*J%R8ujd@pzKm5#bxW
zW!RN=tg3yhS#r8gtuLgDkh5=vP;0|RTlo&T5ov8x(1-%&_(0)Ew{Ggy@t$oa9d&_?
zAnVLZbaI`;jiBSSkHJ=B$e%QLhrDKFFN7qH*Z(4y{4rvEK0w9x&)I=(!YSSGmvT?w
z&Kl@Q4=QlPf0zOPbom*~AE0}2JF~#t;ez!3flMG2ddKY`jI0JU$XxF&OkARYcj%po
z|8&e4Cb4A{6a!rre)EPt8$m$gY?uKNk*x>hI8*WS6Qe58Nd5(tTH+kxe?v2j5YL@2
zdW80KVzS&39fiA4{6i8&tYc^w14o;if%D&MU=7vs2-(qFM{HqpczHB&C#s7c%Y%nZ
za(|FsIA%^gAM)p#0}r3^YU5_q%<X8g;Xr{!t^^eSe7CEch#2;d)@p6_(oxQ{Mo4#C
zsH#81N!ER96wBvWwX5z*UH|zR(-_cggYHgaBds<zUXFI;yHoxrbWKa#7DJAwbsNk(
zQR}LUZLV(`=mU8Bn(flwGPnM`%kvs~9s5QqMug>Ko*}P^7K2m5PEhOLA=9&Z8kgs>
zE7O})6jSv4DPN4{5w(Nz1ua!Jj>4CQlNv92^#@bP?Tj6}^h-X*+gsPaY?trLe<#{9
zz1kwKTQ`$pTW`IlQ+uS<Ij8&C@DA{+>OxA#nmDV+-GBe-u!$pe7v*%U<!Zl;p?;{c
zk&V^LjB;=xk7{CT{EYMC3IkR|F$E1({mlckSm6&OC3U5ao{RU;=gh;6`YUysieTz^
z4%v0KJ|ylrgx6%+iWccnvdY@WPC9}b98*X5Ep;`D+KxMqKPrr89jVHz(}S84vIsS>
zu0E8Ks*E{XhWs@6jLdPPr5QV2J2E3F+R-aDs|r}aAY`Ya=$4A{IR4hQ5Q@=|OOR#=
zZqGN*_lv({A|8dGe?s*bXsMPpB`Ik!&ECs(kXz&>M<2#iy=q;0Wl6bS`W^zlx)*u(
zsdXaVC{6(~^i{)8KgLCoc7Mazo};Tq^^CL&BWsZr61L~QjZ27|ukEn)?>Vj@7|_Yq
zf*--sm3yipsFeE3J<>sf(VG^@tKcKB2Q>qCaI(<g4VevqOF#_iZiG(GT}jCF;U1ME
zxe<h1y5Zfs)A<6L4#?REG`+f7`=7bU&P`Mh+SHhUHAcRS{tvPAP~+z;A#^bz7yO%L
zRw#;gfq~K}e?;H-%*^Tsc*`Zb@I42_2&!y4!1U$An?K!}LY^R$3NaZf;%LD21e_Ix
z)^-uo0B(%y7m%ZkDyR&?mIJ=$QNMw02uC36dX(`f>W~1+0Ou@BY;NoT@9F%0O)n{A
z9krZ1ZuQNu{9`_J)na`hCetjS`uU&Qd5$T7r@4XfBIPC#87b&jgVdaaBm3O=ApS~*
zZPC+~QV>dZ_fttqK7t6LkUUzZmo1w8TVm>}!!KtPjxdkpRK{w#pQqG?pUWF^?$>B^
zy%1~L$9C&CM4l3oe3u1^wDf1OlnOC=@{xSs9W8c@-uywguq{`^4^BouNy$`uWqCP9
zJk&vEQL1I!P6NA=)W83wa)zkgABg!OI@0Dq_eVI=Wz27Bw4wL|!I4;%tt}JP>av4;
zJw+ggJ!Wp>RAD<{E%cJl)HOSM9Hhwi5mcA;ko(^|%uwvsQxj=2R_#(dmJw|Vbjl3L
zw0%j*=An8P@5OKD?6HgxO8=KdpP-}DGjhc=&R7_6OVEfV7w7mQh0eI%tA0nD5K-H*
zT^q}vF1q3IQwhg0a)JNcQw#jciJ9lY^y4p(!8=+@i@m7E`d8hxvoX2$`%H2u{T&v)
zS6-VN#@N!V-#s<TDUFRW%hQz7Z%)y>eO6?LI11FkpM@AUFq3k{+-w6ru!k}o_fM8<
zD2B{iIp`L$`(Fko6A>Vc`(!XPD^85pR0H}TM?53gGfUlsH;(jy3=<kE{Bc&K7uFNv
zMl4IVTl9V<`j=1w!D+x)ARrAm$4MWAzeN*4NQXcDSTxKEP%#gI7^cPXmwr&EU7xXk
zPHwOe=t4jyAtx+C#%BX3Rzkxf?#HwhsKgq(BLb*`@0f#wD_s8s9Rbt=W=Y6y32rId
zx1kRx93^}3kofQX@8con2*U7yhRCR1-4h`mZp0$5f+QvoJs#8+fj>oxwO_haz(^mi
zXbtV(IhjQt-*R9Wm%xve;sxP@wo>U%@=;aMDC!tS+zXmjQ4@V<VhD%X#@ETaIoG(S
z$k4uQWS@JPxFxSpyW7$s&w)}AhPm0`YJ1(~Sr?vGo+%vLfRVnlvj{uuQ7|VlAL2ZQ
z`}qQAX_jeWedS~`vK?aO>Rn=z@v0J3_I~@3q`YnNOji%3{(&t;hVd6Oy)2WrFL_oO
zp<iNB)v=!9EwM^u3H%0{F(bM<+}xc|tz+37l<o_T9So2dLtddNRtBFo*I8FfX<<8E
z%Pv;yso!#-<so_kKvn*D)p!v%b*5Uv3+JPQ?d8v-$9)|myK5xh4u7gOXiGu0@S6>f
z-P~$ISeH0X^~_#;g>}HedXd8s>LwM=4Nv|dX>@sUl||NaBeD+F^J23nb*vq$n)Ec#
zxwgnJ`FS$^526FEEu#g~JOSPW`Y=$o-F853nv8laS(NnS_zN`E{9hQ|L(uoNFjOiI
zxDvxV5N9n38vB0D?@R^aY{VvQULuxv4_@_X7iw?+JGa2y@EUI=9#wrXrOz?Fa<P~2
zA2k*7(;-tmqB$^)?^0{E3kjOwXrh60fa#BcI)<`@T!+{|AyPR4BiZuNfw(+fp#Hts
z>JiSWjHMYDTnCh8d6ScnPRRxPDZ6tkP1C5eYE@)d|BJWIyRM&TMwx}A?ORh14Y|;)
z#(?7kmDSj@`e}z+ukmRbtm%vy&Hloe(QIgJWn`k}+JWM6-G3#HZ{t432;R^<HJotx
zLef@LX~x3i0mX=trPRdRoynN79nU~LAvGeZlPJDXhLQVFGVp7xHB_A++R3^@dolfd
z3;Oc8UC3KGc9hn-=(*9$=fsS~t(S65bo=L|=v|6YRP8Ocw#l69z{;YBe1l2G1lnXU
zleIjc6#&o4{9i`9&jalbu@1~ejz)}qLBZYA0SBtW!|-Lwr}AmIOsiEJ*|a>ajeUv>
zv$9aQsG$p28o{yL>*<~bGgtHOHh16*y+Qq{@eR&emnzD4jx+iG%Ruz6Zqp_+c^qwz
zbMJv5I@ivi*^{rXnE|aA-H*k5VZyjX6>hZrr>jT3{GYBKOyz_Y#0jAdj{BQH=6F2-
z_rFrygBmq}(e<b`AgF-wW+cq`Zzo-=+UG0_OeOr_dY0v#Z^SMSot0HcfJ*1lH0Sm$
zrJ0HdL9h%#*D1zGfh_2TN!L$0lWnwrZ@cR}S{#A&T#I-XN@d9&@(DgXJuuBRi%d^V
z1h^#kCfPFN`h{`lIu0NpL{`DvFBBAyCd|67lw<0chuso-&TZ*i#F;qG_?yvMuLT)&
zXDGYOB_cy_a|7DT^f}s;4ae9p9ENwN7~zLy9pa~R?Tc-+-zCTF7B4)5ug(f2y!a}5
zG%X_k1fFPc_PVl(VQBhxP=>dSs#|EaD6Ogo=^a|-uj-$7e9!u6rol#$E@3go)6Z`;
zZ#C|d7uxZ#=A@If$NtkPgk*<smooXx$0RY3z)Ov)%dWId*o8Q(-{b5d-c|9?!TR5&
z%w<s(ZIg>F+mG6q#PNp_9O6q4`6XcY;D=rE7(N^;7w{dvrPaRB_qF)aMP0ouXJ6)v
zIk&gsYAi{0UEEVZnj?K?N5+=NqrwT@zxWE!T9+57Vt7M_-twnh`omF0WXo&zj#8)4
z$^8acm-d=?lAD@MPvc7)Yvz&ghQZ@{doaNl`!HFI7t~+kEnVvFQ)l~qWJQ^;+8bwV
zCyP1jrwf#2D}95<A?1KLEYCnEnua3;n8;MSyqA<2$j|w}*UN`Hj}UAr`Y{^CerWlR
zT_Hf7_IzK{*!WQG1cb97oXFYgAy@oMUgJ+!&hg@Zx^mz@t1<k;c~mO_aZKAp0|BFL
zqWsWEb13TnE_J~&;ifJoZR^l#o+ZK%qu;`XoxYYuKML6jPeq7jlU2-~c9)0;*1S2J
z16?K5Y-|#W$g@IYl{M(zXa)90od+4Ut+~mVfEr(BNA)X55!jSVjeA0O>$cW$yJ_yu
z+EW>l8mAvLi!s^z84~#~6^z<TaAf7pkQ<l-&7>`|nv0|gYoC$BaZ>4h4aq^RvBqw0
zQ-|8B<@-iokv8c)%D3_jU9_kyHXjQ)Zu?}Hkd8D<Ivk9n_0*ogr*vya>owVV466@X
zbyAr9S=SF5&UP}cG1*J)Bdm~akxtn@(rAfPo=TMEtvu_dkROm2HKa{R#CTx``y}=C
zsKWS&wVsAhsygvy*&RN|^o8;Cv`qZ7KmuJp0e^I{cuKftkeBZbzdgO=ZK`%yLVv*7
zN&OX``#jiapPV5Q;6zGRoJLt8A_jpgvb@*Y7R{;;nfM%u*Zmr?qnd5DjKbrk@^cAu
zL=07sZk>ub71E-Z<PdGTdmBXB?OLxi^0mA&yBnQun;kRkB3(G0lAh}O)-W)3_DE(P
zL6OyGA}S}!gI%68h8#&Cb&*Xu8JfL%`ueIA#tt>T#8Jd2$V1mnTT077%EP8pA&1Wq
zeig(^*hI+9P;OU$ZE&2CD^LG)Nu6vQGhB$PiK)sM>S+;YT%pKG%TUcl@NQ~M{{T+J
z08pkWW;EG)DZZXRPpQecbF9~u97i2c(@1I19H`#%^HrsOo6cR>uJ=0F(mg+u>|DSa
zBrLTLj2=K^=Bx-@SogCj?;Ll#gFBu&c$$UM3mvXQqt<_^W{@q+Ho4>}yOEnEw-oq}
z$J9sPU$ICb917fP+TWu~#Q3~69R=4^K&YE&g`S}Fh9|2f*OsMF$EQQ%#clv>s0n{l
zO%Ur)SvdJXSXDHCE;UZYu6680)yr*_QKLC)-}h^!JWQE$<GEy)ARk7p_SE*$11}a3
z9t6+$(RnJs(L%2d(x5Y-1qrt5pP};Qc2R63Gx*=6{J3#CY`w(NqV#k`PjH+_1f<eA
z;W_9`uZQQaw(;`usR4<7*`o^Sc;FJNyfWMLE>d_)_cR;btd{i31TEH(9v;w&d_)|d
zA*}i1UPlGa61_TZzC$VH9<L8|tPT;Q?iJl#@}nWv;C2`EKDhgx!_^6lIuj8<`tAlI
zF~s95?Z4C62egsi2p4N3JB}Y^HcO^G`*@nt=`)ykRYLlN#govb3YoyG8c35r`Jv%^
zTQ1#%#z=f;O73pxJKf-;i(Wp7cYF92H<vVh!khv6j4GJD6Slc1sF33>0Y;Bp01((8
zKV60=ZR?2$%#@s;Oc&)vb{gtTJv;513+>Z5rTG<o{1w@V`A8}|eUeb)ofLuhNg!s;
zzDY~Uq?Ge8cG4=p*G$;aey|DrHO^7|zZ07I7frKU3;TMmMX~^G=5f@(#&+&G&hfxc
zrxgrW3BsY&x-s_>JMA^LVL2vYED;|<)&3<VNivU_xV#6}JIHnI*{tT>!<ug0dO+3I
z))rK2>WrOUP}#>j(@NJ?Dyi?6jiXaacoV7*r%XpSizVk~9#Y+66!?SxT3_C7D{*{b
z`?gi}s(9`C`z?VF8J9X~{%@ps@WYnw-ol(ff)?xie{M~r{<p1(015QDHIckH+M4K*
zV+N-IU;@q&N4@tUwB>X$CO$y2?<BcV4eONAqQfkV)}0c_nw}GKu?IlFd;MmIuFTaZ
zpN#Ck%IWgS+mzD{#bKB(vRi4b&g7Km>@*T`0UK<J%S-ZCuR%#OP}~?7BNM&DOpOsg
zezm5edSpPm&R8|>z{<hVm!EjUVzm&_Ajrhv?QuUdYW1MX7+=flA;YK^Qth~LnA!93
zcOR^5lQGlMbZ?fe^YrV&kA3m(Xw&Tb)PIVoq1`7)({ISz@~sZPI6-SY_y1pQ2BC>i
ziTSyinORd~jVbI6h?t6q!>Bs5rtM(^{S)1~vb-$N_fX-=NMoDh+RH!;1MK{9w-=V%
zSpD_)1fHjMYhxZ%rsc*vWklo7Ct<%UO6jS#8&$`Kse~tf#rU98C4PQYGH_%_Sl71u
zcx+07DiM|v+*E~;an*3-S%eq1*|IHgmK*`-+WNeY+D>W4(JZVs@jL08p2H)dI3aqR
zJX^E3c{3~#Dn5ehx+~G&r;pZpFrn2-B*J#My1_Jq)HL`o>hfkIzB1CXg_<IQh*y#_
z_l-eyE_Og_*Si1iV`8%Tc}xKB?%h{HT3Q-CdxgRS5~t|&*{(c3K}O~>-7xyD(3$c8
zL<s5!%8!d`nV`8(?^&oU&0l**p9DyN_P>m!GhTE(^l0(^&5Tt9y00&B=as4Z$kh!o
zNj;g$@`1luupD8(3XKaYq*wD7%T|}`0+n_?Gq&G0`n+mG{Vp$41;#Er3B$ChBs@p~
z{BB~oFM|D&a-BwPp?PZMBR$b(g0K)R0#Ueq$7)B<NmZ|&o<Y5N=JXKOik^WBOS`(C
zHd6Cz)%7N}r-Z(63wH5ha-9wUim$wnvS$|J99<0@Rx(6G4mE%D)Nb&2R=NR+h{1+n
z$xUa^hdr4R4719xIq;4W@T}^lYkCb;Zm-kh0K=z{MnFtl2sK<tax`H|&s>dRU>9Y)
zJ;~8@m#zgBL$aw#IuFtd0UI;9r*1Qcq`of2<Jb0g*YF0tvKbHc8$aFpdI~F~Hqa9}
zAR5ovyKjZ@P~1wbY<TQ2y>%+;7YFuD1Jw>;SV%~wl2|0s)AA`jwO!OLK7%B7vvuTv
z0Wu|#tc|Zq`0-@4QBZsQUmFEY2bcVNpCH6gLW({aZ})%SCWu>(!mfqJ=p?rr%((Oi
z$?I8N-(#|(r)yVMEsGzmO_YnG(q)YaWf3^?iBK3Q{6R+G&5zA(NxtPrA(6>C{a=Xe
zpy&SvJ15JfPJwdVUYC{9w6>QUmm$UWvf^~cu%dNMafY5R9#2UboXhC898|yK(Ru|L
zhAZD~U2Z4RrtRFHnD(mQ@{F8o2rXMk+{I@W=5a}!7CV$fkCfl5)|Nbr1k^xtbIeQ0
zxfg4`zb;Af{8PpFfHb<wLzCYxD=;21OAmOwc`GdN_(qL?c5=!^)Ulw+4K9+713u>-
z(53mLE$BsFlUizQ8q)a>jlw^ifgZ5FAKyP%nkbswO;~t~dQ^?G3Nl-ei2GIf>FB#H
z4K9H*30_@3gNW`*l>f&Agw@%!@~@f0O=%@3kvaDJ_LIibbq_Dt_FT!kaW3a*B5&z8
z`O46QFZM?SD2wd|IRiOr4KS29y{=6PWDmQ>1uWKBZU1o&bp3Mut6IvWj|54+yro!z
z=Ki*snwu-iswqShlIjN$85^c-q@F0ybyVGsd#%1Hf-Z>szyUBF-D-wt<&;|3MyaxK
zhsndk_CfEF=fPW^>{S95<7$;S!pgMjT#G|QwVBFD`|GIEg{(f=-OmzSIt%+dw<AB(
z-i1Iw`sOHDF8u5|a(8E;kAtV{Pi;Do-b==pJ9n3^u!Y1$gY0t*q18p+;Do==z^DGT
zh3I)@<Zc?EXE6ZE7dy|XoP4w2V@Q4m-7y;@&9IY#Sm%5||G#ulP07O*q&|_&Z6x*8
zQAHIcp4=aVSknu`Z#N9qm-QvW28F*1w^Ux?B}y1#ooPq4>luf`^|$uzA2#f|hHPK&
zgV4es#Cd(bh-By$y37LH@X4a_xIVQdxYxR13y`3n){2g=ScYgZlL9#HxrdU+p)Zpw
zyY>iI|ApJ#sL%yaEB{X9=nwwrMp7~qfne9i={b83?Q6?1LWvKp^V8LD*9BA%=+TYk
zhLy?X?grtB9F*0OO*&jQa@|;x8t&J+JF7HZy-H&T(paM}=gdO5Bv<<dYf`y3HPZ%C
zzoFY^>>@^=Ukt7g`u|w_?zpD1wd*_M%-BY8L{LD$j*0;h2+}PSrK(7cfPz3M0qN4O
zqlidTk=~RDNC_ASLHY;+LI^Q*5{i`2doKxm`<#H@xo`X0Kk!R(`g!)=Pg&1eBEA8`
zV^xeR<9qQp;&wE-`aFn_ha${*i_J`aXNSL^AEVY6CD4^`B~H~-czjeWK@YWmf|XC5
z1%xN{t1nzZ1R<z`8lvxP>rj;Oxqmtt5vwlTfEajXl^8j-PqT1gJ!Vgj!gN)5P8?J#
z{oR6~tlvr=s*wEaw-dBF)xxSU>&*J3mM~ZK1iu@`4@1&S!a^TNmp-^Dzxm8i(||Wa
z5Xe;BNXEIjU9rC1pG7zydvSku*)?9x1`GR=q3X}`pKRN*J?4O{Cg{_K+Jw9<%^oTq
z&Cu4m`~k_1<i?_Ei3naF$6Z$r^*VX>CVOttuS^F<>Ij7e*cR+H1q|bi4go*wDUg0H
zoq(8v1Ta;N$3}!#0wH3d>Fn^uQK;2?4H#zW5M-ygV|UigM+XK#X{PnM{Dlg`QlQOZ
zZBVjTXvLEPseGc04TR(+rPcsr0;K3JK4F*5`u3$%XQdV*5h#E+Ap$OiM7adTmx}9v
zS3@4CdA+RMIF#D6YU|C=r*yB41+3W@K>QiKzj6#6eiAg4;Il^l`n7u$S{aC;pqYe2
zk@?}q>G+tW-AxWY5<j?EYzrzc`t^2A{~3^{gbVl?To3)*?xb{Hllbi%h6caD>FzD%
zn}7S@u@esc;q~P^T?^Eq@-K8PI1cOth$;Y4IHZI92zOASOBj-_SlSB_lxPz2p_0H<
z$=X^>M<);&2W`*WO?=LJ*A?Si`T^ezNP?TpP1gmqDKfcBTA(?L6Vn0u2>kpe$M3HX
z15p+~K<xk}`Tq;TmMhV;7zNk98c|;z<ieL7<w4VYVhjkp5r@v)9dHY1danW+mKSRB
