diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index 5c5047248c..ec54bee4ae 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -9,7 +9,7 @@ ms.pagetype: devices
 author: dansimp
 ms.localizationpriority: medium
 ms.author: dansimp
-ms.date: 09/14/2021
+ms.date: 01/18/2022
 ms.reviewer: 
 manager: dansimp
 ms.topic: article
@@ -55,8 +55,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
         ```
         where *the-UPN-attribute-of-your-user* is the name of the user profile in C:\Users\, which is created based on the DisplayName attribute in Azure AD.
 
-        This command only works for AADJ device users already added to any of the local groups (administrators).
-        Otherwise this command throws the below error. For example:
+        In order to execute this PowerShell command you be a member of the local Administrators group. Otherwise, you'll get an error like this example:
         - for cloud only user: "There is no such global user or group : *name*"
         - for synced user: "There is no such global user or group : *name*" </br>
 
@@ -67,7 +66,7 @@ Ensure [Remote Credential Guard](/windows/access-protection/remote-credential-gu
 
       - Adding users using policy
      
-         Starting in Windows 10, version 2004, you can add users or Azure AD groups to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
+         Starting in Windows 10, version 2004, you can add users to the Remote Desktop Users using MDM policies as described in [How to manage the local administrators group on Azure AD joined devices](/azure/active-directory/devices/assign-local-admin#manage-administrator-privileges-using-azure-ad-groups-preview).
 
          > [!TIP]
          > When you connect to the remote PC, enter your account name in this format: AzureAD\yourloginid@domain.com.
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 96b516b939..4530da2896 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -142,7 +142,7 @@ Allows you to set the default encryption method for each of the different drive
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)</em></li>
+<li>GP Friendly name: <em>Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later)</em></li>
 <li>GP name: <em>EncryptionMethodWithXts_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -216,7 +216,7 @@ Allows you to associate unique organizational identifiers to a new drive that is
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Provide the unique identifiers for your organization </em></li>
+<li>GP Friendly name: <em>Provide the unique identifiers for your organization </em></li>
 <li>GP name: <em>IdentificationField_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -276,7 +276,7 @@ Allows users on devices that are compliant with InstantGo or the Microsoft Hardw
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN</em></li>
+<li>GP Friendly name: <em>Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN</em></li>
 <li>GP name: <em>EnablePreBootPinExceptionOnDECapableDevice_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -318,7 +318,7 @@ Allows users to configure whether or not enhanced startup PINs are used with Bit
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Allow enhanced PINs for startup</em></li>
+<li>GP Friendly name: <em>Allow enhanced PINs for startup</em></li>
 <li>GP name: <em>EnhancedPIN_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -363,7 +363,7 @@ Allows you to configure whether standard users are allowed to change BitLocker P
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Disallow standard users from changing the PIN or password</em></li>
+<li>GP Friendly name: <em>Disallow standard users from changing the PIN or password</em></li>
 <li>GP name: <em>DisallowStandardUsersCanChangePIN_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -408,7 +408,7 @@ Allows users to enable authentication options that require user input from the p
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Enable use of BitLocker authentication requiring preboot keyboard input on slates</em></li>
+<li>GP Friendly name: <em>Enable use of BitLocker authentication requiring preboot keyboard input on slates</em></li>
 <li>GP name: <em>EnablePrebootInputProtectorsOnSlates_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -459,7 +459,7 @@ Allows you to configure the encryption type that is used by BitLocker.
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Enforce drive encryption type on operating system drives</em></li>
+<li>GP Friendly name: <em>Enforce drive encryption type on operating system drives</em></li>
 <li>GP name: <em>OSEncryptionType_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -507,7 +507,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Require addition
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Require additional authentication at startup</em></li>
+<li>GP Friendly name: <em>Require additional authentication at startup</em></li>
 <li>GP name: <em>ConfigureAdvancedStartup_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -604,7 +604,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure minimu
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name:<em>Configure minimum PIN length for startup</em></li>
+<li>GP Friendly name:<em>Configure minimum PIN length for startup</em></li>
 <li>GP name: <em>MinimumPINLength_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -670,7 +670,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Configure pre-boot recovery message and URL</em></li>
+<li>GP Friendly name: <em>Configure pre-boot recovery message and URL</em></li>
 <li>GP name: <em>PrebootRecoveryInfo_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -748,7 +748,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Choose how BitLocker-protected operating system drives can be recovered</em></li>
+<li>GP Friendly name: <em>Choose how BitLocker-protected operating system drives can be recovered</em></li>
 <li>GP name: <em>OSRecoveryUsage_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Operating System Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -834,7 +834,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Choose how BitLocker-protected fixed drives can be recovered</em></li>
+<li>GP Friendly name: <em>Choose how BitLocker-protected fixed drives can be recovered</em></li>
 <li>GP name: <em>FDVRecoveryUsage_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Fixed Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -929,7 +929,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Deny write access to fixed drives not protected by BitLocker</em></li>
+<li>GP Friendly name: <em>Deny write access to fixed drives not protected by BitLocker</em></li>
 <li>GP name: <em>FDVDenyWriteAccess_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Fixed Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -987,7 +987,7 @@ Allows you to configure the encryption type on fixed data drives that is used by
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Enforce drive encryption type on fixed data drives</em></li>
+<li>GP Friendly name: <em>Enforce drive encryption type on fixed data drives</em></li>
 <li>GP name: <em>FDVEncryptionType_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Fixed Data Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -1037,7 +1037,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Deny write access to removable drives not protected by BitLocker</em></li>
+<li>GP Friendly name: <em>Deny write access to removable drives not protected by BitLocker</em></li>
 <li>GP name: <em>RDVDenyWriteAccess_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Removeable Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -1106,7 +1106,7 @@ Allows you to configure the encryption type that is used by BitLocker.
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Enforce drive encryption type on removable data drives</em></li>
+<li>GP Friendly name: <em>Enforce drive encryption type on removable data drives</em></li>
 <li>GP name: <em>RDVEncryptionType_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Removable Data Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
@@ -1150,7 +1150,7 @@ Allows you to control the use of BitLocker on removable data drives.
 <!--ADMXMapped-->
 ADMX Info:
 <ul>
-<li>GP English name: <em>Control use of BitLocker on removable drives</em></li>
+<li>GP Friendly name: <em>Control use of BitLocker on removable drives</em></li>
 <li>GP name: <em>RDVConfigureBDE_Name</em></li>
 <li>GP path: <em>Windows Components/BitLocker Drive Encryption/Removable Data Drives</em></li>
 <li>GP ADMX file name: <em>VolumeEncryption.admx</em></li>
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 8f140c8f43..47a47c403e 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -1135,6 +1135,7 @@ The following list shows the CSPs supported in HoloLens devices:
 -   [EnterpriseModernAppManagement CSP](enterprisemodernappmanagement-csp.md)
 -   [Firewall-CSP](firewall-csp.md) 
 -   [HealthAttestation CSP](healthattestation-csp.md)
+-   [NetworkProxy CSP](networkproxy-csp.md)
 -   [NetworkQoSPolicy CSP](networkqospolicy-csp.md)
 -   [NodeCache CSP](nodecache-csp.md)
 -   [PassportForWork CSP](passportforwork-csp.md)
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 2ab4830667..ee5936c3f4 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -36,7 +36,7 @@ See [Support Tip: Ingesting Office ADMX policies using Microsoft Intune](https:/
 > See [Understanding ADMX policies in Policy CSP](./understanding-admx-backed-policies.md).
 
 1.  Find the policy from the list [ADMX policies](./policies-in-policy-csp-admx-backed.md). You need the following information listed in the policy description.  
-    - GP English name
+    - GP Friendly name
     - GP name
     - GP ADMX file name
     - GP path
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 02259ae42b..db53557678 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -7659,6 +7659,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### MemoryDump policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-memorydump.md#memorydump-allowcrashdump" id="memorydump-allowcrashdump">MemoryDump/AllowCrashDump</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-memorydump.md#memorydump-allowlivedump" id="memorydump-allowlivedump">MemoryDump/AllowLiveDump</a>
+  </dd>
+</dl>
+
 ### Messaging policies
 
 <dl>
@@ -7776,6 +7787,14 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   <dd>
 </dl>
 
+### NewsAndInterests policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-newsandinterests.md#newsandinterests-allownewsandinterests" id="newsandinterests-allownewsandinterests">NewsAndInterests/AllowNewsAndInterests</a>
+  </dd>
+</dl>
+
 ### Notifications policies
 
 <dl>
@@ -8179,6 +8198,17 @@ dfsdiscoverdc">ADMX_DFS/DFSDiscoverDC</a>
   </dd>
 </dl>
 
+### RemoteDesktop policies
+
+<dl>
+  <dd>
+    <a href="./policy-csp-remotedesktop.md#remotedesktop-autosubscription" id="remotedesktop-autosubscription">RemoteDesktop/AutoSubscription</a>
+  </dd>
+  <dd>
+    <a href="./policy-csp-remotedesktop.md#remotedesktop-loadaadcredkeyfromprofile" id="remotedesktop-loadaadcredkeyfromprofile">RemoteDesktop/LoadAadCredKeyFromProfile</a>
+  </dd>
+</dl>
+
 ### RemoteDesktopServices policies
 
