Merged PR 3551: 10/2 PM Publish

2025-05-16 07:17:24 +00:00 · 2017-10-02 22:36:14 +00:00 · 2017-10-02 22:36:14 +00:00 · 79ddd1df60
commit 79ddd1df60
parent 630c61f843 05505b7fc2
93 changed files with 11676 additions and 202 deletions
--- a/windows/access-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/access-protection/hello-for-business/hello-identity-verification.md
@ -72,7 +72,7 @@ The table shows the minimum requirements for each deployment.
 ## Frequently Asked Questions
 ### What is the user experience for Windows Hello for Business?
-The user experience for Windows Hello for Business occurs after user sign once you deploy Windows Hello for Business policy settings to your environment.
+The user experience for Windows Hello for Business occurs after user sign-in, after you deploy Windows Hello for Business policy settings to your environment.
 > [!VIDEO https://www.youtube.com/embed/FJqHPTZTpNM]
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/25/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP
@ -22,6 +22,26 @@ The Policy configuration service provider has the following sub-categories:
 -   Policy/Config/*AreaName* – Handles the policy configuration request from the server.
 -   Policy/Result/*AreaName* – Provides a read-only path to policies enforced on the device.
 <a href="" id="policy-scope"></a>
 > [!Important]
 > Policy scope is the level at which a policy can be configured. Some policies can only be configured at the device level, meaning the policy will take effect independent of who is logged into the device. Other policies can be configured at the user level, meaning the policy will only take effect for that user. 
 >
 > The allowed scope of a specific policy is represented below its table of supported Windows editions.  To configure a policy under a specific scope (user vs. device), please use the following paths:
 >
 > User scope:
 > -   **./User/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > -   **./User/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 >
 > Device scope:
 > -   **./Device/Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > -   **./Device/Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 >
 > For device wide configuration the **_Device/_**  portion may be omitted from the path, deeming the following paths respectively equivalent:
 >
 > - **./Vendor/MSFT/Policy/Config/_AreaName/PolicyName_** to configure the policy.
 > - **./Vendor/MSFT/Policy/Result/_AreaName/PolicyName_** to get the result.
 The following diagram shows the Policy configuration service provider in tree format as used by both Open Mobile Alliance Device Management (OMA DM) and OMA Client Provisioning.
 ![policy csp diagram](images/provisioning-csp-policy.png)
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - AboveLock
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## AboveLock policies  
 <dl>
  <dd>
    <a href="#abovelock-allowactioncenternotifications">AboveLock/AllowActionCenterNotifications</a>
  </dd>
  <dd>
    <a href="#abovelock-allowcortanaabovelock">AboveLock/AllowCortanaAboveLock</a>
  </dd>
  <dd>
    <a href="#abovelock-allowtoasts">AboveLock/AllowToasts</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="abovelock-allowactioncenternotifications"></a>**AboveLock/AllowActionCenterNotifications**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -60,6 +82,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="abovelock-allowcortanaabovelock"></a>**AboveLock/AllowCortanaAboveLock**  
@ -86,6 +109,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether or not the user can interact with Cortana using speech while the system is locked. If you enable or don’t configure this setting, the user can interact with Cortana using speech while the system is locked. If you disable this setting, the system will need to be unlocked for the user to interact with Cortana using speech.
@ -96,6 +128,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="abovelock-allowtoasts"></a>**AboveLock/AllowToasts**  
@ -122,6 +155,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow toast notifications above the device lock screen.
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Accounts
@ -14,11 +14,27 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Accounts policies  
 <dl>
  <dd>
    <a href="#accounts-allowaddingnonmicrosoftaccountsmanually">Accounts/AllowAddingNonMicrosoftAccountsManually</a>
  </dd>
  <dd>
    <a href="#accounts-allowmicrosoftaccountconnection">Accounts/AllowMicrosoftAccountConnection</a>
  </dd>
  <dd>
    <a href="#accounts-allowmicrosoftaccountsigninassistant">Accounts/AllowMicrosoftAccountSignInAssistant</a>
  </dd>
  <dd>
    <a href="#accounts-domainnamesforemailsync">Accounts/DomainNamesForEmailSync</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-allowaddingnonmicrosoftaccountsmanually"></a>**Accounts/AllowAddingNonMicrosoftAccountsManually**  
@ -45,6 +61,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether user is allowed to add non-MSA email accounts.
@ -60,6 +85,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-allowmicrosoftaccountconnection"></a>**Accounts/AllowMicrosoftAccountConnection**  
@ -86,6 +112,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
@ -98,6 +133,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-allowmicrosoftaccountsigninassistant"></a>**Accounts/AllowMicrosoftAccountSignInAssistant**  
@ -124,6 +160,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
@ -134,6 +179,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="accounts-domainnamesforemailsync"></a>**Accounts/DomainNamesForEmailSync**  
@ -160,6 +206,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies a list of the domains that are allowed to sync email on the device.
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ActiveXControls
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ActiveXControls policies  
 <dl>
  <dd>
    <a href="#activexcontrols-approvedinstallationsites">ActiveXControls/ApprovedInstallationSites</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="activexcontrols-approvedinstallationsites"></a>**ActiveXControls/ApprovedInstallationSites**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting determines which ActiveX installation sites standard users in your organization can use to install ActiveX controls on their computers. When this setting is enabled, the administrator can create a list of approved Activex Install sites specified by host URL.
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ApplicationDefaults
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ApplicationDefaults policies  
 <dl>
  <dd>
    <a href="#applicationdefaults-defaultassociationsconfiguration">ApplicationDefaults/DefaultAssociationsConfiguration</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationdefaults-defaultassociationsconfiguration"></a>**ApplicationDefaults/DefaultAssociationsConfiguration**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows an administrator to set default file type and protocol associations. When set, default associations will be applied on sign-in to the PC. The association file can be created using the DISM tool (dism /online /export-defaultappassociations:appassoc.xml), and then needs to be  base64 encoded before being added to SyncML.
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ApplicationManagement
@ -14,11 +14,48 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ApplicationManagement policies  
 <dl>
  <dd>
    <a href="#applicationmanagement-allowalltrustedapps">ApplicationManagement/AllowAllTrustedApps</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowappstoreautoupdate">ApplicationManagement/AllowAppStoreAutoUpdate</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowdeveloperunlock">ApplicationManagement/AllowDeveloperUnlock</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowgamedvr">ApplicationManagement/AllowGameDVR</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowshareduserappdata">ApplicationManagement/AllowSharedUserAppData</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-allowstore">ApplicationManagement/AllowStore</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-applicationrestrictions">ApplicationManagement/ApplicationRestrictions</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-disablestoreoriginatedapps">ApplicationManagement/DisableStoreOriginatedApps</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-requireprivatestoreonly">ApplicationManagement/RequirePrivateStoreOnly</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-restrictappdatatosystemvolume">ApplicationManagement/RestrictAppDataToSystemVolume</a>
  </dd>
  <dd>
    <a href="#applicationmanagement-restrictapptosystemvolume">ApplicationManagement/RestrictAppToSystemVolume</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowalltrustedapps"></a>**ApplicationManagement/AllowAllTrustedApps**  
@ -45,6 +82,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether non Windows Store apps are allowed.
@ -58,6 +104,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowappstoreautoupdate"></a>**ApplicationManagement/AllowAppStoreAutoUpdate**  
@ -84,6 +131,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether automatic update of apps from Windows Store are allowed.
@ -96,6 +152,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowdeveloperunlock"></a>**ApplicationManagement/AllowDeveloperUnlock**  
@ -122,6 +179,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether developer unlock is allowed.
@ -135,6 +201,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowgamedvr"></a>**ApplicationManagement/AllowGameDVR**  
@ -161,6 +228,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -176,6 +252,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowshareduserappdata"></a>**ApplicationManagement/AllowSharedUserAppData**  
@ -202,6 +279,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether multiple users of the same app can share data.
@ -214,6 +300,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-allowstore"></a>**ApplicationManagement/AllowStore**  
@ -240,6 +327,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether app store is allowed at the device.
@ -252,6 +348,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-applicationrestrictions"></a>**ApplicationManagement/ApplicationRestrictions**  
@ -278,6 +375,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
@ -305,6 +411,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-disablestoreoriginatedapps"></a>**ApplicationManagement/DisableStoreOriginatedApps**  
@ -331,6 +438,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that disables the launch of all apps from Windows Store that came pre-installed or were downloaded.
@ -341,6 +457,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-requireprivatestoreonly"></a>**ApplicationManagement/RequirePrivateStoreOnly**  
@ -367,6 +484,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows disabling of the retail catalog and only enables the Private store.
@ -388,6 +514,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-restrictappdatatosystemvolume"></a>**ApplicationManagement/RestrictAppDataToSystemVolume**  
@ -414,6 +541,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether application data is restricted to the system drive.
@ -426,6 +562,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="applicationmanagement-restrictapptosystemvolume"></a>**ApplicationManagement/RestrictAppToSystemVolume**  
@ -452,6 +589,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether the installation of applications is restricted to the system drive.
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - AppVirtualization
@ -14,11 +14,99 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## AppVirtualization policies  
 <dl>
  <dd>
    <a href="#appvirtualization-allowappvclient">AppVirtualization/AllowAppVClient</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowdynamicvirtualization">AppVirtualization/AllowDynamicVirtualization</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowpackagecleanup">AppVirtualization/AllowPackageCleanup</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowpackagescripts">AppVirtualization/AllowPackageScripts</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowpublishingrefreshux">AppVirtualization/AllowPublishingRefreshUX</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowreportingserver">AppVirtualization/AllowReportingServer</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowroamingfileexclusions">AppVirtualization/AllowRoamingFileExclusions</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowroamingregistryexclusions">AppVirtualization/AllowRoamingRegistryExclusions</a>
  </dd>
  <dd>
    <a href="#appvirtualization-allowstreamingautoload">AppVirtualization/AllowStreamingAutoload</a>
  </dd>
  <dd>
    <a href="#appvirtualization-clientcoexistenceallowmigrationmode">AppVirtualization/ClientCoexistenceAllowMigrationmode</a>
  </dd>
  <dd>
    <a href="#appvirtualization-integrationallowrootglobal">AppVirtualization/IntegrationAllowRootGlobal</a>
  </dd>
  <dd>
    <a href="#appvirtualization-integrationallowrootuser">AppVirtualization/IntegrationAllowRootUser</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver1">AppVirtualization/PublishingAllowServer1</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver2">AppVirtualization/PublishingAllowServer2</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver3">AppVirtualization/PublishingAllowServer3</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver4">AppVirtualization/PublishingAllowServer4</a>
  </dd>
  <dd>
    <a href="#appvirtualization-publishingallowserver5">AppVirtualization/PublishingAllowServer5</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowcertificatefilterforclient-ssl">AppVirtualization/StreamingAllowCertificateFilterForClient_SSL</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowhighcostlaunch">AppVirtualization/StreamingAllowHighCostLaunch</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowlocationprovider">AppVirtualization/StreamingAllowLocationProvider</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowpackageinstallationroot">AppVirtualization/StreamingAllowPackageInstallationRoot</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowpackagesourceroot">AppVirtualization/StreamingAllowPackageSourceRoot</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowreestablishmentinterval">AppVirtualization/StreamingAllowReestablishmentInterval</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingallowreestablishmentretries">AppVirtualization/StreamingAllowReestablishmentRetries</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingsharedcontentstoremode">AppVirtualization/StreamingSharedContentStoreMode</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingsupportbranchcache">AppVirtualization/StreamingSupportBranchCache</a>
  </dd>
  <dd>
    <a href="#appvirtualization-streamingverifycertificaterevocationlist">AppVirtualization/StreamingVerifyCertificateRevocationList</a>
  </dd>
  <dd>
    <a href="#appvirtualization-virtualcomponentsallowlist">AppVirtualization/VirtualComponentsAllowList</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowappvclient"></a>**AppVirtualization/AllowAppVClient**  
@ -45,6 +133,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature. Reboot is needed for disable to take effect.
@ -65,6 +162,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowdynamicvirtualization"></a>**AppVirtualization/AllowDynamicVirtualization**  
@ -91,6 +189,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables Dynamic Virtualization of supported shell extensions, browser helper objects, and ActiveX controls.
@ -111,6 +218,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowpackagecleanup"></a>**AppVirtualization/AllowPackageCleanup**  
@ -137,6 +245,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables automatic cleanup of appv packages that were added after Windows10 anniversary release.
@ -157,6 +274,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowpackagescripts"></a>**AppVirtualization/AllowPackageScripts**  
@ -183,6 +301,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables scripts defined in the package manifest of configuration files that should run.
@ -203,6 +330,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowpublishingrefreshux"></a>**AppVirtualization/AllowPublishingRefreshUX**  
@ -229,6 +357,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables a UX to display to the user when a publishing refresh is performed on the client.
@ -249,6 +386,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowreportingserver"></a>**AppVirtualization/AllowReportingServer**  
@ -275,6 +413,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Reporting Server URL: Displays the URL of reporting server.
@ -305,6 +452,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowroamingfileexclusions"></a>**AppVirtualization/AllowRoamingFileExclusions**  
@ -331,6 +479,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /FILEEXCLUSIONLIST='desktop;my pictures'.
@ -351,6 +508,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowroamingregistryexclusions"></a>**AppVirtualization/AllowRoamingRegistryExclusions**  
@ -377,6 +535,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the registry paths that do not roam with a user profile. Example usage: /REGISTRYEXCLUSIONLIST=software\classes;software\clients.
@ -397,6 +564,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-allowstreamingautoload"></a>**AppVirtualization/AllowStreamingAutoload**  
@ -423,6 +591,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies how new packages should be loaded automatically by App-V on a specific computer.
@ -443,6 +620,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-clientcoexistenceallowmigrationmode"></a>**AppVirtualization/ClientCoexistenceAllowMigrationmode**  
@ -469,6 +647,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Migration mode allows the App-V client to modify shortcuts and FTA's for packages created using a previous version of App-V.
@ -489,6 +676,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-integrationallowrootglobal"></a>**AppVirtualization/IntegrationAllowRootGlobal**  
@ -515,6 +703,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the location where symbolic links are created to the current version of a per-user published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %localappdata%\Microsoft\AppV\Client\Integration.
@ -535,6 +732,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-integrationallowrootuser"></a>**AppVirtualization/IntegrationAllowRootUser**  
@ -561,6 +759,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the location where symbolic links are created to the current version of a globally published package. Shortcuts, file type associations, etc. are created pointing to this path. If empty, symbolic links are not used during publishing. Example: %allusersprofile%\Microsoft\AppV\Client\Integration.
@ -581,6 +788,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver1"></a>**AppVirtualization/PublishingAllowServer1**  
@ -607,6 +815,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -645,6 +862,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver2"></a>**AppVirtualization/PublishingAllowServer2**  
@ -671,6 +889,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -709,6 +936,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver3"></a>**AppVirtualization/PublishingAllowServer3**  
@ -735,6 +963,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -773,6 +1010,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver4"></a>**AppVirtualization/PublishingAllowServer4**  
@ -799,6 +1037,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -837,6 +1084,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-publishingallowserver5"></a>**AppVirtualization/PublishingAllowServer5**  
@ -863,6 +1111,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Publishing Server Display Name: Displays the name of publishing server.
@ -901,6 +1158,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowcertificatefilterforclient-ssl"></a>**AppVirtualization/StreamingAllowCertificateFilterForClient_SSL**  
@ -927,6 +1185,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the path to a valid certificate in the certificate store.
@ -947,6 +1214,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowhighcostlaunch"></a>**AppVirtualization/StreamingAllowHighCostLaunch**  
@ -973,6 +1241,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This setting controls whether virtualized applications are launched on Windows 8 machines connected via a metered network connection (e.g. 4G).
@ -993,6 +1270,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowlocationprovider"></a>**AppVirtualization/StreamingAllowLocationProvider**  
@ -1019,6 +1297,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.
@ -1039,6 +1326,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowpackageinstallationroot"></a>**AppVirtualization/StreamingAllowPackageInstallationRoot**  
@ -1065,6 +1353,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies directory where all new applications and updates will be installed.
@ -1085,6 +1382,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowpackagesourceroot"></a>**AppVirtualization/StreamingAllowPackageSourceRoot**  
@ -1111,6 +1409,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Overrides source location for downloading package content.
@ -1131,6 +1438,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowreestablishmentinterval"></a>**AppVirtualization/StreamingAllowReestablishmentInterval**  
@ -1157,6 +1465,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the number of seconds between attempts to reestablish a dropped session.
@ -1177,6 +1494,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingallowreestablishmentretries"></a>**AppVirtualization/StreamingAllowReestablishmentRetries**  
@ -1203,6 +1521,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies the number of times to retry a dropped session.
@ -1223,6 +1550,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingsharedcontentstoremode"></a>**AppVirtualization/StreamingSharedContentStoreMode**  
@ -1249,6 +1577,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies that streamed package contents will be not be saved to the local hard disk.
@ -1269,6 +1606,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingsupportbranchcache"></a>**AppVirtualization/StreamingSupportBranchCache**  
@ -1295,6 +1633,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 If enabled, the App-V client will support BrancheCache compatible HTTP streaming. If BranchCache support is not desired, this should be disabled. The client can then apply HTTP optimizations which are incompatible with BranchCache
@ -1315,6 +1662,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-streamingverifycertificaterevocationlist"></a>**AppVirtualization/StreamingVerifyCertificateRevocationList**  
@ -1341,6 +1689,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Verifies Server certificate revocation status before streaming using HTTPS.
@ -1361,6 +1718,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="appvirtualization-virtualcomponentsallowlist"></a>**AppVirtualization/VirtualComponentsAllowList**  
@ -1387,6 +1745,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies a list of process paths (may contain wildcards) which are candidates for using virtual components (shell extensions, browser helper objects, etc). Only processes whose full path matches one of these items can use virtual components.
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - AttachmentManager
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## AttachmentManager policies  
 <dl>
  <dd>
    <a href="#attachmentmanager-donotpreservezoneinformation">AttachmentManager/DoNotPreserveZoneInformation</a>
  </dd>
  <dd>
    <a href="#attachmentmanager-hidezoneinfomechanism">AttachmentManager/HideZoneInfoMechanism</a>
  </dd>
  <dd>
    <a href="#attachmentmanager-notifyantivirusprograms">AttachmentManager/NotifyAntivirusPrograms</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="attachmentmanager-donotpreservezoneinformation"></a>**AttachmentManager/DoNotPreserveZoneInformation**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to manage whether Windows marks file attachments with information about their zone of origin (such as restricted, Internet, intranet, local). This requires NTFS in order to function correctly, and will fail without notice on FAT32. By not preserving the zone information, Windows cannot make proper risk assessments.
@ -71,6 +93,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="attachmentmanager-hidezoneinfomechanism"></a>**AttachmentManager/HideZoneInfoMechanism**  
@ -97,6 +120,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to manage whether users can manually remove the zone information from saved file attachments by clicking the Unblock button in the file's property sheet or by using a check box in the security warning dialog. Removing the zone information allows users to open potentially dangerous file attachments that Windows has blocked users from opening.
@ -123,6 +155,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="attachmentmanager-notifyantivirusprograms"></a>**AttachmentManager/NotifyAntivirusPrograms**  
@ -149,6 +182,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to manage the behavior for notifying registered antivirus programs. If multiple programs are registered, they will all be notified. If the registered antivirus program already performs on-access checks or scans files as they arrive on the computer's email server, additional calls would be redundant.
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/06/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Authentication
@ -14,11 +14,27 @@ ms.date: 09/06/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Authentication policies  
 <dl>
  <dd>
    <a href="#authentication-allowaadpasswordreset">Authentication/AllowAadPasswordReset</a>
  </dd>
  <dd>
    <a href="#authentication-alloweapcertsso">Authentication/AllowEAPCertSSO</a>
  </dd>
  <dd>
    <a href="#authentication-allowfastreconnect">Authentication/AllowFastReconnect</a>
  </dd>
  <dd>
    <a href="#authentication-allowsecondaryauthenticationdevice">Authentication/AllowSecondaryAuthenticationDevice</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-allowaadpasswordreset"></a>**Authentication/AllowAadPasswordReset**  
@ -45,6 +61,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether password reset is enabled for Azure Active Directory accounts. This policy allows the Azure AD tenant administrators to enable self service password reset feature on the windows logon screen. 
@ -55,6 +80,7 @@ ms.date: 09/06/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-alloweapcertsso"></a>**Authentication/AllowEAPCertSSO**  
@ -81,6 +107,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows an EAP cert-based authentication for a single sign on (SSO) to access internal resources.
@ -98,6 +133,7 @@ ms.date: 09/06/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-allowfastreconnect"></a>**Authentication/AllowFastReconnect**  
@ -124,6 +160,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows EAP Fast Reconnect from being attempted for EAP Method TLS.
@ -136,6 +181,7 @@ ms.date: 09/06/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="authentication-allowsecondaryauthenticationdevice"></a>**Authentication/AllowSecondaryAuthenticationDevice**  
@ -162,6 +208,15 @@ ms.date: 09/06/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allows secondary authentication devices to work with Windows.
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Autoplay
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Autoplay policies  
 <dl>
  <dd>
    <a href="#autoplay-disallowautoplayfornonvolumedevices">Autoplay/DisallowAutoplayForNonVolumeDevices</a>
  </dd>
  <dd>
    <a href="#autoplay-setdefaultautorunbehavior">Autoplay/SetDefaultAutoRunBehavior</a>
  </dd>
  <dd>
    <a href="#autoplay-turnoffautoplay">Autoplay/TurnOffAutoPlay</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="autoplay-disallowautoplayfornonvolumedevices"></a>**Autoplay/DisallowAutoplayForNonVolumeDevices**  
@ -45,6 +58,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting disallows AutoPlay for MTP devices like cameras or phones.
@ -69,6 +92,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="autoplay-setdefaultautorunbehavior"></a>**Autoplay/SetDefaultAutoRunBehavior**  
@ -95,6 +119,16 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting sets the default behavior for Autorun commands.
@ -128,6 +162,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="autoplay-turnoffautoplay"></a>**Autoplay/TurnOffAutoPlay**  
@ -154,6 +189,16 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn off the Autoplay feature.
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Bitlocker
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Bitlocker policies  
 <dl>
  <dd>
    <a href="#bitlocker-encryptionmethod">Bitlocker/EncryptionMethod</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bitlocker-encryptionmethod"></a>**Bitlocker/EncryptionMethod**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the BitLocker Drive Encryption method and cipher strength.
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Bluetooth
@ -14,11 +14,30 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Bluetooth policies  
 <dl>
  <dd>
    <a href="#bluetooth-allowadvertising">Bluetooth/AllowAdvertising</a>
  </dd>
  <dd>
    <a href="#bluetooth-allowdiscoverablemode">Bluetooth/AllowDiscoverableMode</a>
  </dd>
  <dd>
    <a href="#bluetooth-allowprepairing">Bluetooth/AllowPrepairing</a>
  </dd>
  <dd>
    <a href="#bluetooth-localdevicename">Bluetooth/LocalDeviceName</a>
  </dd>
  <dd>
    <a href="#bluetooth-servicesallowedlist">Bluetooth/ServicesAllowedList</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-allowadvertising"></a>**Bluetooth/AllowAdvertising**  
@ -45,6 +64,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether the device can send out Bluetooth advertisements.