zk`)dom?npZ*}nyK0=3uCff<O?;o2y<r7=A`yw`mo0n*T+e^8|ZUK!|JK`c|{3DdH(
z4KUpbKp)?+J{DhaI+&N;UHDGb?G&s{&gN9<4Izf-P`uavI_M=F@th}L;)3Zjds6{E
zo;vjIpf(_m-pz#Otv%LIUs?PY!KuO(+&(J+(db)*+PoYK&l9NJfbijXTaM{><`kgd
zJ(F&(I9jS)iwDSNfSy{NSh@2hpSl9(v!rr~+3q!k;@=^U?rkvf0fY5`zfC~ymEDOB
ztKRCb4?xj^&QHshK<LNC1lh-sRGXYq_&~#Ape%)9&Sj8PZ`-LQs`77CDtr#-?ueEv
zB!q3O&J|4hEt-1HOmBb;wvm%=xt0p*SVhJo-G-dHZCJjzPDO4^41J^u?FFdh0crdu
z84I6~=$$b=ASN|5BIGq2PwoQp*6&-?W+WQDJqW8f*VLw1?@UKoc9Ke_wTeOg(8<l+
z<vD+aFCsgmMo)&8%=3|!Yw0*gjl?II1QS*FZuG~jNdM6KVbh(Av}9tH15(L|=CQMY
zQM@rjxqZ-zmRryiL|p`&X)=Dj#@~0TIC-MN|Agn_D`L7W5jY`@G24M}Ewdf;I1-^#
z9CW4_mwL9aHGA#_6Yp9gfi>r<Dh3?M$X?}nlg^;lG2BR2fek~gAw-+Z2q%P1e)}&b
zp0c2M3Sz7nVKxIu5c>)6HKGB<(!KGB8gI02SePmQT5r{o=tH&~QVEs&ltZdjnx{=J
z`C14pQ{Q9<TZStvHT=-Rk_nhAj)!?Zc+x{6i3j-nlMBwnA!gG^>YxHr`AFwjdfRhE
zyx(+93I~{{;DN&hv7F=#m@*e1iK?Xt@btR>VR`AQwig9rA38<bUm-J6+h(<>tuXV~
zCsFHE{=>Zs9OeFy*8O+>BO>VG2U7Ps;yF+K3qf^xvFqW$H*@!m3rno4ij$i<^?##R
zS^&f$!guQOzXtd^j(1J3KKUVMU(3F%#|}N|DbNoKw_w-@7~){og3E1ezZS|oLl?+S
z?rildKosuKGlBlIlaQPLffEjY#vKGp=s(bpKIH<DL>RmbIws(j&4F1R)^hrsN}l7l
zWrJZP8$y|k`I<bjsc!R#=PezE$w4(gkPror4>}RMix8Y}tFaJFV4!3GPh^|=CeTl)
zo?tK-%p7qNgR}eDjR0Vu)*w&^gyq3kJpn%1{&or*CkFQLbc)5DS9n|h{gm>GO+@1P
z#s^-}u9;ae*<7|w4!sQkVB#Sysa6WLiO#lPo4C1hXQ2Tje`gbLjvTM4;jWuXYN!Fr
zxYWja&xUP}3+lGfO=I1I*E4H%5rv>hIKN)aUq2Y}RwWF_(4T+bs6zAoxOsb+=DD<}
z^~D)5OBfloJU?4%X%u@j?)`23+57%R@2dpz9|dgni0vKeSNDAl*v5CAb5j^G>igUn
zJer~TuEnYuIs4#yuL>W3i*;VAmC$`%eMSS-T)2n!weoxGN`C%XBiY?=egA3H_lDq_
zDI6dA;o}QbmS7eUzjc~8G|ErO>YsYtV*O3#Gfj%NRvZ%P*|X`t2ddG({5aB&7r<`z
z{LkM>T<ag~s0(J5fKotIl>k`JexsgmoA}<tf^5WSGUgu$5fSb~=iXM8;^FWJHa=hj
z|F-x+X2>?zZBXh7*etxL{O!a4{+C<3u?>0ifImL`ZAsm-Zx~FtSy%!^G1v-WOxD(i
zt^fb?ms?xF&t-E|!8LjI5QEG5Y&aq`4mW>c56Uf}Ja~k{9{>)m+w|i@7@>^+U@$EO
zI~8w~QOgcYtf=o8B=qxGtinN@sl^I`4ubqAm3v(sFfNFgpI2GNJcm1%U@!rEPv8Z^
z*R?eP1QLJZf$(2_8|9_tUZMSRzn5S(c6vo$6<qxqAR@RDoL%SqCc{n_u(@7eA!j4R
z8_dOPvrl%6EziBY^~~JR@zBau{QXn=?*+Y93gkvydab1P%lTif?_=&eaZ}>NPY3QB
z9Ob@$&3xrm^wQ+Y_~eMd@8`F@+3sxY8g=kc{k+7}$HN6nU0s~jonM9r?Yw=j!K@jl
zXuALbHU9Kdq>$lgitgm%8I^#8u>b}$K;uQ(hJ08wgmM*-ohXM9zX~_ay`@(#E<C(t
zgO=g3>3y_Yytw!@sajyOY)L=|S$??kyE2c2@hI?y-HVZO&6Oj6E!eRW4D`_F#J4ep
zHdzv7XblTVzHDidZcLw=sC%`8oyJq;Cc71`=#>|v;d+BZuWGXMv++ni;pYwQ+GAlh
ze3;%dgDPq*+XuT%;R`3uVJB?0jrW?mNbgO$Sh_;x4$6ysT%DVY%Xio>91&5J(J7A4
z&oZ<1xrQ4s<Kjv(Qg0x%EFC>tLVIO9%hUFp=wu^p03Qlz&_LNxU04{YU7qC(bEu`E
z^HN4@;z2e(rTNo?g`GqsHFD_%Q9G6&v+}kO2<}+^#BTrIHss*zI+Cef#;<p+`0&#2
zN##p_eND{?In~O|7mhMkMa40w0xGD35TOcW3ZCY3Vb-?RQI<<Cf|wPa<}tMG0V}4v
zwe+523Sp<==Zp;l?Ny#JVU`^P>7UPaTn!xaJmGs=UipaLl?7-1S%KVjw5_w6HKT)1
z|4@4U8RTFud-j;uCRkXiowUzLZ;t-VOOLuZk8rE7Odjpa%#5)LtWFY{JIWVrt)4SY
z)HqB`#GYlJtlW~e>i2oSxWnXEt1yW53$VvuAylRIK+u2oYfr`<I$p>$`ewG7{Xt?C
z!KAWf;PB)E!DlvC8tDI+xfLbJ!=uliIx`fUAXZUsxh%C%{TtW?lU4{&`4?o>x4!rn
zB-#IjD~8SlZ$m2r0$3nZB0?$SSGY@Wj}>!WpYQDK1gwdWmr@JI*n5uho;p<%8fCIt
zMHQ4|RuoJsdKcg&`=|E$jl6uhJyB-8{h{@EXH_~Rua^mjDo@WB>&Zw8B=?R{m?Mdg
zi-R$Td;EMU_&{n~kIWQ1uHQ)_k!sXMefz&!{i@?wt*rtA_0E9=S@#k+WI{NxRu`g9
z`OdYZO*LMxigQ}48<`Vwg;OXI`g(dMao#K4R_jVfxty7EU!*9M_yyv25IA}g{LQ;7
z|G2%4UnK?KGTUDE^HlGgP+|!XXLeVBip*HVyGuL%#F4SHqs$x3YM(jAa5XKOk4Lk!
z?0lZABc<Iu0N}hh?3n1KFZuI2SwghdjcKxAkME*$xYa3`8TK(4LA1NQYMdx;!M8=J
zLrqOaGY2wV3~=;Ov9=Ot6@oFJK!%U3gt2f5{~^r1lJkr6pk^wi2u{Bbi#XgZAhL6@
zO`A2t9Z@qpeWh9DCYNTE8>2o+c|w<E%~<SxFjRdXMMtY|xCkM_p3Y#8oBEASNR>dG
zuaCj;22a)Z*crMhh3E!mR3GFAL{25|X#n*4q;`928aY*+iqx^qX<2KtkLMx9P{sy&
z5sI|<KeDU$XD1Jlp;Bu(+Ka{77<LLSRVd$J)D)bhnQ_|PoH-F@oS9}|aa|$;O<t&z
z1mrZ^?_?D1AH(IZeQvvysTs+KG30PKSC#4)Mds`M^BkuTRJO-*U~xkI<%%+e`L<Z{
zKh@89BI&}yiOIFZ)4{DK0yw!6i;OG_9tmBeltppOgkYk{L|2KJSnr)*;G6(`X>WNG
zW0{`Ty}F(kK(xn5;1i>z#Ud4KkGft#uc2+TUSt~^r$26Q<-^d$fRX@M<XF6zE(fdK
zIZITzTL^9gyhV*<G7i~6e1KD>wlXy6pQ>-#Q`=*$iPMihaE6=1X_3pp#NoVsYBj`>
z(R?yjBT!Crd)Q$_!bUi>DeCH(m=gR&`|uxi1&<1fJRXOh(xK1j-4#0nQPW3fVhr^R
z&ujAk*}8bMrO0R_aEBof8e%!ynf5&_4i!lB97ROid5tcc1HwD_TmTvG-W}(|WC*T!
zQx*i1qP(tkS_VHrlyau@1BtoWLC8?i1m(6id5?;;svKFG83{Y`l>TI<i8^Ic#Ejgs
z)a9<e?UYjFxvEw#a$!B`wO!+x9sOx0K!1w}Z}J9<csMs(e_T}IP4%ve6&1t6oX0@|
zZW<a1&xqG9iqDvuuD-o?wt0uM-P?8r=28!E^ns6pYGQP#WBVySONAS$k<ZUpINIIQ
zZQi7PH83$rj6dtI{nBsvi#*HAt-^GDbYs2lQSqwFP&sRS$alT(#z$Y1i*tWD0&U(s
z)YgW^#>O!Rljw`m+zL`74@XkYvszXAJM@z_@>E5<`)k8l`Sg3iQOO6rXX`%~PnB|J
zdyV_RxxKLmKpB@&<}^A{HQnbu7E=(l7UCfZO?-Sua>_RZd#hHud)-S8{3m|ZmbV1e
z@z_8_;A#CA-V*K^b#agpv-8Vrcgcn+92xir5}TTYrWC!G!1M%aX#z4%6mSpI1?<>=
zlYNHmN5Y=Rzv6x289R{JplWTGFGtLYMr~#DD?-6^(&A)Z9}>KHKd)FdJ3@abz%#;-
zs<miuyXnHTCQ<dK-h!oDz!i!t;P8d08AO!d9*|06jNIytRNc}Yt4HrPtq*zq^x%Hm
z)QFWl+7%l_L~?*BpMXvJ`_GoDne=o!n^TE~Jbd-uqYcC@=i>1nn23IQ#-0N$sN8`4
z!ii)rm59jqMgB2efD2miP>&su3a_(6tQ#d2h2z*Q;=i4ut&_AxCwa<TrsvI~`fJK#
zRvYsCT9Sm0eNHQWHTG`A|4TK0>|4E<ZMHFdL0!@9TBD1jztGW(`zL6dcfaRZ`ck&8
zX;NaasJ!nR#VA$x2}5^+q)@F{o&}zqDi95%)kRgXWf$TEF&<m{G-#k6I(lAcTGXZ_
zu?EGL_G%GYtjYm|xB6-;h<`H4wfijL1@ZVFm~DQbK<|`s_!75bD#C63^0M1KU%R8N
z+IX@GM=&nQQn0Djn!vD!-6J>zE1_o`_pL@_s)g|h@pJMui^`@}iSn@*w;uyq*=#oo
zZ0BYV#c%9)3=lC}FPps@Lya=9QIXlDV;CU=JNa--2n+!?g`KFVU)lM^$pa7$*+Q?A
z3v^3tMhdV;ycN6t?aQqX?1*7=^B*7BC~Nv971Z*L2ZFiRQ#;&6*HDnJfICff^IRQZ
z1x$52KZv^bx#p_s<j%`e4*$nj4iayCV2O0{aP>uxao+Fomi8Ql7DD5>qrh@;Uiz7o
zTxdlkxiQPOY*$xWlM-OhM=wB7^}^DC5$`R+VbSW6hVpyj%GtEFfN%^&2-z#DB*|Iz
z)x}yCi=ljaJL2T9c=R}JFrZSjJ=$)|>VfhD+Bfr+Xo%>3XQLK>(%^(`*P*2B%<Lk)
zn*83kS*Teo!YYm&a9dd1^O}>j<oaK<YFmyol2)AIl(>~UEeY0k<*oUKq>qKgY$r_E
ziD29=?mhBtq)MblQQmJ6MPX9NpqBItN`euok>uH`G?tbUY9CyeL$eCR<=ZQot7YXr
zGYm<b=d{4t>FJ~sKMhxp&J8vY_Ebsn6<;-bF6QPX*_J^;sTYiPy`n_SjX{)oM`_RP
zMoVp5+R}u~m&z52b-~KF{vL6}@>e}8si$S>zI^^#%=V2e)GeW7%}eiI%lsvRw~LLp
z4x)@Q1ae!M$RZTM%Y%f)kJfoNMh?}n7T81HlIB^AG!hX~apniGbJ4l#_eOQ;A<d{X
z*NF>0>TYrv6GDqn^?vtjtX*TF#1d1s`>r>P9>bc`jP^1e>iIC<sfejp$7<IINi($1
z=uG*AE9RPcw~Rw3T;!VumDtH#dg`4-grsw;!O^a7Vwjbn4;?iHjB`4Arw00J2o{HP
zh<XHuK%btX!;#~(vy@^W6Zh4%e{&>Y`rE3WA)-%(mT4!Rj`c8~eL^0s>=$~jH<q>#
z=@!-fO#bHV*LAIAT%k>j!o-oqrq2sN&5I~*J{C-j-@IZlj0DXY|2HPPIaECb0S2<3
z^M%D?7iql}S}=sw*v&{=0q@rTt*{oJv$sCLgZ#gWafy$DiMz#ze7>BD0e<lWe3isx
zCHlxn_>y3m7v+=j(?0|`_zQ;?q(qnDAqi)I;A8%nA2vJeV7Lu?7T9#{IWciki{vP<
zFwlB(XAn^&5cheNS-{<d(1IWzN(64J0u*C|+v3FdhZ0wMU)qvup_CK*t2j;&X4csm
zTHN6icy8axFO%hKZqAKC7s*N8;x&0@AJ4}Vf)S!!nXs=Ns-tUp6dhnWuokPkY~nC$
zAU6YM8TwyJ^dY|)m0_YtjTDF0#zfOb<`fnqp=6+Uwq;6DLR??8(8ls)UwT=>;8imU
zSJy>jo34OmH=7Z?Qj|*)%{jjVAPJ!Z{o|0=nxFpGw7+3ROSXHSbp7iq$B3OoYW44i
z4UyPd;;=n1_Vi`a^Frepo?>PfyZE`MUW4A2Sai5-*y*t6MDtSO+HB~>R2=@6VR|xk
z^k=l$ZQe`_Z15;8j7=9cvJjwiz+;9w<1WjkBJjkIvc992oNrr^)Ns2~XUwT?`SM76
z`(7jO-h7XZY%5y)Gq&eIAED|^q^YDRvtD;x&DT;ptU(M#+r~@1083?UiK{aGQ_1Ev
z1rif@F(WP2?X|x^jCBYuMU1#(<0U#eQ&F8c{;0ZQtiD|ai*S(I8V%c3zrWX~?AUE<
zWq|lsK+*<&`J1>(sAkSy@bi-=dJmRy6_L;P^;4<k2jQ=|PSY%VN)LlCjcV4WDBtIM
zxG@O4{7n=4d+vp8%l}m(hQ0QvfJF*usFGeV7ANT6$4i2|-ykFKph``Wc<}N=3-5Vc
zK@ZyjLfr%uaw5xrTVp&}<lXFD|95T>NhMZcB>*Omz7_leLW#9OQYNDsEHO}f1$^Cl
z_2@Xk3}1O*aP#(CQ8AS`^zExlp`7vlt<74cs341CWZogsdi^G{1>kk%nw>~x=Z*DC
zOUph1&&IGeqLB4qqwr<p^c8QM8(|g0h~!}#=v~$CmM&j8RPHvtz8*rXo58f4c>X*?
zjL}-6-K<@^(6m_ax|(~i@{o;3wi@0-&f$PZ?YW?yyoIz)lM`F$&L16X3ZFT+v8bV#
z^z22~)vM&%yn%YdMZ`@@U5A|<@gn}RgeP}BBl5&5+j14+o?jthp_jd9`CrZac9LjV
zs!e*l$xe)xdzH4NX3u_Q69V~$_07BfY0rRI<K5B%fP-(A-%N`LU_z~J5kwWaJtz0-
z1TE<}-6J@v<0wy4`L>smIa<^kG~kdpkf<3*tWz?wCFIM-;&S)PD7MP&pQN?V17>(#
zA`kGGh|E|yA4ww9D31C4L31mHB77Sx#{!dEifl?xE=~^wzE5wrIhT>zX42Gl*jl7H
zbRsARznP7re}fZp@T~NIV(Uoi;`HvGU0s%kW@d(md)N!;t^=4Uaych#>r>o{-|cQI
zqX~Om|DNXD^zZ*Rm;d{RkZuS)Uw7d?$d5#pOTvrwevHnLR=M0v#qhE-n7ng>!^&n_
zgTMdS>-_2eEfQEi1o`@D>O6`xDN~aKL8F>fHS<gc-iK{GKLr!DijEd(7b>)J@%;Ke
z#op~9+A@13NY%XS(}~SF9eBi7n`&?DUNVjDkiSHA!#w-~;f(fS4#?4xlNR3?t-3yg
zJ&)7(3Cfx`Om_vFos6|4WrYmN>3Md2Sbb5)yfXpj_(2tw{;)kg$jR2_n;$Lg-$|6b
z_$W3PXtadvkG#)iVV`Dn8|T${ibj*W@1srqGzn;GjeI1}a>TQ9<3Ml4XZ@hV6Z<iz
zPI2$`?rm53!icB$?yr62sNPU#&UjN`qj9_G#JVeD?Nzv2%cXQoiPNybSfzO4d&8Rv
z6PT>$vu+phLg_J8&0?4ZU$WOVGZh4@nWx-ta<a-y%-3ry=s0}G^s_os#+hXb@;s)#
zeKR7KwB%FQ4(GI<qBV}Wgh&^D9=Jo2FtM4n4hgWDxN33MUc%Nv+&*yP(&S#Dr4t?n
zL~)GmIm6Tn;jt);PW^(ZxN9-vCiJd}?y3Kh%j{YJ93dx5m<%ccK-p#wG*t6n(AVcI
zumeN}i*7#D$OYR}HxxSwT1wRe(!|LZpA`u$U0dl^K{+c}lVgY_e`<86xo#93p#kjF
zM|pP;dlb0YHpP^eZKm!l3a+^RcG@lAy>hYxXVlMu{B8N6Xp$@dNEftyvXGq(b5KXD
zTTV=$QbsXG`f5^eL(#->$sU>=Kv4kW1-;FnFU2A`zRyb1GCQT3quaDi1GTtnN&3^y
zX?q5rbr(I0MKNS*Chez+&@PB%$F03+X9-(*BC$9}HM;<-u*kf~J5X@L9$3F!pgmu#
z)p|-1fK&@$u4{H}Y>N*}iQe%1$HMe4D-;}kjGd(|me2RAstBA9UcR_o2Utg-CHH4#
zdP}DM&=Jz?Z0`4Q^Dpr>)E38fPX6}g)(7?={oC+`KFljXFpS>0*e?XoD8A)s#c>2n
zdEb?THUPaYfAhIif2^nQ)&5wDfMW;;QQuc%uq%5|)?MG+2`Nj1MkSQ@`;?5J&8jSA
z2=S%M5j!tr@8Mtv!b<d3ReIUV?7a6d5%0s_qZoO)G?>_maClSTnfsDRmuO<=2LO*4
zAHT^nCk+2YzAjbo&0lPOvOppr_k*(Xp%P_ZuHkQ)3y2h&9qKCgq`V!Wg*YF_#*l(S
ztV>GP3hbqA8_q2@WliK*9k-pjWlvD<sph^8l+9O>c0zK*xu`4fMeCgy8q5LS)nrW)
zi{uXkzyji2c`t)l=Gyx#G|A8}OYyv(c%W;oXDgx5Pm8Z=Eo&W%mM?hSUb(zYw&&V~
zg<SVDUa1Jr%lmU$D(WYj-I7hE%UHqRk1n-NNl;vi3Mw5Xmh-N!oXQGG?K20SmLo;!
z=cj)RCS~-vl`+~2MsOD7gRSbP-H)d<J9<%H8(3)5CT=y%qQ~=XCQ&viAIn&so5v(x