 <dl>
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index bdd9118d02..67493c8dbe 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -148,7 +148,7 @@ If you do not configure this policy setting, the administrator can use the Probl
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Windows Customer Experience Improvement Program*
+-   GP Friendly name: *Turn off Windows Customer Experience Improvement Program*
 -   GP name: *CEIPEnable*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -196,7 +196,7 @@ If you disable or do not configure this policy setting, your computer will conta
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Automatic Root Certificates Update*
+-   GP Friendly name: *Turn off Automatic Root Certificates Update*
 -   GP name: *CertMgr_DisableAutoRootUpdates*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -247,7 +247,7 @@ If you disable or do not configure this policy setting, users can choose to prin
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off printing over HTTP*
+-   GP  Friendly name: *Turn off printing over HTTP*
 -   GP name: *DisableHTTPPrinting_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -300,7 +300,7 @@ If you disable or do not configure this policy setting, users can download print
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off downloading of print drivers over HTTP*
+-   GP Friendly name: *Turn off downloading of print drivers over HTTP*
 -   GP name: *DisableWebPnPDownload_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -353,7 +353,7 @@ Also see "Turn off Windows Update device driver search prompt" in "Administrativ
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Windows Update device driver searching*
+-   GP Friendly name: *Turn off Windows Update device driver searching*
 -   GP name: *DriverSearchPlaces_DontSearchWindowsUpdate*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -403,7 +403,7 @@ Also, see "Events.asp URL", "Events.asp program", and "Events.asp Program Comman
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Event Viewer "Events.asp" links*
+-   GP Friendly name: *Turn off Event Viewer "Events.asp" links*
 -   GP name: *EventViewer_DisableLinks*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -453,7 +453,7 @@ You might want to enable this policy setting for users who do not have Internet
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Help and Support Center "Did you know?" content*
+-   GP Friendly name: *Turn off Help and Support Center "Did you know?" content*
 -   GP name: *HSS_HeadlinesPolicy*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -501,7 +501,7 @@ If you disable or do not configure this policy setting, the Knowledge Base is se
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Help and Support Center Microsoft Knowledge Base search*
+-   GP Friendly name: *Turn off Help and Support Center Microsoft Knowledge Base search*
 -   GP name: *HSS_KBSearchPolicy*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -549,7 +549,7 @@ If you do not configure this policy setting, all of the the policy settings in t
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Restrict Internet communication*
+-   GP Friendly name: *Restrict Internet communication*
 -   GP name: *InternetManagement_RestrictCommunication_1*
 -   GP path: *System\Internet Communication Management*
 -   GP ADMX file name: *ICM.admx*
@@ -596,7 +596,7 @@ If you do not configure this policy setting, all of the the policy settings in t
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Restrict Internet communication*
+-   GP Friendly name: *Restrict Internet communication*
 -   GP name: *InternetManagement_RestrictCommunication_2*
 -   GP path: *System\Internet Communication Management*
 -   GP ADMX file name: *ICM.admx*
@@ -642,7 +642,7 @@ If you disable or do not configure this policy setting, users can connect to Mic
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com*
+-   GP Friendly name: *Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com*
 -   GP name: *NC_ExitOnISP*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -690,7 +690,7 @@ Note that registration is optional and involves submitting some personal informa
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Registration if URL connection is referring to Microsoft.com*
+-   GP Friendly name: *Turn off Registration if URL connection is referring to Microsoft.com*
 -   GP name: *NC_NoRegistration*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -742,7 +742,7 @@ Also see the "Configure Error Reporting", "Display Error Notification" and "Disa
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Windows Error Reporting*
+-   GP Friendly name: *Turn off Windows Error Reporting*
 -   GP name: *PCH_DoNotReport*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -791,7 +791,7 @@ If you disable or do not configure this policy setting, users can access the Win
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off access to all Windows Update features*
+-   GP Friendly name: *Turn off access to all Windows Update features*
 -   GP name: *RemoveWindowsUpdate_ICM*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -842,7 +842,7 @@ If you disable or do not configure this policy setting, Search Companion downloa
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Search Companion content file updates*
+-   GP Friendly name: *Turn off Search Companion content file updates*
 -   GP name: *SearchCompanion_DisableFileUpdates*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -890,7 +890,7 @@ If you disable or do not configure this policy setting, the user is allowed to u
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Internet File Association service*
+-   GP Friendly name: *Turn off Internet File Association service*
 -   GP name: *ShellNoUseInternetOpenWith_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -938,7 +938,7 @@ If you disable or do not configure this policy setting, the user is allowed to u
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Internet File Association service*
+-   GP Friendly name: *Turn off Internet File Association service*
 -   GP name: *ShellNoUseInternetOpenWith_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -986,7 +986,7 @@ If you disable or do not configure this policy setting, the user is allowed to u
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off access to the Store*
+-   GP Friendly name: *Turn off access to the Store*
 -   GP name: *ShellNoUseStoreOpenWith_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1034,7 +1034,7 @@ If you disable or do not configure this policy setting, the user is allowed to u
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off access to the Store*
+-   GP Friendly name: *Turn off access to the Store*
 -   GP name: *ShellNoUseStoreOpenWith_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1082,7 +1082,7 @@ See the documentation for the web publishing and online ordering wizards for mor
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Internet download for Web publishing and online ordering wizards*
+-   GP Friendly name: *Turn off Internet download for Web publishing and online ordering wizards*
 -   GP name: *ShellPreventWPWDownload_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1128,7 +1128,7 @@ If you disable or do not configure this policy setting, the task is displayed.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off the "Order Prints" picture task*
+-   GP Friendly name: *Turn off the "Order Prints" picture task*
 -   GP name: *ShellRemoveOrderPrints_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1176,7 +1176,7 @@ If you disable or do not configure this policy setting, the task is displayed.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off the "Order Prints" picture task*
+-   GP Friendly name: *Turn off the "Order Prints" picture task*
 -   GP name: *ShellRemoveOrderPrints_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1222,7 +1222,7 @@ If you enable this policy setting, these tasks are removed from the File and Fol
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off the "Publish to Web" task for files and folders*
+-   GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
 -   GP name: *ShellRemovePublishToWeb_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1270,7 +1270,7 @@ If you disable or do not configure this policy setting, the tasks are shown.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off the "Publish to Web" task for files and folders*
+-   GP Friendly name: *Turn off the "Publish to Web" task for files and folders*
 -   GP name: *ShellRemovePublishToWeb_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1320,7 +1320,7 @@ If you disable this policy setting, Windows Messenger collects anonymous usage i
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off the Windows Messenger Customer Experience Improvement Program*
+-   GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
 -   GP name: *WinMSG_NoInstrumentation_1*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
@@ -1372,7 +1372,7 @@ If you do not configure this policy setting, users have the choice to opt in and
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off the Windows Messenger Customer Experience Improvement Program*
+-   GP Friendly name: *Turn off the Windows Messenger Customer Experience Improvement Program*
 -   GP name: *WinMSG_NoInstrumentation_2*
 -   GP path: *System\Internet Communication Management\Internet Communication settings*
 -   GP ADMX file name: *ICM.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index 68a7623db7..b15ce97b66 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -76,7 +76,7 @@ If disabled then new iSNS servers may be added and thus new targets discovered v
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not allow manual configuration of iSNS servers*
+-   GP Friendly name: *Do not allow manual configuration of iSNS servers*
 -   GP name: *iSCSIGeneral_RestrictAdditionalLogins*
 -   GP path: *System\iSCSI\iSCSI Target Discovery*
 -   GP ADMX file name: *iSCSI.admx*
@@ -119,7 +119,7 @@ If disabled then new target portals may be added and thus new targets discovered
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not allow manual configuration of target portals*
+-   GP Friendly name: *Do not allow manual configuration of target portals*
 -   GP name: *iSCSIGeneral_ChangeIQNName*
 -   GP path: *System\iSCSI\iSCSI Target Discovery*
 -   GP ADMX file name: *iSCSI.admx*
@@ -163,7 +163,7 @@ If disabled then the initiator CHAP secret may be changed.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not allow changes to initiator CHAP secret*
+-   GP Friendly name: *Do not allow changes to initiator CHAP secret*
 -   GP name: *iSCSISecurity_ChangeCHAPSecret*
 -   GP path: *System\iSCSI\iSCSI Security*
 -   GP ADMX file name: *iSCSI.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index e2de14a58e..f1bcc844ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -113,7 +113,7 @@ Impact on domain controller performance when this policy setting is enabled:
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *KDC support for claims, compound authentication and Kerberos armoring*
+-   GP Friendly name: *KDC support for claims, compound authentication and Kerberos armoring*
 -   GP name: *CbacAndArmor*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -161,7 +161,7 @@ To ensure consistent behavior, this policy setting must be supported and set ide
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Use forest search order*
+-   GP Friendly name: *Use forest search order*
 -   GP name: *ForestSearch*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -213,7 +213,7 @@ If you disable or not configure this policy setting, then the DC will never offe
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *KDC support for PKInit Freshness Extension*
+-   GP Friendly name: *KDC support for PKInit Freshness Extension*
 -   GP name: *PKINITFreshness*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -262,7 +262,7 @@ If you disable or do not configure this policy setting, domain controllers will
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Request compound authentication*
+-   GP Friendly name: *Request compound authentication*
 -   GP name: *RequestCompoundId*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -308,7 +308,7 @@ If you disable or do not configure this policy setting, the threshold value defa
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Warning for large Kerberos tickets*
+-   GP Friendly name: *Warning for large Kerberos tickets*
 -   GP name: *TicketSizeThreshold*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
@@ -359,7 +359,7 @@ If you disable or do not configure this policy setting, the domain controller do
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Provide information about previous logons to client computers*
+-   GP Friendly name: *Provide information about previous logons to client computers*
 -   GP name: *emitlili*
 -   GP path: *System/KDC*
 -   GP ADMX file name: *kdc.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 10bb3a7bdc..f87e1c15d3 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -95,7 +95,7 @@ If you disable or do not configure this policy setting and the resource domain r
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Always send compound authentication first*
+-   GP Friendly name: *Always send compound authentication first*
 -   GP name: *AlwaysSendCompoundId*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -148,7 +148,7 @@ If you do not configure this policy setting, Automatic will be used.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Support device authentication using certificate*
+-   GP Friendly name: *Support device authentication using certificate*
 -   GP name: *DevicePKInitEnabled*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -196,7 +196,7 @@ If you do not configure this policy setting, the system uses the host name-to-Ke
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define host name-to-Kerberos realm mappings*
+-   GP Friendly name: *Define host name-to-Kerberos realm mappings*
 -   GP name: *HostToRealm*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -243,7 +243,7 @@ If you disable or do not configure this policy setting, the Kerberos client enfo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Disable revocation checking for the SSL certificate of KDC proxy servers*
+-   GP Friendly name: *Disable revocation checking for the SSL certificate of KDC proxy servers*
 -   GP name: *KdcProxyDisableServerRevocationCheck*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -289,7 +289,7 @@ If you disable or do not configure this policy setting, the Kerberos client does
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify KDC proxy servers for Kerberos clients*
+-   GP Friendly name: *Specify KDC proxy servers for Kerberos clients*
 -   GP name: *KdcProxyServer*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -337,7 +337,7 @@ If you do not configure this policy setting, the system uses the interoperable K
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define interoperable Kerberos V5 realm settings*
+-   GP Friendly name: *Define interoperable Kerberos V5 realm settings*
 -   GP name: *MitRealms*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -391,7 +391,7 @@ If you do not configure this policy setting, Automatic will be used.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Support compound authentication*
+-   GP Friendly name: *Support compound authentication*
 -   GP name: *ServerAcceptsCompound*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
@@ -437,7 +437,7 @@ If you disable or do not configure this policy setting, any service is allowed t
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Require strict target SPN match on remote procedure calls*
+-   GP Friendly name: *Require strict target SPN match on remote procedure calls*
 -   GP name: *StrictTarget*
 -   GP path: *System\Kerberos*
 -   GP ADMX file name: *Kerberos.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index a8b463fca0..92155a01ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -96,7 +96,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Cipher suite order*
+-   GP Friendly name: *Cipher suite order*
 -   GP name: *Pol_CipherSuiteOrder*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -156,7 +156,7 @@ In circumstances where this policy setting is enabled, you can also select the f
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Hash Publication for BranchCache*
+-   GP Friendly name: *Hash Publication for BranchCache*
 -   GP name: *Pol_HashPublication*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -220,7 +220,7 @@ Hash version supported:
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Hash Version support for BranchCache*
+-   GP Friendly name: *Hash Version support for BranchCache*
 -   GP name: *Pol_HashSupportVersion*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
@@ -269,7 +269,7 @@ If you disable or do not configure this policy setting, the SMB server will sele
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Honor cipher suite order*
+-   GP Friendly name: *Honor cipher suite order*
 -   GP name: *Pol_HonorCipherSuiteOrder*
 -   GP path: *Network/Lanman Server*
 -   GP ADMX file name: *LanmanServer.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 8fe3f8ec35..c85abbdff3 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -98,7 +98,7 @@ Arrange the desired cipher suites in the edit box, one cipher suite per line, in
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Cipher suite order*
+-   GP Friendly name: *Cipher suite order*
 -   GP name: *Pol_CipherSuiteOrder*
 -   GP path: *Network\Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
@@ -147,7 +147,7 @@ If you disable or do not configure this policy setting, Windows will prevent use
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Handle Caching on Continuous Availability Shares*
+-   GP Friendly name: *Handle Caching on Continuous Availability Shares*
 -   GP name: *Pol_EnableHandleCachingForCAFiles*
 -   GP path: *Network\Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
@@ -196,7 +196,7 @@ If you disable or do not configure this policy setting, Windows will prevent use
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Offline Files Availability on Continuous Availability Shares*
+-   GP Friendly name: *Offline Files Availability on Continuous Availability Shares*
 -   GP name: *Pol_EnableOfflineFilesforCAShares*
 -   GP path: *Network\Lanman Workstation*
 -   GP ADMX file name: *LanmanWorkstation.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index bfa3ffa66e..a362e05ab9 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -80,7 +80,7 @@ The DPS can be configured with the Services snap-in to the Microsoft Management
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure custom alert text*
+-   GP Friendly name: *Configure custom alert text*
 -   GP name: *WdiScenarioExecutionPolicy*
 -   GP path: *System\Troubleshooting and Diagnostics\Disk Diagnostic*
 -   GP ADMX file name: *LeakDiagnostic.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 1b54964f3c..0f473f45a4 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -76,7 +76,7 @@ If you disable or do not configure this policy setting, the default behavior of
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on Mapper I/O (LLTDIO) driver*
+-   GP Friendly name: *Turn on Mapper I/O (LLTDIO) driver*
 -   GP name: *LLTD_EnableLLTDIO*
 -   GP path: *Network/Link-Layer Topology Discovery*
 -   GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
@@ -124,7 +124,7 @@ If you disable or do not configure this policy setting, the default behavior for
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on Responder (RSPNDR) driver*
+-   GP Friendly name: *Turn on Responder (RSPNDR) driver*
 -   GP name: *LLTD_EnableRspndr*
 -   GP path: *Network/Link-Layer Topology Discovery*
 -   GP ADMX file name: *LinkLayerTopologyDiscovery.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 8072aab286..224ceae595 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -113,7 +113,7 @@ If you disable or do not configure this policy setting, the user may choose to s
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Block user from showing account details on sign-in*
+-   GP Friendly name: *Block user from showing account details on sign-in*
 -   GP name: *BlockUserFromShowingAccountDetailsOnSignin*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -159,7 +159,7 @@ If you disable or do not configure this policy, the logon background image adopt
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Show clear logon background*
+-   GP Friendly name: *Show clear logon background*
 -   GP name: *DisableAcrylicBackgroundOnLogon*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -208,7 +208,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not process the legacy run list*
+-   GP Friendly name: *Do not process the legacy run list*
 -   GP name: *DisableExplorerRunLegacy_1*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -257,7 +257,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not process the legacy run list*
+-   GP Friendly name: *Do not process the legacy run list*
 -   GP name: *DisableExplorerRunLegacy_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -310,7 +310,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not process the run once list*
+-   GP Friendly name: *Do not process the run once list*
 -   GP name: *DisableExplorerRunOnceLegacy_1*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -363,7 +363,7 @@ This policy setting appears in the Computer Configuration and User Configuration
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not process the run once list*
+-   GP Friendly name: *Do not process the run once list*
 -   GP name: *DisableExplorerRunOnceLegacy_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -409,7 +409,7 @@ If you disable or do not configure this policy setting, the system displays the
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Remove Boot / Shutdown / Logon / Logoff status messages*
+-   GP Friendly name: *Remove Boot / Shutdown / Logon / Logoff status messages*
 -   GP name: *DisableStatusMessages*
 -   GP path: *System*
 -   GP ADMX file name: *Logon.admx*
@@ -455,7 +455,7 @@ If you disable or do not configure this policy setting, connected users will be
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not enumerate connected users on domain-joined computers*
+-   GP Friendly name: *Do not enumerate connected users on domain-joined computers*
 -   GP name: *DontEnumerateConnectedUsers*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -511,7 +511,7 @@ This setting applies only to Windows. It does not affect the "Configure Your Ser
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not display the Getting Started welcome screen at logon*
+-   GP Friendly name: *Do not display the Getting Started welcome screen at logon*
 -   GP name: *NoWelcomeTips_1*
 -   GP path: *System*
 -   GP ADMX file name: *Logon.admx*
@@ -566,7 +566,7 @@ If you disable or do not configure this policy, the welcome screen is displayed
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not display the Getting Started welcome screen at logon*
+-   GP Friendly name: *Do not display the Getting Started welcome screen at logon*
 -   GP name: *NoWelcomeTips_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -619,7 +619,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Run these programs at user logon*
+-   GP Friendly name: *Run these programs at user logon*
 -   GP name: *Run_1*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -673,7 +673,7 @@ Also, see the "Do not process the legacy run list" and the "Do not process the r
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Run these programs at user logon*
+-   GP Friendly name: *Run these programs at user logon*
 -   GP name: *Run_2*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -737,7 +737,7 @@ If you disable or do not configure this policy setting and users log on to a cli
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Always wait for the network at computer startup and logon*
+-   GP Friendly name: *Always wait for the network at computer startup and logon*
 -   GP name: *SyncForegroundPolicy*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -783,7 +783,7 @@ If you disable or do not configure this policy setting, Windows uses the default
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Always use custom logon background*
+-   GP Friendly name: *Always use custom logon background*
 -   GP name: *UseOEMBackground*
 -   GP path: *System\Logon*
 -   GP ADMX file name: *Logon.admx*
@@ -834,7 +834,7 @@ If you disable or do not configure this policy setting, only the default status
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Display highly detailed status messages*
+-   GP Friendly name: *Display highly detailed status messages*
 -   GP name: *VerboseStatus*
 -   GP path: *System*
 -   GP ADMX file name: *Logon.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index f115057a2b..551efcc569 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -347,7 +347,7 @@ If you disable this setting, the antimalware service will load as a low priority
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow antimalware service to startup with normal priority*
+-   GP Friendly name: *Allow antimalware service to startup with normal priority*
 -   GP name: *AllowFastServiceStartup*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -397,7 +397,7 @@ Enabling or disabling this policy may lead to unexpected or unsupported behavior
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Microsoft Defender Antivirus*
+-   GP Friendly name: *Turn off Microsoft Defender Antivirus*
 -   GP name: *DisableAntiSpywareDefender*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -448,7 +448,7 @@ Same as Disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off Auto Exclusions*
+-   GP Friendly name: *Turn off Auto Exclusions*
 -   GP name: *DisableAutoExclusions*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -500,7 +500,7 @@ This feature requires these Policy settings to be set as follows:
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure the 'Block at First Sight' feature*
+-   GP Friendly name: *Configure the 'Block at First Sight' feature*
 -   GP name: *DisableBlockAtFirstSeen*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -546,7 +546,7 @@ If you disable this setting, only items defined by Policy will be used in the re
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local administrator merge behavior for lists*
+-   GP Friendly name: *Configure local administrator merge behavior for lists*
 -   GP name: *DisableLocalAdminMerge*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -594,7 +594,7 @@ If you disable or do not configure this policy setting, Microsoft Defender Antiv
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off real-time protection*
+-   GP Friendly name: *Turn off real-time protection*
 -   GP name: *DisableRealtimeMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -640,7 +640,7 @@ If you disable or do not configure this policy setting, Microsoft Defender Antiv
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off routine remediation*
+-   GP Friendly name: *Turn off routine remediation*
 -   GP name: *DisableRoutinelyTakingAction*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -682,7 +682,7 @@ This policy setting allows you specify a list of file types that should be exclu
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Extension Exclusions*
+-   GP Friendly name: *Extension Exclusions*
 -   GP name: *Exclusions_Extensions*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -726,7 +726,7 @@ As an example, a path might be defined as: "c:\Windows" to exclude all files in
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Path Exclusions*
+-   GP Friendly name: *Path Exclusions*
 -   GP name: *Exclusions_Paths*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -768,7 +768,7 @@ This policy setting allows you to disable scheduled and real-time scanning for a
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Process Exclusions*
+-   GP Friendly name: *Process Exclusions*
 -   GP name: *Exclusions_Processes*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Exclusions*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -825,7 +825,7 @@ You can configure ASR rules in the Configure Attack Surface Reduction rules GP s
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Exclude files and paths from Attack Surface Reduction Rules*
+-   GP Friendly name: *Exclude files and paths from Attack Surface Reduction Rules*
 -   GP name: *ExploitGuard_ASR_ASROnlyExclusions*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -898,7 +898,7 @@ You can exclude folders or files in the "Exclude files and paths from Attack Sur
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure Attack Surface Reduction rules*
+-   GP Friendly name: *Configure Attack Surface Reduction rules*
 -   GP name: *ExploitGuard_ASR_Rules*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Attack Surface Reduction*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -957,7 +957,7 @@ Default system folders are automatically guarded, but you can add folders in the
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure allowed applications*
+-   GP Friendly name: *Configure allowed applications*
 -   GP name: *ExploitGuard_ControlledFolderAccess_AllowedApplications*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1017,7 +1017,7 @@ Microsoft Defender Antivirus automatically determines which applications can be
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure protected folders*
+-   GP Friendly name: *Configure protected folders*
 -   GP name: *ExploitGuard_ControlledFolderAccess_ProtectedFolders*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Microsoft Defender Exploit Guard\Controlled Folder Access*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1068,7 +1068,7 @@ Same as Disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Enable file hash computation feature*
+-   GP Friendly name: *Enable file hash computation feature*
 -   GP name: *MpEngine_EnableFileHashComputation*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MpEngine*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1114,7 +1114,7 @@ If you disable this setting, definition retirement will be disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on definition retirement*
+-   GP Friendly name: *Turn on definition retirement*
 -   GP name: *Nis_Consumers_IPS_DisableSignatureRetirement*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1156,7 +1156,7 @@ This policy setting defines additional definition sets to enable for network tra
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify additional definition sets for network traffic inspection*
+-   GP Friendly name: *Specify additional definition sets for network traffic inspection*
 -   GP name: *Nis_Consumers_IPS_sku_differentiation_Signature_Set_Guid*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1202,7 +1202,7 @@ If you disable this setting, protocol recognition will be disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on protocol recognition*
+-   GP Friendly name: *Turn on protocol recognition*
 -   GP name: *Nis_DisableProtocolRecognition*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Network Inspection System*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1248,7 +1248,7 @@ If you disable or do not configure this setting, the proxy server will not be by
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define addresses to bypass proxy server*
+-   GP Friendly name: *Define addresses to bypass proxy server*
 -   GP name: *ProxyBypass*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1300,7 +1300,7 @@ If you disable or do not configure this setting, the proxy will skip over this f
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define proxy auto-config (.pac) for connecting to the network*
+-   GP Friendly name: *Define proxy auto-config (.pac) for connecting to the network*
 -   GP name: *ProxyPacUrl*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1352,7 +1352,7 @@ If you disable or do not configure this setting, the proxy will skip over this f
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define proxy server for connecting to the network*
+-   GP Friendly name: *Define proxy server for connecting to the network*
 -   GP name: *ProxyServer*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1398,7 +1398,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for the removal of items from Quarantine folder*
+-   GP Friendly name: *Configure local setting override for the removal of items from Quarantine folder*
 -   GP name: *Quarantine_LocalSettingOverridePurgeItemsAfterDelay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1444,7 +1444,7 @@ If you disable or do not configure this setting, items will be kept in the quara
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure removal of items from Quarantine folder*
+-   GP Friendly name: *Configure removal of items from Quarantine folder*
 -   GP name: *Quarantine_PurgeItemsAfterDelay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Quarantine*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1490,7 +1490,7 @@ If you disable this setting, scheduled tasks will begin at the specified start t
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Randomize scheduled task times*
+-   GP Friendly name: *Randomize scheduled task times*