@ -59,6 +87,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-allowdiscoverablemode"></a>**Bluetooth/AllowDiscoverableMode**  
@ -85,6 +114,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether other Bluetooth-enabled devices can discover the device.
@ -99,6 +137,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-allowprepairing"></a>**Bluetooth/AllowPrepairing**  
@ -125,6 +164,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device.
@ -135,6 +183,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-localdevicename"></a>**Bluetooth/LocalDeviceName**  
@ -161,6 +210,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Sets the local Bluetooth device name.
@ -170,6 +228,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="bluetooth-servicesallowedlist"></a>**Bluetooth/ServicesAllowedList**  
@ -196,6 +255,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Set a list of allowable services and profiles. String hex formatted array of Bluetooth service UUIDs in canonical format, delimited by semicolons. For example, {782AFCFC-7CAA-436C-8BF0-78CD0FFBD4AF}.
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Browser
@ -14,11 +14,123 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Browser policies  
 <dl>
  <dd>
    <a href="#browser-allowaddressbardropdown">Browser/AllowAddressBarDropdown</a>
  </dd>
  <dd>
    <a href="#browser-allowautofill">Browser/AllowAutofill</a>
  </dd>
  <dd>
    <a href="#browser-allowbrowser">Browser/AllowBrowser</a>
  </dd>
  <dd>
    <a href="#browser-allowcookies">Browser/AllowCookies</a>
  </dd>
  <dd>
    <a href="#browser-allowdevelopertools">Browser/AllowDeveloperTools</a>
  </dd>
  <dd>
    <a href="#browser-allowdonottrack">Browser/AllowDoNotTrack</a>
  </dd>
  <dd>
    <a href="#browser-allowextensions">Browser/AllowExtensions</a>
  </dd>
  <dd>
    <a href="#browser-allowflash">Browser/AllowFlash</a>
  </dd>
  <dd>
    <a href="#browser-allowflashclicktorun">Browser/AllowFlashClickToRun</a>
  </dd>
  <dd>
    <a href="#browser-allowinprivate">Browser/AllowInPrivate</a>
  </dd>
  <dd>
    <a href="#browser-allowmicrosoftcompatibilitylist">Browser/AllowMicrosoftCompatibilityList</a>
  </dd>
  <dd>
    <a href="#browser-allowpasswordmanager">Browser/AllowPasswordManager</a>
  </dd>
  <dd>
    <a href="#browser-allowpopups">Browser/AllowPopups</a>
  </dd>
  <dd>
    <a href="#browser-allowsearchenginecustomization">Browser/AllowSearchEngineCustomization</a>
  </dd>
  <dd>
    <a href="#browser-allowsearchsuggestionsinaddressbar">Browser/AllowSearchSuggestionsinAddressBar</a>
  </dd>
  <dd>
    <a href="#browser-allowsmartscreen">Browser/AllowSmartScreen</a>
  </dd>
  <dd>
    <a href="#browser-alwaysenablebookslibrary">Browser/AlwaysEnableBooksLibrary</a>
  </dd>
  <dd>
    <a href="#browser-clearbrowsingdataonexit">Browser/ClearBrowsingDataOnExit</a>
  </dd>
  <dd>
    <a href="#browser-configureadditionalsearchengines">Browser/ConfigureAdditionalSearchEngines</a>
  </dd>
  <dd>
    <a href="#browser-disablelockdownofstartpages">Browser/DisableLockdownOfStartPages</a>
  </dd>
  <dd>
    <a href="#browser-enterprisemodesitelist">Browser/EnterpriseModeSiteList</a>
  </dd>
  <dd>
    <a href="#browser-enterprisesitelistserviceurl">Browser/EnterpriseSiteListServiceUrl</a>
  </dd>
  <dd>
    <a href="#browser-firstrunurl">Browser/FirstRunURL</a>
  </dd>
  <dd>
    <a href="#browser-homepages">Browser/HomePages</a>
  </dd>
  <dd>
    <a href="#browser-lockdownfavorites">Browser/LockdownFavorites</a>
  </dd>
  <dd>
    <a href="#browser-preventaccesstoaboutflagsinmicrosoftedge">Browser/PreventAccessToAboutFlagsInMicrosoftEdge</a>
  </dd>
  <dd>
    <a href="#browser-preventfirstrunpage">Browser/PreventFirstRunPage</a>
  </dd>
  <dd>
    <a href="#browser-preventlivetiledatacollection">Browser/PreventLiveTileDataCollection</a>
  </dd>
  <dd>
    <a href="#browser-preventsmartscreenpromptoverride">Browser/PreventSmartScreenPromptOverride</a>
  </dd>
  <dd>
    <a href="#browser-preventsmartscreenpromptoverrideforfiles">Browser/PreventSmartScreenPromptOverrideForFiles</a>
  </dd>
  <dd>
    <a href="#browser-preventusinglocalhostipaddressforwebrtc">Browser/PreventUsingLocalHostIPAddressForWebRTC</a>
  </dd>
  <dd>
    <a href="#browser-provisionfavorites">Browser/ProvisionFavorites</a>
  </dd>
  <dd>
    <a href="#browser-sendintranettraffictointernetexplorer">Browser/SendIntranetTraffictoInternetExplorer</a>
  </dd>
  <dd>
    <a href="#browser-setdefaultsearchengine">Browser/SetDefaultSearchEngine</a>
  </dd>
  <dd>
    <a href="#browser-showmessagewhenopeningsitesininternetexplorer">Browser/ShowMessageWhenOpeningSitesInInternetExplorer</a>
  </dd>
  <dd>
    <a href="#browser-syncfavoritesbetweenieandmicrosoftedge">Browser/SyncFavoritesBetweenIEAndMicrosoftEdge</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowaddressbardropdown"></a>**Browser/AllowAddressBarDropdown**  
@ -45,6 +157,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to allow the address bar drop-down functionality in Microsoft Edge. If you want to minimize network connections from Microsoft Edge to Microsoft services, we recommend disabling this functionality. 
@ -60,6 +182,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowautofill"></a>**Browser/AllowAutofill**  
@ -86,6 +209,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether autofill on websites is allowed.
@ -105,6 +238,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowbrowser"></a>**Browser/AllowBrowser**  
@ -131,6 +265,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop. For desktop devices, use the [AppLocker CSP](applocker-csp.md) instead.
@ -149,6 +293,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowcookies"></a>**Browser/AllowCookies**  
@ -175,6 +320,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether cookies are allowed.
@ -194,6 +349,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowdevelopertools"></a>**Browser/AllowDeveloperTools**  
@ -220,6 +376,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -236,6 +402,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowdonottrack"></a>**Browser/AllowDoNotTrack**  
@ -262,6 +429,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether Do Not Track headers are allowed.
@ -281,6 +458,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowextensions"></a>**Browser/AllowExtensions**  
@ -307,6 +485,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether Microsoft Edge extensions are allowed.
@ -317,6 +505,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowflash"></a>**Browser/AllowFlash**  
@ -343,6 +532,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10. Specifies whether Adobe Flash can run in Microsoft Edge.
@ -353,6 +552,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowflashclicktorun"></a>**Browser/AllowFlashClickToRun**  
@ -379,6 +579,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash.
@ -389,6 +599,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowinprivate"></a>**Browser/AllowInPrivate**  
@ -415,6 +626,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether InPrivate browsing is allowed on corporate networks.
@ -427,6 +648,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowmicrosoftcompatibilitylist"></a>**Browser/AllowMicrosoftCompatibilityList**  
@ -453,6 +675,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to use the Microsoft compatibility list in Microsoft Edge. The Microsoft compatibility list is a Microsoft-provided list that enables sites with known compatibility issues to display properly. 
 By default, the Microsoft compatibility list is enabled and can be viewed by visiting "about:compat". 
@ -468,6 +700,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowpasswordmanager"></a>**Browser/AllowPasswordManager**  
@ -494,6 +727,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether saving and managing passwords locally on the device is allowed.
@ -513,6 +756,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowpopups"></a>**Browser/AllowPopups**  
@ -539,6 +783,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether pop-up blocker is allowed or enabled.
@ -558,6 +812,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowsearchenginecustomization"></a>**Browser/AllowSearchEngineCustomization**  
@ -584,6 +839,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows search engine customization for MDM-enrolled devices. Users can change their default search engine. 
@ -598,6 +863,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowsearchsuggestionsinaddressbar"></a>**Browser/AllowSearchSuggestionsinAddressBar**  
@ -624,6 +890,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether search suggestions are allowed in the address bar.
@ -636,6 +912,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-allowsmartscreen"></a>**Browser/AllowSmartScreen**  
@ -662,6 +939,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether Windows Defender SmartScreen is allowed.
@ -681,9 +968,20 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-alwaysenablebookslibrary"></a>**Browser/AlwaysEnableBooksLibrary**  
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">
@ -691,6 +989,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-clearbrowsingdataonexit"></a>**Browser/ClearBrowsingDataOnExit**  
@ -717,6 +1016,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to clear browsing data on exiting Microsoft Edge.
@ -735,6 +1044,7 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-configureadditionalsearchengines"></a>**Browser/ConfigureAdditionalSearchEngines**  
@ -761,6 +1071,16 @@ By default, the Microsoft compatibility list is enabled and can be viewed by vis
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you to add up to 5 additional search engines for MDM-enrolled devices. 
@ -781,6 +1101,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-disablelockdownofstartpages"></a>**Browser/DisableLockdownOfStartPages**  
@ -807,6 +1128,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean value that specifies whether the lockdown on the Start pages is disabled. This policy works with the Browser/HomePages policy, which locks down the Start pages that the users cannot modify. You can use the DisableLockdownOfStartPages policy to allow users to modify the Start pages when the Browser/HomePages policy is in effect. 
@ -825,6 +1156,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-enterprisemodesitelist"></a>**Browser/EnterpriseModeSiteList**  
@ -851,6 +1183,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -865,6 +1207,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-enterprisesitelistserviceurl"></a>**Browser/EnterpriseSiteListServiceUrl**  
@ -891,12 +1234,23 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
 > This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](#browser-enterprisemodesitelist).
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-firstrunurl"></a>**Browser/FirstRunURL**  
@ -923,6 +1277,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -936,6 +1300,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-homepages"></a>**Browser/HomePages**  
@ -962,6 +1327,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -977,6 +1352,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-lockdownfavorites"></a>**Browser/LockdownFavorites**  
@ -1003,6 +1379,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting lets you decide whether employees can add, import, sort, or edit the Favorites list on Microsoft Edge.
@ -1022,6 +1408,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventaccesstoaboutflagsinmicrosoftedge"></a>**Browser/PreventAccessToAboutFlagsInMicrosoftEdge**  
@ -1048,6 +1435,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether users can access the about:flags page, which is used to change developer settings and to enable experimental features.
@ -1058,6 +1455,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventfirstrunpage"></a>**Browser/PreventFirstRunPage**  
@ -1084,6 +1482,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether to enable or disable the First Run webpage. On the first explicit user-launch of Microsoft Edge, a First Run webpage hosted on Microsoft.com opens automatically via a FWLINK. This policy allows enterprises (such as those enrolled in a zero-emissions configuration) to prevent this page from opening.
@ -1096,6 +1504,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventlivetiledatacollection"></a>**Browser/PreventLiveTileDataCollection**  
@ -1122,6 +1531,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether Microsoft can collect information to create a Live Tile when pinning a site to Start from Microsoft Edge.
@ -1134,6 +1553,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventsmartscreenpromptoverride"></a>**Browser/PreventSmartScreenPromptOverride**  
@ -1160,6 +1580,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about potentially malicious websites.
@ -1172,6 +1602,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventsmartscreenpromptoverrideforfiles"></a>**Browser/PreventSmartScreenPromptOverrideForFiles**  
@ -1198,6 +1629,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether users can override the Windows Defender SmartScreen Filter warnings about downloading unverified files. Turning this setting on stops users from ignoring the Windows Defender SmartScreen Filter warnings and blocks them from downloading unverified files. Turning this setting off, or not configuring it, lets users ignore the Windows Defender SmartScreen Filter warnings about unverified files and lets them continue the download process.
@ -1208,6 +1649,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-preventusinglocalhostipaddressforwebrtc"></a>**Browser/PreventUsingLocalHostIPAddressForWebRTC**  
@ -1234,6 +1676,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -1248,6 +1700,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-provisionfavorites"></a>**Browser/ProvisionFavorites**  
@ -1274,6 +1727,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This policy setting allows you to configure a default set of favorites, which will appear for employees. Employees cannot modify, sort, move, export or delete these provisioned favorites. Specify the URL which points to the file that has all the data for provisioning favorites (in html format). You can export a set of favorites from Edge and use that html file for provisioning user machines. 
@ -1292,6 +1755,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-sendintranettraffictointernetexplorer"></a>**Browser/SendIntranetTraffictoInternetExplorer**  
@ -1318,6 +1782,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -1334,6 +1808,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-setdefaultsearchengine"></a>**Browser/SetDefaultSearchEngine**  
@ -1360,6 +1835,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows you configure the default search engine for your employees. By default, your employees can change the default search engine at any time. If you want to prevent your employees from changing the default search engine that you set, you can do so by configuring the AllowSearchEngineCustomization policy.
@ -1379,6 +1864,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-showmessagewhenopeningsitesininternetexplorer"></a>**Browser/ShowMessageWhenOpeningSitesInInternetExplorer**  
@ -1405,6 +1891,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -1421,6 +1917,7 @@ Employees cannot remove these search engines, but they can set any one as the de
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="browser-syncfavoritesbetweenieandmicrosoftedge"></a>**Browser/SyncFavoritesBetweenIEAndMicrosoftEdge**  
@ -1447,6 +1944,16 @@ Employees cannot remove these search engines, but they can set any one as the de
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies whether favorites are kept in sync between Internet Explorer and Microsoft Edge. Changes to favorites in one browser are reflected in the other, including: additions, deletions, modifications, and ordering.
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Camera
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Camera policies  
 <dl>
  <dd>
    <a href="#camera-allowcamera">Camera/AllowCamera</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="camera-allowcamera"></a>**Camera/AllowCamera**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Disables or enables the camera.
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Cellular
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Cellular policies  
 <dl>
  <dd>
    <a href="#cellular-showappcellularaccessui">Cellular/ShowAppCellularAccessUI</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="cellular-showappcellularaccessui"></a>**Cellular/ShowAppCellularAccessUI**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Connectivity
@ -14,11 +14,54 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Connectivity policies  
 <dl>
  <dd>
    <a href="#connectivity-allowbluetooth">Connectivity/AllowBluetooth</a>
  </dd>
  <dd>
    <a href="#connectivity-allowcellulardata">Connectivity/AllowCellularData</a>
  </dd>
  <dd>
    <a href="#connectivity-allowcellulardataroaming">Connectivity/AllowCellularDataRoaming</a>
  </dd>
  <dd>
    <a href="#connectivity-allowconnecteddevices">Connectivity/AllowConnectedDevices</a>
  </dd>
  <dd>
    <a href="#connectivity-allownfc">Connectivity/AllowNFC</a>
  </dd>
  <dd>
    <a href="#connectivity-allowusbconnection">Connectivity/AllowUSBConnection</a>
  </dd>
  <dd>
    <a href="#connectivity-allowvpnovercellular">Connectivity/AllowVPNOverCellular</a>
  </dd>
  <dd>
    <a href="#connectivity-allowvpnroamingovercellular">Connectivity/AllowVPNRoamingOverCellular</a>
  </dd>
  <dd>
    <a href="#connectivity-diableprintingoverhttp">Connectivity/DiablePrintingOverHTTP</a>
  </dd>
  <dd>
    <a href="#connectivity-disabledownloadingofprintdriversoverhttp">Connectivity/DisableDownloadingOfPrintDriversOverHTTP</a>
  </dd>
  <dd>
    <a href="#connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards">Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards</a>
  </dd>
  <dd>
    <a href="#connectivity-hardeneduncpaths">Connectivity/HardenedUNCPaths</a>
  </dd>
  <dd>
    <a href="#connectivity-prohibitinstallationandconfigurationofnetworkbridge">Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowbluetooth"></a>**Connectivity/AllowBluetooth**  
@ -45,6 +88,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to enable Bluetooth or restrict access.
@ -64,6 +116,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowcellulardata"></a>**Connectivity/AllowCellularData**  
@ -90,6 +143,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the cellular data channel on the device. Device reboot is not required to enforce the policy.
@ -101,6 +163,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowcellulardataroaming"></a>**Connectivity/AllowCellularDataRoaming**  
@ -127,6 +190,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows cellular data roaming on the device. Device reboot is not required to enforce the policy.
@ -148,6 +220,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowconnecteddevices"></a>**Connectivity/AllowConnectedDevices**  
@ -174,6 +247,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -187,6 +269,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allownfc"></a>**Connectivity/AllowNFC**  
@ -213,6 +296,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -229,6 +321,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowusbconnection"></a>**Connectivity/AllowUSBConnection**  
@ -255,6 +348,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -273,6 +375,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowvpnovercellular"></a>**Connectivity/AllowVPNOverCellular**  
@ -299,6 +402,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies what type of underlying connections VPN is allowed to use.
@ -311,6 +423,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-allowvpnroamingovercellular"></a>**Connectivity/AllowVPNRoamingOverCellular**  
@ -337,6 +450,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Prevents the device from connecting to VPN when the device roams over cellular networks.
@ -349,6 +471,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-diableprintingoverhttp"></a>**Connectivity/DiablePrintingOverHTTP**  
@ -375,6 +498,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -393,6 +525,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-disabledownloadingofprintdriversoverhttp"></a>**Connectivity/DisableDownloadingOfPrintDriversOverHTTP**  
@ -419,6 +552,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -437,6 +579,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-disableinternetdownloadforwebpublishingandonlineorderingwizards"></a>**Connectivity/DisableInternetDownloadForWebPublishingAndOnlineOrderingWizards**  
@ -463,6 +606,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -481,6 +633,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-hardeneduncpaths"></a>**Connectivity/HardenedUNCPaths**  
@ -507,6 +660,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures secure access to UNC paths.
@ -529,6 +691,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="connectivity-prohibitinstallationandconfigurationofnetworkbridge"></a>**Connectivity/ProhibitInstallationAndConfigurationOfNetworkBridge**  
@ -555,6 +718,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - CredentialProviders
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## CredentialProviders policies  
 <dl>
  <dd>
    <a href="#credentialproviders-allowpinlogon">CredentialProviders/AllowPINLogon</a>
  </dd>
  <dd>
    <a href="#credentialproviders-blockpicturepassword">CredentialProviders/BlockPicturePassword</a>
  </dd>
  <dd>
    <a href="#credentialproviders-disableautomaticredeploymentcredentials">CredentialProviders/DisableAutomaticReDeploymentCredentials</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialproviders-allowpinlogon"></a>**CredentialProviders/AllowPINLogon**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to control whether a domain user can sign in using a convenience PIN.
@ -73,6 +95,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialproviders-blockpicturepassword"></a>**CredentialProviders/BlockPicturePassword**  
@ -99,6 +122,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to control whether a domain user can sign in using a picture password.
@ -125,6 +157,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialproviders-disableautomaticredeploymentcredentials"></a>**CredentialProviders/DisableAutomaticReDeploymentCredentials**  
@ -151,6 +184,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Boolean policy to disable the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device.
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - CredentialsUI
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## CredentialsUI policies  
 <dl>
  <dd>
    <a href="#credentialsui-disablepasswordreveal">CredentialsUI/DisablePasswordReveal</a>
  </dd>
  <dd>
    <a href="#credentialsui-enumerateadministrators">CredentialsUI/EnumerateAdministrators</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialsui-disablepasswordreveal"></a>**CredentialsUI/DisablePasswordReveal**  
@ -45,6 +55,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to configure the display of the password reveal button in password entry user experiences.
@ -73,6 +93,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="credentialsui-enumerateadministrators"></a>**CredentialsUI/EnumerateAdministrators**  
@ -99,6 +120,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether administrator accounts are displayed when a user attempts to elevate a running application. By default, administrator accounts are not displayed when the user attempts to elevate a running application.
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Cryptography
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Cryptography policies  
 <dl>
  <dd>
    <a href="#cryptography-allowfipsalgorithmpolicy">Cryptography/AllowFipsAlgorithmPolicy</a>
  </dd>
  <dd>
    <a href="#cryptography-tlsciphersuites">Cryptography/TLSCipherSuites</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="cryptography-allowfipsalgorithmpolicy"></a>**Cryptography/AllowFipsAlgorithmPolicy**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows the Federal Information Processing Standard (FIPS) policy.
@ -55,6 +74,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="cryptography-tlsciphersuites"></a>**Cryptography/TLSCipherSuites**  
@ -81,6 +101,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Lists the Cryptographic Cipher Algorithms allowed for SSL connections. Format is a semicolon delimited list. Last write win.
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DataProtection
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DataProtection policies  
 <dl>
  <dd>
    <a href="#dataprotection-allowdirectmemoryaccess">DataProtection/AllowDirectMemoryAccess</a>
  </dd>
  <dd>
    <a href="#dataprotection-legacyselectivewipeid">DataProtection/LegacySelectiveWipeID</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="dataprotection-allowdirectmemoryaccess"></a>**DataProtection/AllowDirectMemoryAccess**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows. Once a user logs in, Windows will enumerate the PCI devices connected to the host plug PCI ports. Every time the user locks the machine, DMA will be blocked on hot plug PCI ports with no children devices until the user logs in again. Devices which were already enumerated when the machine was unlocked will continue to function until unplugged. This policy setting is only enforced when BitLocker or device encryption is enabled.
@ -57,6 +76,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="dataprotection-legacyselectivewipeid"></a>**DataProtection/LegacySelectiveWipeID**  
@ -83,6 +103,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
 > This policy may change in a future release. It may be used for testing purposes, but should not be used in a production environment at this time.
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DataUsage
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DataUsage policies  
 <dl>
  <dd>
    <a href="#datausage-setcost3g">DataUsage/SetCost3G</a>
  </dd>
  <dd>
    <a href="#datausage-setcost4g">DataUsage/SetCost4G</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="datausage-setcost3g"></a>**DataUsage/SetCost3G**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures the cost of 3G connections on the local machine.
@ -75,6 +94,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="datausage-setcost4g"></a>**DataUsage/SetCost4G**  
@ -101,6 +121,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures the cost of 4G connections on the local machine.