zT>$0#3w*CVZ0>7=riyMxtbenkgXDAZ{&x*P-QDt3>Zw1RlM!<%Tdq*33f8EPhtR$9
zVXqa<4d+Vel(C|nJ=xse5J>^NngV`yPO>3BCbqGl?-6#UT1(_m8CtQKzIcsv0mCGX
z%)y(67;VEZ7yF%XXp+Kb93z?-^N^sscwPY0!I$2N@YO(VZ+ebt5WpSgic)xcj|?$q
z!^Vi)9)*9FqSAlv3*HCPH68OI=c$SZ3AsAbEI$o!-!dZswVHA5LXRTbemQas-txWc
z$CvrV&Ny}7ccN;Yy@7;M#YdnC8C(|;Yefqdh_8Mrl80GQ65aIY#bsnHK<g#=9fT-@
z&rFXhZ+`ff!~*0bz@=lzpT49*Uyt%-e)+NuEL7V~Jv89$^^SmSx$_GK1kS$%jWam?
zwb>pEc~Y=X2<H^of7siAVfUSGWV{ny?8{mOquA#zaHX9XYRliUA|kk^9(<XbC5eWG
zg?aHqBmLU5r$G*PcttfsOWamt%yl^UWz6l!KntPyr9S1bprWpfyu2TSCF?%<F!L%{
zE&2d5u^k{20mw}hf$#wO%OJJsul8}C?jEWgzux^QFUfEI%7S4qPS9(8f@v-q&mSk(
zUw-|CwWZ}?5Ww#XvZ#VSlg>%vGf&ax-;yCmHAQ^LZ@#lb(Mu_t%WQnTYNfI!tvjK-
zZx2Vz`gDMz-0Cp)Uf+aH(rR;)w&KLEmkDC~sNBydJ`Xha$oXoW<-&~fCHT(G7I)8m
zRWT4R9m_6;BtxG*owETgLbX(GJ>|;7ac08f?S3w+r7KIN6K_j9IyycW@$Pk(bsBi4
z57g!wf{6tpl=W|44KcR|W*XaLpz6j@Wo$*SeNy%g(}$A#Fyrsh#h`v7+;4Tbrd4LK
zAyVIJXjiUy&oX1aWB2;*UlMkOV+1#rYXl#D`$_cI<d6hTOz)^b?;UFBuGGVVBrmCU
z!Kl3mjNH@x#rRrft{`IeVxfM2#7xuM52Y(_ul7p#drg%}#i!n_+XK|^0*MdgiCWo{
zFJs*@J~!39-G<`9IEORl74F0oNnE6Y44P)?S~n07$(q{u91<4i1Y}}3fg3+~`Qx9H
z)vdd*s7UT9dR<i=!n-ILlokGHI3Vp|NsALiA{mP@6z@~sy)B?6D~Gz+8z88#(%Agl
z?!mwMA_niHEJV&0I>k0*VM#55C#AT&?s^*mN-aLkJWT<NtXC9k%k}7Ue$rb#jp?^1
z3sx<OyC>OdAMD!imEC;!en5FY?{ST1PpyIQS$i~VZ7Cq7@xjydsGq6TfNOTFG`4&N
z^k}vZ6LgNh+n*V*q={=bLSzt>T6Fcr=OXzlC&E>okr6vSyN%%@T<JEy>2jWhJrGI5
zi8NX@)+$)lN`;`ic5Wf}1o9Q0rR7_*xBBzvCsK-b?aj@%KmML$4<5!IaSU)ay8OyO
zW#ypm$I?}dcyr&9wS9(U)hx2*6m69AA>vF-biDewU*FNd9YKm`0sWZtXl+F2HSe{A
zjnL#hNYm5EE?}e}3AZ*eZ|Nbidd$_{8h4ks>DtW7yTR1P(iTgd6%rODh)GYd6U2-y
z^CQCk1m`|Vb9yqC|1^{6<^^(?)*onL7orZx#`uqZBm5IM8iT=iJ(J>=rm8ehHO|S}
z@v^RqB~ps>@8}gXnBBW~o9qIzcAOYS_nld67nfM_Zs&Rt(?D0<Apk2Uy8d}~5qmm%
z)Ai5>aV@Gw3=@dXlyhA}quQq0-I(($c~fMv*W6X@Ct<>S<}fAzsKz>g$tidB7#>-G
zx{AiVnJ!-jcwXN8MEJ#Yj$X|Z6=S8Bs+Fy=e%kpsnIF}rL6-ru=M!UAgAU17neOSQ
zda%tOF-zW+vn@HKERcvQurHNywE3rE^;ys_c{v~q|0j80b}^sUnFSekZ=VQjF+ot?
zU5~)!_T=5(Bo5oyJ)R;5P{YX0BOE#0D-h~@5L0z{yJ_NTSKn0W#69s&*EVBFhO-Um
zIs$HdP?N0DPT+607oI;%U&l5%nE1AN2_S1<9#@5QF`@ZuUX!3(jHoYQ&GqI1JaPW*
zXZWF>hOqc(Plt6MhllNQTE~?MR6nZT0^PmaE8k`CtyP-aMqh~?E&GpDxux=pV0!am
zt-4ORL9?n7iugcbgwf$%qn)_7E&Af@XpGNsE1*4)8dm+7qQP3Bh%&=!C<|@&0W<aZ
z^yxptG&P={p;T2VPdT&qSFIR%4yJBF@99r>Or??Xe8$K7zr{JT27&N7z-f*(clSaI
z(KBMg)WXun@sf)@vdqw^pW&SWdCw*q2=WtQ)Wz0+Xa(3z2SK2uzl(UV;{>QI!WOkq
z4koTFDee&5W^)MFzqH}o(!(Z11SvDXA+^D3(lPbviwBwH?xBV|-u<u2C1L!I-W$-7
z>7QLjdrCdjBl`eS7>6!vOOXYf9tsCHuM{k2n;<CQh=HqvF<FtaBK$^YwFSt_)b5Vi
z(eX|hq^pZZeo2Ww7!mM}DDO_G{9GfEn(FF5uY(i7Ck6}zvNSMRiNm_#n|>ZRD(Kq+
zCq*8oW&DAZGDL|ROS>GI!A9mccdiKm?oRwcMX$RvYW<INHm~51AYzWZtF$+jaq$AN
z36wJ_k-B3UttK}gwp56SVYzqber5^Nv;6f}6&C&(RAt5l#AR%~5UR@Xs}6?1`p`;H
zm~ngIR;)pk<IUG!paWK+CToz#dXQ9CkWNR09fR*Bqk(L?krQ@@$rSD0A^grb)a$9}
zI-_h3=%<rY>gx<l2@&B|8G4i984~dGIZAu)q(QI7;`W<_(4DPlX6~dU>!6+v4KTad
zQv7<43$9emjj?WOPny0rg|vME8qOBP_%l{B{f({88Ynv@df^4vGe|y2h9f4X5qTRa
zPZMEHhmW;ujFn<>zOw;Q7ZR;}P~Cm#%#!K!p^Whd<Z5?V%>$(k;)r57-eNz72E~$q
zJ1oO1yVGSNPnBe-o=x(C)M%0s$N9^q{fQ~JKA<x@<-5@>qZ&Q8I!x|iaYYnCYn>$A
zNk}yXN@@N6fS|0)S@d>s!%l~Qxt|s%ud^~4jwrDE;7&Y2v)L3&pFzQ|5?G2X5UIyU
zW)lZ5bP4$_SGIz#wVMr%CUKe;uWz}k@^aqnXxX3SpP_K1Y-5HNm=iu|@0L)0GdJ~>
zxLHWgyP4a9wMpmIl~F|prMkmloA@29k3s*Uk&c*B4fF@JbTqrOQZ(L}@M5KQ?@O$7
zv$!3mNP*WEKO(&H_*p7}aN}C7=#v@mz7d)D6Y6?~K()C#4LFBz;V&eC3llh!e;Zw8
zbF`b=LlKfmpT)#!=Eqs1oO918V0F8E#}GKsu(A?DBYQ~-a+YOie3O*TnfaCvYoxQs
zM*<S1mf>eaKQ^VxL(gE|4dME0k1C2KgujyM6XX4bMvW{8z#If^K$#M#h5MoN;aT_!
zln6>d8O|RbrO7ll{t^<CAW%<W)N?P0&@%XZ%NRF^L*d(pFra>B?sd<RkXTsTKl&<+
zGy)67xTz2lV#=ob0-ID#<jq0Wr7=)P+yRU(;u$hG>4^clIrZy)&TEE>b;Tc5;xt{k
zFd>Dd&8vN?xjLC-%elq#j)zd{p1R0o|MnuZ3mVm0MzqeEcW84uU_6-z^ukduA#!yK
zo?L*CCV|O>{@OA~|EhCgp2crxmQ;c2^YU$=B2g4b94P!1k21>kCaMtfJ1X1Hyg`s(
zd*=?ggVd_xD{)9SJz*^vyg^XG08?CZ9L8tt9sEK;PnKR#q)D3x8d7bBCO9e^E6(<$
zp#&BL$Ydw7pt*$YLqlFY90kJOJ%m;}Li0Q}6`qScJtL-DD`dT*@#iuQmoz{9l1b47
zGZ67pC<JFMEG(Q(@9n+H2uYCYE^(1&u9=kkb_u>ln>QunW~^`4k{NPWnL6*B6mMn(
zQQQwg^EKed1)`zA%dJ)q4+zticNwl<+8fUr<pe+-DS?ZJSZlz6mSLjG=ej!qs)cD0
zi1f_lHbDs5#j>uarSp;k^W2hNK|^R87p8n;DN{%*afRw^wZR-Zn7Q#wb*Lcln=6j1
zHiSlK1#ko|)tscQN^Z7jt<J<!^!@fHHLGRGo~k_UEZaiya*)fNXx1;vb1KRVFJ5@a
zfToO9Bn`ODvt#;zn6SdN{%$J$Wm`i-`NpGiQEDrtr8PQHty$BqF(cLxKVBRA^*Q5~
znJgaLlyUMP9UW(<-lEUoDWCQSit7kSaa|c!>n2VF5pUS7nZ`GYJeFG@f4O^ey=Dal
z63g}r$0+5c4EAL75aE`tIjzDx)0P;b<X{7+<t+v;3{4%O?P3d|(+^<o=}LfQll!;}
z{Y&5(E1_pZ1su_G@P2}$ArLv3yq@D^f0<BKmb38?$Dsa+2muQ6bT=i`#h>L5Q|{|F
zzYi_%boXU88xEZWdu9<0t}%czIyrOoUE3h6jK1D436#;zVP*8+j?ub{<klWvwc37C
zZSOggGg11&=CkjWNCIJ{58T%4*4Do&p#%dX6|t3{_Y3WEaU%E)zBV4$3Jl7sDoO{+
z>+||{s;JN;TOChep~z?|clPr6^Fz-YG$Tp+sUo^%WiDuIj~pcum{T2nnFH2-=wuuv
z1K}e{Xx?wV*lgI>OdXf4ntWNZYciG^*}13+WYE1&^zXNiq3DVXG`<IR4ycR$Gvy9@
zEYu&-%mZ`s5mKvwXh=dKB!9HICcj4SZu`ukZ@?eT9cW3@vl?nF5HvQy<-}x*AiDL7
z<u$5W9L{lc#&=c*q`_JuZ0zyE5n9<|Gh<pgs{h&uc{*nMw%5lO6f#9$4QiI_KF1}x
zds%JIrmwG$q?5`QdWrB-jst4j8`yvikM#=kZSLK}K03nqmAvIg_A|sFeZU&@NXGH#
zJMZOoLq7m*08=IoWhy_tD8F4KfU8lY#;4qymB?y({IFe*A<^iWsT-+@y_w_$@<i+_
z;!-pCdH3#n+dQ&-2>*zc{G>NRd=y4}@Xq{VH&yT%Ji3LSb0{p|?fKI2lMxpt-v8@x
z-guKbXWBWX8iJ(ujYH372Gn(c$n0CieQbZ_0KnFGV!WLm7`<~+yF8|b?yp{UF)}B+
ze0z@Yj&2DItOdlmYungjWWPGi*3W}zu_2;1xO%x-G>u{sJ(I>}<bH1PAv?$RV=h~l
zWX#k`v}C4qTa#JUj($~2Lg~OR;95a996i}tDDG?HNhwc=I=4*$DEJlXSW(u3*lt%9
zSHrbKvaU#`6zb#e<I9WTLsyDrH`uNkm+^AW!azq5u)Rf!U-sSKY`xd1yL)?lMwuGX
z&I<wTX>9e<vcn=XVoCe8mVZ!zzs`=9`p|MhO+k`e@kUiTzHwxFYLX=i&v>g2b%;AI
zQg`O>C7TW8H}%dp@+%6+9Z()EXAX`ZVdnPsNUWwIA{vanogE#izp&NS=sSVLVwv1O
z)<>$`D^QbCRy~4GOp(kuPjfcPd$mzJ)Oe>up}B*I#~Jobu{nw%w-ol@V5bi(>)=09
zn6}>Jx2l~qny&4)+62~h!4kG1?eXM+<6zUt^z`&IqJRehOx=$KQ~_x+v?KiTpt*eB
znc#2Ro+#th4eDQ2QX*_$?D>9-v$J!UfHbQ`r~xqPJqg>#3AyHc2Ts!jWL&Ci8u@UL
zPXk>a)cyLyA%(9CxF_)W0NHRzf8*Pf*#T;>;6wr<r=bC7uA>^IPa=6KLyHV_gk*%m
zWSo&9BFfy{9AxG<uMU%k#aPcMK*&@08_4m6ceq5rfUxtpoqaCRvdC%pQlBcqHob63
z8$@*GqP~kDdamA<wz=&-OaywZM{2{5lE`9xY6>zARW<cpo7$^2@c~GU=UKEAW#sE0
zFv<U*UjH7*$T)7)A#Hmj%CzObnc)wWm&W>laRWQeM5(AU_vHi=R>8`K??6RpqBY9A
z_5zm)9!PnWX7nJjh*+&4O1uBs?J~_Sdym_jd)W|5*Vp}A6v=uC)@!DfR@+5rvFb4q
z_%gJx5al+mQ%Ki(>kP;mf-4^;V%nxN5pX*dqt-Q0%m&LJPa_%U#581nBrF_m;^w2e
zWosBeCszaS0`mHSn~DOlA=y|Uq^sO1)k>VEx0gR8;g_Pt4lE<<WE-QD+V=fCKlE4b
zv26%)nBYeYnFAE!K!=3dp0{2v6auh+gHH8E8w<E;@BN(nT1yM84ZxOwvE0}PZ^Q1>
zU>|PtJ#JYV`>>$(cJqqaLvo9ZpFQ*-EBd>|+hGV$>ra5)E9=>M0(`4)PE(OmQcGXo
zinqAu-utXN%zg$C<Mnro0`><7cp&4xrA4@PCZJhalX6v^QH$MrBE(P6h^2XqmX5*+
zpXxmmkHJ%b9}GK-zj^Q9A4k!(_gGL+b;6uObVoU=Ux-Lf5}5*o*{t;t`p_woa6qVt
zNud25X_vcXG^z7icjA)}eTQJ;Irby2{)aL>A|>K++QDMMurlW2(q4@P9RmLj;|PtU
zRusUKo+OS=xb`%wA=Z5LCNeC2l_>`HJo(#C5qs==Y%u!8VntRHBbzsRC>Xs4kb0gA
zJ%fr~17@aVg0ict#ptc^G+e=eDyk^+ET`Re8@|9CbGI_N*t6wYOG@m=5pww%QN6sl
zBQu8Rz?!uy=Wl8)qD2>__<-hY%GsqmR)iE{Q@rBXL+!0IJwcDP{I&*!D&9YOMS7W!
zl1Z{w*JyL)#YC9dc1k0gh>7xlu!lS-y{Zuyf<2K&T4dQ&+(D{dhp#Q6WpVS=>{VP*
zKF>%CS8yWoOw^JJ>$UqL8avclAjeD2mW;fd7AdY}hQmOQAGRUnwI3$?T_$mBhJjx2
zmep-dL=Yk9_jd>)V{nuZ{{0vL6y<!u7)Td~U+LpyFqu7pEo#eHfMsr3>DD13zZUwL
z{r}&s^FPkVY@<i<VHCU$B*{Zf@s|aa=m6Y(HK5^kPc6tUL;X$Q0)B%#`L}}ht<(MM
z9k4G2kQF$Ne7)r{`~C*K0qyne(e}yGB@@5?O$$}-FH4VTags(xE<GpytVFM<sDQfJ
z6`8#p>(vkw2Y7**s`SP_A4}RUZlEMK?lJvoJL}PLc*X`3_j5i>e}8{38rcN#NI)SN
zPKXA3YB?IlYEhk3#;Q>UdMxF``PD#eZ!<TyR#Pc(`B0`7Sda$*E-v*`qk7g`MJap7
zLGkfa=8|DvyU24QE|7S>hP#1pAuR+v1$@)*NlfF1q>xfpdHLo<N)aeTry@r4(%-k6
z1-(ngG+`&4lh!)1VG5&Dyx?7!Z!enhvkx#UcJ*4QYgEet3SjPcLH0x;v%VDa(`dxg
zv;*+79Qzhce3+!mt<48y)4-BgA-(-M^k}zHTU!Emcv<lsbjb9Um(?$<?7TmhY!4XE
zfE+T^vd_hS6*yARm|mos?LB==eqC3x^8qDPL27EM0_g3Ror9D5RLcWWG$8w1ShSt}
z@=n_m$o2J4?(7ysjP5Fe9^Eq}_8FD?>_l7-)6!u79zm~f6!tY(9uT7~PW1>X{HCB3
zw-dH$rMQ~_=$yv;WZ^5tdr-VrCxaQmHniXhWjaW&^E)BDFGeiffNaI{Fy_ZXoCWUg
z=iy2Y#lzfJr;5fz3ZcpR@)VdP7n(cfo>FBR%GXtd9Ns<{$rtsV3G$m)^*gZM#*l-i
z)_<Dq6tvry+N!XK5AzqlT6wS+m9rDNof{V+pD)^I_rbe!x1fph2Sw;6aUOJo5UOXB
zdkhNvU|81=UOnQ;$PRDNXg^>58#otnp%9ck7##&dr)o}}g}^RIufw9Hw|(-{8j?&5
z3_b#wz>+j{7{)Fgg|sy7G6~-SfX!K0uv&KkV6STKuyR>uijYaSSF#JUkx>9B2PQVD
z2_OVRsyEaR;Y3@Ufgt_bs^tKaBuPqz06CEld<VyKLRq&FTsBW?8~RfYI)G}YJOG#P
z!@LC51!iB0-@fa=9yaw^&HjoRq(l8%IA(DbN1_+TK!D4m43QNsQwGr`ex<q%H6+Z0
z3r+eAY7;LiEy4h@T_);Ot;k9MsOcI^;HW9^pWDCHpD<M-wYE%Bq%kM2w}CW#9_T@$
zg^|6wU4yB;{)5{%wTl+0+zskGhQf>X?tt4Oa4t4Xz5s<{NpYL2;?5zywC8A&C)mER
z-NwVN=hGD>)FEwtKRe((#tDKedIoWO&l-)ibBjFQs~JUVO2G{$mJAu2Ld_3n>uHlq
zNj=V!eXlpW9wtD(laln%sTjB?pKZ8xy?up^-qaf~vJ{D{f1%@Wwr`{<d}YymXLP0F
z?yP2E-Yqr*+L$^(8>2DdJ&KQWm$|YWyla!D;NN-%&Vg#-fy`t{AexE;SRh0|)X8MT
zO(%RHK7I(tZBmkL)GE)XsM$cU05Yj~>M^^9`a3x)%P+pO9%xtl`MEf$YyG7`QO5CO
z5JNvnOoqo>ljMFuOnIPMuZM@Jb>1VR)l=_dcpX5s?+ERh3Vm#9Lp92Ld|`zps#u1I
zS{!cCKoz4&54#gpQF42*_{rl#t<Di$f#LmIv<#C4c?80IMSGKSD6#&~*;@q6WV4a?
zlW_0K^s?_g3Ux&(_y>DF0Op<LHoSR5tAa-!Sh#$umlGutT@q>tn8ju4%bfCsMZT?F
z?v64?APb!Ue3|cP?PcgykmHOP%e2rSE&v@Q9nTq!JF*bHjQ!-!clWd;>VrKY3WVPz
zXvA+Bf_!`tW<ioSJo%kJR2L+%ItO^Hj)LL!+eO-+4{BQ<^tK)YqJPQ4T@SV)uNVZB
zEH*&B3oZoZq@V}05f7ZqKB-xZ=?Uxx6O`1_@;T7c0ff2EiHeqATp#Omjl&BccDyJp