 -   GP name: *RandomizeScheduleTaskTimes*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1536,7 +1536,7 @@ If you disable this setting, behavior monitoring will be disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on behavior monitoring*
+-   GP Friendly name: *Turn on behavior monitoring*
 -   GP name: *RealtimeProtection_DisableBehaviorMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1582,7 +1582,7 @@ If you disable this setting, scanning for all downloaded files and attachments w
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Scan all downloaded files and attachments*
+-   GP Friendly name: *Scan all downloaded files and attachments*
 -   GP name: *RealtimeProtection_DisableIOAVProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1628,7 +1628,7 @@ If you disable this setting, monitoring for file and program activity will be di
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Monitor file and program activity on your computer*
+-   GP Friendly name: *Monitor file and program activity on your computer*
 -   GP name: *RealtimeProtection_DisableOnAccessProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1674,7 +1674,7 @@ If you disable this setting, raw write notifications be disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on raw volume write notifications*
+-   GP Friendly name: *Turn on raw volume write notifications*
 -   GP name: *RealtimeProtection_DisableRawWriteNotification*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1720,7 +1720,7 @@ If you disable this setting, a process scan will not be initiated when real-time
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on process scanning whenever real-time protection is enabled*
+-   GP Friendly name: *Turn on process scanning whenever real-time protection is enabled*
 -   GP name: *RealtimeProtection_DisableScanOnRealtimeEnable*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1766,7 +1766,7 @@ If you disable or do not configure this setting, a default size will be applied.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define the maximum size of downloaded files and attachments to be scanned*
+-   GP Friendly name: *Define the maximum size of downloaded files and attachments to be scanned*
 -   GP name: *RealtimeProtection_IOAVMaxSize*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1812,7 +1812,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for turn on behavior monitoring*
+-   GP Friendly name: *Configure local setting override for turn on behavior monitoring*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableBehaviorMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1858,7 +1858,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for scanning all downloaded files and attachments*
+-   GP Friendly name: *Configure local setting override for scanning all downloaded files and attachments*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableIOAVProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1904,7 +1904,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for monitoring file and program activity on your computer*
+-   GP Friendly name: *Configure local setting override for monitoring file and program activity on your computer*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableOnAccessProtection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1950,7 +1950,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override to turn on real-time protection*
+-   GP Friendly name: *Configure local setting override to turn on real-time protection*
 -   GP name: *RealtimeProtection_LocalSettingOverrideDisableRealtimeMonitoring*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -1996,7 +1996,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for monitoring for incoming and outgoing file activity*
+-   GP Friendly name: *Configure local setting override for monitoring for incoming and outgoing file activity*
 -   GP name: *RealtimeProtection_LocalSettingOverrideRealtimeScanDirection*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Real-time Protection*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2042,7 +2042,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
+-   GP Friendly name: *Configure local setting override for the time of day to run a scheduled full scan to complete remediation*
 -   GP name: *Remediation_LocalSettingOverrideScan_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2100,7 +2100,7 @@ If you disable or do not configure this setting, a scheduled full scan to comple
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the day of the week to run a scheduled full scan to complete remediation*
+-   GP Friendly name: *Specify the day of the week to run a scheduled full scan to complete remediation*
 -   GP name: *Remediation_Scan_ScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2146,7 +2146,7 @@ If you disable or do not configure this setting, a scheduled full scan to comple
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the time of day to run a scheduled full scan to complete remediation*
+-   GP Friendly name: *Specify the time of day to run a scheduled full scan to complete remediation*
 -   GP name: *Remediation_Scan_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Remediation*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2188,7 +2188,7 @@ This policy setting configures the time in minutes before a detection in the "ad
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure time out for detections requiring additional action*
+-   GP Friendly name: *Configure time out for detections requiring additional action*
 -   GP name: *Reporting_AdditionalActionTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2230,7 +2230,7 @@ This policy setting configures the time in minutes before a detection in the “
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure time out for detections in critically failed state*
+-   GP Friendly name: *Configure time out for detections in critically failed state*
 -   GP name: *Reporting_CriticalFailureTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2276,7 +2276,7 @@ If you enable this setting, Microsoft Defender Antivirus enhanced notifications
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn off enhanced notifications*
+-   GP Friendly name: *Turn off enhanced notifications*
 -   GP name: *Reporting_DisableEnhancedNotifications*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2321,7 +2321,7 @@ If you disable this setting, Watson events will not be sent.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure Watson events*
+-   GP Friendly name: *Configure Watson events*
 -   GP name: *Reporting_Disablegenericreports*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2363,7 +2363,7 @@ This policy setting configures the time in minutes before a detection in the "no
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure time out for detections in non-critical failed state*
+-   GP Friendly name: *Configure time out for detections in non-critical failed state*
 -   GP name: *Reporting_NonCriticalTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2403,7 +2403,7 @@ This policy setting configures the time in minutes before a detection in the "co
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure time out for detections in recently remediated state*
+-   GP Friendly name: *Configure time out for detections in recently remediated state*
 -   GP name: *Reporting_RecentlyCleanedTimeout*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2445,7 +2445,7 @@ This policy configures Windows software trace preprocessor (WPP Software Tracing
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure Windows software trace preprocessor components*
+-   GP Friendly name: *Configure Windows software trace preprocessor components*
 -   GP name: *Reporting_WppTracingComponents*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2494,7 +2494,7 @@ Tracing levels are defined as:
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure WPP tracing level*
+-   GP Friendly name: *Configure WPP tracing level*
 -   GP name: *Reporting_WppTracingLevel*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Reporting*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2540,7 +2540,7 @@ If you disable this setting, users will not be able to pause scans.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow users to pause scan*
+-   GP Friendly name: *Allow users to pause scan*
 -   GP name: *Scan_AllowPause*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2586,7 +2586,7 @@ If you disable or do not configure this setting, archive files will be scanned t
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the maximum depth to scan archive files*
+-   GP Friendly name: *Specify the maximum depth to scan archive files*
 -   GP name: *Scan_ArchiveMaxDepth*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2632,7 +2632,7 @@ If you disable or do not configure this setting, archive files will be scanned a
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the maximum size of archive files to be scanned*
+-   GP Friendly name: *Specify the maximum size of archive files to be scanned*
 -   GP name: *Scan_ArchiveMaxSize*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2679,7 +2679,7 @@ If you disable this setting, archive files will not be scanned.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Scan archive files*
+-   GP Friendly name: *Scan archive files*
 -   GP name: *Scan_DisableArchiveScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2725,7 +2725,7 @@ If you disable or do not configure this setting, e-mail scanning will be disable
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on e-mail scanning*
+-   GP Friendly name: *Turn on e-mail scanning*
 -   GP name: *Scan_DisableEmailScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2771,7 +2771,7 @@ If you disable this setting, heuristics will be disabled.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on heuristics*
+-   GP Friendly name: *Turn on heuristics*
 -   GP name: *Scan_DisableHeuristics*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2817,7 +2817,7 @@ If you disable this setting, packed executables will not be scanned.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Scan packed executables*
+-   GP Friendly name: *Scan packed executables*
 -   GP name: *Scan_DisablePackedExeScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2863,7 +2863,7 @@ If you disable or do not configure this setting, removable drives will not be sc
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Scan removable drives*
+-   GP Friendly name: *Scan removable drives*
 -   GP name: *Scan_DisableRemovableDriveScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2909,7 +2909,7 @@ If you disable or do not configure this setting, reparse point scanning will be
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on reparse point scanning*
+-   GP Friendly name: *Turn on reparse point scanning*
 -   GP name: *Scan_DisableReparsePointScanning*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -2955,7 +2955,7 @@ If you disable or do not configure this setting, a system restore point will not
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Create a system restore point*
+-   GP Friendly name: *Create a system restore point*
 -   GP name: *Scan_DisableRestorePoint*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3000,7 +3000,7 @@ If you disable or do not configure this setting, mapped network drives will not
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Run full scan on mapped network drives*
+-   GP Friendly name: *Run full scan on mapped network drives*
 -   GP name: *Scan_DisableScanningMappedNetworkDrivesForFullScan*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3046,7 +3046,7 @@ If you disable or do not configure this setting, network files will not be scann
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Scan network files*
+-   GP Friendly name: *Scan network files*
 -   GP name: *Scan_DisableScanningNetworkFiles*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3092,7 +3092,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for maximum percentage of CPU utilization*
+-   GP Friendly name: *Configure local setting override for maximum percentage of CPU utilization*
 -   GP name: *Scan_LocalSettingOverrideAvgCPULoadFactor*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3138,7 +3138,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for the scan type to use for a scheduled scan*
+-   GP Friendly name: *Configure local setting override for the scan type to use for a scheduled scan*
 -   GP name: *Scan_LocalSettingOverrideScanParameters*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3184,7 +3184,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for schedule scan day*
+-   GP Friendly name: *Configure local setting override for schedule scan day*
 -   GP name: *Scan_LocalSettingOverrideScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3230,7 +3230,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for scheduled quick scan time*
+-   GP Friendly name: *Configure local setting override for scheduled quick scan time*
 -   GP name: *Scan_LocalSettingOverrideScheduleQuickScantime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3276,7 +3276,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for scheduled scan time*
+-   GP Friendly name: *Configure local setting override for scheduled scan time*
 -   GP name: *Scan_LocalSettingOverrideScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3322,7 +3322,7 @@ If you disable or do not configure this setting, not changes will be made to CPU
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure low CPU priority for scheduled scans*
+-   GP Friendly name: *Configure low CPU priority for scheduled scans*
 -   GP name: *Scan_LowCpuPriority*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3368,7 +3368,7 @@ If you disable or do not configure this setting, a catch-up scan will occur afte
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define the number of days after which a catch-up scan is forced*
+-   GP Friendly name: *Define the number of days after which a catch-up scan is forced*
 -   GP name: *Scan_MissedScheduledScanCountBeforeCatchup*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3414,7 +3414,7 @@ If you disable or do not configure this setting, items will be kept in the scan
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on removal of items from scan history folder*
+-   GP Friendly name: *Turn on removal of items from scan history folder*
 -   GP name: *Scan_PurgeItemsAfterDelay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3460,7 +3460,7 @@ If you disable or do not configure this setting, a quick scan will run at a defa
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the interval to run quick scans per day*
+-   GP Friendly name: *Specify the interval to run quick scans per day*
 -   GP name: *Scan_QuickScanInterval*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3506,7 +3506,7 @@ If you disable this setting, scheduled scans will run at the scheduled time.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Start the scheduled scan only when computer is on but not in use*
+-   GP Friendly name: *Start the scheduled scan only when computer is on but not in use*
 -   GP name: *Scan_ScanOnlyIfIdle*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3564,7 +3564,7 @@ If you disable or do not configure this setting, a scheduled scan will run at a
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the day of the week to run a scheduled scan*
+-   GP Friendly name: *Specify the day of the week to run a scheduled scan*
 -   GP name: *Scan_ScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3610,7 +3610,7 @@ If you disable or do not configure this setting, a scheduled scan will run at a
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the time of day to run a scheduled scan*
+-   GP Friendly name: *Specify the time of day to run a scheduled scan*
 -   GP name: *Scan_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Scan*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3656,7 +3656,7 @@ If you disable or do not configure this setting, the antimalware service will be
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow antimalware service to remain running always*
+-   GP Friendly name: *Allow antimalware service to remain running always*
 -   GP name: *ServiceKeepAlive*
 -   GP path: *Windows Components\Microsoft Defender Antivirus*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3704,7 +3704,7 @@ If you disable or do not configure this setting, spyware security intelligence w
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define the number of days before spyware security intelligence is considered out of date*
+-   GP Friendly name: *Define the number of days before spyware security intelligence is considered out of date*
 -   GP name: *SignatureUpdate_ASSignatureDue*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3750,7 +3750,7 @@ If you disable or do not configure this setting, virus security intelligence wil
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define the number of days before virus security intelligence is considered out of date*
+-   GP Friendly name: *Define the number of days before virus security intelligence is considered out of date*
 -   GP name: *SignatureUpdate_AVSignatureDue*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3796,7 +3796,7 @@ If you disable or do not configure this setting, the list will remain empty by d
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define file shares for downloading security intelligence updates*
+-   GP Friendly name: *Define file shares for downloading security intelligence updates*
 -   GP name: *SignatureUpdate_DefinitionUpdateFileSharesSources*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3842,7 +3842,7 @@ If you disable this setting, a scan will not start following a security intellig
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn on scan after security intelligence update*
+-   GP Friendly name: *Turn on scan after security intelligence update*
 -   GP name: *SignatureUpdate_DisableScanOnUpdate*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3888,7 +3888,7 @@ If you disable this setting, security intelligence updates will be turned off wh
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow security intelligence updates when running on battery power*
+-   GP Friendly name: *Allow security intelligence updates when running on battery power*
 -   GP name: *SignatureUpdate_DisableScheduledSignatureUpdateonBattery*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3934,7 +3934,7 @@ If you disable this setting, security intelligence updates will not be initiated
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Initiate security intelligence update on startup*
+-   GP Friendly name: *Initiate security intelligence update on startup*
 -   GP name: *SignatureUpdate_DisableUpdateOnStartupWithoutEngine*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -3982,7 +3982,7 @@ If you disable or do not configure this setting, security intelligence update so
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define the order of sources for downloading security intelligence updates*
+-   GP Friendly name: *Define the order of sources for downloading security intelligence updates*
 -   GP name: *SignatureUpdate_FallbackOrder*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4028,7 +4028,7 @@ If you disable or do not configure this setting, security intelligence updates w
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow security intelligence updates from Microsoft Update*
+-   GP Friendly name: *Allow security intelligence updates from Microsoft Update*
 -   GP name: *SignatureUpdate_ForceUpdateFromMU*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4074,7 +4074,7 @@ If you disable this setting, real-time security intelligence updates will disabl
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
+-   GP Friendly name: *Allow real-time security intelligence updates based on reports to Microsoft MAPS*
 -   GP name: *SignatureUpdate_RealtimeSignatureDelivery*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4132,7 +4132,7 @@ If you disable or do not configure this setting, the check for security intellig
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the day of the week to check for security intelligence updates*
+-   GP Friendly name: *Specify the day of the week to check for security intelligence updates*
 -   GP name: *SignatureUpdate_ScheduleDay*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4178,7 +4178,7 @@ If you disable or do not configure this setting,  the check for security intelli
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify the time to check for security intelligence updates*
+-   GP Friendly name: *Specify the time to check for security intelligence updates*
 -   GP name: *SignatureUpdate_ScheduleTime*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4222,7 +4222,7 @@ If you disable or do not configure this setting, security intelligence will be r
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define security intelligence location for VDI clients.*
+-   GP Friendly name: *Define security intelligence location for VDI clients.*
 -   GP name: *SignatureUpdate_SharedSignaturesLocation*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4268,7 +4268,7 @@ If you disable this setting, the antimalware service will not receive notificati
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
+-   GP Friendly name: *Allow notifications to disable security intelligence based reports to Microsoft MAPS*
 -   GP name: *SignatureUpdate_SignatureDisableNotification*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4314,7 +4314,7 @@ If you disable or do not configure this setting, a catch-up security intelligenc
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Define the number of days after which a catch-up security intelligence update is required*
+-   GP Friendly name: *Define the number of days after which a catch-up security intelligence update is required*
 -   GP name: *SignatureUpdate_SignatureUpdateCatchupInterval*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4360,7 +4360,7 @@ If you disable this setting or do not configure this setting, a check for new se
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Check for the latest virus and spyware security intelligence on startup*
+-   GP Friendly name: *Check for the latest virus and spyware security intelligence on startup*
 -   GP name: *SignatureUpdate_UpdateOnStartup*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Security Intelligence Updates*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4420,7 +4420,7 @@ In Windows 10, Basic membership is no longer available, so setting the value to
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Join Microsoft MAPS*
+-   GP Friendly name: *Join Microsoft MAPS*
 -   GP name: *SpynetReporting*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4466,7 +4466,7 @@ If you disable or do not configure this setting, Policy will take priority over
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Configure local setting override for reporting to Microsoft MAPS*
+-   GP Friendly name: *Configure local setting override for reporting to Microsoft MAPS*
 -   GP name: *Spynet_LocalSettingOverrideSpynetReporting*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\MAPS*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4515,7 +4515,7 @@ Valid remediation action values are:
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify threats upon which default action should not be taken when detected*
+-   GP Friendly name: *Specify threats upon which default action should not be taken when detected*
 -   GP name: *Threats_ThreatIdDefaultAction*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Threats*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4561,7 +4561,7 @@ If you disable or do not configure this setting, there will be no additional tex
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Display additional text to clients when they need to perform an action*
+-   GP Friendly name: *Display additional text to clients when they need to perform an action*
 -   GP name: *UX_Configuration_CustomDefaultActionToastString*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4607,7 +4607,7 @@ If you enable this setting, Microsoft Defender Antivirus notifications will not
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Suppress all notifications*
+-   GP Friendly name: *Suppress all notifications*
 -   GP name: *UX_Configuration_Notification_Suppress*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4651,7 +4651,7 @@ If you enable this setting AM UI won't show reboot notifications.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Suppresses reboot notifications*
+-   GP Friendly name: *Suppresses reboot notifications*
 -   GP name: *UX_Configuration_SuppressRebootNotification*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
@@ -4695,7 +4695,7 @@ If you enable this setting AM UI won't be available to users.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Enable headless UI mode*
+-   GP Friendly name: *Enable headless UI mode*
 -   GP name: *UX_Configuration_UILockdown*
 -   GP path: *Windows Components\Microsoft Defender Antivirus\Client Interface*
 -   GP ADMX file name: *WindowsDefender.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index b7a4eabb21..d7bfdd79d3 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -93,7 +93,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *ActiveX Control*
+-   GP Friendly name: *ActiveX Control*
 -   GP name: *MMC_ActiveXControl*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMC.admx*
@@ -149,7 +149,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Extended View (Web View)*
+-   GP Friendly name: *Extended View (Web View)*
 -   GP name: *MMC_ExtendView*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMC.admx*
@@ -205,7 +205,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Link to Web Address*
+-   GP Friendly name: *Link to Web Address*
 -   GP name: *MMC_LinkToWeb*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMC.admx*
@@ -255,7 +255,7 @@ If you disable this setting or do not configure it, users can enter author mode
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Restrict the user from entering author mode*
+-   GP Friendly name: *Restrict the user from entering author mode*
 -   GP name: *MMC_Restrict_Author*
 -   GP path: *Windows Components\Microsoft Management Console*
 -   GP ADMX file name: *MMC.admx*
@@ -310,7 +310,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Restrict users to the explicitly permitted list of snap-ins*
+-   GP Friendly name: *Restrict users to the explicitly permitted list of snap-ins*
 -   GP name: *MMC_Restrict_To_Permitted_Snapins*
 -   GP path: *Windows Components\Microsoft Management Console*
 -   GP ADMX file name: *MMC.admx*
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index c1dbb2d4d9..1514a912be 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -4774,7 +4774,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Security Settings*
+-   GP Friendly name: *Security Settings*
 -   GP name: *MMC_SecuritySettings_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4828,7 +4828,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Security Settings*
+-   GP Friendly name: *Security Settings*
 -   GP name: *MMC_SecuritySettings_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4882,7 +4882,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Security Templates*
+-   GP Friendly name: *Security Templates*
 -   GP name: *MMC_SecurityTemplates*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4936,7 +4936,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Send Console Message*
+-   GP Friendly name: *Send Console Message*
 -   GP name: *MMC_SendConsoleMessage*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -4990,7 +4990,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Server Manager*
+-   GP Friendly name: *Server Manager*
 -   GP name: *MMC_ServerManager*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5044,7 +5044,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Service Dependencies*
+-   GP Friendly name: *Service Dependencies*
 -   GP name: *MMC_ServiceDependencies*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5098,7 +5098,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Services*
+-   GP Friendly name: *Services*
 -   GP name: *MMC_Services*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5152,7 +5152,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Shared Folders*
+-   GP Friendly name: *Shared Folders*
 -   GP name: *MMC_SharedFolders*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5206,7 +5206,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Shared Folders Ext*
+-   GP Friendly name: *Shared Folders Ext*
 -   GP name: *MMC_SharedFolders_Ext*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5260,7 +5260,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Software Installation (Computers)*
+-   GP Friendly name: *Software Installation (Computers)*
 -   GP name: *MMC_SoftwareInstalationComputers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5314,7 +5314,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Software Installation (Computers)*
+-   GP Friendly name: *Software Installation (Computers)*
 -   GP name: *MMC_SoftwareInstalationComputers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5368,7 +5368,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Software Installation (Users)*
+-   GP Friendly name: *Software Installation (Users)*
 -   GP name: *MMC_SoftwareInstallationUsers_1*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5422,7 +5422,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Software Installation (Users)*
+-   GP Friendly name: *Software Installation (Users)*
 -   GP name: *MMC_SoftwareInstallationUsers_2*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Resultant Set of Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5476,7 +5476,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *System Information*
+-   GP Friendly name: *System Information*
 -   GP name: *MMC_SysInfo*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5530,7 +5530,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *System Properties*
+-   GP Friendly name: *System Properties*
 -   GP name: *MMC_SysProp*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Extension snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5584,7 +5584,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *TPM Management*
+-   GP Friendly name: *TPM Management*
 -   GP name: *MMC_TPMManagement*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5638,7 +5638,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Telephony*
+-   GP Friendly name: *Telephony*
 -   GP name: *MMC_Telephony*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5692,7 +5692,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Remote Desktop Services Configuration*
+-   GP Friendly name: *Remote Desktop Services Configuration*
 -   GP name: *MMC_TerminalServices*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5746,7 +5746,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *WMI Control*
+-   GP Friendly name: *WMI Control*
 -   GP name: *MMC_WMI*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5800,7 +5800,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Windows Firewall with Advanced Security*
+-   GP Friendly name: *Windows Firewall with Advanced Security*
 -   GP name: *MMC_WindowsFirewall*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5854,7 +5854,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Windows Firewall with Advanced Security*
+-   GP Friendly name: *Windows Firewall with Advanced Security*
 -   GP name: *MMC_WindowsFirewall_GP*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5908,7 +5908,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Wired Network (IEEE 802.3) Policies*
+-   GP Friendly name: *Wired Network (IEEE 802.3) Policies*
 -   GP name: *MMC_WiredNetworkPolicy*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -5962,7 +5962,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Wireless Monitor*
+-   GP Friendly name: *Wireless Monitor*
 -   GP name: *MMC_WirelessMon*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins*
 -   GP ADMX file name: *MMCSnapins.admx*
@@ -6016,7 +6016,7 @@ When a snap-in is prohibited, it does not appear in the Add/Remove Snap-in windo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Wireless Network (IEEE 802.11) Policies*
+-   GP Friendly name: *Wireless Network (IEEE 802.11) Policies*
 -   GP name: *MMC_WirelessNetworkPolicy*
 -   GP path: *Windows Components\Microsoft Management Console\Restricted/Permitted snap-ins\Group Policy\Group Policy snap-in extensions*
 -   GP ADMX file name: *MMCSnapins.admx*
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 3be1f15988..b839ee8d78 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -183,7 +183,7 @@ If you do not configure this policy setting, Windows does not call the registere
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Notify antivirus programs when opening attachments*
+-   GP Friendly name: *Notify antivirus programs when opening attachments*
 -   GP name: *AM_CallIOfficeAntiVirus*
 -   GP path: *Windows Components/Attachment Manager*
 -   GP ADMX file name: *AttachmentManager.admx*
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index ba8ac722c2..cbf9ef190b 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -15,7 +15,8 @@ ms.localizationpriority: medium
 # Policy CSP - Browser
 