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Defender
@ -14,11 +14,120 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Defender policies  
 <dl>
  <dd>
    <a href="#defender-allowarchivescanning">Defender/AllowArchiveScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowbehaviormonitoring">Defender/AllowBehaviorMonitoring</a>
  </dd>
  <dd>
    <a href="#defender-allowcloudprotection">Defender/AllowCloudProtection</a>
  </dd>
  <dd>
    <a href="#defender-allowemailscanning">Defender/AllowEmailScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowfullscanonmappednetworkdrives">Defender/AllowFullScanOnMappedNetworkDrives</a>
  </dd>
  <dd>
    <a href="#defender-allowfullscanremovabledrivescanning">Defender/AllowFullScanRemovableDriveScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowioavprotection">Defender/AllowIOAVProtection</a>
  </dd>
  <dd>
    <a href="#defender-allowintrusionpreventionsystem">Defender/AllowIntrusionPreventionSystem</a>
  </dd>
  <dd>
    <a href="#defender-allowonaccessprotection">Defender/AllowOnAccessProtection</a>
  </dd>
  <dd>
    <a href="#defender-allowrealtimemonitoring">Defender/AllowRealtimeMonitoring</a>
  </dd>
  <dd>
    <a href="#defender-allowscanningnetworkfiles">Defender/AllowScanningNetworkFiles</a>
  </dd>
  <dd>
    <a href="#defender-allowscriptscanning">Defender/AllowScriptScanning</a>
  </dd>
  <dd>
    <a href="#defender-allowuseruiaccess">Defender/AllowUserUIAccess</a>
  </dd>
  <dd>
    <a href="#defender-attacksurfacereductiononlyexclusions">Defender/AttackSurfaceReductionOnlyExclusions</a>
  </dd>
  <dd>
    <a href="#defender-attacksurfacereductionrules">Defender/AttackSurfaceReductionRules</a>
  </dd>
  <dd>
    <a href="#defender-avgcpuloadfactor">Defender/AvgCPULoadFactor</a>
  </dd>
  <dd>
    <a href="#defender-cloudblocklevel">Defender/CloudBlockLevel</a>
  </dd>
  <dd>
    <a href="#defender-cloudextendedtimeout">Defender/CloudExtendedTimeout</a>
  </dd>
  <dd>
    <a href="#defender-controlledfolderaccessallowedapplications">Defender/ControlledFolderAccessAllowedApplications</a>
  </dd>
  <dd>
    <a href="#defender-controlledfolderaccessprotectedfolders">Defender/ControlledFolderAccessProtectedFolders</a>
  </dd>
  <dd>
    <a href="#defender-daystoretaincleanedmalware">Defender/DaysToRetainCleanedMalware</a>
  </dd>
  <dd>
    <a href="#defender-enablecontrolledfolderaccess">Defender/EnableControlledFolderAccess</a>
  </dd>
  <dd>
    <a href="#defender-enablenetworkprotection">Defender/EnableNetworkProtection</a>
  </dd>
  <dd>
    <a href="#defender-excludedextensions">Defender/ExcludedExtensions</a>
  </dd>
  <dd>
    <a href="#defender-excludedpaths">Defender/ExcludedPaths</a>
  </dd>
  <dd>
    <a href="#defender-excludedprocesses">Defender/ExcludedProcesses</a>
  </dd>
  <dd>
    <a href="#defender-puaprotection">Defender/PUAProtection</a>
  </dd>
  <dd>
    <a href="#defender-realtimescandirection">Defender/RealTimeScanDirection</a>
  </dd>
  <dd>
    <a href="#defender-scanparameter">Defender/ScanParameter</a>
  </dd>
  <dd>
    <a href="#defender-schedulequickscantime">Defender/ScheduleQuickScanTime</a>
  </dd>
  <dd>
    <a href="#defender-schedulescanday">Defender/ScheduleScanDay</a>
  </dd>
  <dd>
    <a href="#defender-schedulescantime">Defender/ScheduleScanTime</a>
  </dd>
  <dd>
    <a href="#defender-signatureupdateinterval">Defender/SignatureUpdateInterval</a>
  </dd>
  <dd>
    <a href="#defender-submitsamplesconsent">Defender/SubmitSamplesConsent</a>
  </dd>
  <dd>
    <a href="#defender-threatseveritydefaultaction">Defender/ThreatSeverityDefaultAction</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowarchivescanning"></a>**Defender/AllowArchiveScanning**  
@ -45,6 +154,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -59,6 +177,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowbehaviormonitoring"></a>**Defender/AllowBehaviorMonitoring**  
@ -85,6 +204,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -99,6 +227,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowcloudprotection"></a>**Defender/AllowCloudProtection**  
@ -125,6 +254,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -139,6 +277,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowemailscanning"></a>**Defender/AllowEmailScanning**  
@ -165,6 +304,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -179,6 +327,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowfullscanonmappednetworkdrives"></a>**Defender/AllowFullScanOnMappedNetworkDrives**  
@ -205,6 +354,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -219,6 +377,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowfullscanremovabledrivescanning"></a>**Defender/AllowFullScanRemovableDriveScanning**  
@ -245,6 +404,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -259,6 +427,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowioavprotection"></a>**Defender/AllowIOAVProtection**  
@ -285,6 +454,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -299,6 +477,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowintrusionpreventionsystem"></a>**Defender/AllowIntrusionPreventionSystem**  
@ -325,6 +504,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -339,6 +527,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowonaccessprotection"></a>**Defender/AllowOnAccessProtection**  
@ -365,6 +554,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -379,6 +577,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowrealtimemonitoring"></a>**Defender/AllowRealtimeMonitoring**  
@ -405,6 +604,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -419,6 +627,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowscanningnetworkfiles"></a>**Defender/AllowScanningNetworkFiles**  
@ -445,6 +654,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -459,6 +677,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowscriptscanning"></a>**Defender/AllowScriptScanning**  
@ -485,6 +704,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -499,6 +727,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-allowuseruiaccess"></a>**Defender/AllowUserUIAccess**  
@ -525,6 +754,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -539,6 +777,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-attacksurfacereductiononlyexclusions"></a>**Defender/AttackSurfaceReductionOnlyExclusions**  
@ -565,6 +804,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -576,6 +824,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-attacksurfacereductionrules"></a>**Defender/AttackSurfaceReductionRules**  
@ -602,6 +851,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -615,6 +873,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-avgcpuloadfactor"></a>**Defender/AvgCPULoadFactor**  
@ -641,6 +900,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -654,6 +922,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-cloudblocklevel"></a>**Defender/CloudBlockLevel**  
@ -680,6 +949,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -703,6 +981,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-cloudextendedtimeout"></a>**Defender/CloudExtendedTimeout**  
@ -729,6 +1008,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -744,6 +1032,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-controlledfolderaccessallowedapplications"></a>**Defender/ControlledFolderAccessAllowedApplications**  
@ -770,6 +1059,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersAllowedApplications and changed to ControlledFolderAccessAllowedApplications.
@ -778,6 +1076,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-controlledfolderaccessprotectedfolders"></a>**Defender/ControlledFolderAccessProtectedFolders**  
@ -804,6 +1103,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was GuardedFoldersList and changed to ControlledFolderAccessProtectedFolders.
@ -812,6 +1120,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-daystoretaincleanedmalware"></a>**Defender/DaysToRetainCleanedMalware**  
@ -838,6 +1147,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -851,6 +1169,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-enablecontrolledfolderaccess"></a>**Defender/EnableControlledFolderAccess**  
@ -877,6 +1196,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop. The previous name was EnableGuardMyFolders  and changed to EnableControlledFolderAccess.
@ -889,6 +1217,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-enablenetworkprotection"></a>**Defender/EnableNetworkProtection**  
@ -915,6 +1244,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -935,6 +1273,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-excludedextensions"></a>**Defender/ExcludedExtensions**  
@ -961,6 +1300,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -970,6 +1318,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-excludedpaths"></a>**Defender/ExcludedPaths**  
@ -996,6 +1345,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1005,6 +1363,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-excludedprocesses"></a>**Defender/ExcludedProcesses**  
@ -1031,6 +1390,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1046,6 +1414,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-puaprotection"></a>**Defender/PUAProtection**  
@ -1072,6 +1441,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1087,6 +1465,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-realtimescandirection"></a>**Defender/RealTimeScanDirection**  
@ -1113,6 +1492,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1132,6 +1520,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-scanparameter"></a>**Defender/ScanParameter**  
@ -1158,6 +1547,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1172,6 +1570,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-schedulequickscantime"></a>**Defender/ScheduleQuickScanTime**  
@ -1198,6 +1597,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1217,6 +1625,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-schedulescanday"></a>**Defender/ScheduleScanDay**  
@ -1243,6 +1652,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1268,6 +1686,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-schedulescantime"></a>**Defender/ScheduleScanTime**  
@ -1294,6 +1713,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1313,6 +1741,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-signatureupdateinterval"></a>**Defender/SignatureUpdateInterval**  
@ -1339,6 +1768,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1354,6 +1792,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-submitsamplesconsent"></a>**Defender/SubmitSamplesConsent**  
@ -1380,6 +1819,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
@ -1396,6 +1844,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="defender-threatseveritydefaultaction"></a>**Defender/ThreatSeverityDefaultAction**  
@ -1422,6 +1871,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeliveryOptimization
@ -14,11 +14,63 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeliveryOptimization policies  
 <dl>
  <dd>
    <a href="#deliveryoptimization-doabsolutemaxcachesize">DeliveryOptimization/DOAbsoluteMaxCacheSize</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-doallowvpnpeercaching">DeliveryOptimization/DOAllowVPNPeerCaching</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dodownloadmode">DeliveryOptimization/DODownloadMode</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dogroupid">DeliveryOptimization/DOGroupId</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxcacheage">DeliveryOptimization/DOMaxCacheAge</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxcachesize">DeliveryOptimization/DOMaxCacheSize</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxdownloadbandwidth">DeliveryOptimization/DOMaxDownloadBandwidth</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domaxuploadbandwidth">DeliveryOptimization/DOMaxUploadBandwidth</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominbackgroundqos">DeliveryOptimization/DOMinBackgroundQos</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominbatterypercentageallowedtoupload">DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domindisksizeallowedtopeer">DeliveryOptimization/DOMinDiskSizeAllowedToPeer</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominfilesizetocache">DeliveryOptimization/DOMinFileSizeToCache</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dominramallowedtopeer">DeliveryOptimization/DOMinRAMAllowedToPeer</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domodifycachedrive">DeliveryOptimization/DOModifyCacheDrive</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-domonthlyuploaddatacap">DeliveryOptimization/DOMonthlyUploadDataCap</a>
  </dd>
  <dd>
    <a href="#deliveryoptimization-dopercentagemaxdownloadbandwidth">DeliveryOptimization/DOPercentageMaxDownloadBandwidth</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-doabsolutemaxcachesize"></a>**DeliveryOptimization/DOAbsoluteMaxCacheSize**  
@ -45,6 +97,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -56,6 +117,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-doallowvpnpeercaching"></a>**DeliveryOptimization/DOAllowVPNPeerCaching**  
@ -82,6 +144,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -93,6 +164,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dodownloadmode"></a>**DeliveryOptimization/DODownloadMode**  
@ -119,6 +191,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -137,6 +218,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dogroupid"></a>**DeliveryOptimization/DOGroupId**  
@ -163,6 +245,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -175,6 +266,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxcacheage"></a>**DeliveryOptimization/DOMaxCacheAge**  
@ -201,6 +293,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -212,6 +313,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxcachesize"></a>**DeliveryOptimization/DOMaxCacheSize**  
@ -238,6 +340,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -249,6 +360,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxdownloadbandwidth"></a>**DeliveryOptimization/DOMaxDownloadBandwidth**  
@ -275,6 +387,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -286,6 +407,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domaxuploadbandwidth"></a>**DeliveryOptimization/DOMaxUploadBandwidth**  
@ -312,6 +434,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -323,6 +454,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominbackgroundqos"></a>**DeliveryOptimization/DOMinBackgroundQos**  
@ -349,6 +481,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -360,6 +501,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominbatterypercentageallowedtoupload"></a>**DeliveryOptimization/DOMinBatteryPercentageAllowedToUpload**  
@ -386,6 +528,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -396,6 +547,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domindisksizeallowedtopeer"></a>**DeliveryOptimization/DOMinDiskSizeAllowedToPeer**  
@ -422,6 +574,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -436,6 +597,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominfilesizetocache"></a>**DeliveryOptimization/DOMinFileSizeToCache**  
@ -462,6 +624,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -473,6 +644,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dominramallowedtopeer"></a>**DeliveryOptimization/DOMinRAMAllowedToPeer**  
@ -499,6 +671,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Business, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -510,6 +691,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domodifycachedrive"></a>**DeliveryOptimization/DOModifyCacheDrive**  
@ -536,6 +718,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -547,6 +738,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-domonthlyuploaddatacap"></a>**DeliveryOptimization/DOMonthlyUploadDataCap**  
@ -573,6 +765,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
@ -586,6 +787,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deliveryoptimization-dopercentagemaxdownloadbandwidth"></a>**DeliveryOptimization/DOPercentageMaxDownloadBandwidth**  
@ -612,6 +814,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Pro, Enterprise, and Education editions and not supported in Windows 10 Mobile.
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Desktop
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Desktop policies  
 <dl>
  <dd>
    <a href="#desktop-preventuserredirectionofprofilefolders">Desktop/PreventUserRedirectionOfProfileFolders</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="desktop-preventuserredirectionofprofilefolders"></a>**Desktop/PreventUserRedirectionOfProfileFolders**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Prevents users from changing the path to their profile folders.
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeviceGuard
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeviceGuard policies  
 <dl>
  <dd>
    <a href="#deviceguard-enablevirtualizationbasedsecurity">DeviceGuard/EnableVirtualizationBasedSecurity</a>
  </dd>
  <dd>
    <a href="#deviceguard-lsacfgflags">DeviceGuard/LsaCfgFlags</a>
  </dd>
  <dd>
    <a href="#deviceguard-requireplatformsecurityfeatures">DeviceGuard/RequirePlatformSecurityFeatures</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceguard-enablevirtualizationbasedsecurity"></a>**DeviceGuard/EnableVirtualizationBasedSecurity**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Turns on virtualization based security(VBS) at the next reboot. virtualization based security uses the Windows Hypervisor to provide support for security services. Value type is integer. Supported values:
@ -55,6 +77,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceguard-lsacfgflags"></a>**DeviceGuard/LsaCfgFlags**  
@ -81,6 +104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. This setting lets users turn on Credential Guard with virtualization-based security to help protect credentials at next reboot. Value type is integer. Supported values:
@ -93,6 +125,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceguard-requireplatformsecurityfeatures"></a>**DeviceGuard/RequirePlatformSecurityFeatures**  
@ -119,6 +152,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Specifies the platform security level at the next reboot. Value type is integer. Supported values:
 <ul>
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeviceInstallation
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeviceInstallation policies  
 <dl>
  <dd>
    <a href="#deviceinstallation-preventinstallationofmatchingdeviceids">DeviceInstallation/PreventInstallationOfMatchingDeviceIDs</a>
  </dd>
  <dd>
    <a href="#deviceinstallation-preventinstallationofmatchingdevicesetupclasses">DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceinstallation-preventinstallationofmatchingdeviceids"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceIDs**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
@ -69,6 +88,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="deviceinstallation-preventinstallationofmatchingdevicesetupclasses"></a>**DeviceInstallation/PreventInstallationOfMatchingDeviceSetupClasses**  
@ -95,6 +115,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to specify a list of device setup class globally unique identifiers (GUIDs) for device drivers that Windows is prevented from installing. This policy setting takes precedence over any other policy setting that allows Windows to install a device.
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - DeviceLock
@ -14,11 +14,63 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## DeviceLock policies  
 <dl>
  <dd>
    <a href="#devicelock-allowidlereturnwithoutpassword">DeviceLock/AllowIdleReturnWithoutPassword</a>
  </dd>
  <dd>
    <a href="#devicelock-allowscreentimeoutwhilelockeduserconfig">DeviceLock/AllowScreenTimeoutWhileLockedUserConfig</a>
  </dd>
  <dd>
    <a href="#devicelock-allowsimpledevicepassword">DeviceLock/AllowSimpleDevicePassword</a>
  </dd>
  <dd>
    <a href="#devicelock-alphanumericdevicepasswordrequired">DeviceLock/AlphanumericDevicePasswordRequired</a>
  </dd>
  <dd>
    <a href="#devicelock-devicepasswordenabled">DeviceLock/DevicePasswordEnabled</a>
  </dd>
  <dd>
    <a href="#devicelock-devicepasswordexpiration">DeviceLock/DevicePasswordExpiration</a>
  </dd>
  <dd>
    <a href="#devicelock-devicepasswordhistory">DeviceLock/DevicePasswordHistory</a>
  </dd>
  <dd>
    <a href="#devicelock-enforcelockscreenandlogonimage">DeviceLock/EnforceLockScreenAndLogonImage</a>
  </dd>
  <dd>
    <a href="#devicelock-enforcelockscreenprovider">DeviceLock/EnforceLockScreenProvider</a>
  </dd>
  <dd>
    <a href="#devicelock-maxdevicepasswordfailedattempts">DeviceLock/MaxDevicePasswordFailedAttempts</a>
  </dd>
  <dd>
    <a href="#devicelock-maxinactivitytimedevicelock">DeviceLock/MaxInactivityTimeDeviceLock</a>
  </dd>
  <dd>
    <a href="#devicelock-maxinactivitytimedevicelockwithexternaldisplay">DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay</a>
  </dd>
  <dd>
    <a href="#devicelock-mindevicepasswordcomplexcharacters">DeviceLock/MinDevicePasswordComplexCharacters</a>
  </dd>
  <dd>
    <a href="#devicelock-mindevicepasswordlength">DeviceLock/MinDevicePasswordLength</a>
  </dd>
  <dd>
    <a href="#devicelock-preventlockscreenslideshow">DeviceLock/PreventLockScreenSlideShow</a>
  </dd>
  <dd>
    <a href="#devicelock-screentimeoutwhilelocked">DeviceLock/ScreenTimeoutWhileLocked</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-allowidlereturnwithoutpassword"></a>**DeviceLock/AllowIdleReturnWithoutPassword**  
@ -45,6 +97,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -63,6 +124,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-allowscreentimeoutwhilelockeduserconfig"></a>**DeviceLock/AllowScreenTimeoutWhileLockedUserConfig**  
@ -89,6 +151,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -110,6 +181,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-allowsimpledevicepassword"></a>**DeviceLock/AllowSimpleDevicePassword**  
@ -136,6 +208,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether PINs or passwords such as "1111" or "1234" are allowed. For the desktop, it also controls the use of picture passwords.
@ -152,6 +233,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-alphanumericdevicepasswordrequired"></a>**DeviceLock/AlphanumericDevicePasswordRequired**  
@ -178,6 +260,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Determines the type of PIN or password required. This policy only applies if the **DeviceLock/DevicePasswordEnabled** policy is set to 0 (required).
@ -202,6 +293,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-devicepasswordenabled"></a>**DeviceLock/DevicePasswordEnabled**  
@ -228,6 +320,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether device lock is enabled.
@ -278,6 +379,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-devicepasswordexpiration"></a>**DeviceLock/DevicePasswordExpiration**  
@ -304,6 +406,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies when the password expires (in days).
@ -322,6 +433,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-devicepasswordhistory"></a>**DeviceLock/DevicePasswordHistory**  
@ -348,6 +460,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies how many passwords can be stored in the history that can’t be used.
@ -368,6 +489,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-enforcelockscreenandlogonimage"></a>**DeviceLock/EnforceLockScreenAndLogonImage**  
@ -394,6 +516,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies the default lock screen and logon image shown when no user is signed in. It also sets the specified image for all users, which replaces the default image. The same image is used for both the lock and logon screens. Users will not be able to change this image.
@ -405,6 +536,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-enforcelockscreenprovider"></a>**DeviceLock/EnforceLockScreenProvider**  
@ -431,6 +563,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Restricts lock screen image to a specific lock screen provider. Users will not be able change this provider.
@ -442,6 +583,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-maxdevicepasswordfailedattempts"></a>**DeviceLock/MaxDevicePasswordFailedAttempts**  
@ -468,6 +610,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 The number of authentication failures allowed before the device will be wiped. A value of 0 disables device wipe functionality.
@ -493,6 +644,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-maxinactivitytimedevicelock"></a>**DeviceLock/MaxInactivityTimeDeviceLock**  
@ -519,6 +671,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked. Users can select any existing timeout value less than the specified maximum time in the Settings app. Note the Lumia 950 and 950XL have a maximum timeout value of 5 minutes, regardless of the value set by this policy.
@ -535,6 +696,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-maxinactivitytimedevicelockwithexternaldisplay"></a>**DeviceLock/MaxInactivityTimeDeviceLockWithExternalDisplay**  
@ -561,6 +723,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the maximum amount of time (in minutes) allowed after the device is idle that will cause the device to become PIN or password locked while connected to an external display.
@ -575,6 +746,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-mindevicepasswordcomplexcharacters"></a>**DeviceLock/MinDevicePasswordComplexCharacters**  
@ -601,6 +773,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">The number of complex element types (uppercase and lowercase letters, numbers, and punctuation) required for a strong PIN or password.
@ -677,6 +858,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-mindevicepasswordlength"></a>**DeviceLock/MinDevicePasswordLength**  
@ -703,6 +885,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies the minimum number or characters required in the PIN or password.
@ -724,6 +915,7 @@ The number of authentication failures allowed before the device will be wiped. A
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-preventlockscreenslideshow"></a>**DeviceLock/PreventLockScreenSlideShow**  
@ -750,6 +942,15 @@ The number of authentication failures allowed before the device will be wiped. A
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Disables the lock screen slide show settings in PC Settings and prevents a slide show from playing on the lock screen.
@ -774,6 +975,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="devicelock-screentimeoutwhilelocked"></a>**DeviceLock/ScreenTimeoutWhileLocked**  
@ -800,6 +1002,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Display
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Display policies  
 <dl>
  <dd>
    <a href="#display-turnoffgdidpiscalingforapps">Display/TurnOffGdiDPIScalingForApps</a>
  </dd>
  <dd>
    <a href="#display-turnongdidpiscalingforapps">Display/TurnOnGdiDPIScalingForApps</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="display-turnoffgdidpiscalingforapps"></a>**Display/TurnOffGdiDPIScalingForApps**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
@ -63,6 +82,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="display-turnongdidpiscalingforapps"></a>**Display/TurnOnGdiDPIScalingForApps**  
@ -89,6 +109,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">GDI DPI Scaling enables applications that are not DPI aware to become per monitor DPI aware.
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Education
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Education policies  
 <dl>
  <dd>
    <a href="#education-defaultprintername">Education/DefaultPrinterName</a>
  </dd>
  <dd>
    <a href="#education-preventaddingnewprinters">Education/PreventAddingNewPrinters</a>
  </dd>
  <dd>
    <a href="#education-printernames">Education/PrinterNames</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="education-defaultprintername"></a>**Education/DefaultPrinterName**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. This policy allows IT Admins to set the user's default printer. 
@ -52,6 +74,7 @@ The policy value is expected to be the name (network host name) of an installed
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="education-preventaddingnewprinters"></a>**Education/PreventAddingNewPrinters**  
@ -78,6 +101,15 @@ The policy value is expected to be the name (network host name) of an installed
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Allows IT Admins to prevent user installation of additional printers from the printers settings.
@ -88,6 +120,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="education-printernames"></a>**Education/PrinterNames**  
@ -114,6 +147,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Added in Windows 10, version 1709. Allows IT Admins to automatically provision printers based on their names (network host names).