zDWJszbkL!}_+?7*j+}|7qmH6nx53nM?H6~gB;l?yAG((Sw6Mhjo>iXgUy#hYFwH{D
z+Q*IQF3}J{4;F52upJs52tbW7*IT#t_K*ON$B`_uzvpoA3`0m@gZ61{&5<GqQ2b!L
zjpsMw0lGg2=*Q#WJ_FkwRp+Io4rcdpkG?Ih?&VCY405JSuawc}&YSqnRcsgZ-lw%^
z<`jH|{370|HV++vkIgUo>wgQY0}I-J><DE8x4|#alMpt8rD{Q<4BTN4FEs9z1BrP<
zl#;(;k-*FR4$AY_eozkX+H3FR1pvwe9T+*~9-r8|en$_&Ie0kF1)&|_rE(J&3zkt&
z8TRDBu5kZ;AHrh4CS^v58PnGH+Ui)&2<{=*<4pJjfK7uAr?M=W%~CbW`FAjm0UC9T
zDo%75QbFAl8r>?Bhg%a1Us8X@J#_m6!zwCbqpdkH{A7YfiiSmN2GNcd?YrAO5scp`
z9c**Zh0`WlDfra{S<hu70J3qxU~wJ+XzfwieO-t$MSpc5R0gJSprC%Yc`dc<TC9mx
zFym&*bRGU=^DsUnuxR*ZM2HJ>Iv<O0+|U9b@YSzuFqEt!O<^NQ>PmsD^dygh-_)Z&
z1x^V{-oU<Sr0T@X@ZxlDgHB}?s8cyKAcr3_v*s?>#I1Nk8!n<F52bb&>-qS2UMORJ
z?yr&$!8`F<H_PDXuIqCOMOxn0Kb{!Nm7f^kphb`bL|1r-WD#5?{U7xNpNVu*Z;(h0
zFr6Tu1mY^eaI#}3Pm6B3^L#rktaWaB{w82xD9%nsnE#{?pA7U=V$uYfxKp&T=CMBE
z?i0aT=*-VwE12z9=Dy`E$d!ndw%tj={9-DajL>_5c*Jg5<iz;w$K=1ZHoV>$F4L9E
zeZPaMCmV6}ruvx2Lo;bf-`ENxs-9NTKBMBR%x3B`H?Q`<I1GCN4d=?=p)WrSg^lik
z^*$iuOD3P+e51f=g_gWP;vQ9crKq<s(0=$_gT?xZ!r(078-!A+4Xt5hC7Qn+#r$i_
zbhn7=;a$J?-f!Yj*<b!Q;8bYg2f%I6pcMW1oUpL)51S8*?%Ze$6Xfyu3&3H&35Tux
z^$;@e=Uo5S=$~ZFRr4NikNm@+MHi+{e@65Ls_d<|s{#1OEVH<jm)`_ENSl0Vi(>A!
zXNj{Rj&7EOJ(@z{r{6UKu#9V)ZdmcV?OwW2mjq}eL}<Jp$lQYXmOdlCKM!C-3m0@e
zo8^tCbj4|&`RN#SAm#~~%o|md#9K+@I^#Cm_0tNbTt3F8`6WoC56<<EybGnbi}7Nl
zmWM@k=Zq#)L%gavE~3nHa*21k=+%+7C|l#Z7;asH9q*d;#8HoO*Y?@YYw4>m1^`8<
zRbK%?&U|v+3gUPL;~o>25La&E<5MK)w>}rNB)7r}*=Un@EYY_DgYE@#_n#4VHqF=b
z)p>aiNUANI*{@?;=+$CLYB}^g-^kn+FsiL)t58f(4jAcSgb?k5xL7~eH8RM!lIa^v
zpxOexQ4F@WgJGhKI%L|h5d=VV4<~_uQQx85W`d#FF2vGJ53d$`5@zUE6c!=XOk=f5
zhx<_v#m3mmsoN76fYJ%j@j|bXc(X?|OrYM#fBYVSF`>(W#aspIS;lIJ4_n~URAp2g
zc2M?o;BfV6cTawdv{wu0>7Cchs+I{Qs^KN=#kR0lo#;%>gH^|lkA}_vF^^MqIoT=}
z9&qnub}MxitCftf%Bh|$C}}{G6jLOI3hV_j5nk0;#Bok~$psk8251;oe!VL$V$LT^
z7Pon=b{(j2Vs5LOzdip_Hc+{8K^Zk^!oYZxien;n)hF7KR&jZes^+L@z8D_$#A`1>
zggCg)zA2@+m+sw{<bpk^*8!g`WZqDH@+i%$$zkN_R&C<B*elx{+06ET8+iX=4#&`w
zF&pZNzV`=ys(cpqI7g0+_6I`|c+{?YbHSqe{}m99@V@;LqL>chlVakavWnho^xUJF
zryRjhr3I&$Jh5KsJ|+E;1cv0><4f$K@(%#;-{u&2F5f~lVX#!9Ls^N8;_Yu=+U1>a
za>k=1xwC_|!tAL9_zpkav=0W$$z<iRx^zjwxTTU`L8)kR;T=9!loXqTS?D-u>E>WD
z#D?VU62vU<LKZdOq^E>xo#Q@D^E`YVw7<Yz66|G!l<^3(7~!5Ei}%kax(}()WsoL?
zl@FGG<qHR?0QkiaEeR**-b=K`{{%+<X{#)!RzZ}{T>`mP@+%XaS${2}Nk=n~9>?b}
zsbVK4X1iOuICjZJ`sHhnq0t5@U-AR5e*2Dcr@kQD%Bu^qO5&jr4z}*kN}Fq0BQ{dA
zzU=l56h}Nf96c|rdoEkW%-lANu*E$oK?kkAiB!9}KVN`DKjg7NZPm{whdekb5ww71
zR+{>Pmn9d9#69aKiSJMmXDFe%%XDSaS7NiOE2YNt?G=!oVw|!%UA3QgN1NQ7aFTNJ
z+dNq>7T4*UaYl${G@6!jVm57fHc3h$_WH}<ib3%PrK(oTmjt4JiLs^wlAv`?%v{_V
zr~L;h;WN!XdC|y^k@d4JuC_IUgc2}bvLD!}W5YZJ+A|o`dIl-mk_IwBgO`ocUF&UL
zo)C<?({C&N_^3JbSWLt<8?^E#O$N(A;gCF97c-Qp8GI5+C;vE1!eLB|^G$#prhcyP
zpowErBE_}y3SQ)8^2CvQN=tmkL};TN6x4i{CJ`agDpA}S!ZbC6m(A8GYNYeG+t(ho
z|AaCOo45elk957BGtFtQ0{Sc*j=JkR=V;~X5vrDOBs6O7XTb&Os$ewzFZ+S@%{wRq
z-CmFve45wh*Bdd6y68`%0H{MG7ru;n2oyX>jeI#zuCWqhP+#aR1L?0B@p+Q;DO3UA
z&PS<NS54h8Zqm5ZYTsY{a!Gg-sLqe!6NqqmmU5~3o|Q6>a!(8Mq`IK_uWbKCd1p$t
znBD+dcse`PjqPRt7mNqvk!k18a#=~99GzSi65Jd-C<>O`e)HcEw_6xijOu?5{d<E(
zfsWkA=b*-3xIGngXZ(Lb$+rL~pb2M8g=+lDR%hWR9XGf)z`H{KTmQ!vcgoh~|CkCu
zb^{(_mRoZKdaM!;&j4HCc6SG>(AQ(;q~a6i!FxrUm#m5iu79*DkT&N;3?CK)abO(P
z<OTzO?7(e;`hpLbI)Gl}phP&l(t)l*O@i`KC(Oh5H^!b)CFp>8BUOt18|Fju7UVlL
zIEfaD4jLqY;azz^e_R!6aKuz+&bs;_7NBm3)|8fE`~n|f!B8-^u+Le<R?GKCL?$xT
z?LUND#Q^v9ph0FFxy*`=w(SB{C}<{h&}<Na8=P{+H>%tY%S4K$wTRGi1zu&vs2y!7
z#~ntr4ZpL=)-A`Spcc+Fa{2;ZZ_#G^VZ+9y!_Y!V1s<@?W!Nu3^?*FmB$L7Eu)ZKF
z>JQb)Ku^k)$LyNVK1|@YhFqId3PMqd_39eq`98PhKbSEHcq{7_eqkLnmR}iVv-cJ}
zNUGiVn}~qc{&C0xIcs&qm>{Wj9EUVJ2&kovG&QH#^X6~>+LrSeC~5ebH)G-sVIsPQ
zWoWrpoG7gdv_ceoYawRJD9o|5t;eXz_ZjrX?GLNGP8%u)HtjI-BLGQzw<F#DF>#{<
zhCon^q1oS}Z_ekz?&iVXphkMxTYB@j*qJs<MZABWBt!cWTfP7OvDu8YC_qmulVBZW
zJT8U2PJC-syZmeaLX3eNIj)GkCf<Aot0+MZDNI%k)}GD2IX0XGayz#0u&{6)wB>wz
zb77OHcFB2}bqJ~?+>doAk?iOA1ssEzY+z_;`1BmqTE874n)x5{Lz@yy&{1K0I!G~@
z2Y^P~U(%r5lfC^Uv)*O7)5UyuHOLxO?)F_6ZGq6P;ZWy1ofl}Lok~;7i3nwlwo^b9
z`fWR9gA7Irl6V&)$Eeu7&I}Z)Q8$O;wloxUIVj?do%hOy{PAh!Yn^^{(6x&<?$1eD
z?GFg;bOt%4(iQg-Iz+XB=v`eH6FL<Zup&Ud9q+Q%f=@~;zG#tu0P>)008)NN&3Yap
zy#NSTX1~Lvw6lF9J8rH6SOfvZ1zKCuijM#7`k60593>te)pQV41Mxg=?r&uqOaaVm
zX(%)#-2?6E#7+f8f<^HkdnJAsdiHP#$_Id~V#P3^=+HzYf-H(Lp#eC@eDzpQ2Mc|D
zRdbhzZ&&{MoCwrRebzcCnu#&fa3;W>fEkrQ$;VYMf@JNhr4eXi2UbtNRuEBbCR?5W
zxavU94M4zcWh)*SnSDHAa8ccn6N~Y^NYFCR#jpTrL!J~-T*6pHJE~O>)Alp~=`7Ud
zc%MGJt=wk_12a4xQ9*sIuTk$;MK1mG!wn>UB_r67;N*=I@l~Hl3<*#&{mhwB*wH!x
zLYnES&TD6~ysFzY#ECBqj5Q~(&yI~-6<h%fk8ijE>~TZTI27MD#BrEjFam~*fkwWT
z`KWMOz^fk6DE}p^?iUlYmJ3F|;R1|3<MNZAk0K295o3uVNv8m7oZE$^4lhvYoj2wb
zs)0#8Sp($?PIwxoD@=4UuAPatUDWH&Ff*~scQe7H<U2mU)OY96suB%77Puos&DKyz
z^YF*Wl1cyp*cgu!J9Vla(&bsLdwhJ#*JA?((0^J{{SHZ<WAyEQrCe0Kq?c;Hbf8^B
zaur%biI#N9<D&U5>)xNz*E+HYR5X)}p}mJ=05jy%Frl7Tz%d33DmSNaVbgFNDB1DO
z+2B)J=I^w{4(+lV)u5jWeX!6USS#jW1OPTiAo7=)Ms*-!5wdMj98~q<4drM~x6)T9
zpeVH=;v#ZCro}3(&7i-d%|nBp8VY5Z(&y4jt%0#_%h=2po}}uT)`1KY&X+-tF%Xb!
zJ&bDT$kGl@kvZehV7(ZVQA{&g!+N@1F^eGPp-DcAi4fCW2gtd6;|Dyphi>#Xn)d#D
zS0Ov&+wnW<Q%WPtI8;H2IdqD%-bT#!fy^a^IiZU8U;5LqJ*6%y2nT&|@t3?dSS#CV
zHk1zmJgG1t;i7dc$dg_!WUiuy{4UJ$d)%(~r(!uN0hH`%kze;=_WA4>iE$1OD;fSq
ztRUn4&DN%S{H73)NsN$5;-bOwr5-}zykoqI57!+kGTuuA&4b@~z*w(Pz62O<3{F4&
zaK0_AaBhP+x-l2=ctbyF();7HNf0`ZwSOL7iLtK1gExV;a&#0sP^o0?T_S;$S-;~K
zVrA;H4yp^&Awt@VU5Vuqz9+nI=q|TECgnNw07cNXec+<gDt^5jxkgSeIH<Um7u4f9
zI8jD-7JdtIPrrSEvW(A&Q~bU)>LAO#4c3T*dphAs4o)@!HE*aY#Qqs<^W*2!W>6U4
z02-G;Hr}^j`4QB)a~bq@G7DBfhTC<cw|EbrzTjuAwe^&IgW7Lyz?jb;!~)Qw59^Xc
zHPTH-Wm8}P*17|=24Vs~23xtCF>7O?5%mOKSe_A&g#v%v<DR8EW320VTlJzf+z+u2
z;~#Gs$H&uxg1k)t1OgNfGK$Sk5XBuXCOeW3qPTNDo-*oW^V$<?76mf_Z`j$8mZ?r^
z<rqhLk9gS`XdQ(L^<twPw@pvrg!D@Xo>~r$O6#5}akASf>1k)4EaG|F;yAyecMW+C
zS_&^yzPkr|OWj5{d?wXpt&K(1GF5J-pfWC8MH*#h57h1oxe+99!_N^WcoSOVe!Hzv
z>W)xC<y1!rD1K<#TbmKD!h7=exOZdA=fD(POH2GU+lKeJq27g&g7!btp{E{gy*5rU
z+1P@A=4_01N+qrihRTMPDPSUtZDMqd^JP`Ta4fVj2gSsi3p`pNJqwEM`SszF4Oh^X
zI)DaG5~jgBuSonVXMpkH=(%1~0NukQG(GE&gr8#Zmv|Ied5(*hv|M$yEw0@*vf>C!
zk|{baG66+ba3v3VVc(Zi*foQ25$vZ%hO$1J@AD^i1o!x-P^jBo=m-fcb}T3m1T}Q9
zEN)sA+(r+#mmGomkHH`4VnA{eRN~oxpmGz)LBc<ue*qD#@IZVOOM|S9U0{p<j%a1e
zgf?SgSSkAZ^+EQ=#|v4(+*PQz>l3K+f!3-Pr$RB{B`yIMT{RnX{$29Vwv#Qu87xZ1
zlu}TIeuYp|Jk*T^<jvloZJTQW!_vX7)(dSd#)K9@gW9_MVq6e<j5GqLJr8|Dk7XNq
z8pzdZ?qL@(9=frg73&aY#<ddfgXfFesmq(mJY85}&~wGdwk1GmA_CuO7}KqecuEW*
z)|aZuosb{nre_YT;(H2w@&-Gl?Zn6LH{^upc|m4=<12biRI&7<)p8>Y`w-l)9F?W4
zx9Ew0yy0p57X#@pS+PfAsFCuTTwz3&&J*gV)skp`+RcyS*Y3-?#+B9u0}W<uSE$>^
zmxfgSKGLTV)1zw*fu?D>o^hpK>BkO0hEx&bIb{@WJ=U_^*uR}Ps`RA2{zg{yt0rT<
zU}Am1=c@?cf`Pyt3FEqYgp<g`=$*FY&&U8qey8-x*k_@ioA`cL934Kl3%d1oVhnK~
zN<PMVEp3S6I~U_sa6c7yLA^PehZYO+wW$cPRv;K5o94%8jrq_z^uJpB4ydTIblsi~
zYGW%Z3JL<<CKN1DkwS8-1O*fYi6x-KA`}QnPGdkMw;~`Q(1L)35|QGNp_K-jY)P&n
z2uP45IfwV}Q=mO_=iPPhTW{9tDNhwA?fvKQ{WW>^i)7_k@4P;`GkV=uHT0$=v*4zE
zMw{aSJ`RS;wTe&z6%!ajkV^Ud)cyLBjvWkz20D{tn!-@%3K$CA_+=<G6bZUVJ2Ysm
z=sbmIWg0PdG~ZUPD>0F=sfw1APF#b&GnFSzyjyHJrM-{JogF;l&l(CXzCIMX2_FjG
zn))<T(FoEDH-4)(qt-<g*)v0K)Q1nYr*WJ|z17!W#ZlZ8?IJC-I<All`G<7NRXW9u
z^co#-MxrDsk_OL`NjoS*dAk*>U_cdOi7nbRN~@vasD>=j&WuGT-*KTr6~qL%WAtw%
zeP&gT=^Zf%$^MC9yzzd6Ja81wN9g~)ifUYv<M!y^B>7iqkN>>;FY;!7w$XFMic^cD
zCJ1W=DhK`xEQP@Lg-Fcf%!HnK4TJ!9*S<U^gx;A!UwyO<2vvr&@j`CF@yvXG{Z??j
z?)s{G%q&1^k)TV{@XWHS${|W2cWy%*WhkBkutzr1^soX|C%UHBhj-O&8}cY2iGS*f
zk;ZcI*#7Q+LSz5d#>OXBBrn=@O5lBjZS)9O8Zl;=mOw%VK%A8w)fJcF3BPtCtu1r>
zw*mjT_c!b_sZ4X|lk&$~`3-Am@zSj!tJi#)&3ThxGc8<<H-9_8e3kX8gf9I4^@pfz
z7@-P0mPXEhwa#E(t}DaYG4rue4r7|H|40!dCKh!!KDu(e(I#F=*;v!$Tj2~(-Oo{J
zlqQQrZfQbcsBK+SUS+=7!c67o#(7hcwfSUJlTG^3Ia4XOB^WgW%lz#+ceO01*I8Fe
zTrWI3(e#f=!_=%v3n6O!jg&M5ViPH1k!2Giu<w*0)g<~9ar=|JbDGK~?IMNjLv2=<
zcoV(qjr*WHW)i>VcThGi?VL*FdHf=TKFDpdkX8Y<Bc>-Zp~jOOP(WnBu#3(P51Pqx
z;z%4}k@XyL@}!JlbAQ4-7<m(d$#k+mGV(H&GTbYk_DbYr(VG?{u(IWzXJKIA=PC&7
z0~<n)q?L4`i9M|D0aj^iI!^ZI4Q*uH+&pQtxrVQ@@X+}r$S%&zy)hGad*oGDZNy+$
zV|OzZNynbNhhf_+J)KvC$vgZaY&$|*@cm81s7A^nZ8o7!k6eA-B%1%7-JEVYz3H^%
zvt9;PA#LtdHwQ32x%JQ?=~WLlXQWy1%*yv_xM=C3o8A(AKNOQ}#JH9O`}Q*<;M;&O
ze<u_;K=R(3C%-550E)41fbtJKr?sZMe*JQUvzZ^)zv93AKeAOz3^^a6C`Nq-T#ODT
zqD^e8(`ef~G&9!Ksi;2P%N~2i#jv{(!7tYE^(15r?3Yyy^3jqhSm`o&LxP5*pBZ-E
z*Pfhq=mxyAxi^zu2(OTVT)fcz1$|wi?CD-}TANlmJ4SHA=S+00)qBd8I|juCSEVS6
zn^xJnI`=L4Ke0n11WUa6tH!757TJ|PzO1V+wy(&)E%q;IN2@{D(PxJ;rCxK^53l|)
z-rm2${Me8)kFT3h@k-NtY=FBWAK1cP(PK6^M)~dma=vX(88~!?4He+Z0sARc?e6M4
zyrc{e_+VRtzxQkuU>Q~GCgK38<5+qv`>vymID*Zsbl3ccTY_FWd$=w<7n221`759n
zcJUo!Zz{oB#0+9$*xQL%de36{$rs`Dro7%QQ<|#8_o?Gh4FGeHX3-hj;&Dv!p5W=D
zM*#&j?ixwajiN!L^eecE#yGote*5;$+TV?UWMnTMqv~svzN@|_YRhe4{9HTv1iMy5
zj$pImt<^zkpF~Ts+Q5KA;fE}<#S+ISMmzI*)5J4dR5P*Sn836`W$E2(a6Hbd@L~%`
zzvKvumK(f3^DcO~dHq|{^a365rNSI4UTo^gHfxhLdUSM#VrWTswLX&JGrrNW=%MkT
z$!E22gmGy;xMYs-!OwIeq#GZoK0_+jHIK-sP6t03b}hi|(2nB)$AdMNu}MOC(M21A
zWzj2r-CUj{2|-N%#3n(v_txQ0{UNKq`_G6kElGA0Z`os373!K4s(Sx?P~+pkOX+PW
zYd-os$Sw8CQ>vSO8hNw8{C#x~1Qx!*gOegHo;VWiWCq?%q5c8+|I{;G+SGFCh8e^2
z*2f{6!sYwx8)0t#31Sa!w_LER(WkV|8+}rjJ}VocSrcExh<W{+EoVOjs5~B!s!mWu