 > [!NOTE]
-> You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](/DeployEdge/).
+> These settings are for the previous version of Microsoft Edge (version 45 and earlier) and are deprecated. These settings will be removed in a future Windows release. Microsoft recommends updating your version of Microsoft Edge to version 77 or later and use the ADMX Ingestion function for management. Learn more about how to [Configure Microsoft Edge using Mobile Device Management](/deployedge/configure-edge-with-mdm).
+
 
 <!--Policies-->
 ## Browser policies  
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index e4e0453c5f..cb785576ec 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -40,9 +40,15 @@ manager: dansimp
   <dd>
     <a href="#experience-allowsaveasofofficefiles">Experience/AllowSaveAsOfOfficeFiles</a>
   </dd>
+  <dd>
+    <a href="#experience-allowscreencapture">Experience/AllowScreenCapture</a>
+  </dd>
   <dd>
     <a href="#experience-allowsharingofofficefiles">Experience/AllowSharingOfOfficeFiles</a>
   </dd>
+  <dd>
+    <a href="#experience-allowsimerrordialogpromptwhennosim">Experience/AllowSIMErrorDialogPromptWhenNoSIM</a>
+  </dd>
   <dd>
     <a href="#experience-allowsyncmysettings">Experience/AllowSyncMySettings</a>
   </dd>
@@ -362,6 +368,43 @@ This policy is deprecated.
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="experience-allowscreencapture"></a>**Experience/AllowScreenCapture**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+
+<!--/Description-->
+<!--SupportedValues-->
+Describe what value are supported in by this policy and meaning of each value is default value.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="experience-allowsharingofofficefiles"></a>**Experience/AllowSharingOfOfficeFiles**  
 
@@ -371,6 +414,40 @@ This policy is deprecated.
 <!--/Description-->
 <!--/Policy-->
 
+<!--Policy-->
+<a href="" id="experience-allowsimerrordialogpromptwhennosim"></a>**Experience/AllowSIMErrorDialogPromptWhenNoSIM**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+<!--SupportedValues-->
+Describes what value are supported in by this policy and meaning of each value is default value.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
 <hr/>
 
 <!--Policy-->
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 12fd5be044..1206fca386 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -212,6 +212,9 @@ manager: dansimp
   <dd>
     <a href="#internetexplorer-donotblockoutdatedactivexcontrolsonspecificdomains">InternetExplorer/DoNotBlockOutdatedActiveXControlsOnSpecificDomains</a>
   </dd>
+  <dd>
+    <a href="#internetexplorer-enableextendediemodehotkeys">InternetExplorer/EnableExtendedIEModeHotkeys</a>
+  </dd>
   <dd>
     <a href="#internetexplorer-includealllocalsites">InternetExplorer/IncludeAllLocalSites</a>
   </dd>
@@ -4270,6 +4273,58 @@ ADMX Info:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="internetexplorer-enableextendediemodehotkeys"></a>**InternetExplorer/EnableExtendedIEModeHotkeys**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * User
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting lets admins enable extended Microsoft Edge Internet Explorer mode hotkeys, such as "Ctrl+S" to have "Save as" functionality.
+
+- If you enable this policy, extended hotkey functionality is enabled in Internet Explorer mode and work the same as Internet Explorer.
+
+- If you disable, or don't configure this policy, extended hotkeys will not work in Internet Explorer mode.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 (default) - Disabled.
+-   1 - Enabled.
+
+<!--/SupportedValues-->
+<!--ADMXBacked-->
+ADMX Info:  
+-   GP Friendly name: *Allows enterprises to provide their users with a single-browser experience*
+-   GP name: *EnableExtendedIEModeHotkeys*
+-   GP path: *Windows Components/Internet Explorer/Security Features/Add-on Management*
+-   GP ADMX file name: *inetres.admx*
+
+<!--/ADMXBacked-->
+<!--/Policy-->
+
+<hr/>
 <!--Policy-->
 <a href="" id="internetexplorer-includealllocalsites"></a>**InternetExplorer/IncludeAllLocalSites**  
 
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index c23aac08e5..056c7c95d6 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -25,6 +25,8 @@ manager: dansimp
   </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</a>
+  </dd>  <dd>
+    <a href="#localpoliciessecurityoptions-accounts-enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
   </dd>
   <dd>
     <a href="#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
@@ -272,8 +274,55 @@ The following list shows the supported values:
 <!--/Policy-->
 
 <hr/>
-
 <!--Policy-->
+<a href="" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This setting allows the administrator to enable the guest Administrator account.
+
+Value type is integer. Supported operations are Add, Get, Replace, and Delete.
+
+<!--/Description-->
+<!--RegistryMapped-->
+GP Info:  
+-   GP Friendly name: *Accounts: Enable Guest Account Status*
+-   GP path: *Windows Settings/Security Settings/Local Policies/Security Options*
+
+<!--/RegistryMapped-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+-   0 - disabled (local Administrator account is disabled).
+-   1 - enabled (local Administrator account is enabled).
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+<!--Policy-->
+
 <a href="" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly"></a>**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**  
 
 <!--SupportedSKUs-->
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
new file mode 100644
index 0000000000..eea0f98401
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -0,0 +1,117 @@
+---
+title: Policy CSP - MemoryDump
+description: Use the Policy CSP
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - MemoryDump
+
+
+
+<hr/>
+
+<!--Policies-->
+## MemoryDump policies  
+
+<dl>
+  <dd>
+    <a href="#memorydump-allowcrashdump">MemoryDump/AllowCrashDump</a>
+  </dd>
+  <dd>
+    <a href="#memorydump-allowlivedump">MemoryDump/AllowLiveDump</a>
+  </dd>
+</dl>
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="memorydump-allowcrashdump"></a>**MemoryDump/AllowCrashDump**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting decides if crash dump collection on the machine is allowed or not.
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - Disable crash dump collection.
+- 1 (default) - Allow crash dump collection.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="memorydump-allowlivedump"></a>**MemoryDump/AllowLiveDump**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy setting decides if crash dump collection on the machine is allowed or not.
+
+<!--/Description-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - Disable crash dump collection.
+- 1 (default) - Allow crash dump collection.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
+<!--/Policies-->
+
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 2033a4f1d1..8ffc0e7ba1 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -29,12 +29,21 @@ manager: dansimp
   <dd>
     <a href="#mixedreality-brightnessbuttondisabled">MixedReality/BrightnessButtonDisabled</a>
   </dd>
+  <dd>
+    <a href="#mixedreality-configuremovingplatform">MixedReality/ConfigureMovingPlatform</a>
+  </dd>
   <dd>
     <a href="#mixedreality-fallbackdiagnostics">MixedReality/FallbackDiagnostics</a>
   </dd>
+  <dd>
+    <a href="#mixedreality-headtrackingmode">MixedReality/HeadTrackingMode/a>
+  </dd>
   <dd>
     <a href="#mixedreality-microphonedisabled">MixedReality/MicrophoneDisabled</a>
   </dd>
+  <dd>
+    <a href="#mixedreality-visitorautologon">MixedReality/VisitorAutoLogon</a>
+  </dd>
   <dd>
     <a href="#mixedreality-volumebuttondisabled">MixedReality/VolumeButtonDisabled</a>
   </dd>
@@ -49,8 +58,8 @@ manager: dansimp
 
 |Windows Edition|Supported|
 |--- |--- |
-|HoloLens (1st gen) Development Edition|No|
-|HoloLens (1st gen) Commercial Suite|No|
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
 Steps to use this policy correctly:
@@ -62,7 +71,7 @@ Steps to use this policy correctly:
 1. Enroll HoloLens devices and verify both configurations get applied to the device.
 1. Let Azure AD user 1 sign-in when internet is available. Once the user signs-in and Azure AD group membership is confirmed successfully, cache will be created.
 1. Now Azure AD user 1 can take HoloLens offline and use it for kiosk mode as long as policy value allows for X number of days.
-1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
+1. Steps 4 and 5 can be repeated for any other Azure AD user N. The key point is that any Azure AD user must sign-in to device using Internet at least once. Then we can determine that they are member of Azure AD group to which Kiosk configuration is targeted.
 