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - EnterpriseCloudPrint
@ -14,11 +14,33 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## EnterpriseCloudPrint policies  
 <dl>
  <dd>
    <a href="#enterprisecloudprint-cloudprintoauthauthority">EnterpriseCloudPrint/CloudPrintOAuthAuthority</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-cloudprintoauthclientid">EnterpriseCloudPrint/CloudPrintOAuthClientId</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-cloudprintresourceid">EnterpriseCloudPrint/CloudPrintResourceId</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-cloudprinterdiscoveryendpoint">EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-discoverymaxprinterlimit">EnterpriseCloudPrint/DiscoveryMaxPrinterLimit</a>
  </dd>
  <dd>
    <a href="#enterprisecloudprint-mopriadiscoveryresourceid">EnterpriseCloudPrint/MopriaDiscoveryResourceId</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprintoauthauthority"></a>**EnterpriseCloudPrint/CloudPrintOAuthAuthority**  
@ -45,6 +67,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the authentication endpoint for acquiring OAuth tokens.  This policy must target ./User, otherwise it fails.
@ -54,6 +85,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprintoauthclientid"></a>**EnterpriseCloudPrint/CloudPrintOAuthClientId**  
@ -80,6 +112,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the GUID of a client application authorized to retrieve OAuth tokens from the OAuthAuthority. This policy must target ./User, otherwise it fails.
@ -89,6 +130,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprintresourceid"></a>**EnterpriseCloudPrint/CloudPrintResourceId**  
@ -115,6 +157,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the enterprise cloud print client during OAuth authentication. This policy must target ./User, otherwise it fails.
@ -124,6 +175,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-cloudprinterdiscoveryendpoint"></a>**EnterpriseCloudPrint/CloudPrinterDiscoveryEndPoint**  
@ -150,6 +202,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user end point for discovering cloud printers. This policy must target ./User, otherwise it fails.
@ -159,6 +220,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-discoverymaxprinterlimit"></a>**EnterpriseCloudPrint/DiscoveryMaxPrinterLimit**  
@ -185,6 +247,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Defines the maximum number of printers that should be queried from a discovery end point. This policy must target ./User, otherwise it fails.
@ -194,6 +265,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="enterprisecloudprint-mopriadiscoveryresourceid"></a>**EnterpriseCloudPrint/MopriaDiscoveryResourceId**  
@ -220,6 +292,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Specifies the per-user resource URL for which access is requested by the Mopria discovery client during OAuth authentication. This policy must target ./User, otherwise it fails.
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ErrorReporting
@ -14,11 +14,30 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ErrorReporting policies  
 <dl>
  <dd>
    <a href="#errorreporting-customizeconsentsettings">ErrorReporting/CustomizeConsentSettings</a>
  </dd>
  <dd>
    <a href="#errorreporting-disablewindowserrorreporting">ErrorReporting/DisableWindowsErrorReporting</a>
  </dd>
  <dd>
    <a href="#errorreporting-displayerrornotification">ErrorReporting/DisplayErrorNotification</a>
  </dd>
  <dd>
    <a href="#errorreporting-donotsendadditionaldata">ErrorReporting/DoNotSendAdditionalData</a>
  </dd>
  <dd>
    <a href="#errorreporting-preventcriticalerrordisplay">ErrorReporting/PreventCriticalErrorDisplay</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-customizeconsentsettings"></a>**ErrorReporting/CustomizeConsentSettings**  
@ -45,6 +64,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting determines the consent behavior of Windows Error Reporting for specific event types.
@ -79,6 +107,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-disablewindowserrorreporting"></a>**ErrorReporting/DisableWindowsErrorReporting**  
@ -105,6 +134,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting turns off Windows Error Reporting, so that reports are not collected or sent to either Microsoft or internal servers within your organization when software unexpectedly stops working or fails.
@ -129,6 +167,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-displayerrornotification"></a>**ErrorReporting/DisplayErrorNotification**  
@ -155,6 +194,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether users are shown an error dialog box that lets them report an error.
@ -183,6 +231,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-donotsendadditionaldata"></a>**ErrorReporting/DoNotSendAdditionalData**  
@ -209,6 +258,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether additional data in support of error reports can be sent to Microsoft automatically.
@ -233,6 +291,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="errorreporting-preventcriticalerrordisplay"></a>**ErrorReporting/PreventCriticalErrorDisplay**  
@ -259,6 +318,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting prevents the display of the user interface for critical errors.
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - EventLogService
@ -14,11 +14,27 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## EventLogService policies  
 <dl>
  <dd>
    <a href="#eventlogservice-controleventlogbehavior">EventLogService/ControlEventLogBehavior</a>
  </dd>
  <dd>
    <a href="#eventlogservice-specifymaximumfilesizeapplicationlog">EventLogService/SpecifyMaximumFileSizeApplicationLog</a>
  </dd>
  <dd>
    <a href="#eventlogservice-specifymaximumfilesizesecuritylog">EventLogService/SpecifyMaximumFileSizeSecurityLog</a>
  </dd>
  <dd>
    <a href="#eventlogservice-specifymaximumfilesizesystemlog">EventLogService/SpecifyMaximumFileSizeSystemLog</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-controleventlogbehavior"></a>**EventLogService/ControlEventLogBehavior**  
@ -45,6 +61,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls Event Log behavior when the log file reaches its maximum size.
@ -71,6 +96,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-specifymaximumfilesizeapplicationlog"></a>**EventLogService/SpecifyMaximumFileSizeApplicationLog**  
@ -97,6 +123,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies the maximum size of the log file in kilobytes.
@ -121,6 +156,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-specifymaximumfilesizesecuritylog"></a>**EventLogService/SpecifyMaximumFileSizeSecurityLog**  
@ -147,6 +183,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies the maximum size of the log file in kilobytes.
@ -171,6 +216,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="eventlogservice-specifymaximumfilesizesystemlog"></a>**EventLogService/SpecifyMaximumFileSizeSystemLog**  
@ -197,6 +243,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies the maximum size of the log file in kilobytes.
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Experience
@ -14,11 +14,72 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Experience policies  
 <dl>
  <dd>
    <a href="#experience-allowcopypaste">Experience/AllowCopyPaste</a>
  </dd>
  <dd>
    <a href="#experience-allowcortana">Experience/AllowCortana</a>
  </dd>
  <dd>
    <a href="#experience-allowdevicediscovery">Experience/AllowDeviceDiscovery</a>
  </dd>
  <dd>
    <a href="#experience-allowfindmydevice">Experience/AllowFindMyDevice</a>
  </dd>
  <dd>
    <a href="#experience-allowmanualmdmunenrollment">Experience/AllowManualMDMUnenrollment</a>
  </dd>
  <dd>
    <a href="#experience-allowsimerrordialogpromptwhennosim">Experience/AllowSIMErrorDialogPromptWhenNoSIM</a>
  </dd>
  <dd>
    <a href="#experience-allowscreencapture">Experience/AllowScreenCapture</a>
  </dd>
  <dd>
    <a href="#experience-allowsyncmysettings">Experience/AllowSyncMySettings</a>
  </dd>
  <dd>
    <a href="#experience-allowtailoredexperienceswithdiagnosticdata">Experience/AllowTailoredExperiencesWithDiagnosticData</a>
  </dd>
  <dd>
    <a href="#experience-allowtaskswitcher">Experience/AllowTaskSwitcher</a>
  </dd>
  <dd>
    <a href="#experience-allowthirdpartysuggestionsinwindowsspotlight">Experience/AllowThirdPartySuggestionsInWindowsSpotlight</a>
  </dd>
  <dd>
    <a href="#experience-allowvoicerecording">Experience/AllowVoiceRecording</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsconsumerfeatures">Experience/AllowWindowsConsumerFeatures</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsspotlight">Experience/AllowWindowsSpotlight</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsspotlightonactioncenter">Experience/AllowWindowsSpotlightOnActionCenter</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowsspotlightwindowswelcomeexperience">Experience/AllowWindowsSpotlightWindowsWelcomeExperience</a>
  </dd>
  <dd>
    <a href="#experience-allowwindowstips">Experience/AllowWindowsTips</a>
  </dd>
  <dd>
    <a href="#experience-configurewindowsspotlightonlockscreen">Experience/ConfigureWindowsSpotlightOnLockScreen</a>
  </dd>
  <dd>
    <a href="#experience-donotshowfeedbacknotifications">Experience/DoNotShowFeedbackNotifications</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowcopypaste"></a>**Experience/AllowCopyPaste**  
@ -45,6 +106,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -60,6 +130,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowcortana"></a>**Experience/AllowCortana**  
@ -86,6 +157,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether Cortana is allowed on the device. If you enable or don’t configure this setting, Cortana is allowed on the device. If you disable this setting, Cortana is turned off. When Cortana is off, users will still be able to use search to find items on the device.
@ -106,6 +186,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowdevicediscovery"></a>**Experience/AllowDeviceDiscovery**  
@ -132,6 +213,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows users to turn on/off device discovery UX.
@ -146,6 +236,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowfindmydevice"></a>**Experience/AllowFindMyDevice**  
@ -172,6 +263,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy turns on Find My Device.
@ -186,6 +286,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowmanualmdmunenrollment"></a>**Experience/AllowManualMDMUnenrollment**  
@ -212,6 +313,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the user to delete the workplace account using the workplace control panel.
@ -228,6 +338,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowsimerrordialogpromptwhennosim"></a>**Experience/AllowSIMErrorDialogPromptWhenNoSIM**  
@ -254,6 +365,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -268,6 +388,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowscreencapture"></a>**Experience/AllowScreenCapture**  
@ -294,6 +415,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -310,6 +440,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowsyncmysettings"></a>**Experience/AllowSyncMySettings**  
@ -336,6 +467,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows all Windows sync settings on the device. For information about what settings are sync'ed, see [About sync setting on Windows 10 devices](http://windows.microsoft.com/windows-10/about-sync-settings-on-windows-10-devices).
@ -346,6 +486,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowtailoredexperienceswithdiagnosticdata"></a>**Experience/AllowTailoredExperiencesWithDiagnosticData**  
@ -372,6 +513,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -391,6 +541,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowtaskswitcher"></a>**Experience/AllowTaskSwitcher**  
@ -417,6 +568,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -431,6 +591,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowthirdpartysuggestionsinwindowsspotlight"></a>**Experience/AllowThirdPartySuggestionsInWindowsSpotlight**  
@ -457,6 +618,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education.
@ -471,6 +641,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowvoicerecording"></a>**Experience/AllowVoiceRecording**  
@ -497,6 +668,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -513,6 +693,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsconsumerfeatures"></a>**Experience/AllowWindowsConsumerFeatures**  
@ -539,6 +720,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -562,6 +752,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsspotlight"></a>**Experience/AllowWindowsSpotlight**  
@ -588,6 +779,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 Enterprise and Windows 10 Education.
@ -604,6 +804,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsspotlightonactioncenter"></a>**Experience/AllowWindowsSpotlightOnActionCenter**  
@ -630,6 +831,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -645,6 +855,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowsspotlightwindowswelcomeexperience"></a>**Experience/AllowWindowsSpotlightWindowsWelcomeExperience**  
@ -671,6 +882,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -687,6 +907,7 @@ The Windows welcome experience feature introduces onboard users to Windows; for
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-allowwindowstips"></a>**Experience/AllowWindowsTips**  
@ -713,6 +934,15 @@ The Windows welcome experience feature introduces onboard users to Windows; for
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Enables or disables Windows Tips / soft landing.
@ -723,6 +953,7 @@ Enables or disables Windows Tips / soft landing.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-configurewindowsspotlightonlockscreen"></a>**Experience/ConfigureWindowsSpotlightOnLockScreen**  
@ -749,6 +980,15 @@ Enables or disables Windows Tips / soft landing.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only available for Windows 10 Enterprise and Windows 10 Education.
@ -764,6 +1004,7 @@ Enables or disables Windows Tips / soft landing.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="experience-donotshowfeedbacknotifications"></a>**Experience/DoNotShowFeedbackNotifications**  
@ -790,6 +1031,15 @@ Enables or disables Windows Tips / soft landing.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Prevents devices from showing feedback questions from Microsoft.
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - ExploitGuard
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## ExploitGuard policies  
 <dl>
  <dd>
    <a href="#exploitguard-exploitprotectionsettings">ExploitGuard/ExploitProtectionSettings</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="exploitguard-exploitprotectionsettings"></a>**ExploitGuard/ExploitProtectionSettings**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Enables the IT admin to push out a configuration representing the desired system and application mitigation options to all the devices in the organization. The configuration is represented by an XML. For more information Exploit Protection, see [Protect devices from exploits with Windows Defender Exploit Guard](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard) and [Import, export, and deploy Exploit Protection configurations](https://docs.microsoft.com/en-us/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml).
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/31/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Games
@ -14,11 +14,18 @@ ms.date: 08/31/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Games policies  
 <dl>
  <dd>
    <a href="#games-allowadvancedgamingservices">Games/AllowAdvancedGamingServices</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="games-allowadvancedgamingservices"></a>**Games/AllowAdvancedGamingServices**  
@ -45,6 +52,15 @@ ms.date: 08/31/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specifies whether advanced gaming services can be used. These services may send data to Microsoft or publishers of games that use these services. Value type is integer.
@ -52,6 +68,7 @@ ms.date: 08/31/2017
 - 1 (default) - Allowed
 <p style="margin-left: 20px">This policy can only be turned off in Windows 10 Education and Enterprise editions.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/07/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Handwriting
@ -14,11 +14,18 @@ ms.date: 09/07/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Handwriting policies  
 <dl>
  <dd>
    <a href="#handwriting-paneldefaultmodedocked">Handwriting/PanelDefaultModeDocked</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="handwriting-paneldefaultmodedocked"></a>**Handwriting/PanelDefaultModeDocked**  
@ -45,6 +52,15 @@ ms.date: 09/07/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10. version 1709. This policy allows an enterprise to configure the default mode for the handwriting panel.
@ -70,3 +86,4 @@ Footnote:
 -   3 - Added in Windows 10, version 1709.
 <!--EndPolicies-->
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Kerberos
@ -14,11 +14,30 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Kerberos policies  
 <dl>
  <dd>
    <a href="#kerberos-allowforestsearchorder">Kerberos/AllowForestSearchOrder</a>
  </dd>
  <dd>
    <a href="#kerberos-kerberosclientsupportsclaimscompoundarmor">Kerberos/KerberosClientSupportsClaimsCompoundArmor</a>
  </dd>
  <dd>
    <a href="#kerberos-requirekerberosarmoring">Kerberos/RequireKerberosArmoring</a>
  </dd>
  <dd>
    <a href="#kerberos-requirestrictkdcvalidation">Kerberos/RequireStrictKDCValidation</a>
  </dd>
  <dd>
    <a href="#kerberos-setmaximumcontexttokensize">Kerberos/SetMaximumContextTokenSize</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-allowforestsearchorder"></a>**Kerberos/AllowForestSearchOrder**  
@ -45,6 +64,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting defines the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
@ -69,6 +97,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-kerberosclientsupportsclaimscompoundarmor"></a>**Kerberos/KerberosClientSupportsClaimsCompoundArmor**  
@ -95,6 +124,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether a device will request claims and compound authentication for Dynamic Access Control and Kerberos armoring using Kerberos authentication with domains that support these features.
 If you enable this policy setting, the client computers will request claims, provide information required to create compounded authentication and armor Kerberos messages in domains which support claims and compound authentication for Dynamic Access Control and Kerberos armoring.
@ -118,6 +156,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-requirekerberosarmoring"></a>**Kerberos/RequireKerberosArmoring**  
@ -144,6 +183,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether a computer requires that Kerberos message exchanges be armored when communicating with a domain controller.
@ -172,6 +220,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-requirestrictkdcvalidation"></a>**Kerberos/RequireStrictKDCValidation**  
@ -198,6 +247,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls the Kerberos client's behavior in validating the KDC certificate for smart card and system certificate logon.
@ -222,6 +280,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="kerberos-setmaximumcontexttokensize"></a>**Kerberos/SetMaximumContextTokenSize**  
@ -248,6 +307,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to set the value returned to applications which request the maximum size of the SSPI context token buffer size.
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Licensing
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Licensing policies  
 <dl>
  <dd>
    <a href="#licensing-allowwindowsentitlementreactivation">Licensing/AllowWindowsEntitlementReactivation</a>
  </dd>
  <dd>
    <a href="#licensing-disallowkmsclientonlineavsvalidation">Licensing/DisallowKMSClientOnlineAVSValidation</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="licensing-allowwindowsentitlementreactivation"></a>**Licensing/AllowWindowsEntitlementReactivation**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Enables or Disable Windows license reactivation on managed devices.
@ -55,6 +74,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="licensing-disallowkmsclientonlineavsvalidation"></a>**Licensing/DisallowKMSClientOnlineAVSValidation**  
@ -81,6 +101,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Enabling this setting prevents this computer from sending data to Microsoft regarding its activation state.
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - LocalPoliciesSecurityOptions
@ -14,11 +14,87 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## LocalPoliciesSecurityOptions policies  
 <dl>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-blockmicrosoftaccounts">LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-enableadministratoraccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-enableguestaccountstatus">LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly">LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-renameadministratoraccount">LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-accounts-renameguestaccount">LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked">LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin">LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin">LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel">LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-machineinactivitylimit">LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon">LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests">LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon">LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon">LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation">LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers">LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations">LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode">LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation">LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation</a>
  </dd>
  <dd>
    <a href="#localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations">LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-blockmicrosoftaccounts"></a>**LocalPoliciesSecurityOptions/Accounts_BlockMicrosoftAccounts**  
@ -45,6 +121,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting prevents users from adding new Microsoft accounts on this computer.
@ -61,6 +146,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-enableadministratoraccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableAdministratorAccountStatus**  
@ -87,6 +173,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This security setting determines whether the local Administrator account is enabled or disabled.
@ -104,6 +199,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-enableguestaccountstatus"></a>**LocalPoliciesSecurityOptions/Accounts_EnableGuestAccountStatus**  
@ -130,6 +226,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This security setting determines if the Guest account is enabled or disabled.
@ -144,6 +249,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-limitlocalaccountuseofblankpasswordstoconsolelogononly"></a>**LocalPoliciesSecurityOptions/Accounts_LimitLocalAccountUseOfBlankPasswordsToConsoleLogonOnly**  
@ -170,6 +276,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Accounts: Limit local account use of blank passwords to console logon only
@ -192,6 +307,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-renameadministratoraccount"></a>**LocalPoliciesSecurityOptions/Accounts_RenameAdministratorAccount**  
@ -218,6 +334,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Accounts: Rename administrator account
@ -229,6 +354,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-accounts-renameguestaccount"></a>**LocalPoliciesSecurityOptions/Accounts_RenameGuestAccount**  
@ -255,6 +381,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Accounts: Rename guest account
@ -266,6 +401,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-displayuserinformationwhenthesessionislocked"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DisplayUserInformationWhenTheSessionIsLocked**  
@ -292,6 +428,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive Logon:Display user information when the session is locked  
@ -304,6 +449,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayLastSignedIn**  
@ -330,6 +476,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Don't display last signed-in
@ -347,6 +502,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-donotdisplayusernameatsignin"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotDisplayUsernameAtSignIn**  
@ -373,6 +529,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Don't display username at sign-in
@ -391,6 +556,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-donotrequirectrlaltdel"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_DoNotRequireCTRLALTDEL**  
@ -417,6 +583,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Do not require CTRL+ALT+DEL
@ -436,6 +611,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-machineinactivitylimit"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MachineInactivityLimit**  
@ -462,6 +638,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Machine inactivity limit.
@ -476,6 +661,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-messagetextforusersattemptingtologon"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTextForUsersAttemptingToLogOn**  
@ -502,6 +688,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Message text for users attempting to log on
@ -515,6 +710,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-interactivelogon-messagetitleforusersattemptingtologon"></a>**LocalPoliciesSecurityOptions/InteractiveLogon_MessageTitleForUsersAttemptingToLogOn**  
@ -541,6 +737,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Interactive logon: Message title for users attempting to log on
@ -552,6 +757,7 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-networksecurity-allowpku2uauthenticationrequests"></a>**LocalPoliciesSecurityOptions/NetworkSecurity_AllowPKU2UAuthenticationRequests**  
@ -578,6 +784,15 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Network security: Allow PKU2U authentication requests to this computer to use online identities.
@ -591,6 +806,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-recoveryconsole-allowautomaticadministrativelogon"></a>**LocalPoliciesSecurityOptions/RecoveryConsole_AllowAutomaticAdministrativeLogon**  
@ -631,6 +847,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon"></a>**LocalPoliciesSecurityOptions/Shutdown_AllowSystemToBeShutDownWithoutHavingToLogOn**  
@ -657,6 +874,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Shutdown: Allow system to be shut down without having to log on
@ -676,6 +902,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-allowuiaccessapplicationstopromptforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_AllowUIAccessApplicationsToPromptForElevation**  
@ -702,6 +929,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Allow UIAccess applications to prompt for elevation without using the secure desktop.
@ -720,6 +956,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforadministrators"></a>**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForAdministrators**  
@ -746,6 +983,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
@ -769,6 +1015,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers"></a>**LocalPoliciesSecurityOptions/UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers**  
@ -795,6 +1042,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Behavior of the elevation prompt for standard users
 This policy setting controls the behavior of the elevation prompt for standard users.
@ -811,6 +1067,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateexecutablefilesthataresignedandvalidated"></a>**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateExecutableFilesThatAreSignedAndValidated**  
@ -837,6 +1094,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Only elevate executable files that are signed and validated
@ -850,6 +1116,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-onlyelevateuiaccessapplicationsthatareinstalledinsecurelocations"></a>**LocalPoliciesSecurityOptions/UserAccountControl_OnlyElevateUIAccessApplicationsThatAreInstalledInSecureLocations**  
@ -876,6 +1143,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Only elevate UIAccess applications that are installed in secure locations
@ -895,6 +1171,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-runalladministratorsinadminapprovalmode"></a>**LocalPoliciesSecurityOptions/UserAccountControl_RunAllAdministratorsInAdminApprovalMode**  
@ -921,6 +1198,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Turn on Admin Approval Mode
@ -935,6 +1221,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-switchtothesecuredesktopwhenpromptingforelevation"></a>**LocalPoliciesSecurityOptions/UserAccountControl_SwitchToTheSecureDesktopWhenPromptingForElevation**  
@ -961,6 +1248,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Switch to the secure desktop when prompting for elevation
@ -974,6 +1270,7 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="localpoliciessecurityoptions-useraccountcontrol-virtualizefileandregistrywritefailurestoperuserlocations"></a>**LocalPoliciesSecurityOptions/UserAccountControl_VirtualizeFileAndRegistryWriteFailuresToPerUserLocations**  
@ -1000,6 +1297,15 @@ Value type is integer. Supported operations are Add, Get, Replace, and Delete.