z#>uI}H^8wJQ_Cg6<g%@ayYlyTNp;@D($_9VaE~*|xx_S(oi2~EH4mt~V=k)0ZKfVH
zqP%y3lN4?R_-Z;*753srC&EeReF;f3uQFtN`#!x4oRl^zi+tA9rO-55YppmZ#w}FX
z7t#Z7_8m9nO+uB;@~x?S8G)1!J+b<83#DSU>ojT&*x_-v3KlDfMw1G2%|EUxbQx44
zDE;F(bk1twYF^h7Tgugz@rKmk8a<b0N%RXuJPI6K`o_b(4g|BE=964tx6zM*0tCcj
zrrF-}#G&Wjy1Ta6TlwKK=>1y>^V5!k?qvzr88h2gcD*h3)_|nyZE_W7kRyAnlFSuu
zubD=Hw+>DviUQN^b4?<vlU1rxE74}FDf~_{U)cO+AMS`zf4NpX0%cJ@#fEQ_8Gik_
zEZ9qAmwxP6@p8^&mneI>yYq5k9lUrP#YfWF^+bV8msjCVB&eZi0BM_b=yRwoKr#`2
z0e=S!VEh1ge((d3gRBE29suFc5ug-J{_19j8bgSP!4Rf`8K^x0kVmMQE+E=Uxyz*$
ziy}LnZ94^$uMof*LCGDpp5&fj!ZBSh1g)?JWsc{uz-Pdp3DP=9JhN&Wk!vAGQZ2{j
zi5eH_a3D3T9Gd2EV}>NFfUpw=mo6`oh(*12Wr^UK#WB+nxWd}Spye<@(wv-kO+Sa&
ze1Ucl%0N*aE?ks(NS?WL^Drvl@wLk%7T74jEm@akk0-E2+ff=$3i%~11O{$kn=}I_
zvCDg)43bEFj`tsVa9aPgMeK19)<h|@Ngh=dWyJaBHMV39SF|To?xv2a^{zmrC3+7!
zwm+UA7~{;-IQhbJRohL2B=}G+YvfNcwN(iS+B2&G*LUX)seMCEsc98N$Neku0n$4`
z#{Wti*&7_~yb7V7aiK+F@9-B<<I!ebi^ZOz)4kuV=0ZiFV0mmQmstHCt%&P9)OL|9
zN1e{v(K0skoyMUAfjELw6eV1d$1?hpd|gY-bIi(RC)y|8;m=-^`XFdUR}ANbmK{|{
zcH*yd87+H5&suO$0(C7kwUlWl)|o?O<>mAEQek&B!WF&jtYiu<w+DQ33XgH=l{*uz
zNZKl_T>VniKgqR0*WwNBV5ptxaAJQ{O@m`1HIrj|HGZywC2iy*)E6Gg;||r#eW0s(
zw(;A;w%_QK)5D5PNl`|OiMuBS7%BF*#|1284qyeOs5*p*4x5k31Y%R)npjAmC^U|c
zNf*()L;=LrD`I&<LW~J)4>O~$H9n%=G*GlH%yNe4m6hQEW!|h6Zz^Wh%!0Lx2Xk?v
ztwB4BqMBc*?8`sUHUYsyRM63|8$nRPF#EY_OI1Id8o)UP{Vcw^FomKT54p_}Roe?(
z>N{cnE<_h_PZV|;+P)CQu784i`t{2%2j2kMtsNlUymml5h#*Nae$siH1ZfduY*4q+
z9fz8zzVGJ{deB4e^ox6EZ;zup0MMf*AQ21kqL}WD=Vj{UID-7YFbfoAuvizo1Y`q!
zSq$dZ01RRymGueHMIm^Ffy^3{Fe8y=jw|E@YyL=>$${{$G6Cw%#v_ixfU(gyV-A&*
zm1oNVD68Nm<>gI!Q>mu{i7b<kZUc-wtw*b2_qn6<q&52RBg>LSQ&+&xEr?}p%7QfG
z{{2Vo9M(TkPCX8KR(VxNT(oCbenyyFBcEU2AA;F+5Fs{IAN8<{NvK*5=u~U>Axi$1
z&+Z1QoO?DFb<n`{t7qkx3i$P7(}#<9>c?4^ImIlG6qcwP$c)8ipJoV(tFebKG*|3a
zQn}bTDU{K@$2zU;nXXh8Rem<j=D;qB&g=!N<3-;MG3p#i=Z$sBE@3Nbz7whK`c!HB
z1xdy8T?1|qUum54?@9;29u2?ec@w+6FCDyie<GaMQr1u4YR3fGYEOnqBDGiM)0X>0
zKL-tg#oQUrrk08@hq@Paac+t0jON+!8Q>P#%$rms7?J*Wdl^4QwRXKXp_RtOolJ2W
zx+N>w`nD{N;IO`Y6jhqWka1D#KI(~v7f-2?=FAq)m$^TPtg}N9HkI{mBA#j|r!^Jd
zX2c-wrp$-`@adK;)8?1{ZH30SH9Yg@>>K$satqE+w>2`{W7hVCqDa$VB#1{m*5#w>
zm0`A{#z#$F*YdS%)3Tm^iWqMZoe{CwToYOk4CPX9nqeU5cH7y?U@B|v^gTEk{SO88
z8tpN+(}|iA;|NmZA$Pn0%oIcv38J_?*S^0pRLK6fgQvh}T+<C;rhL^m|3UBI0}WVz
zffUByl+fA%Y!wvrxw*Kwn44E@l%NDcR^{h{4=8=Pbt6uj4j(~1K9%rt#iOKcn~hW#
zr>3ZTiX~<;$L{b)?T&u3*9`!#LG|}ix8k&3<+!{sU6K4gGhJrf$)}js|KXSssSL6m
z_58f^3%>8i0Up&Y`z|aJ07&({EO5KkJ^xu|w$oUBdl|A-f_ayHpdzqDB5PI(e?Mwp
z_UEGI>eN;4vuB_>x6NyA)K^5{7EAUJCKlPbf&+N3p7$QX>id;I;*8g#N2mM_hVYnY
z_s8*c8IN!&!Qr`i|8q90Glb9XNT6+yV1RYMP~O?LKY-2Copf6G&HQu3DqE~+Af+Y&
z8o9{-2_D1}Czj2OOj$2}8gLTUBeo)rX8x`K<@s)_3-8Z)>_JJ84d$;$AlqZy{qc#I
zEP84%mAX=_mYoBG{}F&42YbXrAM#81_ctaEsdNqhPG(Bm5wc9Vts{8$@J7CD-(57?
zOy0~Ty_H|HYndHxLh77r9iJ@$AiEPMPSAtrA4w!q@*0j}3(fhgvcbVUT9#Rr-z`pm
zlLIBs`LAAmSU;~nykDLfSrtFMctFXz?hUz;Fhh|IG}ycR1`y;6R?h%U4e^92+Q(CF
zIsf9R`Ki_qOA3<3a&iXnD=>dnV1A77wUJ%Sg$@X4*7#m$Mg_1WJ*Cq|62{lY8KE`a
z7C+KH+wr3ov(uNZDL(l-fQ&#<{n*1@c*X_YhUXo5bNFwYxE{5f;A#$Rmk~QD!Wm^g
zw3w-g3P2Hzb05B2zs6Iq&F@bAEL&{WuitUhK_$u`4?K~)6iDZ9YaLQ}n?&-%-Uf|z
zy?RD1oWw6ZK;8`Wvk2y-FJ>5YGx0q5V+fR<_3IRQb4P*HWU7%Y?+aD$!Ei&#6E0RJ
zCZ$Y1T*YWkb}UIkE@2tDcY?c&mnJuN{$y{35|c43(m!~VK)Co+VjQk8RPLWW@?`tV
z(e1UnwwUo1*nV<Ijl&feX7y}`%-n~&H|gyh9O*$pvRpEsCje@H!E$LNM0I6WQDAlc
zFZKoNx>(t9<D5IzIees?JRf^`^a4<n`D3abB;2|<D*G2|#I_dg(T_E%&-BRd*Gku)
zj@Zb$!<p?J;$71}e%>ei1O5f*N}MlPAYte->#WZT0U(CQtufq4#dSFz^g^u-_^YF8
zC8XXobI1TsKC^eZ2P8{Zh<)KI(iQ+XD$j(e0t3DVv+YT>?8B#JR@CNb*FJmUCldjn
zyJ5V1W^bFxROxPBuS;MV;0oLnWpmdp2V4@YHIU*qBgi-OOvqZG;wp2ik+tzvQ2c98
zL=?gVjXcSBnS0iY{q(FX_8SdB{BiC2m;;@7D*C6aZ8xFrRqS;#tJt0M(A9>>nk1B-
zhHGD>jkJ;d^ZFTMmsK&&II30@<2+3V+Vk;MqLeF;PSp_gEb>2SlZY2po?Q$VoV3p<
zY1ZY^=8)e-eOflUO*$nnx>_gi)p+hhwdr3PN3usREQO_+U8{rQIM(|Q%=~1)maeK=
z#>FRzr<Z~!_u1}*D$hR!FLI_QXs3#rHa`-fWZd)HmyCU6xR=e)n{;*eWLhRiU@h50
zoi2Eb$sxvu*3PBD5q)`P_=<y_ay;S6m2vUhrIt#6ER16(c!$jSVh}%NnI9FH8yxjn
ztAL$pDzA!{4#2k5&<@TBW<hl?%MJOClQLgEF)P8~uF&wZDyM56!OF5t*M5XS1X&l-
zv=`(wc6vnR>^wg_mOiaWs?|v#Xn<j_F}f!hBSz%Bget<dMclR0owvu#FwyL<NDA$C
z1g5mfR0R{oWHDjE%(h;7OG&?isbSrFZ6b`dz7;JgjBhQNj67p?eAEM4X@NvSC<Kjg
z1p=mBlOC<q^aGl$!7{H{vo-SS{ZX?ZPCHl?+Q6@51jLDVZnEs7kvTGt^!O0Mxmz&Y
z%kOnzeK7(sNcLaLwKEBl$pGnB6O1dB4JX#<8>e%i31nTay&1%^aWX+MZG_;<^5s~e
zPSpOzvM$l&Dx7NZNHTx{@FO=&y<aspM#g-q^t6-hAPPdQ;uocS0OY3YOX&t~6HtZ6
z<8eYi#`(?0vi<1IFc>d@1S{ykcwv-XM}0H+6QQyRWYwZr?;5irK3?O7pKuyk@1A54
zuc90ixpIwb;obG6{3oiNb?^iP%C%R7w?&K&1>1TwUh&l%&ifri%JgGpZ(11`D3Ycq
zRu69hqU8id`%*NncnHt$r;BLmBG(Y-UuNI@#7g#CgrA!0B|aPaozwKV3d#Ivlkt_`
z2-U+c!*xbxUVOCh(9A7d8FTIWa#oAMLi?zf+hl%SAxFpA_5d3hk55Cz5>5S8@qw3_
zS!Pg`z-d7btWPNO0MPgWW*;wic6sqG*1ltB8GE2r{7|)_h#6!IJ=iRUt<hTHgg_jZ
zyJrzndXBJ%68IxFrGn3WM$UH}Wpf>0ptZ_V?RR(pbZzypnMeHePn*V>selF(Bh4@q
z_zkt3;@4Vmf8H#uUQWxsw7y=uuG6j+pjJA3$4S4)M$jA^*<qVl6oNXXZlm&RNE)!H
z6_$3*Zcm0OjbmB9J-_@AP_!E&jzi7qZk_w^jXy(ES-lL+aYz_Ln&3ZLU;m3Q@dO@j
zv>_&8#a!_S2I~M;ilrL9cue@8;qMH;{Ac%R-Hk#+qtLsv&RzffmoL8_fPi0P4m>r&
zIskgZX&BAkLaT!xFb_eyRuj|?j5RTBo&w`owLSqm(%RbE#iccBFaB)UeSm7a=X(0Y
z_#o;9QB*AQghY2Bfyc{fPB}P03Mz=&{;U{>2_1#@{XtHW_<9mbn8hBD$|t|@k>2RE
zhj|*6cmx+O#lQcQ@$Oy67)xs=0)T+ek1$d3^noXSB1N_XndvG4?sK1uXV=ub{M(al
z9~+#tqv|in^LQ;c@COI*zhCniDgizj57Yj#%Q1P%`BQ0>n2l>cvRR4H-UUTQ{i;&A
zC1=gn%hm@j%{dgoyp2P3D$eVF#%b~MsW(`nhDo)P{pogK-3$U0)Sa>?%*Pk;{*rc1
z-)$1V;O}&d)oR4N@(T_t`;YA7nQk6$n%$jWSF@mLH|G0cA7`???(N@NqS00`|HZJX
z+rnkUj1kA6(pAs;7vYq%G>7c*Zxu+V_unWu)mMqX%@#5(^irVDkdjr^Ddw%@5nVG%
zD^21C=cufh8k>JiV@X4|(~AU+_zd0fYa)FgcWi!5RfX}KY5A1tP4;m&OdA&YVXrV4
z01&%3ie30>cu$1ZrTZZq*?F=%%AaOQN>D(YoHWzaQNEa{W^w4~IK?iJFcbf0S;<I!
z!a$gUOqtkw)A_6-EfOyU?@FU@ti1y(*(A&7YJ03erjXm~#8T+D@}vdDP;rbN5Rn@w
zN6Ob$Y1THp+v=9pNavL45_CVAJd4}a9zB8HQC+1jaZ_iW*bUh&^<?5+>}Hyjgs$Fq
z7Xv=21;-I=@0_g_0bG$GeToCkTlMbphr8@7tCvR(hRhgv^{HmVDCz2wrA&bmA|;Wk
zW)w((_LII8e#9(T7IF<%Cf%@K&ZO9DWeob=IkG^UWaAZw;Ohs5Ymj-AuOg}UuUu!E
zsF>OV|H48|3FxrvzPK64pZPP}M$D&#nVo$0r0RRCTxs2R)w-7`M|H56eUUtr>68A_
z$Nfs}mU}o%4cS$!Wi8X)596Le93>T6kKEFxbaOU537$JTx7)L~T<c}ETRB=SV$NB%
zdp}>6m*+zzHa!BWIj@f)ZukyHBz>A{alB^OJa9{Da<JHQ?9F0FD&m1Hc{iOGEd>l(
z@23uP^9C3cOtIVO#f%^O0c2a?Up}iVi|;61WT%H$Umz1#TGqa4kpppM<Xd+VSkgv{
zt8X5YwwFOz$J2c2FSp4RHl%an<xdw;0LowB5+6HP=W2e5!C-ycJdB)KnF#mlNRs4#
z>97P-kobAMMyIAKkVI5P&#&+jaOb>(l_Nm}#L0RrR(u*;5w{yQHW*$0*g~=?&L}7t
z_Sl3JpyV~@{(G~k&Ri}>ketJn0Ft6C9S&imuV13g!v6xjE-MuU7x;3(GDy)cO~UT_
zi%{xwN9Kxzcm{0MGBOp)ScWcyf>2P1&Si9KDYv)Rgk|Wm6f>%CL?~(KE}*P&oq^KF
zNE6^`TlB<n)bw}?u7%HMunbz<w)j$F%Tgc!Z4+9iS=Gyc?CfLPDm*Ov{$<N@`HW~b
z=Q7Q6wQS^EeJ`F%z14#{VNgITkZ+!8W?Hh?FHrt+uT)`6&0Moq=R7@~9ZGBi@4r-1
z&=?|&#8K6(rdN0(BT`Kac2atcnJk?=;4Lh@V(Pp)W#QiYhn~mDdd@}!EZd?=vZ)Bh
zZgpuKYEiJ{F_)3Umrfzwy(gk`#v*ZKBMhQWHDaV>8jd?uHxNeRsRfaHL*0-H1xU`l
zm*ieFXxrVOIV$&y0Opni%dLo`0D$G{9M)iG(SdT2XsP6weR8BFIl6^uR>vdl<Gf6+
z&}$v7@qsa@&7KueL?IGn=B%BtZVcfQ>k)b5IvXwZmu*-#n6^>2Jp1O*!2SeZB%4=}
zxpe{`nDB)XkV;#pm9Jmoit^uS1%FzcaKH>e2Y}4%KJ%guJO|hVnFm;DY3aY%anCYY
z&JwC2z_XkvR)}8(S(PjbWEpV~@E0?J=Dmqq7vMF}+X|IIiv)=Pz$I3(@C70*%|FR7
zGtfAZwQT4TtOX*9Ga!st*$a{OPmhEG8=KY8M9ys#tJgMClgzP|`HBpojjF<qA}iC4
zPM%|JUA#9{NQD)H9!*CvJ=U6HH3rKQYU@-WX^}`dB#5=_gEA<%b0B4+>}^e~qcjdR
z0%SGv3Z~+=LB%#SVxixo4WThkQ%8z&i)Hk{qc(7CpQ#Z$)}cA?>iNRX=h>$|`F8Z?
zsJeHgILF!~na1hZsF~VEkWfU53cWHUCRk5H@AL5g`VHFObzb`SRjWZiZlnCx4|TR2
z3FAL5$bI_wCrVio(3S8^3m*RZTL1KKMR%lNG!#0b#%Xbe@|l8Yh~xwAg8N*TPyewZ
zas9}jnm@Wz+$a7@HG_Py5eNP2>}nzBRQ4cMk3n^SyyfEJ<Sf{U9wnMB_c+m|uOd9L
zX!&ES?CN~!m|U4=&{*VJj`^1*l5;kDkPqM-#q%!@h!xM*BqSV6hy9f!N#3yNANCeI
zdkheAUB+o6`<I07dHIhC8&*<o0_uX-COUN2dknwX$Ug<Rx4+U%HgCKd7#j(Yyykz)
zE^koMKG2?NRwp1c?i&%YhjnS!Aj-sWX}XN<r31TeF4gq(E1A_s+3=hKfQG*z+QKu`
zdy93f_?T5^>~dO5J<F2cT6`*;?XU#YTA<TDfGh?Kt33^TdAG>PQZ6)hN6{r7Z?7XZ
zE4QQVn8jYjfC9VWE+55AxZ1rZocCfT0_O=EGIF$rKoCIaEC{`O6CW2iJLt{k-<(t%
zGuy}CawHqaD)?0lV0H0C_V&@PiR-*_0IG1Z;p`uJ5qS+B{&K(ML@#H*B>U^%Td?8f
z%PGk2ArDogySOhkpe<khgDvUt{RFjU0Lp#yPX!d6Sm8>NP)bcGT_pYzwQz(HXO4xQ
z+lY-cFNJqLo#r3@2UnQVx$K(ST2}x=I)0PxIG_D_3D7g6tB?0SzBos(d=}p*UlJ;$
z?2F~wSR_nPHpRb_2+hr_Y#(e_k9eSzo?T`WaM7f+>7WtM1u3`Quxg+Fkze;S-peY<
zTP$;3P!%&Z?xgq5S!?N1P7F0yuU=&8t@I275|Ya*d(LI6XG}nXKx8uzMP5W@hV4zg
zb2IAcUKHm%|2>HoqYY8}mBQpgG&ng@9n|ur*?zy(RBgidy{7oRm#%d!dB%ojkLqHE
zlUl-<!+=#(qgk~gpOUQ@v5Um5FTyw(uE<erF3r~b09%|<jTLvIFUB74;+C0F$_Atz
z_5gs(aLbXKn^zRRwTF^%AxFFO6o07h9TlkqS41kh%{xRgz8j}zMSL3&emRQwFXflj
z1_!WS)1%gh8Sj~CDtq{D9{V<$jo%@GxsCEpOaz8u58BPeRoOnD>T`;bVzy6^yA=bk
z4yHv&_+tR>@5`%9jkA_wob-A)#Ua|aU2G?1ys;zblH!)NoH!jgc_0%u^aKS)$9J&D
zL=1MHUTBI*?bx9jVcc{;AOfanq~%<YaZ9+z-PxyUG+Ll%u~8Q;_sptYo|#u??)>3H
zLsa-Nx7GS>K{lJ)`wG67<M~OBMi3U}cbQg6Y8LP}QG6^%&)ySqbGj<mgkLPoR)u8G
zCuIBFt9w)C@VO$$gqo;lzzk7n{Qu~;yl>h-++#}r=wE8(EeGQX<3d&+cUX5#_JBKg
z?z30-TNTm(c6_KW0ZJLS24iEsVMYlRva2phTIFQ%%_l8;X|6QSiK#nHBB$y%d;5<1
z3R{=4?^nKvnGkA;F(ww`;`L2^!}MXY<-B}%IM*fKhnjWy1I-l@HT#w=v4R-O=wBDi
zg0G!EapF@*kGaFgzaAnOE`;?vJO)uq7WSQ+%XsD#!yub~S7_u@OC9-kT3yOu_ggDz
z{<Xr8kWW#&*3LndF{vC$Z{;qfPsH{9wX82ka&4jr#ZgOyY^~mGT9sHo<%oN&hW3Fi