 > [!NOTE]
 > Until step 4 is performed for a Azure AD user will experience failure behavior mentioned similar to “disconnected” environments.
@@ -77,14 +86,14 @@ Steps to use this policy correctly:
 
 |Windows Edition|Supported|
 |--- |--- |
-|HoloLens (1st gen) Development Edition|No|
-|HoloLens (1st gen) Commercial Suite|No|
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
 <!--/Description-->
 This new AutoLogonUser policy controls whether a user will be automatically logged on. Some customers want to set up devices that are tied to an identity but don't want any sign in experience. Imagine picking up a device and using remote assist immediately. Or have a benefit of being able to rapidly  distribute HoloLens devices and enable their end users to speed up login.
 
-When the policy is set to a non-empty value, it specifies the email address of the auto log on user. The specified user must logon to the device at least once to enable autologon.
+When the policy is set to a non-empty value, it specifies the email address of the auto log-on user. The specified user must logon to the device at least once to enable autologon.
 
 The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoLogonUser`
 
@@ -92,7 +101,7 @@ The OMA-URI of new policy `./Device/Vendor/MSFT/Policy/Config/MixedReality/AutoL
 String value
 - User with the same email address will have autologon enabled.
 
-On a device where this policy is configured, the user specified in the policy will need to log on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log on as a different user, the policy must first be disabled.
+On a device where this policy is configured, the user specified in the policy will need to log-on at least once. Subsequent reboots of the device after the first logon will have the specified user automatically logged on. Only a single autologon user is supported. Once enabled, the automatically logged on user will not be able to log out manually. To log-on as a different user, the policy must first be disabled.
 
 > [!NOTE]
 >
@@ -133,8 +142,8 @@ Supported values are 0-60. The default value is 0 (day) and maximum value is 60
 
 |Windows Edition|Supported|
 |--- |--- |
-|HoloLens (1st gen) Development Edition|No|
-|HoloLens (1st gen) Commercial Suite|No|
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
 <!--/SupportedSKUs-->
@@ -167,6 +176,48 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 
+<!--Policy-->
+<a href="" id="mixedreality-configuremovingplatform"></a>**MixedReality/ConfigureMovingPlatform**  
+
+<!--SupportedSKUs-->
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy controls the behavior of moving platform feature on Hololens 2, that is, whether it is turned off / on or it can be toggled by a user. It should only be used by customers who intend to use Hololens 2 in moving environments with low dynamic motion. For background information, see [HoloLens 2 Moving Platform Mode | Microsoft Docs](/hololens/hololens2-moving-platform#:~:text=Why%20Moving%20Platform%20Mode%20is%20Necessary%20HoloLens%20needs%2csimilar%20pieces%20of%20information%20from%20two%20separate%20sources:).
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+Integer
+
+- 0 (Default) - Last set user's preference. Initial state is OFF and after that user's preference is persisted across reboots and is used to initialize the system.
+- 1 Force off - Moving platform is disabled and cannot be changed by user.
+- 2 Force on - Moving platform is enabled and cannot be changed by user.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
 <!--Policy-->
 <a href="" id="mixedreality-fallbackdiagnostics"></a>**MixedReality/FallbackDiagnostics**  
 
@@ -174,8 +225,8 @@ The following list shows the supported values:
 
 |Windows Edition|Supported|
 |--- |--- |
-|HoloLens (1st gen) Development Edition|No|
-|HoloLens (1st gen) Commercial Suite|No|
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
 <!--/SupportedSKUs-->
@@ -209,6 +260,47 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 
+<!--Policy-->
+<a href="" id="mixedreality-headtrackingmode"></a>**MixedReality/HeadTrackingMode**  
+
+<!--SupportedSKUs-->
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy configures behavior of HUP to determine, which algorithm to use for head tracking. It requires a reboot for the policy to take effect.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 - Feature – Default feature based / SLAM-based tracker (Default)
+- 1 - Constellation – LR constellation based tracker
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
 <!--Policy-->
 <a href="" id="mixedreality-microphonedisabled"></a>**MixedReality/MicrophoneDisabled**  
 
@@ -216,8 +308,8 @@ The following list shows the supported values:
 
 |Windows Edition|Supported|
 |--- |--- |
-|HoloLens (1st gen) Development Edition|No|
-|HoloLens (1st gen) Commercial Suite|No|
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
 <!--/SupportedSKUs-->
@@ -257,8 +349,8 @@ The following list shows the supported values:
 
 |Windows Edition|Supported|
 |--- |--- |
-|HoloLens (1st gen) Development Edition|No|
-|HoloLens (1st gen) Commercial Suite|No|
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
 <!--/SupportedSKUs-->
@@ -291,4 +383,45 @@ The following list shows the supported values:
 <!--/Policy-->
 <hr/>
 
+<!--Policy-->
+<a href="" id="mixedreality-visitorautologon"></a>**MixedReality/VisitorAutoLogon**  
+
+<!--SupportedSKUs-->
+
+|Windows Edition|Supported|
+|--- |--- |
+|HoloLens (first gen) Development Edition|No|
+|HoloLens (first gen) Commercial Suite|No|
+|HoloLens 2|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy controls whether a visitor user will be automatically logged in. Visitor users can only be created and logged in if an Assigned Access profile has been created targeting visitor users. A visitor user will only be automatically logged in if no other user has logged in on the device before.
+
+<!--/Description-->
+
+<!--ADMXBacked-->
+<!--/ADMXBacked-->
+
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 Disabled (Default)
+- 1 Enabled
+
+<!--/SupportedValues-->
+<!--/Policy-->
+<hr/>
+
 <!--/Policies-->
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
new file mode 100644
index 0000000000..cb70df917f
--- /dev/null
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -0,0 +1,86 @@
+---
+title: Policy CSP - NewsAndInterests
+description: Learn how Policy CSP - NewsandInterests contains a list of news and interests.
+ms.author: dansimp
+ms.topic: article
+ms.prod: w10
+ms.technology: windows
+author: dansimp
+ms.localizationpriority: medium
+ms.date: 09/27/2019
+ms.reviewer: 
+manager: dansimp
+---
+
+# Policy CSP - NewsAndInterests
+
+
+
+<hr/>
+
+<!--Policies-->
+## NewsAndInterests policies  
+
+<dl>
+  <dd>
+    <a href="#newsandinterests-allownewsandinterests">NewsAndInterests/AllowNewsAndInterests</a>
+  </dd>
+
+
+
+<hr/>
+
+<!--Policy-->
+<a href="" id="newsandinterests-allownewsandinterests"></a>**NewsAndInterests/AllowNewsAndInterests**  
+
+<!--SupportedSKUs-->
+
+|Edition|Windows 10|Windows 11|
+|--- |--- |--- |
+|Home|No|No|
+|Pro|Yes|Yes|
+|Business|Yes|Yes|
+|Enterprise|Yes|Yes|
+|Education|Yes|Yes|
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+
+<hr/>
+
+<!--/Scope-->
+
+<!--Description-->
+This policy specifies whether to allow the entire widgets experience, including the content on taskbar.
+ 
+<!--/Description-->
+
+<!--SupportedValues-->
+
+The following are the supported values:
+
+- 1 - Default - Allowed
+- 0 - Not allowed.
+
+<!--/SupportedValues-->
+
+<!--ADMXMapped-->
+ADMX Info:  
+-   GP Friendly name: *Specifies whether to allow the entire widgets experience, including the content on taskbar*.
+-   GP name: *AllowNewsAndInterests*
+-   GP path: *Network/NewsandInterests*
+-   GP ADMX file name: *NewsandInterests.admx*
+
+<!--/ADMXMapped-->
+<!--/Policy-->
+
+<hr/>
+
+
+<!--/Policies-->
\ No newline at end of file
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index 19de9949ac..5941d52099 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -64,6 +64,8 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
 
+This policy allows the user to load the DPAPI cred key from their user profile and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data.
+
 <!--/Description-->
 
 <!--ADMXBacked-->
@@ -105,160 +107,29 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.
-
-If you enable this policy setting, log files are generated.
-
-If you disable this policy setting, log files are not generated.
-
-If you do not configure this setting, application-based settings are used.
+This policy allows the user to load the DPAPI cred key from their user profile and decrypt any previously encrypted DPAPI data in the user profile or encrypt any new DPAPI data.
 
 <!--/Description-->
 
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 0 (default) - Disabled. 
+- 1 - Enabled. 
+
+<!--/SupportedValues-->
+
 <!--ADMXBacked-->
 ADMX Info:  
--   GP Friendly name: *Turn on session logging*
--   GP name: *RA_Logging*
--   GP path: *System/Remote Assistance*
--   GP ADMX file name: *remoteassistance.admx*
+-   GP Friendly name: *Allow DPAPI cred keys to be loaded from user profiles during logon for AADJ accounts*
+-   GP name: *LoadAadCredKeyFromProfile*
+-   GP path: *System/RemoteDesktop*
+-   GP ADMX file name: *remotedesktop.admx*
 
 <!--/ADMXBacked-->
 <!--/Policy-->
 
 <hr/>
 
-<!--Policy-->
-<a href="" id="remoteassistance-solicitedremoteassistance"></a>**RemoteAssistance/SolicitedRemoteAssistance**  
-
-<!--SupportedSKUs-->
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
-
-If you enable this policy setting, users on this computer can use email or file transfer to ask someone for help. Also, users can use instant messaging programs to allow connections to this computer, and you can configure additional Remote Assistance settings.
-
-If you disable this policy setting, users on this computer cannot use email or file transfer to ask someone for help. Also, users cannot use instant messaging programs to allow connections to this computer.
-
-If you do not configure this policy setting, users can turn on or turn off Solicited (Ask for) Remote Assistance themselves in System Properties in Control Panel. Users can also configure Remote Assistance settings.
-
-If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer."
-
-The "Maximum ticket time" policy setting sets a limit on the amount of time that a Remote Assistance invitation created by using email or file transfer can remain open.
-
-The "Select the method for sending email invitations" setting specifies which email standard to use to send Remote Assistance invitations. Depending on your email program, you can use either the Mailto standard (the invitation recipient connects through an Internet link) or the SMAPI (Simple MAPI) standard (the invitation is attached to your email message). This policy setting is not available in Windows Vista since SMAPI is the only method supported.
-
-If you enable this policy setting you should also enable appropriate firewall exceptions to allow Remote Assistance communications.
-
-<!--/Description-->
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Configure Solicited Remote Assistance*
--   GP name: *RA_Solicit*
--   GP path: *System/Remote Assistance*
--   GP ADMX file name: *remoteassistance.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-
-<hr/>
-
-<!--Policy-->
-<a href="" id="remoteassistance-unsolicitedremoteassistance"></a>**RemoteAssistance/UnsolicitedRemoteAssistance**  
-
-<!--SupportedSKUs-->
-
-|Edition|Windows 10|Windows 11|
-|--- |--- |--- |
-|Home|No|No|
-|Pro|Yes|Yes|
-|Business|Yes|Yes|
-|Enterprise|Yes|Yes|
-|Education|Yes|Yes|
-
-<!--/SupportedSKUs-->
-<hr/>
-
-<!--Scope-->
-[Scope](./policy-configuration-service-provider.md#policy-scope):
-
-> [!div class = "checklist"]
-> * Device
-
-<hr/>
-
-<!--/Scope-->
-<!--Description-->
-This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.
-
-If you enable this policy setting, users on this computer can get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-
-If you disable this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-
-If you do not configure this policy setting, users on this computer cannot get help from their corporate technical support staff using Offer (Unsolicited) Remote Assistance.
-
-If you enable this policy setting, you have two ways to allow helpers to provide Remote Assistance: "Allow helpers to only view the computer" or "Allow helpers to remotely control the computer." When you configure this policy setting, you also specify the list of users or user groups that are allowed to offer remote assistance.
-
-To configure the list of helpers, click "Show." In the window that opens, you can enter the names of the helpers. Add each user or group one by one. When you enter the name of the helper user or user groups, use the following format:
-
-`<Domain Name>\<User Name>` or
-
-`<Domain Name>\<Group Name>`
-
-If you enable this policy setting, you should also enable firewall exceptions to allow Remote Assistance communications. The firewall exceptions required for Offer (Unsolicited) Remote Assistance depend on the version of Windows you are running.
-
-Windows Vista and later
-
-Enable the Remote Assistance exception for the domain profile. The exception must contain:
-Port 135:TCP
-%WINDIR%\System32\msra.exe
-%WINDIR%\System32\raserver.exe
-
-Windows XP with Service Pack 2 (SP2) and Windows XP Professional x64 Edition with Service Pack 1 (SP1)
-
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-%WINDIR%\System32\Sessmgr.exe
-
-For computers running Windows Server 2003 with Service Pack 1 (SP1)
-
-Port 135:TCP
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe
-%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe
-Allow Remote Desktop Exception
-
-<!--/Description-->
-
-<!--ADMXBacked-->
-ADMX Info:  
--   GP Friendly name: *Configure Offer Remote Assistance*
--   GP name: *RA_Unsolicit*
--   GP path: *System/Remote Assistance*
--   GP ADMX file name: *remoteassistance.admx*
-
-<!--/ADMXBacked-->
-<!--/Policy-->
-<hr/>
 