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 User Account Control: Virtualize file and registry write failures to per-user locations
--- a/windows/client-management/mdm/policy-csp-location.md
+++ b/windows/client-management/mdm/policy-csp-location.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Location
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Location policies  
 <dl>
  <dd>
    <a href="#location-enablelocation">Location/EnableLocation</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="location-enablelocation"></a>**Location/EnableLocation**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Optional policy that allows for IT admin to preconfigure whether or not Location Service's Device Switch is enabled or disabled for the device. Setting this policy is not required for Location Services to function. This policy controls a device wide state that affects all users, apps, and services ability to find the device's latitude and longitude on a map. There is a separate user switch that defines whether the location service is allowed to retrieve a position for the current user. In order to retrieve a position for a specific user, both the Device Switch and the User Switch must be enabled. If either is disabled, positions cannot be retrieved for the user. The user can later change both the User Switch and the Device Switch through the user interface on the Settings -> Privacy -> Location page.
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - LockDown
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## LockDown policies  
 <dl>
  <dd>
    <a href="#lockdown-allowedgeswipe">LockDown/AllowEdgeSwipe</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="lockdown-allowedgeswipe"></a>**LockDown/AllowEdgeSwipe**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the user to invoke any system user interface by swiping in from any screen edge using touch.
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Maps
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Maps policies  
 <dl>
  <dd>
    <a href="#maps-allowofflinemapsdownloadovermeteredconnection">Maps/AllowOfflineMapsDownloadOverMeteredConnection</a>
  </dd>
  <dd>
    <a href="#maps-enableofflinemapsautoupdate">Maps/EnableOfflineMapsAutoUpdate</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="maps-allowofflinemapsdownloadovermeteredconnection"></a>**Maps/AllowOfflineMapsDownloadOverMeteredConnection**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allows the download and update of map data over metered connections.
@ -58,6 +77,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="maps-enableofflinemapsautoupdate"></a>**Maps/EnableOfflineMapsAutoUpdate**  
@ -84,6 +104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Disables the automatic download and update of map data.
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Messaging
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Messaging policies  
 <dl>
  <dd>
    <a href="#messaging-allowmms">Messaging/AllowMMS</a>
  </dd>
  <dd>
    <a href="#messaging-allowmessagesync">Messaging/AllowMessageSync</a>
  </dd>
  <dd>
    <a href="#messaging-allowrcs">Messaging/AllowRCS</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="messaging-allowmms"></a>**Messaging/AllowMMS**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -58,6 +80,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="messaging-allowmessagesync"></a>**Messaging/AllowMessageSync**  
@ -84,6 +107,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Enables text message back up and restore and Messaging Everywhere. This policy allows an organization to disable these features to avoid information being stored on servers outside of their control.
@ -94,6 +126,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="messaging-allowrcs"></a>**Messaging/AllowRCS**  
@ -120,6 +153,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - NetworkIsolation
@ -14,11 +14,39 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## NetworkIsolation policies  
 <dl>
  <dd>
    <a href="#networkisolation-enterprisecloudresources">NetworkIsolation/EnterpriseCloudResources</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseiprange">NetworkIsolation/EnterpriseIPRange</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseiprangesareauthoritative">NetworkIsolation/EnterpriseIPRangesAreAuthoritative</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseinternalproxyservers">NetworkIsolation/EnterpriseInternalProxyServers</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterprisenetworkdomainnames">NetworkIsolation/EnterpriseNetworkDomainNames</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseproxyservers">NetworkIsolation/EnterpriseProxyServers</a>
  </dd>
  <dd>
    <a href="#networkisolation-enterpriseproxyserversareauthoritative">NetworkIsolation/EnterpriseProxyServersAreAuthoritative</a>
  </dd>
  <dd>
    <a href="#networkisolation-neutralresources">NetworkIsolation/NeutralResources</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterprisecloudresources"></a>**NetworkIsolation/EnterpriseCloudResources**  
@ -45,11 +73,21 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Contains a list of Enterprise resource domains hosted in the cloud that need to be protected. Connections to these resources are considered enterprise data. If a proxy is paired with a cloud resource, traffic to the cloud resource will be routed through the enterprise network via the denoted proxy server (on Port 80). A proxy server used for this purpose must also be configured using the **EnterpriseInternalProxyServers** policy. This domain list is a pipe-separated list of cloud resources. Each cloud resource can also be paired optionally with an internal proxy server by using a trailing comma followed by the proxy address. For example, **&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|&lt;*cloudresource*&gt;|&lt;*cloudresource*&gt;,&lt;*proxy*&gt;|**.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseiprange"></a>**NetworkIsolation/EnterpriseIPRange**  
@ -76,6 +114,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Sets the enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected. These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of IPv4 and IPv6 ranges. For example:
@ -90,6 +137,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseiprangesareauthoritative"></a>**NetworkIsolation/EnterpriseIPRangesAreAuthoritative**  
@ -116,11 +164,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Boolean value that tells the client to accept the configured list and not to use heuristics to attempt to find other subnets.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseinternalproxyservers"></a>**NetworkIsolation/EnterpriseInternalProxyServers**  
@ -147,11 +205,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This is the comma-separated list of internal proxy servers. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59". These proxies have been configured by the admin to connect to specific resources on the Internet. They are considered to be enterprise network locations. The proxies are only leveraged in configuring the **EnterpriseCloudResources** policy to force traffic to the matched cloud resources through these proxies.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterprisenetworkdomainnames"></a>**NetworkIsolation/EnterpriseNetworkDomainNames**  
@ -178,6 +246,15 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This is the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected These locations will be considered a safe destination for enterprise data to be shared to. This is a comma-separated list of domains, for example "contoso.sharepoint.com, Fabrikam.com".
@ -193,6 +270,7 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseproxyservers"></a>**NetworkIsolation/EnterpriseProxyServers**  
@ -219,11 +297,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This is a comma-separated list of proxy servers. Any server on this list is considered non-enterprise. For example "157.54.14.28, 157.54.11.118, 10.202.14.167, 157.53.14.163, 157.69.210.59".
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-enterpriseproxyserversareauthoritative"></a>**NetworkIsolation/EnterpriseProxyServersAreAuthoritative**  
@ -250,11 +338,21 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Boolean value that tells the client to accept the configured list of proxies and not try to detect other work proxies.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="networkisolation-neutralresources"></a>**NetworkIsolation/NeutralResources**  
@ -281,6 +379,15 @@ fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">List of domain names that can used for work or personal resource.
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Notifications
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Notifications policies  
 <dl>
  <dd>
    <a href="#notifications-disallownotificationmirroring">Notifications/DisallowNotificationMirroring</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="notifications-disallownotificationmirroring"></a>**Notifications/DisallowNotificationMirroring**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Boolean value that turns off notification mirroring.
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Power
@ -14,11 +14,42 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Power policies  
 <dl>
  <dd>
    <a href="#power-allowstandbywhensleepingpluggedin">Power/AllowStandbyWhenSleepingPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-displayofftimeoutonbattery">Power/DisplayOffTimeoutOnBattery</a>
  </dd>
  <dd>
    <a href="#power-displayofftimeoutpluggedin">Power/DisplayOffTimeoutPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-hibernatetimeoutonbattery">Power/HibernateTimeoutOnBattery</a>
  </dd>
  <dd>
    <a href="#power-hibernatetimeoutpluggedin">Power/HibernateTimeoutPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-requirepasswordwhencomputerwakesonbattery">Power/RequirePasswordWhenComputerWakesOnBattery</a>
  </dd>
  <dd>
    <a href="#power-requirepasswordwhencomputerwakespluggedin">Power/RequirePasswordWhenComputerWakesPluggedIn</a>
  </dd>
  <dd>
    <a href="#power-standbytimeoutonbattery">Power/StandbyTimeoutOnBattery</a>
  </dd>
  <dd>
    <a href="#power-standbytimeoutpluggedin">Power/StandbyTimeoutPluggedIn</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-allowstandbywhensleepingpluggedin"></a>**Power/AllowStandbyWhenSleepingPluggedIn**  
@ -45,6 +76,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
@ -69,6 +109,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-displayofftimeoutonbattery"></a>**Power/DisplayOffTimeoutOnBattery**  
@ -95,6 +136,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (on battery). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
@ -121,6 +171,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-displayofftimeoutpluggedin"></a>**Power/DisplayOffTimeoutPluggedIn**  
@ -147,6 +198,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Turn off the display (plugged in). This policy setting allows you to specify the period of inactivity before Windows turns off the display.
@ -173,6 +233,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-hibernatetimeoutonbattery"></a>**Power/HibernateTimeoutOnBattery**  
@ -199,6 +260,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
@ -226,6 +296,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-hibernatetimeoutpluggedin"></a>**Power/HibernateTimeoutPluggedIn**  
@ -252,6 +323,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system hibernate timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to hibernate.
@ -278,6 +358,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-requirepasswordwhencomputerwakesonbattery"></a>**Power/RequirePasswordWhenComputerWakesOnBattery**  
@ -304,6 +385,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
@ -328,6 +418,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-requirepasswordwhencomputerwakespluggedin"></a>**Power/RequirePasswordWhenComputerWakesPluggedIn**  
@ -354,6 +445,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether or not the user is prompted for a password when the system resumes from sleep.
@ -378,6 +478,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-standbytimeoutonbattery"></a>**Power/StandbyTimeoutOnBattery**  
@ -404,6 +505,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (on battery). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
@ -430,6 +540,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="power-standbytimeoutpluggedin"></a>**Power/StandbyTimeoutPluggedIn**  
@ -456,6 +567,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Specify the system sleep timeout (plugged in). This policy setting allows you to specify the period of inactivity before Windows transitions the system to sleep.
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Printers
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Printers policies  
 <dl>
  <dd>
    <a href="#printers-pointandprintrestrictions">Printers/PointAndPrintRestrictions</a>
  </dd>
  <dd>
    <a href="#printers-pointandprintrestrictions-user">Printers/PointAndPrintRestrictions_User</a>
  </dd>
  <dd>
    <a href="#printers-publishprinters">Printers/PublishPrinters</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="printers-pointandprintrestrictions"></a>**Printers/PointAndPrintRestrictions**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
@ -82,6 +104,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="printers-pointandprintrestrictions-user"></a>**Printers/PointAndPrintRestrictions_User**  
@ -108,6 +131,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls the client Point and Print behavior, including the security prompts for Windows Vista computers. The policy setting applies only to non-Print Administrator clients, and only to computers that are members of a domain.
@ -145,6 +177,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="printers-publishprinters"></a>**Printers/PublishPrinters**  
@ -171,6 +204,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Determines whether the computer's shared printers can be published in Active Directory.
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteAssistance
@ -14,11 +14,27 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteAssistance policies  
 <dl>
  <dd>
    <a href="#remoteassistance-customizewarningmessages">RemoteAssistance/CustomizeWarningMessages</a>
  </dd>
  <dd>
    <a href="#remoteassistance-sessionlogging">RemoteAssistance/SessionLogging</a>
  </dd>
  <dd>
    <a href="#remoteassistance-solicitedremoteassistance">RemoteAssistance/SolicitedRemoteAssistance</a>
  </dd>
  <dd>
    <a href="#remoteassistance-unsolicitedremoteassistance">RemoteAssistance/UnsolicitedRemoteAssistance</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-customizewarningmessages"></a>**RemoteAssistance/CustomizeWarningMessages**  
@ -45,6 +61,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting lets you customize warning messages.
@ -75,6 +100,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-sessionlogging"></a>**RemoteAssistance/SessionLogging**  
@ -101,6 +127,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn logging on or off. Log files are located in the user's Documents folder under Remote Assistance.
@ -127,6 +162,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-solicitedremoteassistance"></a>**RemoteAssistance/SolicitedRemoteAssistance**  
@ -153,6 +189,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn on or turn off Solicited (Ask for) Remote Assistance on this computer.
@ -187,6 +232,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteassistance-unsolicitedremoteassistance"></a>**RemoteAssistance/UnsolicitedRemoteAssistance**  
@ -213,6 +259,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to turn on or turn off Offer (Unsolicited) Remote Assistance on this computer.
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteDesktopServices
@ -14,11 +14,33 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteDesktopServices policies  
 <dl>
  <dd>
    <a href="#remotedesktopservices-allowuserstoconnectremotely">RemoteDesktopServices/AllowUsersToConnectRemotely</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-clientconnectionencryptionlevel">RemoteDesktopServices/ClientConnectionEncryptionLevel</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-donotallowdriveredirection">RemoteDesktopServices/DoNotAllowDriveRedirection</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-donotallowpasswordsaving">RemoteDesktopServices/DoNotAllowPasswordSaving</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-promptforpassworduponconnection">RemoteDesktopServices/PromptForPasswordUponConnection</a>
  </dd>
  <dd>
    <a href="#remotedesktopservices-requiresecurerpccommunication">RemoteDesktopServices/RequireSecureRPCCommunication</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-allowuserstoconnectremotely"></a>**RemoteDesktopServices/AllowUsersToConnectRemotely**  
@ -45,6 +67,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to configure remote access to computers by using Remote Desktop Services.
@ -75,6 +106,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-clientconnectionencryptionlevel"></a>**RemoteDesktopServices/ClientConnectionEncryptionLevel**  
@ -101,6 +133,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies whether to require the use of a specific encryption level to secure communications between client computers and RD Session Host servers during Remote Desktop Protocol (RDP) connections. This policy only applies when you are using native RDP encryption. However, native RDP encryption (as opposed to SSL encryption) is not recommended. This policy does not apply to SSL encryption.
@ -135,6 +176,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-donotallowdriveredirection"></a>**RemoteDesktopServices/DoNotAllowDriveRedirection**  
@ -161,6 +203,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).
@ -189,6 +240,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-donotallowpasswordsaving"></a>**RemoteDesktopServices/DoNotAllowPasswordSaving**  
@ -215,6 +267,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Controls whether passwords can be saved on this computer from Remote Desktop Connection.
@ -239,6 +300,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-promptforpassworduponconnection"></a>**RemoteDesktopServices/PromptForPasswordUponConnection**  
@ -265,6 +327,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection.
@ -295,6 +366,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotedesktopservices-requiresecurerpccommunication"></a>**RemoteDesktopServices/RequireSecureRPCCommunication**  
@ -321,6 +393,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication.
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteManagement
@ -14,11 +14,60 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteManagement policies  
 <dl>
  <dd>
    <a href="#remotemanagement-allowbasicauthentication-client">RemoteManagement/AllowBasicAuthentication_Client</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowbasicauthentication-service">RemoteManagement/AllowBasicAuthentication_Service</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowcredsspauthenticationclient">RemoteManagement/AllowCredSSPAuthenticationClient</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowcredsspauthenticationservice">RemoteManagement/AllowCredSSPAuthenticationService</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowremoteservermanagement">RemoteManagement/AllowRemoteServerManagement</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowunencryptedtraffic-client">RemoteManagement/AllowUnencryptedTraffic_Client</a>
  </dd>
  <dd>
    <a href="#remotemanagement-allowunencryptedtraffic-service">RemoteManagement/AllowUnencryptedTraffic_Service</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallowdigestauthentication">RemoteManagement/DisallowDigestAuthentication</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallownegotiateauthenticationclient">RemoteManagement/DisallowNegotiateAuthenticationClient</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallownegotiateauthenticationservice">RemoteManagement/DisallowNegotiateAuthenticationService</a>
  </dd>
  <dd>
    <a href="#remotemanagement-disallowstoringofrunascredentials">RemoteManagement/DisallowStoringOfRunAsCredentials</a>
  </dd>
  <dd>
    <a href="#remotemanagement-specifychannelbindingtokenhardeninglevel">RemoteManagement/SpecifyChannelBindingTokenHardeningLevel</a>
  </dd>
  <dd>
    <a href="#remotemanagement-trustedhosts">RemoteManagement/TrustedHosts</a>
  </dd>
  <dd>
    <a href="#remotemanagement-turnoncompatibilityhttplistener">RemoteManagement/TurnOnCompatibilityHTTPListener</a>
  </dd>
  <dd>
    <a href="#remotemanagement-turnoncompatibilityhttpslistener">RemoteManagement/TurnOnCompatibilityHTTPSListener</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowbasicauthentication-client"></a>**RemoteManagement/AllowBasicAuthentication_Client**  
@ -45,6 +94,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -63,6 +121,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowbasicauthentication-service"></a>**RemoteManagement/AllowBasicAuthentication_Service**  
@ -89,6 +148,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -107,6 +175,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowcredsspauthenticationclient"></a>**RemoteManagement/AllowCredSSPAuthenticationClient**  
@ -133,6 +202,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -151,6 +229,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowcredsspauthenticationservice"></a>**RemoteManagement/AllowCredSSPAuthenticationService**  
@ -177,6 +256,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -195,6 +283,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowremoteservermanagement"></a>**RemoteManagement/AllowRemoteServerManagement**  
@ -221,6 +310,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -239,6 +337,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowunencryptedtraffic-client"></a>**RemoteManagement/AllowUnencryptedTraffic_Client**  
@ -265,6 +364,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -283,6 +391,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-allowunencryptedtraffic-service"></a>**RemoteManagement/AllowUnencryptedTraffic_Service**  
@ -309,6 +418,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -327,6 +445,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallowdigestauthentication"></a>**RemoteManagement/DisallowDigestAuthentication**  
@ -353,6 +472,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -371,6 +499,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallownegotiateauthenticationclient"></a>**RemoteManagement/DisallowNegotiateAuthenticationClient**  
@ -397,6 +526,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -415,6 +553,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallownegotiateauthenticationservice"></a>**RemoteManagement/DisallowNegotiateAuthenticationService**  
@ -441,6 +580,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -459,6 +607,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-disallowstoringofrunascredentials"></a>**RemoteManagement/DisallowStoringOfRunAsCredentials**  
@ -485,6 +634,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -503,6 +661,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-specifychannelbindingtokenhardeninglevel"></a>**RemoteManagement/SpecifyChannelBindingTokenHardeningLevel**  
@ -529,6 +688,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -547,6 +715,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-trustedhosts"></a>**RemoteManagement/TrustedHosts**  
@ -573,6 +742,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -591,6 +769,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-turnoncompatibilityhttplistener"></a>**RemoteManagement/TurnOnCompatibilityHTTPListener**  
@ -617,6 +796,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -635,6 +823,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remotemanagement-turnoncompatibilityhttpslistener"></a>**RemoteManagement/TurnOnCompatibilityHTTPSListener**  
@ -661,6 +850,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteProcedureCall
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteProcedureCall policies  
 <dl>
  <dd>
    <a href="#remoteprocedurecall-rpcendpointmapperclientauthentication">RemoteProcedureCall/RPCEndpointMapperClientAuthentication</a>
  </dd>
  <dd>
    <a href="#remoteprocedurecall-restrictunauthenticatedrpcclients">RemoteProcedureCall/RestrictUnauthenticatedRPCClients</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteprocedurecall-rpcendpointmapperclientauthentication"></a>**RemoteProcedureCall/RPCEndpointMapperClientAuthentication**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls whether RPC clients authenticate with the Endpoint Mapper Service when the call they are making contains authentication information.   The Endpoint Mapper Service on computers running Windows NT4 (all service packs) cannot process authentication information supplied in this manner.
@ -73,6 +92,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteprocedurecall-restrictunauthenticatedrpcclients"></a>**RemoteProcedureCall/RestrictUnauthenticatedRPCClients**  
@ -99,6 +119,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting controls how the RPC server runtime handles unauthenticated RPC clients connecting to RPC servers.
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - RemoteShell
@ -14,11 +14,36 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## RemoteShell policies  
 <dl>
  <dd>
    <a href="#remoteshell-allowremoteshellaccess">RemoteShell/AllowRemoteShellAccess</a>
  </dd>
  <dd>
    <a href="#remoteshell-maxconcurrentusers">RemoteShell/MaxConcurrentUsers</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifyidletimeout">RemoteShell/SpecifyIdleTimeout</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifymaxmemory">RemoteShell/SpecifyMaxMemory</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifymaxprocesses">RemoteShell/SpecifyMaxProcesses</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifymaxremoteshells">RemoteShell/SpecifyMaxRemoteShells</a>
  </dd>
  <dd>
    <a href="#remoteshell-specifyshelltimeout">RemoteShell/SpecifyShellTimeout</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-allowremoteshellaccess"></a>**RemoteShell/AllowRemoteShellAccess**  
@ -45,6 +70,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -63,6 +97,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-maxconcurrentusers"></a>**RemoteShell/MaxConcurrentUsers**  
@ -89,6 +124,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -107,6 +151,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifyidletimeout"></a>**RemoteShell/SpecifyIdleTimeout**  
@ -133,6 +178,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -151,6 +205,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifymaxmemory"></a>**RemoteShell/SpecifyMaxMemory**  
@ -177,6 +232,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -195,6 +259,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifymaxprocesses"></a>**RemoteShell/SpecifyMaxProcesses**  
@ -221,6 +286,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -239,6 +313,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifymaxremoteshells"></a>**RemoteShell/SpecifyMaxRemoteShells**  
@ -265,6 +340,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
@ -283,6 +367,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="remoteshell-specifyshelltimeout"></a>**RemoteShell/SpecifyShellTimeout**  
@ -309,6 +394,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <!--EndDescription-->
 > [!TIP]
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Search
@ -14,11 +14,45 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Search policies  
 <dl>
  <dd>
    <a href="#search-allowcloudsearch">Search/AllowCloudSearch</a>
  </dd>
  <dd>
    <a href="#search-allowindexingencryptedstoresoritems">Search/AllowIndexingEncryptedStoresOrItems</a>
  </dd>
  <dd>
    <a href="#search-allowsearchtouselocation">Search/AllowSearchToUseLocation</a>
  </dd>
  <dd>
    <a href="#search-allowusingdiacritics">Search/AllowUsingDiacritics</a>
  </dd>
  <dd>
    <a href="#search-alwaysuseautolangdetection">Search/AlwaysUseAutoLangDetection</a>
  </dd>
  <dd>
    <a href="#search-disablebackoff">Search/DisableBackoff</a>
  </dd>
  <dd>
    <a href="#search-disableremovabledriveindexing">Search/DisableRemovableDriveIndexing</a>
  </dd>
  <dd>
    <a href="#search-preventindexinglowdiskspacemb">Search/PreventIndexingLowDiskSpaceMB</a>
  </dd>
  <dd>
    <a href="#search-preventremotequeries">Search/PreventRemoteQueries</a>
  </dd>
  <dd>
    <a href="#search-safesearchpermissions">Search/SafeSearchPermissions</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowcloudsearch"></a>**Search/AllowCloudSearch**  
@ -45,6 +79,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Allow search and Cortana to search cloud sources like OneDrive and SharePoint. This policy allows corporate administrators to control whether employees can turn off/on the search of these cloud sources. The default policy value is to allow employees access to the setting that controls search of cloud sources.
@ -55,6 +98,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowindexingencryptedstoresoritems"></a>**Search/AllowIndexingEncryptedStoresOrItems**  
@ -81,6 +125,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows or disallows the indexing of items. This switch is for the Windows Search Indexer, which controls whether it will index items that are encrypted, such as the Windows Information Protection (WIP) protected files.
@ -97,6 +150,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowsearchtouselocation"></a>**Search/AllowSearchToUseLocation**  
@ -123,6 +177,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether search can leverage location information.