z;T_X}*l}Gzk#u}@Wut15JLVI6;<u%HsiU%wJv@YbrTwrb17l_x0QUlJ#^-2N9uX0d
zF8khdg$P{iRS3*7>=|+5o3FXG{oB&>fnGB1Gl9yP9W!a40FZj6o2z)hfwgoN*}U#9
zDVZTV0;o{W0@X8zi4t6gnAdVa;6Q`;ole5aO5^*8XGwKzi4^`W1CXKjykLB}#OzeP
zY9~Mn<1e^G7SgI!c3!4d^>8HI)OdBXy?u;+!9#3ip|iGgxy5^Rd@k1$DuLD|@tcT^
zR{yL3ef*OWO~ZRA+j}VIex33re#cg)p054$h*w=+i?;nGmVEm2V+(GvnI{ebr61R(
zH#KjK(f=u3b<RNehr1QVNM}Wn@5+pU`!L#?Sw6(_lYf85$;pX8%JWRu{vvL(PnP#x
zX2DjZCgQfR)g(Q{qX2M(ggFb07yZK0ljswVL*buri>g~aWq~Gtp>yzLk9VDA?BUR$
z0@pIg`8SS-bnQ0;kXMLYc|X8HLqmIdlHMl%v|n_l_;gl|_Q13gGQq&waXrn#@NN86
zdbgVyz)c+oKrfc*455asp!ljQLe;fj3Wr`ltTd`37@3b3)x3D|oxc_)*vxu9NNL=-
zV`fLZ#hmD<6}T6<r=bd3tR^<NrV8+w=hxKiQEVPpMK1>7edw4x<a|~rExr&FWU%ej
zh7N_OQ$DOnAM+n{M*yV~RmAIr>~|bq8?caDVK+3cJuWHM_uGFh5Q6AWn@jII`n&wV
z#dQ0s#)F?0T!)^uPFeR`y_!yr4=j&~YwC>N3rM=?{zLI(|5BaqCn*JMBNi5}Q1T9E
z9NV+&#?nl{q8aVVF!Rr*xaqcdU+DnZSCfGU)P>!`AsHxIYZsH@P!-{me$bRL;g~g@
z+|$|go|-2RQ4GCgNE^z=Q!ygrCvPG3aM;H^vnoy(Ogsnv$iwz7I#TaW8C`i&{BY`w
zQKNW@sAKX)S}%buiA~h93aa0Q9bhKgsKt=FK+(nFe%*}~tm=q`LyWkBzhp#T3(&)4
zKHJrt9n8t*E{(8N>z|P$&D7Fb?W!V^anld>jL<L3jOfi^O<Fkia&6MWLzuKctb>bJ
zGe|GnwC5Xvc#wAinFIr)xZJbci*;UuKc_UjQTz8H3(3v`e;cy!yLP#GRt(wyv&u$#
z(*XU?6BHL1%eS_nRRsa^CT~vJUUi$Ibid1PQM*1lOs_t6LGLNH$3B-gq{YsHoo7+q
zI%briedDR$E>#~MoqWmW45`RW5pjUslwh=6T6n}Cv3|urB8Vks!Qehbg?|Ij%K}`(
zW13*&vG{`pxb`zcV!Xw7c6De!SMlprHD}+vJ)JHy*{eh0{onhsJTB%=uhpp8tKMs1
zaU}Y`Ram&r2mE@1Ma9rZ7i11MTZQ6V#2qY@EEG0u4;<)TsR;fR02XkDrC#1YUJ=#!
z&s5KS7Ik*7{Mm*lx`1KuXdea%uw+&D&c`GE5JkoX!jNYqVMS-SV*Bd0g+B%ARrx6H
zZx;aMf4q(y>^1B<Au?<^(l}4d<cslSgZr|AVL!_;Z<h*<4_Xkgg`-+%Hjj}8DP`tG
zpPXK8;v;pF#?zL|S89ps>^9liU+(=T03%;YJ;A{l8=`zqYuK93tIK}hGPB49xJtTq
z0*i2Uo>2!EiN*eouCy#2K0PN|W1ac=ml28agvvkds&<(9(8HE@ez_(ujNlfz!Q+d~
z1!iQ`{<&Z}nK2Y=UiG&}tqsN)4O&M7;==rjE?#3h;P_N$BlKQ5TzncG35BUMlD=3q
z$JT|BxvvXi9MiYQz&{{d{nGW)x}gB!Tw>EXp{PK=R~bd(Sp|-p%J^euzdphnWc4E-
z6&~Fb=6JIH@#Q_5cq!>Ys-DxnsDh)ez+C|d96AIZlk@HSYv&`fFGWk+>`t~_81@Fw
zkL8s@oz%Nx+{ajRQ-IEp-+}fWQ8nw66>&$dAWJ6yT{a^^U`cNlQNSp_vH3^#@48WH
zOud#RutEHe-5xjM5CB+tB$~z2V<y(hOAa%Ff@9gDP6jlztad+!8?vfmzhpSTJ;VtC
zJlr+m55$iL7B12#hBQ41+SM2-hS-(YPFR8NR-@i`|L|o!`cMfuwOPfax>oc~+RC&k
z*fEQ}VHq^%&O`DQKv7Y#mOAOr*QEw^BcL2cRQvzN3plqFPujtAW}6rK1|}?ATs|L?
zk?#;{jprO5JveBLB2^I7>sBC5bxs7TTEiSrO2;Yv?7v+~k0u{-&ZSXfwa)!;=BpI#
z2n8knZJL2t8-F7g8_y)ED+W*t@0(Qq8BKECH)&1fv6>uibjj*_H1w=sx-)C`)xr+Z
zn1fI){>PjM=5kOZ_QlAGfTO32U2;iu9rL=~!Mr^0k3;q>7nrKWCpqq!o=7R8eLgGT
z<5C(&)%gZyOFS2RHXh${Ro&2B)b;$xjD_m+=EIqBgiIU8h_+#z(B!OAH6+4b+5N0L
z{Yf`g!c&>*lj8PzMg((<ThbD?RIdm>JlUAjGWx>>$}eU%EazEztWLPjW;|nloak5c
zOKH;MN3s@sPla_@nJf(cI(qA>DX@_PRqJ|fW^?v$GBHQ_D4%+m+;uGr4Zfru`P`l7
zJA@(@<>u4%n`*Ol+5$vvqqq)ad8aii;)K@3!OWA&yA6F7oRJ}Nyow}?C`&n#y=Gdj
zQcf~GY*xwo0OO>i%<>MC0`4I{Z2dIN4`fR*?+{*!?~w$Ut<&`6EJ>0f82COX;cf(W
zm8jupY9CMN4{f_nOK>VOvCW)r)V85z709smai1cIQhR77cJlDIf}M`eDkRN=AN7ts
z7oclK>>HF~aQ_f-I+0-O64cUV0G<9%wd}<EeZhENsLkFh+q__L3qa`wvdh>=EKd6X
zBeC+2OXD_dwbFS#$!r%|Q(2gzP=<Er?c`nn@A9-THd6nj?0L#F-cGO&3TkrGjr%xy
zi(MlmJGI%VRw6@<+Nt06kp6OqJ{5RGQdc}h(L*z|i(@-tN7S8$LL9&WsEl!4)CMa2
zC+=9UW^78Q6N$DH&(4{F>Ek&$2<>I)%FrUGt*s3xHP1e=Y$WK~7*Jp1EX4VU5mEdI
z-IisvpifrX6n&zM#u{_NC;IpLfA|f6OU^2i=G-sDHp`)$0!jnpg_$zPJ3ttqD^4rY
zc==^_5lwa{XRMa8p6kEYb0~<lCayRrKXAinnNWdX#|&?T5!zdb?<u5BYjSKXOtP*8
z1=dvhJIKF>p$zx40j7V#pJw%JCJI2L1y~p10fTL5^a)?^;mpXuMws#I^uEnF*WJW?
z#DJJ95=XfnH!?5m{&By7vuB~~V8!z0=_*vA2kSyj3d!qa7#^mAk+Y+hM$2(hqHVFD
z$^XwL6kN1%M9a$ak(?T)bV^bqB1;#>Jmk9T1PPzHpATS*dCm!Tb>L$k{HtZA<hv3_
zHD&;XTJ$EsH+$+mC8|ADT58(Oo9A3f*3#?bK(k?$Bw=~Ms;yTI0xOr3<d`#xr1L()
z?$0R6I{`M%DOgN5OQJseDyG#!P92?8WHgvr`l9z>_QV>*d~WoLS}k6+v$cfb5voTt
z?4NTUzOq5IBvt2X*G%Pd>KXOVkI06}SBT+;BKp1*&6w<&-x@w@4l}3f8~Gn)yJh$&
zwqETFgeo|)vQ@!&e02nNN#F0PdYK=9uwpI(aVbBxUtaXWjxdO?>uX|?-DfMpNW>ON
z=sL>!Sy@`kB0GPcfJEvUXy=H)!hR@n{_!9?mp|d>va<k;)gWOsc_o(~rmt-!b--+P
z2RmSwOi5}IpUj!m7b}|-jr{@h?F0KO+q1(6B);}hvgMz;d5p-aTd@!wA~E+(DvB$+
zQHY^elp1->Rpd;xl-)T~7XCT6Qf?_wbSW~w)nP@UB2uaLfv9IlnYzaTueV2`^GkpD
zqAXgW_QBO&x~TF&5k@4_D!P^NmTcM9QDCo(#$41YI1QblC3qfSVB!qJ<dDM;=TZy@
zf6Ff5KghYyh{rNBxs7aTd}(yYjmdvZC;3tKxwkrB?*4!c*Emk`91N0G*6b1}-c~m0
zn>2Lu(NP@}f^u$Q1Qf)gLXtA*c*%Y)NSLQssYmUiG%nT=y%_6Nu2A)OFtJ(f*{)P?
zXVS;z!#$@nE3+xYM(adMO-15dfTqJDHJesTqxOqgh<$E!SD8yWdAoVIpzLn*C;{hc
zDE#Z?uMd+bJ~@=fLkTvwls-(g{Z)G@C!=NDm{*Rp5J>?OP<hy;s)9|YE;QR_y2}3)
z*8>1#fL?clCFP?Zvvjbk#Vci)pscph4>wEbnyVMm-dPwN;(zT3&__3zrIibPf;F1b
z5&M@9Sf-7IRfR!F6Xth9m@`Vy;;CZ9({~aK*J%IhBdKZi$9aT8_m~Bj#T>Iq5S3*-
zGLye%<u*eWCq}in&J5@RZM#QVrsESkn2zS=cgm_Sv70jNO#NNCD2-cWJM9iLCoAqw
z63t+)ZsDubx^-<IZ5=Agdv8I$8w?gKE;yjH{H3t7=>zO#6d~-#jCU_CK0A2mx7VJJ
zoooY%QG<dEZhN=n>C#~1B+aOrzL6W<$FZ=f6sxh#84mP;cUYPSrC$G2=gZ#1d2MD~
z_zr~yq-kh@k;L}SYTSZ+%n7Uhxp(DomK=9%Wo7GCF?yI(_Ro&WRiSlF4=|$JZpj~L
z2@#J}!<LSD4h|^VnRcEGOR$F$9VA<sGxN`U*$*JArfJh~V0s8HV~~{-NZm##bhL%}
z5bJjM0Q7$Riz_hXi)HwRp!sFHlgFd9RCfV*+;p<4M`jYA``DS)ew4F<!g<bntH<lk
zgn<}l*QH6rXt9+#WXX`u#BW)6j3COvh(uap?GvYx+vNSq9Renl%iTsPk5u1JM0`I^
zBFTR0+7E4K>lR=fwd%U%@`L23W)Hmlu8s;QO%F`ABWnS!5NLca%l(!4j6igv#ZiG;
zhKEwhnmxHo`hPX!fu(@3BnEfAx^JHEMO_UMp)hG34&97vN>&1nw{){U8uCy=D9H;c
zQaxNnzsWqOCX}C?NqeCjkFORqJYm`u2O<fgtD4K0!-8OZPNY+1^m0lqt=G7fLFaTU
zTbOi$Ab}qDE|ylqrmvDj>|fXBq<y?(I{REp942ELb~bwzG)<6ihbzDfVt3>L{r3)l
zOR3M10k7_#7XIE>M<ooI1u3eo6l*|so*9(Y?~%JF+H@UX56zzMdIF19{+Q$SnjzDc
z_V6AGJALK%koaYhq+vrRrEA87ri<-zq_|>3Nrv6hwW#;FBp^kRC1pGXttyYJ8Lj%O
zL!EYGSP{3bh3_f1!K1c=<e6y0+4K58I00~{_2T|yjzcn!Y=6wI?ib|pG{1^d7cv;8
ze#AHQi^1@<K>MrRK*?Og=`L-pJtSL2?`@oz(8p<ld0m0Y8g0~6-n1d+6r<73Lyo-@
z5Xz+WsysWyvUao=(VSz~4HN2RdehJ=O9fInDJDu~M&0>CXmT#~0d`A3-p$U$+@uDA
zdtcpe==mAyu)CEVaGtRgfwh*7#s5vC;;s%FRnAJFiy1AnCvfRYx9br#QsYi0?Fxj@
z^<bu<uY5&|l}@h7u|Wu>+YPVK72a;p+R97q&~G=*^id;SDsA=1BKkQV5pp`|G}q1T
zw!2t*++S?ASl7H!tFOp7R>O4e*g+dBkGN_sYE4Jqh{e+MHStpiaSw<ov$`~~G{aXL
z>xao{HRd0%fB(W(IqkZjvQMK+@(W^0REnum9Fdzx#YQ|*#iF4)fpJvJUR|duO-J%+
zv5zma<eVT?GZ@p(5S=Bg3{R&|5_bpZ4s#KVZ0hrOx>37jE1mbS>}yhg2FGWg=KjAo
zU&zLu?(~nq0!njkc|8|OIT`NwvxA$F<(^67Tzb={thr1Yv}f~<TCs;PBmDdbMX}Q!
zmZNG7#-W9jGMx?%YOWNcg*g>xHr%U3X`48V>^0_#^W`+E5To1jcRG1Wrw<0Q(VK>!
zHGHqXGC|g-nT*_UoIRx}z#-k-md%KdR1Jsj>hL%&XiR;$W)(V!)rU!yi?kja3d9zc
zIV3~ui_St$b7Zyvi>}O)ij)nMHa7`3jbhftnh(v%eJ}FGVN;?VycAZQ`%bsFx^nTg
z(n~#BmeheBU7p4tsVyR!nu1(ltk0_51f8VJr^cE7vO$zN0kfgq$}BsoqH-cHOk7Eh
zP%a0;Mgmdd8l_ssjrR1(ol0Gi8h<Q}pcR{!bx&8dqPnwdNm@l^qv=w2sG`Q}BPTS%
zPM_;GTmgLkCA7t5jz>aY)%3EE`f-QuOd!S=q?9rJVRstQG6)Tp#aU*0A45$`hk2RS
z-ux!P5>ID?_#GOZOs*7f_SLIX*uj7H`hVl0ezC!w=)^06ye`uL&_a>gBf#2lz)Af8
zSvnY5UK=fmEN|4*#4~l|KRDq3?s)&-f}^-`%!;le3m!zgEwr0oqW@pr|E}+P40vOg
zV5ARt2Qe=50f3DMCsJWNv-{H3mdEhCkTODw0Tj|#*L(fN{vICs;+s&w2nC5@Auba(
zo9HPaIom2~V=m(kzWFnjZ_Yu9+D^&Xl)6(}q@c+U%dOaEq3k~^I(idko1I)-Z<87F
zpfy@2J83VH{X6T|B3>B4GgeyZP+n6hFrmyUL~#<^>j`ry$Sqfm21jA`MYVj(z)YWG
z(6MGOZfkb-G?l*T$+xLE;Zn`$Ga*KkUEYJHD#iIz!$L_;=V_%DX}u4!D_?ZTHaUvZ
zIfJ3mxHM_tk!&T5aZPQ9!EKD#&FQ#i#Q5f*S>wAR=WMWX5cq%N1FXzl+vv?HarS1F
z41YrAt&unaF{IhkP?Z&>!FWgh3rD+sUYWd`CB@xN(7Qr+f3oIVO+Pha<elFB?6rG@
z)b<+y8x+{6{WSz8&s;b*e<i}o--%>R(`Z(;za)7vy6wXgRsichnKaa$R}qo9_1H@u
zS%FjB)0ZvvYOJJ3snd#8Zc$pUskJn5H#8#yMR3@p0qH9D(t7w4e3`Wtw6Ch*f4Iwp
zKA2+4k?<ZyrtXIJI|<JT=y=!(-YGN<?PJ`50=1*(!tSi@!u>+*jo<%o@3LEg2}SEL
z?WG4nu|MR7={7l@%XxTN0rWE==<dO}k6N*(&A>FOt}^4~+AJL^ggdSqg#Oo2Cn_`J
zON42Jr5d1@`*3EMjN~ilguB<OJaSl(Rt}1E5Z0PI*bGsaQzb)q49O<Hy!PV#%Ou@`
z&t~JbmaE(Fy+t8aJw;Mh$)Vt;cmkhs1iO{nM&uYG;YJi=?0_P(SOpH7X;Pe~f3M!m
zfi}p#-smP2nYzM^0;9~pA9DxF`W$!EyLBmcWrWTbc<Q?$0|p%HqYTf#wa-bpCU(YC
z-&;(Z`qk00_&Tw&?KX|?{e(j`{Rln23`J6Aqo8uONA3(Ols$CYNB=3$SZV&pi0?B5
zm5v50Y<Dynd~enxOHm*holMKP&N#^)E_3#!tq+7Wu!l4DZfl{45wgwEwk3YmqGhU?
zS&4E(&0K9}@p4~C|ALpxsR$k4b4`z`9@AAw63^l)j>Ai$n1;~nXgd|KbChc`G@6cu
zIJLBqhlY0?Si9mcj7Q^Ff$}?(^k^CagWcr-aI%|uyW!!@Ab?OnLg@kKAWs6IV7b6j
z)lGq`hwYDKPQS};7^!mO`0q#`1yXSVxgKyprKal^(%*XaK-{A`m9M{Tw;w`{auq-R
zWj8&jfkZWmYasE27tOE^Aac%<#H_%{+5swxg56yx*K=y0hCCe_=J_+@pWV9J+H>);
z3;SVAC@7=LWOk{sKcKo`2y%h&=WHWJ{EIEs)d4Uebc3WIqa)|k(76MP=jUc8R+0*D
z9wwdsy#_LDcVSu^ln$(dB!Al!&>cJ`ylbVfVAcFHs%B_tc#O_Q0{n?7QVjS%Sg{?L
z)=_;S9xdg4a{R#CPjNRQN7%jQ?xLCn=u|0N8{ZNr!=XC@bCB<OBX<F#@&J9OK`bRa
zZyA|gE?E+${lr(Tg_+YniYN?AFALfMGl&^4@EcRy;wjdz3kt+EZ6Lxbs-Bj4-@jAD
z)vwJO%u{}|0F=VpWtvD3C?;|uOj;okx<c$8e*V>lB$?jJD6)jTRUlo}O7#`3zp4C0
z*8fhL!<JKGjG$v;VmqX5jxru)y2b^58yOwFMSvgrPf)t`a@)V6()a{lo8u3jg|4@=
zDJM9>R5C2e8g;3!H|QE%r9{W3t{i6QT13<MD5XL~x`Glp>*mDmy4~`$Gtcz&3+N>~
z=a%BR77j23bvQ}v6u_acG&S6E%4Of#{e5wZ2ddIuKTMY6_9Oa<m&54g=wp5;|5<OO
z<+;LGY_Fp&*H3b-40bLUB@)=uKL$5(QCby?6T;MaQeRSPkME)!hUI_Ny8u(Y`yx#t
z@o;V7+Tvqx0P?!I%1~g$+z^D^&<*KRXqYUj2Z6vK1an(-`#L0~6A7#2T!_88sL{)a
zY+AFM$}^7O3uY)s5_i!hFIDCxi=5+;O^H>NaG`}{D)wYr*3@X~5@htWlK;SxUi%TT
z_o(RRrZlnN4{gN!_kyv~N@u(;Z_ee6t5IeNBsrcRb{&i536m>%`vNBoq&e6m-prH=
zd(ul=wo(3o@s!cBFx^|+?&DuDEIR`VdRoxQz(Vm4-c~$|ov${Nff=^KM~|Y>(n$R6
zyrj(zg*mEEuA?d$m`RNa*A==@WsfsVPJ!7f!S`3U7`Va2?Oz%5&7Dtv_qyjLY{TF^
zlIC+?oY;IFcoPblzJU_#Z=kg48(=~F5U^yR$O%9EBXME%ySolQM&0Sn(*FkjcR~J=
K+{?4q@BAN7R5RfK

diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 8db538cc05..9e47f6bd79 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -10,7 +10,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 07/06/2017
+ms.date: 07/07/2017
 ---
 
 # What's new in MDM enrollment and management
@@ -945,6 +945,10 @@ For details about Microsoft mobile device management protocols for Windows 10 s
 <td style="vertical-align:top">New CSP added in Windows 10, version 1709. Also added the DDF topic [WindowsDefenderApplicationGuard DDF file](windowsdefenderapplicationguard-ddf-file.md).</td>
 </tr>
 <tr class="even">
+<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
+<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
 <td style="vertical-align:top">[Policy CSP](policy-configuration-service-provider.md)</td>
 <td style="vertical-align:top"><p>Added the following new policies for Windows 10, version 1709:</p> 
 <ul>
@@ -1256,6 +1260,10 @@ The DM agent for [push-button reset](https://msdn.microsoft.com/windows/hardware
 </thead>
 <tbody>
 <tr class="odd">
+<td style="vertical-align:top">[VPNv2 CSP](vpnv2-csp.md)</td>
+<td style="vertical-align:top"><p>Added DeviceTunnel profile in Windows 10, version 1709.</p>
+</td></tr>
+<tr class="odd">
 <td style="vertical-align:top">[BitLocker CSP](bitlocker-csp.md)</td>
 <td style="vertical-align:top">Added the following statements:.
 <ul>
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index c982bb06b0..05e8da9fa3 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/07/2017
 ---
 