 <!--/Policies-->
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index 902ead52a3..31f36b4007 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -93,7 +93,7 @@ You can limit the number of users who can connect simultaneously by configuring
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow users to connect remotely by using Remote Desktop Services*
+-   GP Friendly name: *Allow users to connect remotely by using Remote Desktop Services*
 -   GP name: *TS_DISABLE_CONNECTIONS*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections*
 -   GP ADMX file name: *terminalserver.admx*
@@ -149,7 +149,7 @@ FIPS compliance can be configured through the System cryptography. Use FIPS comp
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Set client connection encryption level*
+-   GP Friendly name: *Set client connection encryption level*
 -   GP name: *TS_ENCRYPTION_POLICY*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
@@ -199,7 +199,7 @@ If you do not configure this policy setting, client drive redirection and Clipbo
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not allow drive redirection*
+-   GP Friendly name: *Do not allow drive redirection*
 -   GP name: *TS_CLIENT_DRIVE_M*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Device and Resource Redirection*
 -   GP ADMX file name: *terminalserver.admx*
@@ -245,7 +245,7 @@ If you disable this setting or leave it not configured, the user will be able to
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Do not allow passwords to be saved*
+-   GP Friendly name: *Do not allow passwords to be saved*
 -   GP name: *TS_CLIENT_DISABLE_PASSWORD_SAVING_2*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Connection Client*
 -   GP ADMX file name: *terminalserver.admx*
@@ -297,7 +297,7 @@ If you do not configure this policy setting, automatic logon is not specified at
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Always prompt for password upon connection*
+-   GP Friendly name: *Always prompt for password upon connection*
 -   GP name: *TS_PASSWORD*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
@@ -349,7 +349,7 @@ Note: The RPC interface is used for administering and configuring Remote Desktop
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Require secure RPC communication*
+-   GP Friendly name: *Require secure RPC communication*
 -   GP name: *TS_RPC_ENCRYPTION*
 -   GP path: *Windows Components/Remote Desktop Services/Remote Desktop Session Host/Security*
 -   GP ADMX file name: *terminalserver.admx*
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 88f1e02ee3..7062b9695c 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -114,7 +114,7 @@ If you disable or do not configure this policy setting, the WinRM client does no
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow Basic authentication*
+-   GP Friendly name: *Allow Basic authentication*
 -   GP name: *AllowBasic_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -160,7 +160,7 @@ If you disable or do not configure this policy setting, the WinRM service does n
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow Basic authentication*
+-   GP Friendly name: *Allow Basic authentication*
 -   GP name: *AllowBasic_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -206,7 +206,7 @@ If you disable or do not configure this policy setting, the WinRM client does no
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow CredSSP authentication*
+-   GP Friendly name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -252,7 +252,7 @@ If you disable or do not configure this policy setting, the WinRM service does n
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow CredSSP authentication*
+-   GP Friendly name: *Allow CredSSP authentication*
 -   GP name: *AllowCredSSP_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -311,7 +311,7 @@ Example IPv6 filters:\n3FFE:FFFF:7654:FEDA:1245:BA98:0000:0000-3FFE:FFFF:7654:FE
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow remote server management through WinRM*
+-   GP Friendly name: *Allow remote server management through WinRM*
 -   GP name: *AllowAutoConfig*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -357,7 +357,7 @@ If you disable or do not configure this policy setting, the WinRM client sends o
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow unencrypted traffic*
+-   GP Friendly name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -403,7 +403,7 @@ If you disable or do not configure this policy setting, the WinRM client sends o
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow unencrypted traffic*
+-   GP Friendly name: *Allow unencrypted traffic*
 -   GP name: *AllowUnencrypted_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -449,7 +449,7 @@ If you disable or do not configure this policy setting, the WinRM client uses Di
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Disallow Digest authentication*
+-   GP Friendly name: *Disallow Digest authentication*
 -   GP name: *DisallowDigest*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -495,7 +495,7 @@ If you disable or do not configure this policy setting, the WinRM client uses Ne
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Disallow Negotiate authentication*
+-   GP Friendly name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_2*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -541,7 +541,7 @@ If you disable or do not configure this policy setting, the WinRM service accept
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Disallow Negotiate authentication*
+-   GP Friendly name: *Disallow Negotiate authentication*
 -   GP name: *DisallowNegotiate_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -589,7 +589,7 @@ If you enable and then disable this policy setting,any values that were previous
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Disallow WinRM from storing RunAs credentials*
+-   GP Friendly name: *Disallow WinRM from storing RunAs credentials*
 -   GP name: *DisableRunAs*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -641,7 +641,7 @@ If HardeningLevel is set to None, all requests are accepted (though they are not
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify channel binding token hardening level*
+-   GP Friendly name: *Specify channel binding token hardening level*
 -   GP name: *CBTHardeningLevel_1*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -687,7 +687,7 @@ If you disable or do not configure this policy setting and the WinRM client need
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Trusted Hosts*
+-   GP Friendly name: *Trusted Hosts*
 -   GP name: *TrustedHosts*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Client*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -737,7 +737,7 @@ A listener might be automatically created on port 80 to ensure backward compatib
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn On Compatibility HTTP Listener*
+-   GP Friendly name: *Turn On Compatibility HTTP Listener*
 -   GP name: *HttpCompatibilityListener*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
@@ -787,7 +787,7 @@ A listener might be automatically created on port 443 to ensure backward compati
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Turn On Compatibility HTTPS Listener*
+-   GP Friendly name: *Turn On Compatibility HTTPS Listener*
 -   GP name: *HttpsCompatibilityListener*
 -   GP path: *Windows Components/Windows Remote Management (WinRM)/WinRM Service*
 -   GP ADMX file name: *WindowsRemoteManagement.admx*
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 9832eb9c61..a750b0adde 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -78,7 +78,7 @@ Note: This policy will not be applied until the system is rebooted.
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Enable RPC Endpoint Mapper Client Authentication*
+-   GP Friendly name: *Enable RPC Endpoint Mapper Client Authentication*
 -   GP name: *RpcEnableAuthEpResolution*
 -   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*
@@ -137,7 +137,7 @@ If you enable this policy setting, it directs the RPC server runtime to restrict
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Restrict Unauthenticated RPC clients*
+-   GP Friendly name: *Restrict Unauthenticated RPC clients*
 -   GP name: *RpcRestrictRemoteClients*
 -   GP path: *System/Remote Procedure Call*
 -   GP ADMX file name: *rpc.admx*
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index a9f428a5a9..25abffed2e 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -89,7 +89,7 @@ If you set this policy to ‘disabled’, new remote shell connections are rejec
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Allow Remote Shell Access*
+-   GP Friendly name: *Allow Remote Shell Access*
 -   GP name: *AllowRemoteShellAccess*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -137,7 +137,7 @@ If you disable or do not configure this policy setting, the default number is fi
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *MaxConcurrentUsers*
+-   GP Friendly name: *MaxConcurrentUsers*
 -   GP name: *MaxConcurrentUsers*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -185,7 +185,7 @@ If you do not configure or disable this policy setting, the default value of 900
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify idle Timeout*
+-   GP Friendly name: *Specify idle Timeout*
 -   GP name: *IdleTimeout*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -233,7 +233,7 @@ If you disable or do not configure this policy setting, the value 150 is used by
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify maximum amount of memory in MB per Shell*
+-   GP Friendly name: *Specify maximum amount of memory in MB per Shell*
 -   GP name: *MaxMemoryPerShellMB*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -279,7 +279,7 @@ If you disable or do not configure this policy setting,  the limit is five proce
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify maximum number of processes per Shell*
+-   GP Friendly name: *Specify maximum number of processes per Shell*
 -   GP name: *MaxProcessesPerShell*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -327,7 +327,7 @@ If you disable or do not configure this policy setting, by default the limit is
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify maximum number of remote shells per user*
+-   GP Friendly name: *Specify maximum number of remote shells per user*
 -   GP name: *MaxShellsPerUser*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
@@ -369,7 +369,7 @@ This policy setting is deprecated and has no effect when set to any state: Enabl
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Specify Shell Timeout*
+-   GP Friendly name: *Specify Shell Timeout*
 -   GP name: *ShellTimeOut*
 -   GP path: *Windows Components/Windows Remote Shell*
 -   GP ADMX file name: *WindowsRemoteShell.admx*
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 4c50234b0c..5028411604 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -99,7 +99,7 @@ Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow Cloud Search*
+-   GP Friendly name: *Allow Cloud Search*
 -   GP name: *AllowCloudSearch*
 -   GP element: *AllowCloudSearch_Dropdown*
 -   GP path: *Windows Components/Search*
@@ -148,7 +148,7 @@ This policy allows the cortana opt-in page during windows setup out of the box e
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow Cloud Search*
+-   GP Friendly name: *Allow Cloud Search*
 -   GP name: *AllowCortanaInAAD*
 -   GP element: *AllowCloudSearch_Dropdown*
 -   GP path: *Windows Components/Search*
@@ -196,7 +196,7 @@ Controls if the user can configure search to Find My Files mode, which searches
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow Find My Files*
+-   GP Friendly name: *Allow Find My Files*
 -   GP name: *AllowFindMyFiles*
 -   GP path: *Computer Configuration/Administrative Templates/Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -256,7 +256,7 @@ Most restricted value is 0.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow indexing of encrypted files*
+-   GP Friendly name: *Allow indexing of encrypted files*
 -   GP name: *AllowIndexingEncryptedStoresOrItems*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -306,7 +306,7 @@ Most restricted value is 0.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow search and Cortana to use location*
+-   GP Friendly name: *Allow search and Cortana to use location*
 -   GP name: *AllowSearchToUseLocation*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -368,7 +368,7 @@ Most restricted value is 0.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Allow use of diacritics*
+-   GP Friendly name: *Allow use of diacritics*
 -   GP name: *AllowUsingDiacritics*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -452,7 +452,7 @@ Most restricted value is 0.
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Always use automatic language detection when indexing content and properties*
+-   GP Friendly name: *Always use automatic language detection when indexing content and properties*
 -   GP name: *AlwaysUseAutoLangDetection*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -500,7 +500,7 @@ If enabled, the search indexer backoff feature will be disabled. Indexing will c
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Disable indexer backoff*
+-   GP Friendly name: *Disable indexer backoff*
 -   GP name: *DisableBackoff*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -552,7 +552,7 @@ If you disable or do not configure this policy setting, locations on removable d
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Do not allow locations on removable drives to be added to libraries*
+-   GP Friendly name: *Do not allow locations on removable drives to be added to libraries*
 -   GP name: *DisableRemovableDriveIndexing*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -605,7 +605,7 @@ If you disable this policy setting, queries will be performed on the web and web
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Don't search the web or display web results in Search*
+-   GP Friendly name: *Don't search the web or display web results in Search*
 -   GP name: *DoNotUseWebResults*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -657,7 +657,7 @@ When this policy is disabled or not configured, Windows Desktop Search automatic
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Stop indexing in the event of limited hard drive space*
+-   GP Friendly name: *Stop indexing in the event of limited hard drive space*
 -   GP name: *StopIndexingOnLimitedHardDriveSpace*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
@@ -705,7 +705,7 @@ If enabled, clients will be unable to query this computer's index remotely. Thus
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Prevent clients from querying the index remotely*
+-   GP Friendly name: *Prevent clients from querying the index remotely*
 -   GP name: *PreventRemoteQueries*
 -   GP path: *Windows Components/Search*
 -   GP ADMX file name: *Search.admx*
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 136a6f1772..dc3da9ca62 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -190,7 +190,7 @@ Admin access is required. The prompt will appear on first admin logon after a re
 <!--/Description-->
 <!--ADMXMapped-->
 ADMX Info:  
--   GP English name: *Configure the system to clear the TPM if it is not in a ready state.*
+-   GP Friendly name: *Configure the system to clear the TPM if it is not in a ready state.*
 -   GP name: *ClearTPMIfNotReady_Name*
 -   GP path: *System/Trusted Platform Module Services*
 -   GP ADMX file name: *TPM.admx*
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index f8b22ff8c3..6dd30d5940 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -75,7 +75,7 @@ If you disable or do not configure this policy setting, the stricter security se
 
 <!--ADMXBacked-->
 ADMX Info:  
--   GP English name: *Enable svchost.exe mitigation options*
+-   GP Friendly name: *Enable svchost.exe mitigation options*
 -   GP name: *SvchostProcessMitigationEnable*
 -   GP path: *System/Service Control Manager Settings/Security Settings*
 -   GP ADMX file name: *ServiceControlManager.admx*
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 5ab723b796..2fd9258e23 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -51,6 +51,9 @@ manager: dansimp
   <dd>
     <a href="#start-allowpinnedfoldervideos">Start/AllowPinnedFolderVideos</a>
   </dd>
+  <dd>
+    <a href="#start-configurestartpins">Start/ConfigureStartPins</a>
+  </dd>
   <dd>
     <a href="#start-disablecontextmenus">Start/DisableContextMenus</a>
   </dd>
@@ -108,6 +111,9 @@ manager: dansimp
   <dd>
     <a href="#start-nopinningtotaskbar">Start/NoPinningToTaskbar</a>
   </dd>
+  <dd>
+    <a href="#start-showorhidemostusedapps">Start/ShowOrHideMostUsedApps</a>
+  </dd>
   <dd>
     <a href="#start-startlayout">Start/StartLayout</a>
   </dd>
@@ -526,6 +532,67 @@ The following list shows the supported values:
 
 <hr/>
 
+<!--Policy-->
+<a href="" id="start-configurestartpins"></a>**Start/ConfigureStartPins**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+This policy will allow admins to push a new list of pinned apps to override the default/current list of pinned apps in the Windows 11 start menu experience.
+
+It contains details on how to configure the start menu on Windows 11, see [/windows-hardware/customize/desktop/customize-the-windows-11-start-menu](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu)
+
+<!--/Description-->
+
+<!--SupportedValues-->
+
+This string policy will take a JSON file (expected name LayoutModification.json), which enumerates the items to pin and their relative order.
+
+<!--/SupportedValues-->
+<!--/Policy-->
+
+<hr/>
+
+
 <!--Policy-->
 <a href="" id="start-disablecontextmenus"></a>**Start/DisableContextMenus**  
 
@@ -1498,6 +1565,75 @@ To validate on Desktop, do the following:
 
 <hr/>
 
+
+<!--Policy-->
+<a href="" id="start-showorhidemostusedapps"></a>**Start/ShowOrHideMostUsedApps**  
+
+<!--SupportedSKUs-->
+<table>
+<tr>
+    <th>Edition</th>
+    <th>Windows 10</th>
+    <th>Windows 11</th>
+</tr>
+<tr>
+    <td>Home</td>
+    <td>No</td>
+    <td>No</td>
+</tr>
+<tr>
+    <td>Pro</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Business</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Enterprise</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+<tr>
+    <td>Education</td>
+    <td>Yes</td>
+    <td>Yes</td>
+</tr>
+</table>
+
+<!--/SupportedSKUs-->
+<hr/>
+
+<!--Scope-->
+[Scope](./policy-configuration-service-provider.md#policy-scope):
+
+> [!div class = "checklist"]
+> * Device
+> * User
+
+<hr/>
+
+<!--/Scope-->
+<!--Description-->
+
+<!--/Description-->
+<!--SupportedValues-->
+The following list shows the supported values:
+
+- 1 - Force showing of Most Used Apps in Start Menu, user cannot change in Settings
+- 0 - Force hiding of Most Used Apps in Start Menu, user cannot change in Settings
+- Not set - User can use Settings to hide or show Most Used Apps in Start Menu
+
+On clean install, the user setting defaults to "hide".
+
+<!--/SupportedValues-->
+
+<!--/Policy-->
+
+<hr/>
+
 <!--Policy-->
 <a href="" id="start-startlayout"></a>**Start/StartLayout**  
 
diff --git a/windows/client-management/mdm/toc.yml b/windows/client-management/mdm/toc.yml
index 8b642d0a06..1b85a93de4 100644
--- a/windows/client-management/mdm/toc.yml
+++ b/windows/client-management/mdm/toc.yml
@@ -741,6 +741,8 @@ items:
               href: policy-csp-lockdown.md
             - name: Maps
               href: policy-csp-maps.md
+            - name: MemoryDump
+              href: policy-csp-memorydump.md
             - name: Messaging
               href: policy-csp-messaging.md
             - name: MixedReality
@@ -755,6 +757,8 @@ items:
               href: policy-csp-networkisolation.md
             - name: NetworkListManager
               href: policy-csp-networklistmanager.md
+            - name: NewsAndInterests
+              href: policy-csp-newsandinterests.md
             - name: Notifications
               href: policy-csp-notifications.md
             - name: Power
@@ -765,6 +769,8 @@ items:
               href: policy-csp-privacy.md
             - name: RemoteAssistance
               href: policy-csp-remoteassistance.md
+            - name: RemoteDesktop
+              href: policy-csp-remotedesktop.md
             - name: RemoteDesktopServices
               href: policy-csp-remotedesktopservices.md
             - name: RemoteManagement
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 0785a4e3d4..6eb965d5b3 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -167,6 +167,8 @@
               href: update/waas-manage-updates-wufb.md
             - name: Configure Windows Update for Business
               href: update/waas-configure-wufb.md
+            - name: Use Windows Update for Business and WSUS
+              href: update/wufb-wsus.md    
             - name: Windows Update for Business deployment service
               href: update/deployment-service-overview.md
               items:
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 186a8fe7bd..5cdc86d26c 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -257,6 +257,5 @@ When you have completed all the steps in this section to prepare for deployment,
 **Sample files**
 
 The following sample files are also available to help automate some MDT deployment tasks. This guide does not use these files, but they are made available here so you can see how some tasks can be automated with Windows PowerShell.
-- [Gather.ps1](/samples/browse/?redirectedfrom=TechNet-Gallery). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
 - [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
 - [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index 64938b8f63..48915f5a14 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -38,9 +38,6 @@ If you have access to Microsoft BitLocker Administration and Monitoring (MBAM),
 > [!NOTE]
 > Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511.
 
->[!NOTE]
->Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For more information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](/previous-versions/windows/it-pro/windows-7/dd875529(v=ws.10)). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
-
 For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
 
 ## Configure Active Directory for BitLocker
@@ -170,4 +167,4 @@ In the following task sequence, we added five actions:
 [Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)<br>
 [Assign applications using roles in MDT](assign-applications-using-roles-in-mdt.md)<br>
 [Use web services in MDT](use-web-services-in-mdt.md)<br>
-[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
\ No newline at end of file
+[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index bae2b9eb0d..315c9d9867 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -12,7 +12,7 @@ ms.author: greglin
 ms.date: 02/13/2018
 manager: dougeby
 ms.audience: itpro
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index a4a9b96d26..75b8f99025 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -3,7 +3,7 @@ title: Windows 10 Pro in S mode
 description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
 keywords: Windows 10 S, S mode, Windows S mode, Windows 10 S mode, S-mode, system requirements, Overview, Windows 10 Pro in S mode, Windows 10 Enterprise in S mode, Windows 10 Pro/Enterprise in S mode
 ms.mktglfcycl: deploy
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.prod: w10
 ms.sitesec: library
 ms.pagetype: deploy
@@ -58,4 +58,4 @@ The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-too
 - [Consumer applications for S mode](https://www.microsoft.com/windows/s-mode)
 - [S mode devices](https://www.microsoft.com/en-us/windows/view-all-devices)
 - [Windows Defender Application Control deployment guide](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide)
-- [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
\ No newline at end of file
+- [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp)
diff --git a/windows/deployment/update/media/specify-update-type-sources.png b/windows/deployment/update/media/specify-update-type-sources.png
new file mode 100644
index 0000000000..92d8bc1356
Binary files /dev/null and b/windows/deployment/update/media/specify-update-type-sources.png differ
diff --git a/windows/deployment/update/servicing-stack-updates.md b/windows/deployment/update/servicing-stack-updates.md
index 079e41dff7..849c2e569d 100644
--- a/windows/deployment/update/servicing-stack-updates.md
+++ b/windows/deployment/update/servicing-stack-updates.md
@@ -6,7 +6,7 @@ ms.mktglfcycl: manage
 audience: itpro
 itproauthor: jaimeo
 author: jaimeo
-ms.localizationpriority: medium
+ms.localizationpriority: high
 ms.author: jaimeo
 manager: dougeby
 ms.collection:
diff --git a/windows/deployment/update/wufb-wsus.md b/windows/deployment/update/wufb-wsus.md
new file mode 100644
index 0000000000..37ad4990d7
--- /dev/null
+++ b/windows/deployment/update/wufb-wsus.md
@@ -0,0 +1,78 @@
+---
+title: Use Windows Update for Business (WUfB) and Windows Server Update Services (WSUS) together
+description:  Learn how to use Windows Update for Business and WSUS together using the new scan source policy.
+ms.prod: w10
+ms.mktglfcycl: manage
+author: arcarley
+ms.localizationpriority: medium
+audience: itpro
+ms.author: arcarley
+ms.collection:
+  - m365initiative-coredeploy
+  - highpri
+manager: dougeby
+ms.topic: article
+---
+
+# Use Windows Update for Business and WSUS together
+
+**Applies to**
+
+- Windows 10
+- Windows 11
+
+> **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq)
+
+The Windows update scan source policy enables you to choose what types of updates to get from either [WSUS](waas-manage-updates-wsus.md) or Windows Update for Business (WUfB) service.
+
+We added the scan source policy starting with the [September 1, 2021—KB5005101 (OS Builds 19041.1202, 19042.1202, and 19043.1202) Preview](https://support.microsoft.com/help/5005101) update and it applies to Window 10, version 2004 and above and Windows 11. This policy changes the way devices determine whether to scan against a local WSUS server or Windows Update service.
+
+> [!IMPORTANT]
+> The policy **Do not allow update deferral policies to cause scans against Windows Update**, also known as Dual Scan, is no longer supported on Windows 11 and on Windows 10 it is replaced by the new Windows scan source policy and is not recommended for use. If you configure both on Windows 10, you will not get updates from Windows Update.
+
+## About the scan source policy
+
+The specify scan source policy enables you to specify whether your device gets the following Windows update types form WSUS **or** from Windows Update:
+
+- Feature updates
+- Windows quality updates
+- Driver and firmware updates
+- Updates for other Microsoft products
+
+We recommend using this policy on your transition from fully on-premises managed environment to a cloud supported one. Whether you move only drivers to the cloud today or drivers and quality updates and then later move your other workloads, taking a step-by-step approach might ease the transition.
+
+## Default scan behavior
+
+To help you better understand the scan source policy, see the default scan behavior below and how we can change it:
+
+- If no policies are configured: All of your updates will come from Windows Update.
+- If you configure only the WSUS server policy:
+
+  - On Windows 10: All of your updates will come from WSUS.
+  - On Windows 11: All of your updates will still come from Windows Update unless you configure the specify scan source policy.
+
+- If you configure a WSUS server and deferral policies: All of your updates will come from Windows Update unless you specify the scan source policy.
+- If you configure a WSUS server and the scan source policy: All of your updates will come from the source chosen in the scan source policy.
+
+> [!TIP]
+> The only two relevant policies for where your updates come from are the specify scan source policy and whether or not you have configured a WSUS server. This should simplify the configuration options.
+
+## Configure the scan sources
+
+The policy can be configured using the following two methods:
+
+1. Group Policy: Specify source service for specific classes of Windows Updates
+
+   - Path: Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage updates offered from Windows Server Update Service\
+
+   :::image type="content" source="media/specify-update-type-sources.png" alt-text="Screenshot of the Group Policy for specifiying sources for update types":::
+
+2. Configuration Service Provider (CSP) Policies: **SetPolicyDrivenUpdateSourceFor&lt;Update Type>**:
+
+> [!NOTE]
+> You should configure **all** of these policies if you are using CSPs.
+
+- [Update/SetPolicyDrivenUpdateSourceForDriverUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourcefordriver)
+- [Update/SetPolicyDrivenUpdateSourceForFeatureUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourceforfeature)
+- [Update/SetPolicyDrivenUpdateSourceForOtherUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourceforother)
+- [Update/SetPolicyDrivenUpdateSourceForQualityUpdates](/windows/client-management/mdm/policy-csp-update#update-setpolicydrivenupdatesourceforquality)
diff --git a/windows/deployment/upgrade/resolution-procedures.md b/windows/deployment/upgrade/resolution-procedures.md
index 608df22ec5..c76c4c1372 100644
--- a/windows/deployment/upgrade/resolution-procedures.md
+++ b/windows/deployment/upgrade/resolution-procedures.md
@@ -45,7 +45,7 @@ See the following general troubleshooting procedures associated with a result co
 | :---     |  :---  |  :--- |
 | 0xC1900101 - 0x20004   | Uninstall antivirus applications.<br>Remove all unused SATA devices. <br>Remove all unused devices and drivers. <br>Update drivers and BIOS.     | Windows Setup encountered an error during the SAFE_OS with the INSTALL_RECOVERY_ENVIRONMENT operation. <br>This is generally caused by out-of-date drivers.    |
 | 0xC1900101 - 0x2000c     | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br> Contact your hardware vendor to obtain updated device drivers.<br> Ensure that "Download and install updates (recommended)" is accepted at the start of the upgrade process.       | Windows Setup encountered an unspecified error during Wim apply in the WinPE phase.<br> This is generally caused by out-of-date drivers      |
-| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.<br>Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.<br>For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](/troubleshoot/windows-client/deployment/windows-setup-log-file-locations).<br>Update or uninstall the problem drivers. | A driver has caused an illegal operation.<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.<br>This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software. |
+| 0xC1900101 - 0x20017 | Ensure that all that drivers are updated.<br>Open the Setuperr.log and Setupact.log files in the %windir%\Panther directory, and then locate the problem drivers.<br>For more information, see [Windows Vista, Windows 7, Windows Server 2008 R2, Windows 8.1, and Windows 10 setup log file locations](/troubleshoot/windows-client/deployment/windows-setup-log-file-locations).<br>Update or uninstall the problem drivers. | A driver has caused an illegal operation.<br>Windows was not able to migrate the driver, resulting in a rollback of the operating system.<br>This is a SafeOS boot failure, typically caused by drivers or non-Microsoft disk encryption software.<br>This can also be caused by a hardware failure. |
 | 0xC1900101 - 0x30018 | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Contact your hardware vendor to obtain updated device drivers.<br>Ensure that &quot;Download and install updates (recommended)&quot; is accepted at the start of the upgrade process. | A device driver has stopped responding to setup.exe during the upgrade process. |
 | 0xC1900101 - 0x3000D | Disconnect all peripheral devices that are connected to the system, except for the mouse, keyboard and display.<br>Update or uninstall the display driver. | Installation failed during the FIRST_BOOT phase while attempting the MIGRATE_DATA operation.<br>This can occur due to a problem with a display driver. |
 | 0xC1900101 - 0x4000D | Check supplemental rollback logs for a setupmem.dmp file, or event logs for any unexpected reboots or errors.<br>Review the rollback log and determine the stop code.<br>The rollback log is located in the <strong>$Windows.~BT\Sources\Rollback</strong> folder.  An example analysis is shown below. This example is not representative of all cases:<br>&nbsp;<br>Info SP     Crash 0x0000007E detected<br>Info SP       Module name           :<br>Info SP       Bugcheck parameter 1  : 0xFFFFFFFFC0000005<br>Info SP       Bugcheck parameter 2  : 0xFFFFF8015BC0036A<br>Info SP       Bugcheck parameter 3  : 0xFFFFD000E5D23728<br>Info SP       Bugcheck parameter 4  : 0xFFFFD000E5D22F40<br>Info SP     Cannot recover the system.<br>Info SP     Rollback: Showing splash window with restoring text: Restoring your previous version of Windows.<br>&nbsp;<br>Typically, there is a dump file for the crash to analyze. If you are not equipped to debug the dump, then attempt the following basic troubleshooting procedures:<br>&nbsp;<br>1. Make sure you have enough disk space.<br>2. If a driver is identified in the bug check message, disable the driver or check with the manufacturer for driver updates.<br>3. Try changing video adapters.<br>4. Check with your hardware vendor for any BIOS updates.<br>5. Disable BIOS memory options such as caching or shadowing. | A rollback occurred due to a driver configuration issue.<br>Installation failed during the second boot phase while attempting the MIGRATE_DATA operation.<br>This can occur because of incompatible drivers. |
@@ -93,7 +93,7 @@ See the following general troubleshooting procedures associated with a result co
 | Error Codes | Cause | Mitigation |
 | --- | --- | --- |
 |0x80070003- 0x20007|This is a failure during SafeOS phase driver installation.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
-|0x8007025D - 0x2000C|This error occurs if the ISO file&#39;s metadata is corrupt.|Re-download the ISO/Media and re-attempt the upgrade<p>Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
+|0x8007025D - 0x2000C|This error occurs if the ISO file&#39;s metadata is corrupt or if there is an issue with the storage medium, such as a RAM module containing bad blocks during the installation of Windows.|Re-download the ISO/Media and re-attempt the upgrade<p>Alternatively, re-create installation media the [Media Creation Tool](https://www.microsoft.com/software-download/windows10).|
 |0x80070490 - 0x20007|An incompatible device driver is present.|[Verify device drivers](/windows-hardware/drivers/install/troubleshooting-device-and-driver-installations) on the computer, and [analyze log files](log-files.md#analyze-log-files) to determine the problem driver.|
 |0xC1900101 - 0x2000c|An unspecified error occurred in the SafeOS phase during WIM apply. This can be caused by an outdated driver or disk corruption.|Run checkdisk to repair the file system. For more information, see the [quick fixes](quick-fixes.md) section in this guide.<br>Update drivers on the computer, and select "Download and install updates (recommended)" during the upgrade process. Disconnect devices other than the mouse, keyboard and display.|
 |0xC1900200 - 0x20008|The computer doesn’t meet the minimum requirements to download or upgrade to Windows 10.|See [Windows 10 Specifications](https://www.microsoft.com/windows/windows-10-specifications) and verify the computer meets minimum requirements.<p>Review logs for [compatibility information](/archive/blogs/askcore/using-the-windows-10-compatibility-reports-to-understand-upgrade-issues).|
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index a7081e65f1..9310bdfa44 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -153,4 +153,4 @@ To create custom RDP settings for Azure:
 
 [Windows 10/11 Subscription Activation](windows-10-subscription-activation.md)
 <BR>[Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
-<BR>[Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/1/1/4/114A45DD-A1F7-4910-81FD-6CAF401077D0/Microsoft%20VDI%20and%20VDA%20FAQ%20v3%200.pdf)
\ No newline at end of file
+<BR>[Licensing the Windows Desktop for VDI Environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf)
diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
index 169a4416a4..1454d3ea81 100644
--- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
+++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
@@ -1,142 +1,147 @@
----
-title: Activate using Active Directory-based activation (Windows 10)
-description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
-ms.custom: seo-marvel-apr2020
-ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af
-manager: dougeby
-ms.author: greglin
-keywords: vamt, volume activation, activation, windows activation
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: activation
-audience: itpro
-author: greg-lindsay
-ms.localizationpriority: medium
-ms.date: 07/27/2017
-ms.topic: article
-ms.collection: highpri
----
-
-# Activate using Active Directory-based activation
-
-> Applies to
->
->- Windows 10
->- Windows 8.1
->- Windows 8
->- Windows Server 2012 R2
->- Windows Server 2012
->- Windows Server 2016
->- Windows Server 2019
->- Office 2013*
->- Office 2016*
->- Office 2019*
-
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows 7 or Windows 8.1](https://support.microsoft.com/help/15083/windows-activate-windows-7-or-8-1)
-- [Get Help Activating Microsoft Windows 10](https://support.microsoft.com/help/12440/windows-10-activate)
-
-Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated using *adprep.exe* on a supported server OS, but after the schema is updated, older domain controllers can still activate clients.
-
-Any domain-joined computers running a supported operating system with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
-
-To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
-
-The process proceeds as follows:
-
-1. Perform one of the following tasks:
-   - Install the Volume Activation Services server role on a domain controller and add a KMS host key by using the Volume Activation Tools Wizard.
-   - Extend the domain to the Windows Server 2012 R2 or higher schema level, and add a KMS host key by using the VAMT.
-
-2. Microsoft verifies the KMS host key, and an activation object is created.
-
-3. Client computers are activated by receiving the activation object from a domain controller during startup.
-
-    > [!div class="mx-imgBorder"]
-    > ![Active Directory-based activation flow.](../images/volumeactivationforwindows81-10.jpg)
-
-    **Figure 10**. The Active Directory-based activation flow
-
-For environments in which all computers are running an operating system listed under *Applies to*, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
-
-If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office.
-
-Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180 day period. By default, this reactivation event occurs every seven days.
-
-When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, and the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS.
-
-## Step-by-step configuration: Active Directory-based activation
-
-> [!NOTE]
-> You must be a member of the local Administrators group on all computers mentioned in these steps. You also need to be a member of the Enterprise Administrators group, because setting up Active Directory-based activation changes forest-wide settings.
-
-**To configure Active Directory-based activation on Windows Server 2012 R2 or higher, complete the following steps:**
-
-1. Use an account with Domain Administrator and Enterprise Administrator credentials to sign in to a domain controller.
-
-2. Launch Server Manager.
-
-3. Add the Volume Activation Services role, as shown in Figure 11.
-
-    ![Adding the Volume Activation Services role.](../images/volumeactivationforwindows81-11.jpg)
-
-    **Figure 11**. Adding the Volume Activation Services role
-
-4. Click the link to launch the Volume Activation Tools (Figure 12).
-
-    ![Launching the Volume Activation Tools.](../images/volumeactivationforwindows81-12.jpg)
-
-    **Figure 12**. Launching the Volume Activation Tools
-
-5. Select the **Active Directory-Based Activation** option (Figure 13).
-
-    ![Selecting Active Directory-Based Activation.](../images/volumeactivationforwindows81-13.jpg)
-
-    **Figure 13**. Selecting Active Directory-Based Activation
-
-6. Enter your KMS host key and (optionally) a display name (Figure 14).
-
-    ![Choosing how to activate your product.](../images/volumeactivationforwindows81-15.jpg)
-
-    **Figure 14**. Entering your KMS host key
-
-7. Activate your KMS host key by phone or online (Figure 15).
-
-    ![Entering your KMS host key.](../images/volumeactivationforwindows81-14.jpg)
-    
-    **Figure 15**. Choosing how to activate your product
-
-    > [!NOTE]
-    > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version-specific Office Volume License Pack on the server where the Volume Activation Server Role is installed.
-    > 
-    > 
-    > - [Office 2013 VL pack](https://www.microsoft.com/download/details.aspx?id=35584)
-    > 
-    > - [Office 2016 VL pack](https://www.microsoft.com/download/details.aspx?id=49164)
-    >
-    > - [Office 2019 VL pack](https://www.microsoft.com/download/details.aspx?id=57342)
-
-8. After activating the key, click **Commit**, and then click **Close**.
-
-## Verifying the configuration of Active Directory-based activation
-
-To verify your Active Directory-based activation configuration, complete the following steps:
-
-1. After you configure Active Directory-based activation, start a computer that is running an edition of Windows that is configured by volume licensing.
-2. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key.
-3. If the computer is not joined to your domain, join it to the domain.
-4. Sign in to the computer.
-5. Open Windows Explorer, right-click **Computer**, and then click **Properties**.
-6. Scroll down to the **Windows activation** section, and verify that this client has been activated.
-
-    > [!NOTE]
-    > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used.
-    > 
-    > To manage individual activations or apply multiple (mass) activations, please consider using the [VAMT](./volume-activation-management-tool.md).
-
-
-## See also
-
-- [Volume Activation for Windows 10](volume-activation-windows-10.md)
\ No newline at end of file
+---
+title: Activate using Active Directory-based activation (Windows 10)
+description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
+ms.custom: seo-marvel-apr2020
+ms.assetid: 08cce6b7-7b5b-42cf-b100-66c363a846af
+manager: dougeby
+ms.author: greglin
+keywords: vamt, volume activation, activation, windows activation
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: activation
+audience: itpro
+author: greg-lindsay
+ms.localizationpriority: medium
+ms.date: 01/13/2022
+ms.topic: article
+ms.collection: highpri
+---
+
+# Activate using Active Directory-based activation
+
+**Applies to**
+
+Windows 11
+Windows 10
+Windows 8.1
+Windows 8
+Windows Server 2012 R2
+Windows Server 2012
+Windows Server 2016
+Windows Server 2019
+Office 2021*
+Office 2019*
+Office 2016*
+Office 2013*
+
+**Looking for retail activation?**
+
+- [Get Help Activating Microsoft Windows 7 or Windows 8.1](https://support.microsoft.com/help/15083/windows-activate-windows-7-or-8-1)
+- [Get Help Activating Microsoft Windows 10](https://support.microsoft.com/help/12440/windows-10-activate)
+
+Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated using *adprep.exe* on a supported server OS, but after the schema is updated, older domain controllers can still activate clients.
+
+Any domain-joined computers running a supported operating system with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
+
+To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
+
+The process proceeds as follows:
+
+1. Perform one of the following tasks:
+   - Install the Volume Activation Services server role on a domain controller and add a KMS host key by using the Volume Activation Tools Wizard.
+   - Extend the domain to the Windows Server 2012 R2 or higher schema level, and add a KMS host key by using the VAMT.
+
+2. Microsoft verifies the KMS host key, and an activation object is created.
+
+3. Client computers are activated by receiving the activation object from a domain controller during startup.
+
+    > [!div class="mx-imgBorder"]
+    > ![Active Directory-based activation flow.](../images/volumeactivationforwindows81-10.jpg)
+
+    **Figure 10**. The Active Directory-based activation flow
+
+For environments in which all computers are running an operating system listed under *Applies to*, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
+
+If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office.
+
+Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180 day period. By default, this reactivation event occurs every seven days.
+
+When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, and the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS.
+
+## Step-by-step configuration: Active Directory-based activation
+
+> [!NOTE]
+> You must be a member of the local Administrators group on all computers mentioned in these steps. You also need to be a member of the Enterprise Administrators group, because setting up Active Directory-based activation changes forest-wide settings.
+
+**To configure Active Directory-based activation on Windows Server 2012 R2 or higher, complete the following steps:**
+
+1. Use an account with Domain Administrator and Enterprise Administrator credentials to sign in to a domain controller.
+
+2. Launch Server Manager.
+
+3. Add the Volume Activation Services role, as shown in Figure 11.
+
+    ![Adding the Volume Activation Services role.](../images/volumeactivationforwindows81-11.jpg)
+
+    **Figure 11**. Adding the Volume Activation Services role
+
+4. Click the link to launch the Volume Activation Tools (Figure 12).
+
+    ![Launching the Volume Activation Tools.](../images/volumeactivationforwindows81-12.jpg)
+
+    **Figure 12**. Launching the Volume Activation Tools
+
+5. Select the **Active Directory-Based Activation** option (Figure 13).
+
+    ![Selecting Active Directory-Based Activation.](../images/volumeactivationforwindows81-13.jpg)
+
+    **Figure 13**. Selecting Active Directory-Based Activation
+
+6. Enter your KMS host key and (optionally) a display name (Figure 14).
+
+    ![Choosing how to activate your product.](../images/volumeactivationforwindows81-15.jpg)
+
+    **Figure 14**. Entering your KMS host key
+
+7. Activate your KMS host key by phone or online (Figure 15).
+
+    ![Entering your KMS host key.](../images/volumeactivationforwindows81-14.jpg)
+    
+    **Figure 15**. Choosing how to activate your product
+
+    > [!NOTE]
+    > To activate a KMS Host Key (CSVLK) for Microsoft Office, you need to install the version-specific Office Volume License Pack on the server where the Volume Activation Server Role is installed. For more details, see [Activate volume licensed versions of Office by using Active Directory](/deployoffice/vlactivation/activate-office-by-using-active-directory).
+
+    > 
+    > 
+    > - [Office 2013 VL pack](https://www.microsoft.com/download/details.aspx?id=35584)
+    > 
+    > - [Office 2016 VL pack](https://www.microsoft.com/download/details.aspx?id=49164)
+    >
+    > - [Office 2019 VL pack](https://www.microsoft.com/download/details.aspx?id=57342)
+    >
+    > - [Office LTSC 2021 VL pack](https://www.microsoft.com/download/details.aspx?id=103446)
+
+8. After activating the key, click **Commit**, and then click **Close**.
+
+## Verifying the configuration of Active Directory-based activation
+
+To verify your Active Directory-based activation configuration, complete the following steps:
+
+1. After you configure Active Directory-based activation, start a computer that is running an edition of Windows that is configured by volume licensing.
+2. If the computer has been previously configured with a MAK key, replace the MAK key with the GVLK by running the **slmgr.vbs /ipk** command and specifying the GLVK as the new product key.
+3. If the computer is not joined to your domain, join it to the domain.
+4. Sign in to the computer.
+5. Open Windows Explorer, right-click **Computer**, and then click **Properties**.
+6. Scroll down to the **Windows activation** section, and verify that this client has been activated.
+
+    > [!NOTE]
+    > If you are using both KMS and Active Directory-based activation, it may be difficult to see whether a client has been activated by KMS or by Active Directory-based activation. Consider disabling KMS during the test, or make sure that you are using a client computer that has not already been activated by KMS. The **slmgr.vbs /dlv** command also indicates whether KMS has been used.
+    > 
+    > To manage individual activations or apply multiple (mass) activations, please consider using the [VAMT](./volume-activation-management-tool.md).
+
+
+## See also
+
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 5cbb5a3e71..75be38b908 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -162,7 +162,7 @@ After you download this file, the name will be extremely long (ex: 19042.508.200
 The **Get-NetAdaper** cmdlet is used to automatically find the network adapter that's most likely to be the one you use to connect to the internet. You should test this command first by running the following at an elevated Windows PowerShell prompt:
 
 ```powershell
-(Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
+(Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
 ```
 
 The output of this command should be the name of the network interface you use to connect to the internet. Verify that this is the correct interface name. If it isn't the correct interface name, you'll need to edit the first command below to use your network interface name.
@@ -178,10 +178,10 @@ All VM data will be created under the current path in your PowerShell prompt. Co
 >
 >- If you previously enabled Hyper-V and your internet-connected network interface is already bound to a VM switch, then the PowerShell commands below will fail. In this case, you can either delete the existing VM switch (so that the commands below can create one), or you can reuse this VM switch by skipping the first command below and either modifying the second command to replace the switch name **AutopilotExternal** with the name of your switch, or by renaming your existing switch to "AutopilotExternal."
 >- If you have never created an external VM switch before, then just run the commands below.
->- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a currently list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
+>- If you're not sure if you already have an External VM switch, enter **get-vmswitch** at a Windows PowerShell prompt to display a current list of the VM switches that are provisioned in Hyper-V. If one of them is of SwitchType **External**, then you already have a VM switch configured on the server that's used to connect to the internet. In this case, you need to skip the first command below and modify the others to use the name of your VM switch instead of the name "AutopilotExternal" (or change the name of your switch).
 
 ```powershell
-New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter |?{$_.Status -eq "Up" -and !$_.Virtual}).Name
+New-VMSwitch -Name AutopilotExternal -AllowManagementOS $true -NetAdapterName (Get-NetAdapter | Where-Object {$_.Status -eq "Up" -and !$_.Virtual}).Name
 New-VM -Name WindowsAutopilot -MemoryStartupBytes 2GB -BootDevice VHD -NewVHDPath .\VMs\WindowsAutopilot.vhdx -Path .\VMData -NewVHDSizeBytes 80GB -Generation 2 -Switch AutopilotExternal
 Add-VMDvdDrive -Path c:\iso\win10-eval.iso -VMName WindowsAutopilot
 Start-VM -VMName WindowsAutopilot
@@ -238,7 +238,6 @@ PS C:\autopilot&gt;
 
 Make sure that the VM booted from the installation ISO, select **Next**, select **Install now**, and then complete the Windows installation process. See the following examples:
 
-
    ![Windows setup example 1](images/winsetup1.png)
 
    ![Windows setup example 2](images/winsetup2.png)
@@ -251,7 +250,6 @@ Make sure that the VM booted from the installation ISO, select **Next**, select
 
    ![Windows setup example 6](images/winsetup6.png)
 
-
 After the VM restarts, during OOBE, it's fine to select **Set up for personal use** or **Domain join instead** and then choose an offline account on the **Sign in** screen.  This offers the fastest way to the desktop. For example:
 
    ![Windows setup example 7.](images/winsetup7.png)
@@ -279,12 +277,12 @@ Follow these steps to run the PowerShell script:
 1. **On the client VM**: Open an elevated Windows PowerShell prompt and run the following commands. These commands are the same whether you're using a VM or a physical device:
 
     ```powershell
-    md c:\HWID
-    Set-Location c:\HWID
-    Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted -Force
+    New-Item -Type Directory -Path "C:\HWID"
+    Set-Location C:\HWID
+    Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned
     Install-Script -Name Get-WindowsAutopilotInfo -Force
     $env:Path += ";C:\Program Files\WindowsPowerShell\Scripts"
-    Get-WindowsAutopilotInfo.ps1 -OutputFile AutopilotHWID.csv
+    Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv
     ```
 
 1. When you're prompted to install the NuGet package, choose **Yes**.
@@ -349,7 +347,7 @@ Follow these steps to run the PowerShell script:
 With the hardware ID captured in a file, prepare your Virtual Machine for Windows Autopilot deployment by resetting it back to OOBE.
 
 On the Virtual Machine, go to **Settings > Update & Security > Recovery** and select **Get started** under **Reset this PC**.
-Select **Remove everything** and **Just remove my files**. If you're asked **How would you like to reinstall Windows**, select Local reinstall. Finally, select **Reset**.
+Select **Remove everything**, then, on **How would you like to reinstall Windows**, select **Local reinstall**. Finally, select **Reset**.
 
 ![Reset this PC final prompt.](images/autopilot-reset-prompt.jpg)
 
@@ -616,7 +614,7 @@ To use the device (or VM) for other purposes after completion of this lab, you n
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**.  Select the device you want to delete, then select the **Delete** button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the MEM admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1.](images/delete-device1.png)
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index a43a8f75e9..7260afb4d5 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -13,7 +13,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 12/03/2021
+ms.date: 01/18/2022
 ---
 
 # Change the TPM owner password
@@ -46,7 +46,7 @@ Instead of changing your owner password, you can also use the following options
 
 ## Change the TPM owner password
 
-With Windows 10, version 1507 or 1511, or Windows 11, if you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
+With Windows 10, version 1507 or 1511, if you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
 
 To change to a new TPM owner password, in TPM.msc, click **Change Owner Password**, and follow the instructions. You will be prompted to provide the owner password file or to type the password. Then you can create a new password, either automatically or manually, and save the password in a file or as a printout.
 
diff --git a/windows/security/threat-protection/auditing/audit-registry.md b/windows/security/threat-protection/auditing/audit-registry.md
index ace2bfd284..a9559b8677 100644
--- a/windows/security/threat-protection/auditing/audit-registry.md
+++ b/windows/security/threat-protection/auditing/audit-registry.md
@@ -48,6 +48,6 @@ If success auditing is enabled, an audit entry is generated each time any accoun
 
 
 > [!NOTE]
-> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (event 4656) issued by the object manager. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry-related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, you will not see this event with the setting to just see the registry-related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable".
+> On creating a subkey for a parent (RegCreateKey), the expectation is to see an event for opening a handle for the newly created object (event 4656) issued by the object manager. You will see this event only when "Audit Object Access" is enabled under **Local Policies** > **Audit Policy** in Local Security Policy. This event is not generated while using precisely defined settings for seeing only registry-related events under **Advanced Audit Policy Configurations** > **Object Access** > **Audit Registry** in Local Security Policy. For example, you will not see this event with the setting to just see the registry-related auditing events using "auditpol.exe /set /subcategory:{0CCE921E-69AE-11D9-BED3-505054503030} /success:enable". This behavior is expected only on later versions of the operating system (Windows 11, Windows Server 2022, and later). On previous versions, 4656 events are not generated during subkey creation.
 >
-> Calls to Registry APIs to access an open key object to perform an operation such as RegSetValue, RegEnumValue, and RegRenameKey would trigger an event to access the object (event 4663). For example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would.
+> Calls to Registry APIs to access an open key object to perform an operation such as RegSetValue, RegEnumValue, and RegRenameKey would trigger an event to access the object (event 4663). For example, creating a subkey using regedit.exe would not trigger a 4663 event, but renaming it would. 
diff --git a/windows/security/threat-protection/auditing/event-4673.md b/windows/security/threat-protection/auditing/event-4673.md
index f815be18a8..4ee65904e9 100644
--- a/windows/security/threat-protection/auditing/event-4673.md
+++ b/windows/security/threat-protection/auditing/event-4673.md
@@ -173,7 +173,7 @@ For 4673(S, F): A privileged service was called.
 
 > **Important**&nbsp;&nbsp;For this event, also see [Appendix A: Security monitoring recommendations for many audit events](appendix-a-security-monitoring-recommendations-for-many-audit-events.md).
 
--   Monitor for this event where “**Subject\\Security ID**” is *not* one of these well-known security principals: LOCAL SYSTEM, NETWORK SERVICE, LOCAL SERVICE, and where “**Subject\\Security ID**” is not an administrative account that is expected to have the listed **Privileges**. Especially monitor Failure events.
+-   Monitor for this event where “**Subject\\Security ID**” is *not* one of these well-known security principals: LOCAL SYSTEM, NETWORK SERVICE, LOCAL SERVICE, and where “**Subject\\Security ID**” is not an administrative account that is expected to have the listed **Privileges**. See subcategories [Audit Sensitive Privilege Use](/windows/security/threat-protection/auditing/audit-sensitive-privilege-use) and [Audit Non Sensitive Privilege Use](/windows/security/threat-protection/auditing/audit-non-sensitive-privilege-use) for more details.
 
 -   If you need to monitor events related to specific Windows subsystems (“**Service\\Server**”), for example **NT Local Security Authority / Authentication Service** or **Security Account Manager**, monitor this event for the corresponding “**Service\\Server**.”
 
@@ -193,4 +193,4 @@ For 4673(S, F): A privileged service was called.
 
 -   If you have a list of specific user rights which should never be used, or used only by a few accounts (for example, SeDebugPrivilege), trigger an alert for those “**Privileges**.”
 
--   If you have a list of specific user rights for which every use must be reported or monitored (for example, SeRemoteShutdownPrivilege), trigger an alert for those “**Privileges**.”
\ No newline at end of file
+-   If you have a list of specific user rights for which every use must be reported or monitored (for example, SeRemoteShutdownPrivilege), trigger an alert for those “**Privileges**.”
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index c0a822af53..d64c7e44ba 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -14,7 +14,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 09/08/2021
+ms.date: 01/18/2022
 ms.technology: windows-sec
 ---
 
@@ -27,7 +27,7 @@ ms.technology: windows-sec
 
 Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable device are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats.
 
-Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](https://www.microsoft.com/security/sir/default.aspx).
+Reports of targeted attacks against organizations, governments, and individuals have become more widespread in recent years. For a general overview of these threats, also known as advanced persistent threats (APT), see the [Microsoft Security Intelligence Report](https://www.microsoft.com/security/business/microsoft-digital-defense-report).
 
 Running a host-based firewall on every device that your organization manages is an important layer in a "defense-in-depth" security strategy. A host-based firewall can help protect against attacks that originate from inside the network and also provide additional protection against attacks from outside the network that manage to penetrate the perimeter firewall. It also travels with a portable device to provide protection when it is away from the organization's network.
 
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index 753623905e..91c71ff99f 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -52,4 +52,4 @@ For detailed information about Windows 10 servicing, see [Overview of Windows as
 ## See Also
 
 [What's New in Windows 10](../index.yml): See what’s new in other versions of Windows 10.<br>
-[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option.
\ No newline at end of file
+[Windows 10 - Release information](/windows/release-health/release-information): Windows 10 current versions by servicing option.
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 18d9c7bbea..f76ae48be7 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -18,6 +18,7 @@ ms.collection: highpri
 **Applies to**
 
 -   Windows 11
+-   Windows 10
 
 Windows 10 and Windows 11 are designed to coexist, so that you can use the same familiar tools and process to manage both operating systems. Using a single management infrastructure that supports common applications across both Windows 10 and Windows 11 helps to simplify the migration process. You can analyze endpoints, determine application compatibility, and manage Windows 11 deployments in the same way that you do with Windows 10.