@ -135,6 +198,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-allowusingdiacritics"></a>**Search/AllowUsingDiacritics**  
@ -161,6 +225,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the use of diacritics.
@ -173,6 +246,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-alwaysuseautolangdetection"></a>**Search/AlwaysUseAutoLangDetection**  
@ -199,6 +273,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to always use automatic language detection when indexing content and properties.
@ -211,6 +294,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-disablebackoff"></a>**Search/DisableBackoff**  
@ -237,6 +321,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">If enabled, the search indexer backoff feature will be disabled. Indexing will continue at full speed even when system activity is high. If disabled, backoff logic will be used to throttle back indexing activity when system activity is high. Default is disabled.
@ -247,6 +340,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-disableremovabledriveindexing"></a>**Search/DisableRemovableDriveIndexing**  
@ -273,6 +367,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy setting configures whether or not locations on removable drives can be added to libraries.
@ -287,6 +390,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-preventindexinglowdiskspacemb"></a>**Search/PreventIndexingLowDiskSpaceMB**  
@ -313,6 +417,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Enabling this policy prevents indexing from continuing after less than the specified amount of hard drive space is left on the same drive as the index location. Select between 0 and 1.
@ -327,6 +440,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-preventremotequeries"></a>**Search/PreventRemoteQueries**  
@ -353,6 +467,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">If enabled, clients will be unable to query this computer's index remotely. Thus, when they are browsing network shares that are stored on this computer, they will not search them using the index. If disabled, client search requests will use this computer's index..
@ -363,6 +486,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="search-safesearchpermissions"></a>**Search/SafeSearchPermissions**  
@ -389,6 +513,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Security
@ -14,11 +14,45 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Security policies  
 <dl>
  <dd>
    <a href="#security-allowaddprovisioningpackage">Security/AllowAddProvisioningPackage</a>
  </dd>
  <dd>
    <a href="#security-allowautomaticdeviceencryptionforazureadjoineddevices">Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
  </dd>
  <dd>
    <a href="#security-allowmanualrootcertificateinstallation">Security/AllowManualRootCertificateInstallation</a>
  </dd>
  <dd>
    <a href="#security-allowremoveprovisioningpackage">Security/AllowRemoveProvisioningPackage</a>
  </dd>
  <dd>
    <a href="#security-antitheftmode">Security/AntiTheftMode</a>
  </dd>
  <dd>
    <a href="#security-cleartpmifnotready">Security/ClearTPMIfNotReady</a>
  </dd>
  <dd>
    <a href="#security-preventautomaticdeviceencryptionforazureadjoineddevices">Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices</a>
  </dd>
  <dd>
    <a href="#security-requiredeviceencryption">Security/RequireDeviceEncryption</a>
  </dd>
  <dd>
    <a href="#security-requireprovisioningpackagesignature">Security/RequireProvisioningPackageSignature</a>
  </dd>
  <dd>
    <a href="#security-requireretrievehealthcertificateonboot">Security/RequireRetrieveHealthCertificateOnBoot</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowaddprovisioningpackage"></a>**Security/AllowAddProvisioningPackage**  
@ -45,6 +79,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to install provisioning packages.
@ -55,6 +98,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/AllowAutomaticDeviceEncryptionForAzureADJoinedDevices**  
@ -100,6 +144,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowmanualrootcertificateinstallation"></a>**Security/AllowManualRootCertificateInstallation**  
@ -126,6 +171,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -142,6 +196,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-allowremoveprovisioningpackage"></a>**Security/AllowRemoveProvisioningPackage**  
@ -168,6 +223,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the runtime configuration agent to remove provisioning packages.
@ -178,6 +242,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-antitheftmode"></a>**Security/AntiTheftMode**  
@ -204,6 +269,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile and not supported in Windows 10 for desktop.
@ -218,6 +292,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-cleartpmifnotready"></a>**Security/ClearTPMIfNotReady**  
@ -244,6 +319,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -257,6 +341,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-preventautomaticdeviceencryptionforazureadjoineddevices"></a>**Security/PreventAutomaticDeviceEncryptionForAzureADJoinedDevices**  
@ -283,6 +368,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -299,6 +393,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-requiredeviceencryption"></a>**Security/RequireDeviceEncryption**  
@ -325,6 +420,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 Mobile. In Windows 10 for desktop, you can query encryption status by using the [DeviceStatus CSP](devicestatus-csp.md) node **DeviceStatus/Compliance/EncryptionCompliance**.
@ -343,6 +447,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-requireprovisioningpackagesignature"></a>**Security/RequireProvisioningPackageSignature**  
@ -369,6 +474,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether provisioning packages must have a certificate signed by a device trusted authority.
@ -379,6 +493,7 @@ The following list shows the supported values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="security-requireretrievehealthcertificateonboot"></a>**Security/RequireRetrieveHealthCertificateOnBoot**  
@ -405,6 +520,15 @@ The following list shows the supported values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to retrieve and post TCG Boot logs, and get or cache an encrypted or signed Health Attestation Report from the Microsoft Health Attestation Service (HAS) when a device boots or reboots.
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Settings
@ -14,11 +14,54 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Settings policies  
 <dl>
  <dd>
    <a href="#settings-allowautoplay">Settings/AllowAutoPlay</a>
  </dd>
  <dd>
    <a href="#settings-allowdatasense">Settings/AllowDataSense</a>
  </dd>
  <dd>
    <a href="#settings-allowdatetime">Settings/AllowDateTime</a>
  </dd>
  <dd>
    <a href="#settings-alloweditdevicename">Settings/AllowEditDeviceName</a>
  </dd>
  <dd>
    <a href="#settings-allowlanguage">Settings/AllowLanguage</a>
  </dd>
  <dd>
    <a href="#settings-allowpowersleep">Settings/AllowPowerSleep</a>
  </dd>
  <dd>
    <a href="#settings-allowregion">Settings/AllowRegion</a>
  </dd>
  <dd>
    <a href="#settings-allowsigninoptions">Settings/AllowSignInOptions</a>
  </dd>
  <dd>
    <a href="#settings-allowvpn">Settings/AllowVPN</a>
  </dd>
  <dd>
    <a href="#settings-allowworkplace">Settings/AllowWorkplace</a>
  </dd>
  <dd>
    <a href="#settings-allowyouraccount">Settings/AllowYourAccount</a>
  </dd>
  <dd>
    <a href="#settings-configuretaskbarcalendar">Settings/ConfigureTaskbarCalendar</a>
  </dd>
  <dd>
    <a href="#settings-pagevisibilitylist">Settings/PageVisibilityList</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowautoplay"></a>**Settings/AllowAutoPlay**  
@ -45,6 +88,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -62,6 +114,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowdatasense"></a>**Settings/AllowDataSense**  
@ -88,6 +141,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to change Data Sense settings.
@ -98,6 +160,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowdatetime"></a>**Settings/AllowDateTime**  
@ -124,6 +187,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to change date and time settings.
@ -134,6 +206,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-alloweditdevicename"></a>**Settings/AllowEditDeviceName**  
@ -160,6 +233,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows editing of the device name.
@ -170,6 +252,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowlanguage"></a>**Settings/AllowLanguage**  
@ -196,6 +279,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -210,6 +302,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowpowersleep"></a>**Settings/AllowPowerSleep**  
@ -236,6 +329,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -250,6 +352,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowregion"></a>**Settings/AllowRegion**  
@ -276,6 +379,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -290,6 +402,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowsigninoptions"></a>**Settings/AllowSignInOptions**  
@ -316,6 +429,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -330,6 +452,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowvpn"></a>**Settings/AllowVPN**  
@ -356,6 +479,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows the user to change VPN settings.
@ -366,6 +498,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowworkplace"></a>**Settings/AllowWorkplace**  
@ -392,6 +525,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -406,6 +548,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-allowyouraccount"></a>**Settings/AllowYourAccount**  
@ -432,6 +575,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows user to change account settings.
@ -442,6 +594,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-configuretaskbarcalendar"></a>**Settings/ConfigureTaskbarCalendar**  
@ -468,6 +621,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout.  In this version of Windows 10, supported additional calendars are: Simplified or Traditional Chinese lunar calendar. Turning on one of these calendars will display Chinese lunar dates below the default calendar for the locale.  Select "Don't show additional calendars" to prevent showing other calendars besides the default calendar for the locale.
@ -480,6 +642,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="settings-pagevisibilitylist"></a>**Settings/PageVisibilityList**  
@ -506,6 +669,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.  Allows IT Admins to either  prevent specific pages in the System Settings app from being visible or accessible, or to do so for all pages except those specified.  The mode will be specified by the policy string beginning with either the string "showonly:" or "hide:".  Pages are identified by a shortened version of their already published URIs, which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo".  Multiple page identifiers are separated by semicolons.
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - SmartScreen
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## SmartScreen policies  
 <dl>
  <dd>
    <a href="#smartscreen-enableappinstallcontrol">SmartScreen/EnableAppInstallControl</a>
  </dd>
  <dd>
    <a href="#smartscreen-enablesmartscreeninshell">SmartScreen/EnableSmartScreenInShell</a>
  </dd>
  <dd>
    <a href="#smartscreen-preventoverrideforfilesinshell">SmartScreen/PreventOverrideForFilesInShell</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="smartscreen-enableappinstallcontrol"></a>**SmartScreen/EnableAppInstallControl**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users are allowed to install apps from places other than the Store.
@ -55,6 +77,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="smartscreen-enablesmartscreeninshell"></a>**SmartScreen/EnableSmartScreenInShell**  
@ -81,6 +104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure SmartScreen for Windows.
@ -91,6 +123,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="smartscreen-preventoverrideforfilesinshell"></a>**SmartScreen/PreventOverrideForFilesInShell**  
@ -117,6 +150,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to control whether users can can ignore SmartScreen warnings and run malicious files.
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Speech
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Speech policies  
 <dl>
  <dd>
    <a href="#speech-allowspeechmodelupdate">Speech/AllowSpeechModelUpdate</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="speech-allowspeechmodelupdate"></a>**Speech/AllowSpeechModelUpdate**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether the device will receive updates to the speech recognition and speech synthesis models. A speech model contains data used by the speech engine to convert audio to text (or vice-versa). The models are periodically updated to improve accuracy and performance. Models are non-executable data files. If enabled, the device will periodically check for updated speech models and then download them from a Microsoft service using the Background Internet Transfer Service (BITS).
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Start
@ -14,11 +14,99 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Start policies  
 <dl>
  <dd>
    <a href="#start-allowpinnedfolderdocuments">Start/AllowPinnedFolderDocuments</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderdownloads">Start/AllowPinnedFolderDownloads</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderfileexplorer">Start/AllowPinnedFolderFileExplorer</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderhomegroup">Start/AllowPinnedFolderHomeGroup</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldermusic">Start/AllowPinnedFolderMusic</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldernetwork">Start/AllowPinnedFolderNetwork</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderpersonalfolder">Start/AllowPinnedFolderPersonalFolder</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfolderpictures">Start/AllowPinnedFolderPictures</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldersettings">Start/AllowPinnedFolderSettings</a>
  </dd>
  <dd>
    <a href="#start-allowpinnedfoldervideos">Start/AllowPinnedFolderVideos</a>
  </dd>
  <dd>
    <a href="#start-forcestartsize">Start/ForceStartSize</a>
  </dd>
  <dd>
    <a href="#start-hideapplist">Start/HideAppList</a>
  </dd>
  <dd>
    <a href="#start-hidechangeaccountsettings">Start/HideChangeAccountSettings</a>
  </dd>
  <dd>
    <a href="#start-hidefrequentlyusedapps">Start/HideFrequentlyUsedApps</a>
  </dd>
  <dd>
    <a href="#start-hidehibernate">Start/HideHibernate</a>
  </dd>
  <dd>
    <a href="#start-hidelock">Start/HideLock</a>
  </dd>
  <dd>
    <a href="#start-hidepowerbutton">Start/HidePowerButton</a>
  </dd>
  <dd>
    <a href="#start-hiderecentjumplists">Start/HideRecentJumplists</a>
  </dd>
  <dd>
    <a href="#start-hiderecentlyaddedapps">Start/HideRecentlyAddedApps</a>
  </dd>
  <dd>
    <a href="#start-hiderestart">Start/HideRestart</a>
  </dd>
  <dd>
    <a href="#start-hideshutdown">Start/HideShutDown</a>
  </dd>
  <dd>
    <a href="#start-hidesignout">Start/HideSignOut</a>
  </dd>
  <dd>
    <a href="#start-hidesleep">Start/HideSleep</a>
  </dd>
  <dd>
    <a href="#start-hideswitchaccount">Start/HideSwitchAccount</a>
  </dd>
  <dd>
    <a href="#start-hideusertile">Start/HideUserTile</a>
  </dd>
  <dd>
    <a href="#start-importedgeassets">Start/ImportEdgeAssets</a>
  </dd>
  <dd>
    <a href="#start-nopinningtotaskbar">Start/NoPinningToTaskbar</a>
  </dd>
  <dd>
    <a href="#start-startlayout">Start/StartLayout</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderdocuments"></a>**Start/AllowPinnedFolderDocuments**  
@ -45,6 +133,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Documents shortcut on the Start menu.
@ -56,6 +153,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderdownloads"></a>**Start/AllowPinnedFolderDownloads**  
@ -82,6 +180,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Downloads shortcut on the Start menu.
@ -93,6 +200,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderfileexplorer"></a>**Start/AllowPinnedFolderFileExplorer**  
@ -119,6 +227,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the File Explorer shortcut on the Start menu.
@ -130,6 +247,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderhomegroup"></a>**Start/AllowPinnedFolderHomeGroup**  
@ -156,6 +274,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the HomeGroup shortcut on the Start menu.
@ -167,6 +294,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldermusic"></a>**Start/AllowPinnedFolderMusic**  
@ -193,6 +321,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Music shortcut on the Start menu.
@ -204,6 +341,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldernetwork"></a>**Start/AllowPinnedFolderNetwork**  
@ -230,6 +368,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Network shortcut on the Start menu.
@ -241,6 +388,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderpersonalfolder"></a>**Start/AllowPinnedFolderPersonalFolder**  
@ -267,6 +415,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the PersonalFolder shortcut on the Start menu.
@ -278,6 +435,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfolderpictures"></a>**Start/AllowPinnedFolderPictures**  
@ -304,6 +462,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Pictures shortcut on the Start menu.
@ -315,6 +482,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldersettings"></a>**Start/AllowPinnedFolderSettings**  
@ -341,6 +509,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Settings shortcut on the Start menu.
@ -352,6 +529,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-allowpinnedfoldervideos"></a>**Start/AllowPinnedFolderVideos**  
@ -378,6 +556,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy controls the visibility of the Videos shortcut on the Start menu.
@ -389,6 +576,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-forcestartsize"></a>**Start/ForceStartSize**  
@ -415,6 +603,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is only enforced in Windows 10 for desktop and not supported in Windows 10 Mobile.
@ -432,6 +629,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideapplist"></a>**Start/HideAppList**  
@ -458,6 +656,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -483,6 +690,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidechangeaccountsettings"></a>**Start/HideChangeAccountSettings**  
@ -509,6 +717,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Change account settings" from appearing in the user tile.
@ -524,6 +741,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidefrequentlyusedapps"></a>**Start/HideFrequentlyUsedApps**  
@ -550,6 +768,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -572,6 +799,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidehibernate"></a>**Start/HideHibernate**  
@ -598,6 +826,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Hibernate" from appearing in the Power button.
@ -616,6 +853,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidelock"></a>**Start/HideLock**  
@ -642,6 +880,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Lock" from appearing in the user tile.
@ -657,6 +904,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidepowerbutton"></a>**Start/HidePowerButton**  
@ -683,6 +931,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -701,6 +958,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hiderecentjumplists"></a>**Start/HideRecentJumplists**  
@ -727,6 +985,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -752,6 +1019,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hiderecentlyaddedapps"></a>**Start/HideRecentlyAddedApps**  
@ -778,6 +1046,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -800,6 +1077,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hiderestart"></a>**Start/HideRestart**  
@ -826,6 +1104,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Restart" and "Update and restart" from appearing in the Power button.
@ -841,6 +1128,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideshutdown"></a>**Start/HideShutDown**  
@ -867,6 +1155,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Shut down" and "Update and shut down" from appearing in the Power button.
@ -882,6 +1179,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidesignout"></a>**Start/HideSignOut**  
@ -908,6 +1206,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sign out" from appearing in the user tile.
@ -923,6 +1230,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hidesleep"></a>**Start/HideSleep**  
@ -949,6 +1257,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Sleep" from appearing in the Power button.
@ -964,6 +1281,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideswitchaccount"></a>**Start/HideSwitchAccount**  
@ -990,6 +1308,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure Start by hiding "Switch account" from appearing in the user tile.
@ -1005,6 +1332,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-hideusertile"></a>**Start/HideUserTile**  
@ -1031,6 +1359,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -1050,6 +1387,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-importedgeassets"></a>**Start/ImportEdgeAssets**  
@ -1076,6 +1414,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy requires reboot to take effect.
@ -1096,6 +1443,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-nopinningtotaskbar"></a>**Start/NoPinningToTaskbar**  
@ -1122,6 +1470,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to configure the taskbar by disabling pinning and unpinning apps on the taskbar.
@ -1140,6 +1497,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="start-startlayout"></a>**Start/StartLayout**  
@ -1166,6 +1524,16 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!IMPORTANT]
 > This node is set on a per-user basis and must be accessed using the following paths:
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Storage
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Storage policies  
 <dl>
  <dd>
    <a href="#storage-enhancedstoragedevices">Storage/EnhancedStorageDevices</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="storage-enhancedstoragedevices"></a>**Storage/EnhancedStorageDevices**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting configures whether or not Windows will activate an Enhanced Storage device.
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 09/20/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - System
@ -14,11 +14,54 @@ ms.date: 09/20/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## System policies  
 <dl>
  <dd>
    <a href="#system-allowbuildpreview">System/AllowBuildPreview</a>
  </dd>
  <dd>
    <a href="#system-allowembeddedmode">System/AllowEmbeddedMode</a>
  </dd>
  <dd>
    <a href="#system-allowexperimentation">System/AllowExperimentation</a>
  </dd>
  <dd>
    <a href="#system-allowfontproviders">System/AllowFontProviders</a>
  </dd>
  <dd>
    <a href="#system-allowlocation">System/AllowLocation</a>
  </dd>
  <dd>
    <a href="#system-allowstoragecard">System/AllowStorageCard</a>
  </dd>
  <dd>
    <a href="#system-allowtelemetry">System/AllowTelemetry</a>
  </dd>
  <dd>
    <a href="#system-allowusertoresetphone">System/AllowUserToResetPhone</a>
  </dd>
  <dd>
    <a href="#system-bootstartdriverinitialization">System/BootStartDriverInitialization</a>
  </dd>
  <dd>
    <a href="#system-disableonedrivefilesync">System/DisableOneDriveFileSync</a>
  </dd>
  <dd>
    <a href="#system-disablesystemrestore">System/DisableSystemRestore</a>
  </dd>
  <dd>
    <a href="#system-limitenhanceddiagnosticdatawindowsanalytics">System/LimitEnhancedDiagnosticDataWindowsAnalytics</a>
  </dd>
  <dd>
    <a href="#system-telemetryproxy">System/TelemetryProxy</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowbuildpreview"></a>**System/AllowBuildPreview**  
@ -45,6 +88,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy setting applies only to devices running Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, Windows 10 Mobile, and Windows 10 Mobile Enterprise.
@ -62,6 +114,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowembeddedmode"></a>**System/AllowEmbeddedMode**  
@ -88,6 +141,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether set general purpose device to be in embedded mode.
@ -100,6 +162,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowexperimentation"></a>**System/AllowExperimentation**  
@ -126,6 +189,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > This policy is not supported in Windows 10, version 1607.
@ -142,6 +214,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowfontproviders"></a>**System/AllowFontProviders**  
@ -168,6 +241,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Boolean policy setting that determines whether Windows is allowed to download fonts and font catalog data from an online font provider. If you enable this setting, Windows periodically queries an online font provider to determine whether a new font catalog is available. Windows may also download font data if needed to format or render text. If you disable this policy setting, Windows does not connect to an online font provider and only enumerates locally-installed fonts.
@ -189,6 +271,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowlocation"></a>**System/AllowLocation**  
@ -215,6 +298,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow app access to the Location service.
@ -234,6 +326,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowstoragecard"></a>**System/AllowStorageCard**  
@ -260,6 +353,15 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Controls whether the user is allowed to use the storage card for device storage. This setting prevents programmatic access to the storage card.
@ -272,6 +374,7 @@ ms.date: 09/20/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowtelemetry"></a>**System/AllowTelemetry**  
@ -298,6 +401,16 @@ ms.date: 09/20/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * User
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow the device to send diagnostic and usage telemetry data, such as Watson.
@ -378,6 +491,7 @@ Windows 10 Values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-allowusertoresetphone"></a>**System/AllowUserToResetPhone**  
@ -404,6 +518,15 @@ Windows 10 Values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Specifies whether to allow the user to factory reset the phone by using control panel and hardware key combination.
@ -416,6 +539,7 @@ Windows 10 Values:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-bootstartdriverinitialization"></a>**System/BootStartDriverInitialization**  
@ -442,6 +566,15 @@ Windows 10 Values:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 N/A
@ -460,6 +593,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-disableonedrivefilesync"></a>**System/DisableOneDriveFileSync**  
@ -486,6 +620,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allows IT Admins to prevent apps and features from working with files on OneDrive. If you enable this policy setting:
@ -510,6 +653,7 @@ ADMX Info:
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-disablesystemrestore"></a>**System/DisableSystemRestore**  
@ -536,6 +680,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 Allows you to disable System Restore.
@ -566,6 +719,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-limitenhanceddiagnosticdatawindowsanalytics"></a>**System/LimitEnhancedDiagnosticDataWindowsAnalytics**  
@ -592,6 +746,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">This policy setting, in combination with the System/AllowTelemetry 
 policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. 
@ -608,9 +771,9 @@ ADMX Info:
 <p style="margin-left: 20px">If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="system-telemetryproxy"></a>**System/TelemetryProxy**  
@ -637,6 +800,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows you to specify the fully qualified domain name (FQDN) or IP address of a proxy server to forward Connected User Experiences and Telemetry requests. The format for this setting is *&lt;server&gt;:&lt;port&gt;*. The connection is made over a Secure Sockets Layer (SSL) connection. If the named proxy fails, or if there is no proxy specified when this policy is enabled, the Connected User Experiences and Telemetry data will not be transmitted and will remain on the local device.
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - TextInput
@ -14,11 +14,54 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## TextInput policies  
 <dl>
  <dd>
    <a href="#textinput-allowimelogging">TextInput/AllowIMELogging</a>
  </dd>
  <dd>
    <a href="#textinput-allowimenetworkaccess">TextInput/AllowIMENetworkAccess</a>
  </dd>
  <dd>
    <a href="#textinput-allowinputpanel">TextInput/AllowInputPanel</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapaneseimesurrogatepaircharacters">TextInput/AllowJapaneseIMESurrogatePairCharacters</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapaneseivscharacters">TextInput/AllowJapaneseIVSCharacters</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapanesenonpublishingstandardglyph">TextInput/AllowJapaneseNonPublishingStandardGlyph</a>
  </dd>
  <dd>
    <a href="#textinput-allowjapaneseuserdictionary">TextInput/AllowJapaneseUserDictionary</a>
  </dd>
  <dd>
    <a href="#textinput-allowkeyboardtextsuggestions">TextInput/AllowKeyboardTextSuggestions</a>
  </dd>
  <dd>
    <a href="#textinput-allowkoreanextendedhanja">TextInput/AllowKoreanExtendedHanja</a>
  </dd>
  <dd>
    <a href="#textinput-allowlanguagefeaturesuninstall">TextInput/AllowLanguageFeaturesUninstall</a>
  </dd>
  <dd>
    <a href="#textinput-excludejapaneseimeexceptjis0208">TextInput/ExcludeJapaneseIMEExceptJIS0208</a>
  </dd>
  <dd>
    <a href="#textinput-excludejapaneseimeexceptjis0208andeudc">TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC</a>
  </dd>
  <dd>
    <a href="#textinput-excludejapaneseimeexceptshiftjis">TextInput/ExcludeJapaneseIMEExceptShiftJIS</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowimelogging"></a>**TextInput/AllowIMELogging**  
@ -45,6 +88,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -61,6 +113,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowimenetworkaccess"></a>**TextInput/AllowIMENetworkAccess**  
@ -87,6 +140,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -103,6 +165,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowinputpanel"></a>**TextInput/AllowInputPanel**  
@ -129,6 +192,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -145,6 +217,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapaneseimesurrogatepaircharacters"></a>**TextInput/AllowJapaneseIMESurrogatePairCharacters**  
@ -171,6 +244,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -187,6 +269,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapaneseivscharacters"></a>**TextInput/AllowJapaneseIVSCharacters**  
@ -213,6 +296,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -229,6 +321,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapanesenonpublishingstandardglyph"></a>**TextInput/AllowJapaneseNonPublishingStandardGlyph**  
@ -255,6 +348,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -271,6 +373,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowjapaneseuserdictionary"></a>**TextInput/AllowJapaneseUserDictionary**  
@ -297,6 +400,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -313,6 +425,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowkeyboardtextsuggestions"></a>**TextInput/AllowKeyboardTextSuggestions**  
@ -339,6 +452,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -360,6 +482,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowkoreanextendedhanja"></a>**TextInput/AllowKoreanExtendedHanja**  
@ -368,6 +491,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-allowlanguagefeaturesuninstall"></a>**TextInput/AllowLanguageFeaturesUninstall**  
@ -394,6 +518,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -410,6 +543,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-excludejapaneseimeexceptjis0208"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208**  
@ -436,6 +570,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -450,6 +593,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-excludejapaneseimeexceptjis0208andeudc"></a>**TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC**  
@ -476,6 +620,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
@ -490,6 +643,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="textinput-excludejapaneseimeexceptshiftjis"></a>**TextInput/ExcludeJapaneseIMEExceptShiftJIS**  
@ -516,6 +670,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 > [!NOTE]
 > The policy is only enforced in Windows 10 for desktop.
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - TimeLanguageSettings
@ -14,11 +14,18 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## TimeLanguageSettings policies  
 <dl>
  <dd>
    <a href="#timelanguagesettings-allowset24hourclock">TimeLanguageSettings/AllowSet24HourClock</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="timelanguagesettings-allowset24hourclock"></a>**TimeLanguageSettings/AllowSet24HourClock**  
@ -45,6 +52,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allows for the configuration of the default clock setting to be the 24 hour format. Selecting 'Set 24 hour Clock' enables this setting. Selecting 'Locale default setting' uses the default clock as prescribed by the current locale setting.
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - Wifi
@ -14,11 +14,36 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## Wifi policies  
 <dl>
  <dd>
    <a href="#wifi-allowwifihotspotreporting">WiFi/AllowWiFiHotSpotReporting</a>
  </dd>
  <dd>
    <a href="#wifi-allowautoconnecttowifisensehotspots">Wifi/AllowAutoConnectToWiFiSenseHotspots</a>
  </dd>
  <dd>
    <a href="#wifi-allowinternetsharing">Wifi/AllowInternetSharing</a>
  </dd>
  <dd>
    <a href="#wifi-allowmanualwificonfiguration">Wifi/AllowManualWiFiConfiguration</a>
  </dd>
  <dd>
    <a href="#wifi-allowwifi">Wifi/AllowWiFi</a>
  </dd>
  <dd>
    <a href="#wifi-allowwifidirect">Wifi/AllowWiFiDirect</a>
  </dd>
  <dd>
    <a href="#wifi-wlanscanmode">Wifi/WLANScanMode</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifihotspotreporting"></a>**WiFi/AllowWiFiHotSpotReporting**  
@ -27,6 +52,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowautoconnecttowifisensehotspots"></a>**Wifi/AllowAutoConnectToWiFiSenseHotspots**  
@ -53,6 +79,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow the device to automatically connect to Wi-Fi hotspots.
@ -65,6 +100,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowinternetsharing"></a>**Wifi/AllowInternetSharing**  
@ -91,6 +127,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow internet sharing.
@ -103,6 +148,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowmanualwificonfiguration"></a>**Wifi/AllowManualWiFiConfiguration**  
@ -129,6 +175,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow connecting to Wi-Fi outside of MDM server-installed networks.
@ -144,6 +199,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifi"></a>**Wifi/AllowWiFi**  
@ -170,6 +226,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow or disallow WiFi connection.
@ -182,6 +247,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-allowwifidirect"></a>**Wifi/AllowWiFiDirect**  
@ -208,6 +274,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. Allow WiFi Direct connection..
@ -216,6 +291,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wifi-wlanscanmode"></a>**Wifi/WLANScanMode**  
@ -242,6 +318,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Allow an enterprise to control the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected.
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WindowsDefenderSecurityCenter
@ -14,11 +14,57 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WindowsDefenderSecurityCenter policies  
 <dl>
  <dd>
    <a href="#windowsdefendersecuritycenter-companyname">WindowsDefenderSecurityCenter/CompanyName</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disableappbrowserui">WindowsDefenderSecurityCenter/DisableAppBrowserUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disableenhancednotifications">WindowsDefenderSecurityCenter/DisableEnhancedNotifications</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablefamilyui">WindowsDefenderSecurityCenter/DisableFamilyUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablehealthui">WindowsDefenderSecurityCenter/DisableHealthUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablenetworkui">WindowsDefenderSecurityCenter/DisableNetworkUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablenotifications">WindowsDefenderSecurityCenter/DisableNotifications</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disablevirusui">WindowsDefenderSecurityCenter/DisableVirusUI</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-disallowexploitprotectionoverride">WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-email">WindowsDefenderSecurityCenter/Email</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-enablecustomizedtoasts">WindowsDefenderSecurityCenter/EnableCustomizedToasts</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-enableinappcustomization">WindowsDefenderSecurityCenter/EnableInAppCustomization</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-phone">WindowsDefenderSecurityCenter/Phone</a>
  </dd>
  <dd>
    <a href="#windowsdefendersecuritycenter-url">WindowsDefenderSecurityCenter/URL</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-companyname"></a>**WindowsDefenderSecurityCenter/CompanyName**  
@ -45,6 +91,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The company name that is displayed to the users. CompanyName is required for both EnableCustomizedToasts and EnableInAppCustomization. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display the contact options.
@ -52,6 +107,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disableappbrowserui"></a>**WindowsDefenderSecurityCenter/DisableAppBrowserUI**  
@ -78,6 +134,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the app and browser protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -88,6 +153,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disableenhancednotifications"></a>**WindowsDefenderSecurityCenter/DisableEnhancedNotifications**  
@ -114,6 +180,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy if you want Windows Defender Security Center to only display notifications which are considered critical. If you disable or do not configure this setting, Windows Defender Security Center will display critical and non-critical notifications to users.
@ -127,6 +202,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablefamilyui"></a>**WindowsDefenderSecurityCenter/DisableFamilyUI**  
@ -153,6 +229,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the family options area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -163,6 +248,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablehealthui"></a>**WindowsDefenderSecurityCenter/DisableHealthUI**  
@ -189,6 +275,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the device performance and health area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -199,6 +294,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablenetworkui"></a>**WindowsDefenderSecurityCenter/DisableNetworkUI**  
@ -225,6 +321,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the firewall and network protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -235,6 +340,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablenotifications"></a>**WindowsDefenderSecurityCenter/DisableNotifications**  
@ -261,6 +367,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of Windows Defender Security Center notifications. If you disable or do not configure this setting, Windows Defender Security Center notifications will display on devices.
@ -271,6 +386,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disablevirusui"></a>**WindowsDefenderSecurityCenter/DisableVirusUI**  
@ -297,6 +413,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Use this policy setting if you want to disable the display of the virus and threat protection area in Windows Defender Security Center. If you disable or do not configure this setting, Windows defender Security Center will display this area.
@ -307,6 +432,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-disallowexploitprotectionoverride"></a>**WindowsDefenderSecurityCenter/DisallowExploitProtectionOverride**  
@ -333,6 +459,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Prevent users from making changes to the exploit protection settings area in the Windows Defender Security Center. If you disable or do not configure this setting, local users can make changes in the exploit protection settings area.
@ -343,6 +478,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-email"></a>**WindowsDefenderSecurityCenter/Email**  
@ -369,6 +505,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The email address that is displayed to users.  The default mail application is used to initiate email actions. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
@ -376,6 +521,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-enablecustomizedtoasts"></a>**WindowsDefenderSecurityCenter/EnableCustomizedToasts**  
@ -402,6 +548,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. Enable this policy to display your company name and contact options in the notifications. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will display a default notification text.
@ -412,6 +567,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-enableinappcustomization"></a>**WindowsDefenderSecurityCenter/EnableInAppCustomization**  
@ -438,6 +594,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709.Enable this policy to have your company name and contact options displayed in a contact card fly out in Windows Defender Security Center. If you disable or do not configure this setting, or do not provide CompanyName and a minimum of one contact method (Phone using Skype, Email, Help portal URL) Windows Defender Security Center will not display the contact card fly out notification.
@ -448,6 +613,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-phone"></a>**WindowsDefenderSecurityCenter/Phone**  
@ -474,6 +640,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The phone number or Skype ID that is displayed to users.  Skype is used to initiate the call. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then devices will not display contact options.
@ -481,6 +656,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsdefendersecuritycenter-url"></a>**WindowsDefenderSecurityCenter/URL**  
@ -507,6 +683,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1709. The help portal URL this is displayed to users. The default browser is used to initiate this action. If you disable or do not configure this setting, or do not have EnableCustomizedToasts or EnableInAppCustomization enabled, then the device will not display contact options.
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WindowsInkWorkspace
@ -14,11 +14,21 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WindowsInkWorkspace policies  
 <dl>
  <dd>
    <a href="#windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace">WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace</a>
  </dd>
  <dd>
    <a href="#windowsinkworkspace-allowwindowsinkworkspace">WindowsInkWorkspace/AllowWindowsInkWorkspace</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsinkworkspace-allowsuggestedappsinwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowSuggestedAppsInWindowsInkWorkspace**  
@ -45,6 +55,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Show recommended app suggestions in the ink workspace.
@ -55,6 +74,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowsinkworkspace-allowwindowsinkworkspace"></a>**WindowsInkWorkspace/AllowWindowsInkWorkspace**  
@ -81,6 +101,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Specifies whether to allow the user to access the ink workspace.
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WindowsLogon
@ -14,11 +14,24 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WindowsLogon policies  
 <dl>
  <dd>
    <a href="#windowslogon-disablelockscreenappnotifications">WindowsLogon/DisableLockScreenAppNotifications</a>
  </dd>
  <dd>
    <a href="#windowslogon-dontdisplaynetworkselectionui">WindowsLogon/DontDisplayNetworkSelectionUI</a>
  </dd>
  <dd>
    <a href="#windowslogon-hidefastuserswitching">WindowsLogon/HideFastUserSwitching</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowslogon-disablelockscreenappnotifications"></a>**WindowsLogon/DisableLockScreenAppNotifications**  
@ -45,6 +58,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to prevent app notifications from appearing on the lock screen.
@ -69,6 +91,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowslogon-dontdisplaynetworkselectionui"></a>**WindowsLogon/DontDisplayNetworkSelectionUI**  
@ -95,6 +118,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 This policy setting allows you to control whether anyone can interact with available networks UI on the logon screen.
@ -119,6 +151,7 @@ ADMX Info:
 <!--EndADMX-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="windowslogon-hidefastuserswitching"></a>**WindowsLogon/HideFastUserSwitching**  
@ -145,6 +178,15 @@ ADMX Info:
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to hide the Switch account button on the sign-in screen, Start, and the Task Manager. If you enable this policy setting, the Switch account button is hidden from the user who is attempting to sign-in or is signed in to the computer that has this policy applied. If you disable or do not configure this policy setting, the Switch account button is accessible to the user in the three locations.
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@ -6,7 +6,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: nickbrower
-ms.date: 08/30/2017
+ms.date: 09/29/2017
 ---
 # Policy CSP - WirelessDisplay
@ -14,11 +14,33 @@ ms.date: 08/30/2017
 > [!WARNING]
 > Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 <!--StartPolicies-->
 <hr/>
 <!--StartPolicies-->
 ## WirelessDisplay policies  
 <dl>
  <dd>
    <a href="#wirelessdisplay-allowprojectionfrompc">WirelessDisplay/AllowProjectionFromPC</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowprojectionfrompcoverinfrastructure">WirelessDisplay/AllowProjectionFromPCOverInfrastructure</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowprojectiontopc">WirelessDisplay/AllowProjectionToPC</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowprojectiontopcoverinfrastructure">WirelessDisplay/AllowProjectionToPCOverInfrastructure</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver">WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver</a>
  </dd>
  <dd>
    <a href="#wirelessdisplay-requirepinforpairing">WirelessDisplay/RequirePinForPairing</a>
  </dd>
 </dl>
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectionfrompc"></a>**WirelessDisplay/AllowProjectionFromPC**  
@ -45,6 +67,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC.  
@ -53,6 +84,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectionfrompcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionFromPCOverInfrastructure**  
@ -79,6 +111,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy allows you to turn off projection from a PC over infrastructure.  
@ -87,6 +128,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectiontopc"></a>**WirelessDisplay/AllowProjectionToPC**  
@ -113,6 +155,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow turning off the projection to a PC.
@ -125,6 +176,7 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowprojectiontopcoverinfrastructure"></a>**WirelessDisplay/AllowProjectionToPCOverInfrastructure**  
@ -151,6 +203,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703. This policy setting allows you to turn off projection to a PC over infrastructure.  
@ -159,14 +220,25 @@ ms.date: 08/30/2017
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-allowuserinputfromwirelessdisplayreceiver"></a>**WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver**  
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1703.
 <!--EndDescription-->
 <!--EndPolicy-->
 <hr/>
 <!--StartPolicy-->
 <a href="" id="wirelessdisplay-requirepinforpairing"></a>**WirelessDisplay/RequirePinForPairing**  
@ -193,6 +265,15 @@ ms.date: 08/30/2017
 </table>
 <!--EndSKU-->
 <!--StartScope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--EndScope-->
 <!--StartDescription-->
 <p style="margin-left: 20px">Added in Windows 10, version 1607. Allow or disallow requirement for a PIN for pairing.
--- a/windows/threat-protection/TOC.md
+++ b/windows/threat-protection/TOC.md
@ -124,6 +124,7 @@
 #### [Enable SIEM integration](windows-defender-atp\enable-siem-integration-windows-defender-advanced-threat-protection.md)
 #### [Enable Threat intel API](windows-defender-atp\enable-custom-ti-windows-defender-advanced-threat-protection.md)
 #### [Create and build Power BI reports using Windows Defender ATP data](windows-defender-atp\powerbi-reports-windows-defender-advanced-threat-protection.md)
 #### [Enable Security Analytics security controls](windows-defender-atp\enable-security-analytics-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender ATP settings](windows-defender-atp\settings-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender ATP service health](windows-defender-atp\service-status-windows-defender-advanced-threat-protection.md)
 ### [Troubleshoot Windows Defender ATP](windows-defender-atp\troubleshoot-windows-defender-advanced-threat-protection.md)
--- a/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
+++ b/windows/threat-protection/windows-defender-antivirus/windows-defender-antivirus-on-windows-server-2016.md
@ -61,7 +61,7 @@ By default, Windows Defender AV is installed and functional on Windows Server 20
 If the interface is not installed, you can add it in the **Add Roles and Features Wizard** at the **Features** step, under **Windows Defender Features** by selecting the **GUI for Windows Defender** option.
-![](images/server-add-gui.png)
+![Add roles and feature wizard showing the GUI for Windows Defender option](images/server-add-gui.png)
 See the [Install or uninstall roles, role services, or features](https://docs.microsoft.com/en-us/windows-server/administration/server-manager/install-or-uninstall-roles-role-services-or-features) topic for information on using the wizard.
--- a/windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/enable-security-analytics-windows-defender-advanced-threat-protection.md
@ -0,0 +1,49 @@
 ---
 title: Enable Security Analytics in Windows Defender ATP
 description: Set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard.
 keywords: enable security analytics, baseline, calculation, analytics, score, security analytics dashboard, dashboard
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.author: macapara
 author: mjcaparas
 ms.localizationpriority: high
 ms.date: 09/05/2017
 ---
 # Enable Security Analytics security controls
 **Applies to:**
 - Windows 10 Enterprise
 - Windows 10 Education
 - Windows 10 Pro
 - Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 [!include[Prerelease information](prerelease.md)]
 Set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard. If you use third-party solutions, consider excluding the corresponding controls from the calculations.
  >[!NOTE]
  >Changes might take up to a few hours to reflect on the dashboard. 
 1. In the navigation pane, select **Preferences setup** > **Security Analytics**.
    ![Image of Security Analytics controls from Preferences setup menu](images/atp-enable-security-analytics.png)
 2. Select the security control, then toggle the setting between **On** and **Off**.
 3. Click **Save preferences**.
 ## Related topics
 - [View the Security Analytics dashboard](security-analytics-dashboard-windows-defender-advanced-threat-protection.md)
 - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md)
 - [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md)
 - [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md)
 - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md)
 - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md)
 - [Enable the custom threat intelligence API in Windows Defender ATP](enable-custom-ti-windows-defender-advanced-threat-protection.md)
 - [Create and build Power BI reports](powerbi-reports-windows-defender-advanced-threat-protection.md)
--- a/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-dashboard-security-analytics-full.png
--- a/windows/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-enable-security-analytics.png
--- a/windows/threat-protection/windows-defender-atp/images/atp-improv-opps.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-improv-opps.png
--- a/windows/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png
+++ b/windows/threat-protection/windows-defender-atp/images/atp-security-score-over-time.png
--- a/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/threat-protection/windows-defender-atp/security-analytics-dashboard-windows-defender-advanced-threat-protection.md
@ -1,7 +1,7 @@
 ---
 title: View the Security Analytics dashboard in Windows Defender ATP
 description: Use the Security Analytics dashboard to assess and improve the security state of your organization by analyzing various security control tiles. 
-keywords: security analytics, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverate, security control, improvement opportunities, edr, antivirus, av, os security updates
+keywords: security analytics, dashboard, security recommendations, security control state, security score, score improvement, organizational security score, security coverage, security control, improvement opportunities, edr, antivirus, av, os security updates
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
 localizationpriority: high
-ms.date: 09/05/2017
+ms.date: 10/02/2017
 ---
 # View the Windows Defender Advanced Threat Protection Security analytics dashboard
@ -33,37 +33,41 @@ The **Security analytics dashboard** displays a snapshot of:
 - Organizational security score
 - Security coverage
 - Improvement opportunities
 - Security score over time
-![Security analytics dashboard](images/atp-dashboard-security-analytics.png)
+![Security analytics dashboard](images/atp-dashboard-security-analytics-full.png)
 ## Organizational security score
 The organization security score is reflective of the average score of all the Windows Defender security controls that are configured according to the recommended baseline. You can improve this score by taking the steps in configuring each of the security controls in the optimal settings.
-![Organizational security score](images/atp-org-score.png)
+![Organizational security score](images/atp-org-sec-score.png)
 Each Windows Defender security control from the **Security coverage** tile contributes 100 points to the organizational security score. 
 The denominator is reflective of the organizational score potential and calculated by multiplying the number of supported security controls (Security coverage pillars) by the maximum points that each pillar contributes (maximum of 100 points for each pillar). 
-In the example image, the total points from the **Improvement opportunities** tile add up to 279 points for the three pillars from the **Security coverage** tile.
+In the example image, the total points from the **Improvement opportunities** tile add up to 321 points for the six pillars from the **Security coverage** tile.
 You can set the baselines for calculating the score of Windows Defender security controls on the Security Analytics dashboard through the **Preferences settings**. For more information, see [Enable Security Analytics security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md).
 ## Security coverage
-The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar contributes 100 points to the overall organizational security score. It also represents the various Windows 10 security components with an indicator of the total number of machines that are well configured and those that require attention. Hovering on top of the individual bars will show exact numbers for each category.
+The security coverage tile shows a bar graph where each bar represents a Windows Defender security control. Each bar reflects the number of machines that are well configured and those that require **any kind of attention** for each security control. Hovering on top of the individual bars will show exact numbers for each category. Machines that are green are well configured, while machines that are orange require some level of attention. 
-![Security coverage](images/atp-sec-coverage.png)
+![Security coverage](images/atp-security-coverage.png)
 ## Improvement opportunities 
 Improve your organizational security score by taking the recommended improvement actions listed on this tile. The goal is to reduce the gap between the perfect score and the current score for each control.
 Click on each control to see the recommended optimizations.
-![Improvement opportunities](images/atp-improv-ops.png)
+![Improvement opportunities](images/atp-improv-opps.png)
 The numbers beside the green triangle icon on each recommended action represents the number of points you can gain by taking the action.  When added together, the total number makes up the numerator in the fraction for each segment in the Improvement opportunities tile.
-Recommendations that do not display a green action are informational only and no action is required. 
+>[!IMPORTANT]
 >Recommendations that do not display a green triangle icon are informational only and no action is required. 
 Clicking **View machines** in a specific recommendation opens up the **Machines list** with filters applied to show only the list of machines where the the recommendation is applicable. You can export the list in Excel to create a target collection and apply relevant policies using a management solution of your choice. 
@ -71,9 +75,22 @@ The following image shows an example list of machines where the EDR sensor is no
 ![Image of view machines list with a filter applied](images/atp-security-analytics-view-machines2.png)
-### Endpoint detection and response (EDR) optimization
+## Security score over time
-This tile provides a specific list of actions you can take on Windows Defender ATP to improve how endpoints provide sensor data to the Windows Defender ATP service.
+You can track the progression of your organizational security posture over time using this tile. It displays the overall and individual control scores in a historical trend line enabling you to see how taking the recommended actions increase your overall security posture.
 ![Image of the security score over time tile](images/atp-security-score-over-time.png)
 You can click on specific date points to see the total score for that security control is on a particular date.
 ### Endpoint detection and response (EDR) optimization
 For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for your Endpoint detection and response tool.
 #### Minimum baseline configuration setting for EDR:
 - Windows Defender ATP sensor is on
 - Data collection is working correctly
 - Communication to Windows Defender ATP service is not impaired
 #### Minimum baseline configuration setting for EDR:
 You can take the following actions to increase the overall security score of your organization:
 - Turn on sensor
 - Fix sensor data collection
@ -81,9 +98,19 @@ You can take the following actions to increase the overall security score of you
 For more  information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md). 
-### Windows Defender Antivirus optimization
+### Windows Defender Antivirus (Windows Defender AV) optimization
-This tile provides a list of specific list of actions you can implement on endpoints with Windows Defender Antivirus to improve the security in your organization. Each action shows the exact number of endpoints where you can apply the action on.
+For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AV is fulfilled.
 #### Minimum baseline configuration setting for Windows Defender AV:
 Endpoints are considered "well configured" for Windows Defender AV if the following requirements are met:
 - Windows Defender AV is reporting correctly
 - Windows Defender AV is turned on
 - Signature definitions are up to date
 - Real-time protection is on
 - Potentially Unwanted Application (PUA) protection is enabled
 ##### Recommended actions:
 You can take the following actions to increase the overall security score of your organization:
 >[!NOTE]
@ -93,7 +120,6 @@ You can take the following actions to increase the overall security score of you
  - This recommendation is displayed when the Windows Defender Antivirus is not properly configured to report its health state. For more information on fixing the reporting, see [Configure and validate network connections](../windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md).
 - Turn on antivirus
 - Update antivirus definitions
 - Turn on cloud-based protection
 - Turn on real-time protection
 - Turn on PUA protection
@ -105,14 +131,115 @@ This tile shows you the exact number of machines that require the latest securit
 You can take the following actions to increase the overall security score of your organization:
 - Install the latest security updates
 - Fix sensor data collection
  - The Windows Defender ATP service relies on sensor data collection to determine the security state of a machine. The service will not be able to determine the security state of machines that are not reporting sensor data properly. Therefore, it's important to ensure that sensor data collection is working properly. For more information, see [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md).
-For more information on, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
+For more information, see [Windows Update Troubleshooter](https://support.microsoft.com/en-us/help/4027322/windows-windows-update-troubleshooter).
 ### Windows Defender Exploit Guard (Windows Defender EG) optimization
 For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender EG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender EG events on the Windows Defender ATP Machine timeline. 
 #### Minimum baseline configuration setting for Windows Defender EG:
 Endpoints are considered "well configured" for Windows Defender EG if the following requirements are met:
 - System level protection settings are configured correctly
 - Attack Surface Reduction rules are configured correctly
 - Controlled Folder Access setting is configured correctly
 ##### System level protection:
 The following system level configuration settings must be set to **On or Force On**:
 1.	Control Flow Guard 
 2.	Data Execution Prevention (DEP)
 3.	Randomize memory allocations (Bottom-up ASLR)
 4.	Validate exception chains (SEHOP)
 5.	Validate heap integrity
 >[!NOTE]
 >The setting **Force randomization for images (Mandatory ASLR)** is currently excluded from the baseline.
 >Consider configuring **Force randomization for images (Mandatory ASLR)** to **On or Force On** for better protection.
 ##### Attack Surface Reduction (ASR) rules:
 The following ASR rules must be configured to **Block mode**:
 Rule description | GUIDs 
 -|-
 Block executable content from email client and webmail | BE9BA2D9-53EA-4CDC-84E5-9B1EEEE46550
 Block Office applications from creating child processes | D4F940AB-401B-4EFC-AADC-AD5F3C50688A
 Block Office applications from creating executable content  | 3B576869-A4EC-4529-8536-B80A7769E899
 Impede JavaScript and VBScript to launch executables | D3E037E1-3EB8-44C8-A917-57927947596D
 Block execution of potentially obfuscated scripts  | 5BEB7EFE-FD9A-4556-801D-275E5FFC04CC
 Block Win32 imports from Macro code in Office | 92E97FA1-2EDF-4476-BDD6-9DD0B4DDDC7B
 >[!NOTE]
 >The setting **Block Office applications from injecting into other processes** with GUID 75668C1F-73B5-4CF0-BB93-3ECF5CB7CC84 is excluded from the baseline.
 >Consider enabling this rule in **Audit** or **Block mode** for better protection.
 ##### Controlled Folder Access
 The Controlled Folder Access setting must be configured to **Audit** or **Block mode**.
 >[!NOTE]
 > Audit mode, allows you to see audit events in the Windows Defender ATP Machine timeline however it does not block suspicious applications.
 >Consider enabling Controlled Folder Access for better protection.
 ##### Recommended actions:
 You can take the following actions to increase the overall security score of your organization:
 - Turn on all system-level Exploit Protection settings
 - Set all ASR rules to enabled or audit mode
 - Turn on Controlled Folder Access
 - Turn on Windows Defender Antivirus on compatible machines
 For more information, see [Windows Defender Exploit Guard](../windows-defender-exploit-guard/windows-defender-exploit-guard.md).
 ### Windows Defender Application Guard (Windows Defender AG) optimization
 For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender AG is fulfilled. When endpoints are configured according to the baseline you'll be able to see Windows Defender AG events on the Windows Defender ATP Machine timeline. 
 #### Minimum baseline configuration setting for Windows Defender AG:
 Endpoints are considered "well configured" for Windows Defender AG if the following requirements are met:
 - Hardware and software prerequisites are met
 - Windows Defender AG is turned on compatible machines
 - Managed mode is turned on
 ##### Recommended actions:
 You can take the following actions to increase the overall security score of your organization:
 - Ensure hardware and software prerequisites are met
    >[!NOTE]
    >This improvement item does not contribute to the security score in itself because it's not a prerequisite for Windows Defender AG. It gives an indication of a potential reason why Windows Defender AG is not turned on.
 - Turn on  Windows Defender AG on compatible machines
 - Turn on managed mode
 For more information, see [Windows Defender Application Guard overview](../windows-defender-application-guard/wd-app-guard-overview.md).
 ### Windows Defender SmartScreen optimization
 For an endpoint to be considered "well configured", it must comply to a minimum baseline configuration setting. This tile shows you a specific list of actions you must apply on endpoints so that the minimum baseline configuration setting for Windows Defender SmartScreen is fulfilled.
 #### Minimum baseline configuration setting for Windows Defender SmartScreen:
 The following settings must be configured with the following settings:
 - Check apps and files: **Warn** or **Block** 
 - SmartScreen for Microsoft Edge: **Warn** or **Block**
 - SmartScreen for Windows Store apps: **Warn** or **Off**
 You can take the following actions to increase the overall security score of your organization:
 - Set **Check app and files** to **Warn** or **Block**
 - Set **SmartScreen for Microsoft Edge** to **Warn** or **Block**
 - Set **SmartScreen for Windows Store apps** to **Warn** or **Off**
 For more information, see [Windows Defender SmartScreen](../windows-defender-smartscreen/windows-defender-smartscreen-overview.md).
 >Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-sadashboard-belowfoldlink) 
 ## Related topics
- [View the Windows Defender Advanced Threat Protection Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
+- [Enable Security Analytics security controls](enable-security-analytics-windows-defender-advanced-threat-protection.md)
 - [View the Security operations dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue ](alerts-queue-windows-defender-advanced-threat-protection.md)
 - [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)
 - [Investigate a file associated with a Windows Defender ATP alert](investigate-files-windows-defender-advanced-threat-protection.md)
--- a/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/attack-surface-reduction-exploit-guard.md
@ -144,7 +144,7 @@ You can review the Windows event log to see events that are created when an Atta
 2. On the left panel, under **Actions**, click **Import custom view...**
-    ![](images/events-import.gif)
+    ![Animation showing the import custom view on the Event viewer window](images/events-import.gif)
 3. Navigate to the Exploit Guard Evaluation Package, and select the file *asr-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
--- a/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/controlled-folders-exploit-guard.md
@ -75,7 +75,7 @@ You can review the Windows event log to see events that are created when Control
 3. On the left panel, under **Actions**, click **Import custom view...**
-    ![](images/events-import.gif)
+    ![Animation showing the import custom view on the Event viewer window](images/events-import.gif)
 4. Navigate to where you extracted *cfa-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
--- a/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-controlled-folders-exploit-guard.md
@ -75,7 +75,7 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 4. Click **Add a protected folder** and follow the prompts to add apps.
-    ![](images/cfa-prot-folders.png)
+    ![Screenshot of the Virus and threat protection settings button](images/cfa-prot-folders.png)
 ### Use Group Policy to protect additional folders
@ -107,7 +107,7 @@ You can use the Windows Defender Security Center app or Group Policy to add and
 Continue to use `Add-MpPreference -ControlledFolderAccessProtectedFolders` to add more folders to the list. Folders added using this cmdlet will appear in the Windows Defender Security Center app.
-![](images/cfa-allow-folder-ps.png)
+![Screenshot of a PowerShell window with the cmdlet above entered](images/cfa-allow-folder-ps.png)
 >[!IMPORTANT]
@ -144,7 +144,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 4. Click **Add an allowed app** and follow the prompts to add apps.
-    ![](images/cfa-allow-app.png)
+    ![Screenshot of the add an allowed app button](images/cfa-allow-app.png)
 ### Use Group Policy to whitelist specific apps
@ -178,7 +178,7 @@ When you add an app, you have to specify the app's location. Only the app in tha
 Continue to use `Add-MpPreference -ControlledFolderAccessAllowedApplications` to add more apps to the list. Apps added using this cmdlet will appear in the Windows Defender Security Center app.
-![](images/cfa-allow-app-ps.png)
+![Screenshot of a PowerShell window with the above cmdlet entered](images/cfa-allow-app-ps.png)
 >[!IMPORTANT]
--- a/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/customize-exploit-protection.md
@ -51,25 +51,25 @@ It also describes how to enable or configure the mitigations using Windows Defen
 All mitigations can be configured for individual apps. Some mitigations can also be applied at the operating system level.
-You can set each of the mitigations to on, off, or to their default value as indicated in the table below. Some mitigations have additional options, these are indicated in the description in the table.
+You can set each of the mitigations to on, off, or to their default value. Some mitigations have additional options, these are indicated in the description in the table.
 Default values are always specified in brackets at the **Use default** option for each mitigation. In the following example, the default for Data Execution Prevention is "On". 
-![](images/ep-default.png)
+![Screenshot showing the drop down menu for DEP which shows the default for DEP as On](images/ep-default.png)
 The **Use default** configuration for each of the mitigation settings indicates our recommendation for a base level of protection for everyday usage for home users. Enterprise deployments should consider the protection required for their individual needs and may need to modify configuration away from the defaults.
 For the associated PowerShell cmdlets for each mitigation, see the [PowerShell reference table](#cmdlets-table) at the bottom of this topic.
-Mitigation | Description | Can be applied to, and default value for system mitigations | Audit mode available
+Mitigation | Description | Can be applied to | Audit mode available
 - | - | - | -
-Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level (system default: **On**) | [!include[Check mark no](images/svg/check-no.md)]
+Control flow guard (CFG) | Ensures control flow integrity for indirect calls. Can optionally suppress exports and use strict CFG. | System and app-level | [!include[Check mark no](images/svg/check-no.md)]
-Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level (system default: **On**) | [!include[Check mark no](images/svg/check-no.md)]
+Data Execution Prevention (DEP) | Prevents code from being run from data-only memory pages such as the heap and stacks. Only configurable for 32-bit (x86) apps, permanently enabled for all other architectures. Can optionally enable ATL thunk emulation. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level (system default: **Off**) | [!include[Check mark no](images/svg/check-no.md)]
+Force randomization for images (Mandatory ASLR) | Forcibly relocates images not compiled with /DYNAMICBASE. Can optionally fail loading images that don't have relocation information. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level (system default: **On**) | [!include[Check mark no](images/svg/check-no.md)]
+Randomize memory allocations (Bottom-Up ASLR) | Randomizes locations for virtual memory allocations including those for system structures heaps, stacks, TEBs, and PEBs. Can optionally use a wider randomization variance for 64-bit processes. | System and app-level | [!include[Check mark no](images/svg/check-no.md)]
-Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level (system default: **On**) | [!include[Check mark no](images/svg/check-no.md)]
+Validate exception chains (SEHOP) | Ensures the integrity of an exception chain during exception dispatch. Only configurable for 32-bit (x86) applications. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
-Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level (system default: **Off**) | [!include[Check mark no](images/svg/check-no.md)]
+Validate heap integrity | Terminates a process when heap corruption is detected. | System and app-level  | [!include[Check mark no](images/svg/check-no.md)]
 Arbitrary code guard (ACG) | Prevents the introduction of non-image-backed executable code and prevents code pages from being modified. Can optionally allow thread opt-out and allow remote downgrade (configurable only with PowerShell). | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
 Block low integrity images | Prevents the loading of images marked with Low Integrity. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
 Block remote images | Prevents loading of images from remote devices. | App-level only | [!include[Check mark yes](images/svg/check-yes.md)]
@ -127,7 +127,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection** label:
-    ![](images/wdsc-exp-prot.png)
+    ![App & browser control screen in the Windows Defender Security Center](images/wdsc-exp-prot.png)
 3.	Under the **System settings** section, find the mitigation you want to configure and select one of the following. Apps that aren't configured individually in the **Program settings** section will use the settings configured here:
    - **On by default** - The mitigation is *enabled* for apps that don't have this mitigation set in the app-specific **Program settings** section
@ -139,7 +139,7 @@ Validate stack integrity (StackPivot) | Ensures that the stack has not been redi
    Changing some settings may required a restart, which will be indicated in red text underneath the setting.
-    ![](images/wdsc-exp-prot-sys-settings.png)
+    ![Screenshot showing the DEP drop down menu where you can select On, Off, or Default](images/wdsc-exp-prot-sys-settings.png)
 4. Repeat this for all the system-level mitigations you want to configure.
@ -154,7 +154,7 @@ Exporting the configuration as an XML file allows you to copy the configuration
 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then the **Exploit protection settings** at the bottom of the screen:
-    ![](images/wdsc-exp-prot.png)
+    ![Screenshot showing the Exploit protection label highlighted in the Windows Defender Security Center App & browser settings section](images/wdsc-exp-prot.png)
 3.	Go to the **Program settings** section and choose the app you want to apply mitigations to:
@ -164,14 +164,14 @@ Exporting the configuration as an XML file allows you to copy the configuration
        - Use **Add by program name** to have the mitigation applied to any running process with that name. You must specify a file with an extension. You can enter a full path to limit the mitigation to only the app with that name in that location.
        - Use **Choose exact file path** to use a standard Windows Explorer file picker window to find and select the file you want.
-        ![](images/wdsc-exp-prot-app-settings.png)
+        ![Screenshot showing the add file or folder button](images/wdsc-exp-prot-app-settings.png)
 4. After selecting the app, you'll see a list of all the mitigations that can be applied. To enable the mitigation, click the check box and then change the slider to **On**. Select any additional options. Choosing **Audit** will apply the mitigation in audit mode only. You will be notified if you need to restart the process or app, or if you need to restart Windows.
 5. Repeat this for all the apps and mitigations you want to configure. Click **Apply** when you're done setting up your configuration.
-    ![](images/wdsc-exp-prot-app-settings-options.png)
+    ![Screenshot showing some of the options available for an added program](images/wdsc-exp-prot-app-settings-options.png)
 You can now [export these settings as an XML file](import-export-exploit-protection-emet-xml.md) or return to configure system-level mitigations. 
--- a/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-attack-surface-reduction.md
@ -79,7 +79,7 @@ See the [Attack surface reduction](attack-surface-reduction-exploit-guard.md) to
        -  Disabled = 0
        -  Audit mode = 2
-![](images/asr-rules-gp.png)
+![Group policy setting showing a blank ASR rule ID and value of 1](images/asr-rules-gp.png)
--- a/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/enable-controlled-folders-exploit-guard.md
@ -60,7 +60,7 @@ For further details on how audit mode works, and when you might want to use it,
 3.	Set the switch for the feature to **On**
-    ![](images/cfa-on.png)
+    ![Screenshot of the CFA feature switched to On](images/cfa-on.png)
 ### Use Group Policy to enable Controlled folder access
@ -77,7 +77,7 @@ For further details on how audit mode works, and when you might want to use it,
    - **Disable (Default)** - The Controlled folder access feature will not work. All apps can make changes to files in protected folders.
    - **Audit Mode** - If a malicious or suspicious app attempts to make a change to a file in a protected folder, the change will be allowed but will be recorded in the Windows event log. This allows you to assess the impact of this feature on your organization.
-    ![](images/cfa-gp-enable.png)
+    ![Screenshot of group policy option with Enabled and then Enable selected in the drop down](images/cfa-gp-enable.png)
 >[!IMPORTANT]
 >To fully enable the Controlled folder access feature, you must set the Group Policy option to **Enabled** and also select **Enable** in the options drop-down menu.
--- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-attack-surface-reduction.md
@ -57,7 +57,7 @@ This tool has a simple user interface that lets you choose a rule, configure it
 When you run a scenario, you will see what the scenario entails, what the rule is set to, and what actions were taken.
-![](images/asr-test-tool.png)
+![Screenshot of the Exploit guard demo tool](images/asr-test-tool.png)
 Each scenario creates a fake or sample file or behavior that the rule would target and, if the rule was enabled, block from running.
@ -99,7 +99,7 @@ Audit | The rule wil fire, but the suspicious behavior will **not** be blocked f
 Block mode will cause a notification to appear on the user's desktop:
-![](images/asr-notif.png)
+![Example notification that says Action blocked: Your IT administrator caused Windows Defender Antivirus to block this action. Contact your IT desk.](images/asr-notif.png)
 You can [modify the notification to display your company name and links](customize-attack-surface-reduction.md#customize-the-notification) for users to obtain more information or contact your IT help desk.
--- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-controlled-folder-access.md
@ -73,11 +73,11 @@ You can enable Controlled folder access, run the tool, and see what the experien
 6. You'll be asked to specify a name and location for the file. You can choose anything you wish to test.
-    ![](images/cfa-filecreator.png)
+    ![Screenshot of the exploit guard demo tool](images/cfa-filecreator.png)
 7. A notification will appear, indicating that the tool was prevented from creating the file, as in the following example:
-    ![](images/cfa-notif.png)
+    ![Exampke notification that says Unauthorized changes blocked: Controlled folder access blocked (file name) from making changes to the folder (folder name)](images/cfa-notif.png)
 ## Review Controlled folder access events in Windows Event Viewer
--- a/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/evaluate-network-protection.md
@ -64,7 +64,7 @@ You can also carry out the processes described in this topic in audit or disable
 You will get a 403 Forbidden response in the browser, and you will see a notification that the network connnection was blocked.
-![](images/np-notif.png)
+![Example notification that says Connection blocked: Your IT administrator caused Windows Defender Security center to block this network connection. Contact your IT help desk.](images/np-notif.png)
 ## Review Network protection events in Windows Event Viewer
--- a/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/event-views-exploit-guard.md
@ -47,7 +47,7 @@ You can also manually navigate to the event area that corresponds to the Windows
 ### Import an existing XML custom view
-1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropraite file to an easily accessible location. The following filenames are each of the custom views:
+1. Download the [Exploit Guard Evaluation Package](https://aka.ms/mp7z2w) and extract the appropriate file to an easily accessible location. The following filenames are each of the custom views:
    -  Controlled folder access events custom view: *cfa-events.xml*
    -  Exploit protection events custom view: *ep-events.xml*
    -  Attack surface reduction events custom view: *asr-events.xml*
@ -57,7 +57,7 @@ You can also manually navigate to the event area that corresponds to the Windows
 3. On the left panel, under **Actions**, click **Import Custom View...**
-    ![](images/events-import.gif)
+    ![Animation highlighting Import custom view on the left of the Even viewer window](images/events-import.gif)
 4. Navigate to where you extracted XML file for the custom view you want and select it. 
@ -73,7 +73,7 @@ You can also manually navigate to the event area that corresponds to the Windows
 3. On the left panel, under **Actions**, click **Create Custom View...**
-    ![](images/events-create.gif)
+    ![Animation highlighting the create custom view option on the Event viewer window ](images/events-create.gif)
 4. Go to the XML tab and click **Edit query manually**. You'll see a warning that you won't be able to edit the query using the **Filter** tab if you use the XML option. Click **Yes**.
--- a/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/exploit-protection-exploit-guard.md
@ -76,7 +76,7 @@ You can review the Windows event log to see events that are created when Exploit
 3. On the left panel, under **Actions**, click **Import custom view...**
-    ![](images/events-import.gif)
+    ![Antimated GIF highlighting the import custom view button on the right pane ](images/events-import.gif)
 4. Navigate to where you extracted *ep-events.xml* and select it. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
--- a/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/import-export-exploit-protection-emet-xml.md
@ -66,16 +66,15 @@ When you have configured Exploit protection to your desired state (including bot
 ### Use the Windows Defender Security Center app to export a configuration file
-1. Open the Windows Defender Security Center by clicking the shield icon in the task bar or searching the start menu for **Defender**.
+1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 2. Click the **App & browser control** tile (or the app icon on the left menu bar) and then click **Exploit protection settings**:
-    ![](images/wdsc-exp-prot.png)
+    ![Highlight of the Exploit protection settings option in the Windows Defender Security Center app](images/wdsc-exp-prot.png)
 3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved.
-
+![Highlight of the Export Settings option](images/wdsc-exp-prot-export.png)
    ![](images/wdsc-exp-prot-export.png)
 >[!NOTE]
 >When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections - either section will export all settings.
@ -151,7 +150,7 @@ You can use Group Policy to deploy the configuration you've created to multiple
 5.  Expand the tree to **Windows components > Windows Defender Exploit Guard > Exploit protection**.
-    ![](images/exp-prot-gp.png)
+    ![Screenshot of the group policy setting for exploit protection](images/exp-prot-gp.png)
 6. Double-click the **Use a common set of Exploit protection settings** setting and set the option to **Enabled**. 
--- a/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@ -70,7 +70,7 @@ You can review the Windows event log to see events that are created when Network
 2. On the left panel, under **Actions**, click **Import custom view...**
-    ![](images/events-import.gif)
+    ![Antimation of the import custom view option](images/events-import.gif)
 3. Navigate to the Exploit Guard Evaluation Package, and select the file *np-events.xml*. Alternatively, [copy the XML directly](event-views-exploit-guard.md).
--- a/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@ -125,11 +125,11 @@ See the following links for more information on the features in the Windows Defe
 You can customize notifcations so they show information to users about how to get more help from your organization's help desk.
-![](images/security-center-custom-notif.png)
+![Sample notification that says Action blocked: Contos caused Windows Defender Security Center to block this action. Contact your IT help desk.](images/security-center-custom-notif.png)
 This information will also appear as a pop-out window on the Windows Defender Security Center app.
-![](images/security-center-custom-flyout.png)
+![Screenshot of the Windows Defender Security Center app showing sample phone number and email address to contact support on the bottom right of the app](images/security-center-custom-flyout.png)
 Users can click on the displayed information to get more help:
 - Clicking **Call** or the phone number will open Skype to start a call to the displayed number