 # VPNv2 CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 The VPNv2 configuration service provider allows the mobile device management (MDM) server to configure the VPN profile of the device.
 
@@ -45,8 +47,6 @@ Supported operations include Get, Add, and Delete.
 
 > **Note**  If the profile name has a space or other non-alphanumeric character, it must be properly escaped according to the URL encoding standard.
 
- 
-
 <a href="" id="vpnv2-profilename-apptriggerlist"></a>**VPNv2/***ProfileName***/AppTriggerList**  
 Optional node. List of applications set to trigger the VPN. If any of these apps are launched and the VPN profile is currently the active profile, this VPN profile will be triggered to connect.
 
@@ -91,6 +91,11 @@ The subnet prefix size part of the destination prefix for the route entry. This,
 
 Value type is int. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-routelist-routerowid-metric"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/Metric**  
+Added in Windows 10, version 1607. The route's metric.
+
+Value type is int. Supported operations include Get, Add, Replace, and Delete.
+
 <a href="" id="vpnv2-profilename-routelist-routerowid-exclusionroute"></a>**VPNv2/***ProfileName***/RouteList/***routeRowId***/ExclusionRoute**  
 Added in Windows 10, version 1607. A boolean value that specifies if the route being added should point to the VPN Interface or the Physical Interface as the Gateway. Valid values:
 
@@ -261,7 +266,7 @@ Valid values:
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
-<a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/***ProfileName***/LockDown**  
+<a href="" id="vpnv2-profilename-lockdown"></a>**VPNv2/***ProfileName***/LockDown**  (./Device only profile)  
 Lockdown profile.
 
 Valid values:
@@ -280,6 +285,24 @@ A Lockdown profile must be deleted before you can add, remove, or connect other
 
 Value type is bool. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-devicetunnel"></a>**VPNv2/***ProfileName***/DeviceTunnel**  (./Device only profile)  
+Device tunnel profile.
+
+Valid values:
+
+-   False (default) - this is not a device tunnel profile.
+-   True - this is a device tunnel profile.
+
+When the DeviceTunnel profile is turned on, it does the following things:
+
+-   First, it automatically becomes an "always on" profile.
+-   Second, it does not require the presence or logging in of any user to the machine in order for it to connect.
+-   Third, no other device tunnel profile maybe be present on the same machine.
+
+A device tunnel profile must be deleted before another device tunnel profile can be added, removed, or connected.
+
+Value type is bool. Supported operations include Get, Add, Replace, and Delete.
+
 <a href="" id="vpnv2-profilename-dnssuffix"></a>**VPNv2/***ProfileName***/DnsSuffix**  
 Optional. Specifies one or more comma separated DNS suffixes. The first in the list is also used as the primary connection specific DNS suffix for the VPN Interface. The entire list will also be added into the SuffixSearchList.
 
@@ -493,6 +516,8 @@ The following list contains the valid values:
 -   AES128
 -   AES192
 -   AES256
+-   AES\_GCM_128
+-   AES\_GCM_256
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
@@ -542,6 +567,11 @@ Added in Windows 10, version 1607. The preshared key used for an L2TP connectio
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
+<a href="" id="vpnv2-profilename-nativeprofile-disableclassbaseddefaultroute"></a>**VPNv2/***ProfileName***/NativeProfile/DisableClassBasedDefaultRoute**  
+Added in Windows 10, version 1607. Specifies the class based default routes. For example, if the interface IP begins with 10, it assumes a class a IP and pushes the route to 10.0.0.0/8
+
+Value type is bool. Supported operations include Get, Add, Replace, and Delete.
+
 ## Examples
 
 
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index f85acf61e2..1312ba1a63 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -7,11 +7,13 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 06/19/2017
+ms.date: 07/07/2017
 ---
 
 # VPNv2 DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 
 This topic shows the OMA DM device description framework (DDF) for the **VPNv2** configuration service provider.
 
@@ -20,7 +22,7 @@ You can download the DDF files from the links below:
 - [Download all the DDF files for Windows 10, version 1703](http://download.microsoft.com/download/C/7/C/C7C94663-44CF-4221-ABCA-BC895F42B6C2/Windows10_1703_DDF_download.zip)
 - [Download all the DDF files for Windows 10, version 1607](http://download.microsoft.com/download/2/3/E/23E27D6B-6E23-4833-B143-915EDA3BDD44/Windows10_1607_DDF.zip)
 
-The XML below is the current version for this CSP.
+The XML below is for Windows 10, version 1709.
 
 ``` syntax
 <?xml version="1.0" encoding="UTF-8"?>
@@ -33,7 +35,7 @@ The XML below is the current version for this CSP.
     <VerDTD>1.2</VerDTD>
     <Node>
         <NodeName>VPNv2</NodeName>
-        <Path>./Vendor/MSFT</Path>
+        <Path>./Device/Vendor/MSFT</Path>
         <DFProperties>
             <AccessType>
                 <Get />
@@ -48,7 +50,7 @@ The XML below is the current version for this CSP.
                 <Permanent />
             </Scope>
             <DFType>
-				<MIME>com.microsoft/1.2/MDM/VPNv2</MIME>
+                <MIME>com.microsoft/1.3/MDM/VPNv2</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -310,7 +312,7 @@ The XML below is the current version for this CSP.
                                 <Delete />
                                 <Replace />
                             </AccessType>
-                            <Description>                          
+                            <Description>
                               False = This Route will direct traffic over the VPN
                               True = This Route will direct traffic over the physical interface
                               By default, this value is false.
@@ -953,6 +955,43 @@ The XML below is the current version for this CSP.
                     </DFType>
                 </DFProperties>
             </Node>
+            <Node>
+                <NodeName>DeviceTunnel</NodeName>
+                <DFProperties>
+                    <AccessType>
+                        <Add />
+                        <Delete />
+                        <Get />
+                        <Replace />
+                    </AccessType>
+                    <Description>
+                        False = This is not a Device Tunnel profile and it is the default value.
+                        True = This is a Device Tunnel profile.
+
+                        If turned on a device tunnel profile does four things.
+                        First, it automatically becomes an always on profile.
+                        Second, it does not require the presence or logging in
+                        of any user to the machine in order for it to connect.
+                        Third, no other Device Tunnel profile maybe be present on the
+                        Same machine.
+
+                        A device tunnel profile must be deleted before another device tunnel
+                        profile can be added, removed, or connected.
+                    </Description>
+                    <DFFormat>
+                        <bool />
+                    </DFFormat>
+                    <Occurrence>
+                        <ZeroOrOne />
+                    </Occurrence>
+                    <Scope>
+                        <Dynamic />
+                    </Scope>
+                    <DFType>
+                        <MIME>text/plain</MIME>
+                    </DFType>
+                </DFProperties>
+            </Node>
             <Node>
                 <NodeName>DnsSuffix</NodeName>
                 <DFProperties>
@@ -1996,6 +2035,8 @@ The XML below is the current version for this CSP.
                       -- AES128
                       -- AES192
                       -- AES256
+                      -- AES_GCM_128
+                      -- AES_GCM_256
                     </Description>
                     <DFFormat>
                       <chr />
@@ -2180,7 +2221,7 @@ The XML below is the current version for this CSP.
                 <Permanent />
             </Scope>
             <DFType>
-                <DDFName></DDFName>
+                <MIME>com.microsoft/1.3/MDM/VPNv2</MIME>
             </DFType>
         </DFProperties>
         <Node>
@@ -4087,6 +4128,8 @@ The XML below is the current version for this CSP.
                       -- AES128
                       -- AES192
                       -- AES256
+                      -- AES_GCM_128
+                      -- AES_GCM_256
                     </Description>
                     <DFFormat>
                       <chr />
@@ -4255,14 +4298,4 @@ The XML below is the current version for this CSP.
         </Node>
     </Node>
 </MgmtTree>
-```
-
- 
-
- 
-
-
-
-
-
-
+```
\ No newline at end of file
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index b4b671369b..665ae99cae 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -12,6 +12,9 @@ ms.date: 06/19/2017
 
 # WindowsAdvancedThreatProtection CSP
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 The Windows Defender Advanced Threat Protection (WDATP) configuration service provider (CSP) allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
 
 The following diagram shows the WDATP configuration service provider in tree format as used by the Open Mobile Alliance (OMA) Device Management (DM).
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 00afc29c8a..196883556d 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -12,6 +12,9 @@ ms.date: 06/19/2017
 
 # WindowsAdvancedThreatProtection DDF file
 
+> [!WARNING]
+> Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
+
 This topic shows the OMA DM device description framework (DDF) for the **WindowsAdvancedThreatProtection** configuration service provider. DDF files are used only with OMA DM provisioning XML.
 
 You can download the DDF files from the links below: